Privacy Policy 

Data Monsters, Inc. (hereinafter referred to as the “Company”) establishes and presents the following privacy policy in order to protect the personal information of the users who visit the Company’s sites or use the Company’s services, including Yoit, the Company’s fashion product search service.

1.      Purpose of Processing Personal Information 

1.1    The Company collects and uses personal information for the following purposes:

(a)    Membership registration and management: confirmation of membership intent, identification, authentication, prevention of illegal or unauthorized use of services, record preservation for settlements, handling of complaints, sending various notices, etc.;

(b)    Provision of services and bill settlement: delivery of contents, providing tailor-made services, sending notices on winning results of events, delivery of contracts, authentication, confirming the age, bill payment and settlement, debt collection, etc.;

(c)     Service Improvements and Development, Marketing and Advertising: improvement of existing services and development of new and customized services, provision of customized services and advertisements according to demographic characteristics, verification of service validity, provision of opportunities to participate in events, provision of information regarding events, identification of access frequency, statistics on service use of members, provision of services regarding promotions and events; or

(d)    Managing user complaints: identification of users, confirmation of complaints, contact/notification for fact-finding, and notification of processing results.

2.      Items of Personal Information Processed

2.1    The Company collects and processes the following personal information of service users:

(a)    Information collected through membership registration (mandatory) : ID, password, email (Single Sign-On method);

(b)    Provision of charged services and bill settlement (mandatory) : name, email, payment information (including but not limited to cardholder name, card number, cvc number and billing address), and shipping address (for delivery).

(c)     Marketing and advertising (optional) : name, email and phone number;

(d)    Item recommendations (optional) : sizes, height/weight, ethnicity and age group; and

(e)    Data uploaded to the Service by users (optional) : receipts and images.

2.2    The Company uses Google Analytics, Search Console and Hotjar and other data analytics services, and in the process of using the service, the following information of users may be automatically collected:

(a)    IP address, MAC address;

(b)    access records including geographic location, types of browsers and OS;

(c)     service use records including user activity, number of visits and views on each page and bounce rates;

(d)    behavioral information including access routine, transactions, clicked and scrolled parts of each page;

(e)    gender, age group and interests;

(f)     information on users’ mobile device and applications; and

(g)    search history including bookmarks, and images, texts and keywords used for web search; and cookies.

3.      Period of Retention and Use for Personal Information

3.1    Subject to any applicable laws and regulations, the Company will store the data service users provide for as long as is necessary to provide the services to the services users.  The Company will, with reasonable promptness, delete and destroy the user’s personal information upon the user’s request for deletion or the user’s withdrawal of membership or loss of membership qualifications. However, the following information is retained for the following reasons despite the user request, withdrawal of membership or loss of user qualification:

(a)    If there is an ongoing investigation regarding a violation of relevant laws and regulations, the personal information shall be retained until the completion of the respective investigation; or

(b)    If any debts or debt relationship pursuant to the use of the services remain unsettled, the personal information shall be retained until the relevant debts are settled.

4.      Provision of Personal Information to Third Parties

The Company may provide personal information to third parties only as described in this Article.  The Company requires that such third parties to keep the user’s data confidential.   

-      The Company’s partner retailers for the Yoit service for the user’s purchase of fashion items from the partner retailers

-      The payment processors in case the Company offers and sells fashion items to the users and utilizes such payment processors for completing such transactions

-      The Company’s participation in affiliate networks

-      The advertisers in case the Company makes customized advertising available on its sites

-      Social media and platforms for contents sharing and shared user registration

-      Cloud services, such as Amazon Web Services, for storing all the data and personal information of the users.

 5.      Use and Provision of Personal Information within the Scope Reasonably Related to the Purpose of Collection

The Company may use or provide personal information to a third party without the consent of the user, considering each of the following criteria within a reasonable scope and the original purpose of collection:

(a)    Whether or not it is related to the original purpose of collection: judgment based on whether the original purpose of collection and the purpose of additional use and provision are related in terms of their nature or tendency;

(b)    Whether or not the further use or provision of personal information is predictable considering the circumstances in which the personal information was collected or the processing practices: judgment based on the relationship between the personal information controller and the user, the level of technology and the rate of development, and general circumstances (practice) established over a substantial amount of time, etc.;

(c)     Whether the interests of the user are unreasonably infringed: judgment based on whether the interests of the user are substantially infringed in relation to the additional purpose of use and whether the infringement of the interests is unreasonable, etc.; and

(d)    Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken: judgment by considering whether safety measures are taken in consideration of the possibility of infringement, etc.

6.      User’s and Legal Representatives’ Rights and Methods for Exercising the Rights

6.1    The user can exercise the right to read, correct, delete and suspend processing his or her personal information against the Company at any time.

6.2    The exercise of the rights pursuant to Section 6.1 can be made to the Company in writing, by phone, or by e-mail, and the Company will take action without delay.

6.3    The exercise of rights pursuant to Section 6.1 may be done through an agent such as a legal representative of the user or a person who has been delegated. In this case, a power of attorney must be submitted to the Company that confirm such delegation.

6.4    In accordance with relevant laws and regulations, the exercise of the user's right to access, correct, delete, or suspend the processing of personal information may be restricted.

6.5    Request for correction and deletion of personal information cannot be requested if the information is required to be collected according to other laws.

6.6    The Company shall confirm whether the person who made the request, such as a request for reading, correction, or deletion, or request for suspension of processing, holds such right or is a legitimate agent. 

7.      Measures to Ensure Safety of Personal Information

Company is taking the following measures to ensure the safety of personal information:

(a)    Administrative measures: establishment and implementation of internal management plans for personal information, regular employee training, etc.;

(b)    Technical measures: technical countermeasures against password hackings, etc., encryption of personal data, storage access records, and prevention of forgery, etc.; and

(c)     Physical measures: Access control to server rooms, data storage rooms, etc. 

8.      Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

The Company uses 'cookies' to store and frequently retrieve usage information to provide users with individually customized services. Cookies are a small amount of information sent to the user's PC browser by the server (HTTP), which are used to operate the website, etc., and are also stored in the user's hard disk in the computer.

(a)    Purpose of using cookies: security management and improving services, developing new services, and providing customized services and advertisements by analyzing access frequency and access time of users, etc., identifying the patterns of service usage and tracking traces, secure access status, and the number of users.

(b)    Installation, operation, and rejection of cookies: Users have right to choose the installation of cookies. Therefore, the users may refuse to save all cookies by changing their Internet browser options.

(c)     However, if you refuse to store cookies, it may be difficult to use some services of Company.

9.      Data Subject Rights:  EU – GDPR

9.1    This Article shall apply to EU residents only. The Company processes the user’s personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable laws. The Company uses the user’s personal information for the following purposes:

(a)    For user subscription and provision of the Service: The Company may use the user’s personal information in order to execute an agreement with the user and to fulfill its obligations under such agreement. The Company may also use the user’s identity, contact information, financial information, transactional information, marketing information, and communication data, etc. in the process of providing the Company’s Service to the user and for the operation of the Service, such as notifying users of the amendment to the Company’s Service and processing user’s requests, etc.

(b)    To strengthen the security of the Company’s Service: The Company may use the user’s personal information to protect the legitimate rights of the users and the Company in relation to the strengthening of security and within the extent necessary to fulfill its contractual obligation under applicable law, use the personal information to verify the user’s account, investigate suspicious activities, and apply the Terms of Use Agreement.

(c)     To improve the Service: The Company may analyze data, such as the user’s use records, in order to develop new businesses and use highly relevant contents and user experiences to improve the Service.

(d)    To promote Service: The Company may use the user’s personal information to deliver promotional information to the user and to research the market. The user may withdraw their consent to receive marketing information by clicking “withdraw consent” or “unsubscribe” button that is included in all marketing information.

9.2    Pursuant to the GDPR and other applicable law, the user may request the transfer of their personal information to a different manager or request the Company to cease processing of their personal information. Moreover, the user reserves the right to file complaints with the competent data protection authority. The user may contact customer service for any inquiries regarding the foregoing, and the Company shall process such inquiries quickly in a lawful manner.

9.3    The Company’s Service is not for children. The Company does not collect the personal information of any children below the age of 16 that resides in the European Economic Area (EEA). If the personal information of children is collected unintentionally in relation to the provision of the Service, the Company shall immediately delete such information. Please contact customer service for any questions regarding the personal information of children below the age of 16.

9.4    In order to provide the Service to the users, the Company may transfer, store, and process personal information outside of the EEA, including in Korea. Moreover, personal information may be stored in the EEA area by being stored in the device that the user used to access the Service. If the Company transfers the user’s personal information outside of the EEA, the Company shall ensure that at least one of the safety measures listed below will be applied to ensure a similar level of protection as is ensured within the EEA.

(a)    Ensure that the transfer of the personal information only takes place in countries that the European Commission (EC) has deemed to provide an appropriate level of protection.

(b)    If the Company uses a particular service provider, execute an EC approved contract that ensures the same level of protection for personal information as is used in the EEA.

10.   Amendment of the Privacy Policy

The Company may amend the Privacy Policy in order to comply with applicable law or to reflect any changes in the provision of service. In the event this Privacy Policy is amended, the Company shall notify the users in advance through a notice on the website at least 7 days prior to the amendment. The amended Privacy Policy shall take effect from the Effective Date stipulated in the Amendment. However, the Company shall notify the users at least 30 days in advance for any major changes in the Privacy Policy, such as the items of personal information to be collected or the rights of the users.


The Privacy Policy shall take effect from [July 07, 2023].