ROCK·CHA
ProductsHow to OrderService RequestEvents
ROCK·CHA

Professional B2B e-commerce platform for filming equipment

Company

  • About
  • Contact

Support

  • FAQ
  • Products

Legal

  • Terms of Service
  • Privacy Policy

© 2026 Rock-Cha. All rights reserved.

Privacy Policy

Effective Date: April 28, 2026

Article 1 (Purpose of Processing Personal Information)

Rock-Cha (hereinafter 'the Company') processes personal information for the following purposes. Personal information processed shall not be used for purposes other than those stated below, and if the purpose of use changes, necessary measures such as obtaining separate consent shall be taken in accordance with Article 18 of the Personal Information Protection Act. 1. Member registration and management: Identity verification for membership services, maintenance and management of membership qualifications, prevention of fraudulent use of services, various notifications 2. Service provision: Product catalog provision, content (blog) provision, customized service provision 3. Customer inquiry processing: Receiving and responding to inquiries, complaint processing 4. Marketing and advertising: New service announcements, event and promotional information provision (with separate consent)

Article 2 (Items and Methods of Personal Information Collection)

The Company processes the following personal information items: [Required Collection Items] • Automatically collected during social login (Kakao/Google/Naver): Email, name (nickname), social account unique identifier • Directly entered after registration: Name, phone number [Optional Collection Items] • Naver login additional consent items: Phone number, gender, birthday, birth year, age range • Contact form: Name, email, company name (optional), inquiry type, inquiry content [Automatically Collected Items] • Information automatically generated and collected during service use: IP address, cookies, visit date/time, service usage records, device information (browser type, OS) [Collection Methods] • Automatic collection through social login (Kakao, Google, Naver) OAuth authentication • Direct input by users during registration and profile setup • Direct input by users when filling out the contact form • Automatic collection through cookies and log analysis tools during website use

Article 3 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the retention and use period prescribed by law or the retention and use period agreed upon when collecting personal information from data subjects. 1. Member information: Until membership withdrawal. Personal information is immediately destroyed (hard delete) upon withdrawal. 2. Inquiry records: 3 years after inquiry processing is completed (records related to consumer complaints or dispute resolution) [Retention Under Applicable Laws] • Records on contracts or withdrawal of offers: 5 years (Act on Consumer Protection in Electronic Commerce) • Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce) • Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce) • Records on labeling and advertising: 6 months (Act on Consumer Protection in Electronic Commerce) • Website visit records: 3 months (Protection of Communications Secrets Act)

Article 4 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in Article 1, and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the data subject's consent or special provisions of law. Currently, the Company does not provide users' personal information to third parties. If third-party provision becomes necessary in the future (such as for delivery services), the Company will notify users of the recipient, purpose of provision, items provided, and retention period, and obtain separate consent.

Article 5 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth service provision: • Entrusted party: Vercel Inc. / Entrusted tasks: Website hosting and service infrastructure operation / Retention period: Until termination of entrustment contract • Entrusted party: Supabase Inc. / Entrusted tasks: Database management and authentication services / Retention period: Until termination of entrustment contract When concluding entrustment contracts, the Company specifies in contractual documents matters concerning prohibition of personal information processing beyond the purpose of entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the entrusted party processes personal information safely.

Article 6 (Procedures and Methods for Destruction of Personal Information)

The Company destroys personal information without delay when it becomes unnecessary due to expiration of the retention period, achievement of the processing purpose, or other reasons. [Destruction Procedures] • Upon membership withdrawal, the user's personal information is immediately destroyed (hard delete). • For members registered through Naver social login, the Naver connection is automatically disconnected upon withdrawal. • Information required to be retained by law is transferred to a separate database and destroyed after the legally mandated retention period expires. [Destruction Methods] • Electronic file format: Complete deletion using technical methods that make records irreproducible • Paper documents: Shredding or incineration

Article 7 (Rights and Obligations of Data Subjects and Methods of Exercise)

Data subjects (users) may exercise the following rights regarding personal information protection at any time: 1. Request to access personal information 2. Request for correction in case of errors 3. Request for deletion 4. Request to suspend processing [Methods of Exercise] • Users can directly view and modify profile information through My Page. • Membership withdrawal can be performed directly from My Page, and all personal information is deleted immediately upon withdrawal. • Requests can be made in writing or by email to the Personal Information Protection Officer through the Contact page, and the Company will take action without delay (within 10 days). When a data subject requests correction or deletion of personal information due to errors, the Company shall not use or provide the relevant personal information until the correction or deletion is completed.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information: 1. Administrative measures: Establishment and implementation of internal management plans, minimization and training of personnel handling personal information 2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs 3. Physical measures: Storage of documents and auxiliary storage media containing personal information in secure locations with locking devices 4. Data transmission encryption: Encryption of data transmission sections through SSL/TLS 5. Access log retention: Retention and management of access logs to personal information processing systems for at least 1 year

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

The Company uses 'cookies' to store and retrieve usage information to provide individualized customized services to users. [Purpose of Cookie Use] • Maintaining social login sessions and managing authentication status • Analyzing user access frequency, visit times, etc. to improve services • Website usage analysis (Vercel Analytics) [Installation, Operation, and Rejection of Cookies] Users have the right to choose regarding cookie installation. Through the settings at the top of the web browser, users can set options to allow cookies, confirm when cookies are allowed, or block cookies. • Chrome: Settings > Privacy and Security > Cookies and other site data • Safari: Preferences > Privacy • Firefox: Settings > Privacy & Security However, if cookie installation is refused, some services requiring login may be difficult to use.

Article 10 (Personal Information Collection Through Social Login)

The Company provides social login services for convenient membership registration and login. The following information is collected from the respective social service providers during social login: [Kakao Login] • Collected items: Email, nickname, profile image (optional) • Purpose of collection: Membership registration and identity verification [Google Login] • Collected items: Email, name, profile image (optional) • Purpose of collection: Membership registration and identity verification [Naver Login] • Required collection items: Email, name • Optional collection items: Phone number, gender, birthday, birth year, age range • Purpose of collection: Membership registration and identity verification, customized service provision Information collected during social login is provided within the scope consented to by the user in accordance with the respective social service's privacy policy. Users can disconnect the integration from the respective social service, and in the case of Naver login, the connection is automatically disconnected upon membership withdrawal.

Article 11 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer as follows to oversee personal information processing and handle complaints and remedies related to personal information processing: • Personal Information Protection Officer: Minsu Yun • Department/Position: CEO • Email: ceo@rockcha.com • Phone: 010-3954-5150 Data subjects may contact the Personal Information Protection Officer regarding all personal information protection inquiries, complaint processing, and damage remedies arising from the use of the Company's services. The Company will respond to and process inquiries from data subjects without delay. [Remedies for Rights Infringement] For remedies, consultations, etc. regarding personal information infringement, you may contact the following organizations: • Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118 • Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972 • Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr / 1301 • National Police Agency Cyber Investigation Bureau: ecrm.police.go.kr / 182

Article 12 (Changes to the Privacy Policy)

This Privacy Policy takes effect from April 28, 2026. Previous versions of the Privacy Policy can be viewed below. When the Privacy Policy is changed, the changes will be announced through the website notice board from 7 days before the effective date. However, for significant changes such as the purpose of collection and use of personal information or third-party provision targets, notification will be made 30 days before the effective date, and user consent will be obtained again if necessary.

Login
Register