© 2026 CTR Co,. Ltd
통신판매업 신고번호 : 2026-창원성산-0092
CPO/DPO: Sungyoung Jo
Email: sungyoung@ctr.co.kr
Hosting Provider: Shopify Inc.
Terms of service · Private Policy · Credit operation policy · Cookie policy
Privacy policy
CTR Co., Ltd. (hereinafter referred to as the “Company”) complies with applicable laws and recognizes the protection of personal data as an important responsibility. The Company strives to protect the rights and interests of data subjects by processing users’ personal data lawfully and securely.
This Privacy Policy provides an overview of the types of personal data processed by the Company, the purposes and methods of processing, and explains the rights of data subjects related to personal data processing, how those rights can be exercised, and the procedures for inquiries and complaints.
- Information about the Personal Data Controller
- Scope of Application
- Personal Data Collected, Purpose of Use, and Collection Methods
- Use of Cookies
- Retention and Use Period of Personal Data
- Provision of Personal Data to Third Parties
- Outsourcing of Personal Data Processing
- Cross-border Transfer of Personal Data
- Rights of Users and Legal Representatives and How to Exercise Them
- Cookie Settings and Withdrawal of Consent
- Security Measures for Personal Data Protection
- Protection of Minors’ Personal Data
- Complaints to Supervisory Authorities
- Changes to this Privacy Policy
1. Information about the Personal Data Controller
• Personal Data Controller / Service Name: CTR / BizRewards
• Address: CTR Co., Ltd., 5th Floor, 35 Dongjak-daero, Dongjak-gu, Seoul 07015, Republic of Korea
• Data Protection Officer (DPO):
Sungyoung Jo
Email: sungyoung.jo@ctr.co.kr
• Department in Charge of Personal Data:
Marketing Communication Team
Email: ctr.autocorpenglish@gmail.com
2. Scope of Application
This Privacy Policy applies to all users who access and use the BizRewards website provided by the Company.
3. Personal Data Collected, Purpose of Use, and Collection Methods
The Company collects personal data to provide services to users and to deliver optimized and customized services. The Company collects only the minimum information necessary to ensure smooth service operation during the initial registration process.
|
Purpose |
Cookie Name |
Type |
Collection Method |
|
Shopping cart functionality |
_shopify_essential |
Essential cookie |
Automatically collected via cookies when visiting the website |
|
User session maintenance |
_shopify_s |
Essential cookie |
Automatically collected via cookies when visiting the website |
|
Visitor identification |
_shopify_y |
Essential cookie |
Automatically collected via cookies when visiting the website |
|
Country/language settings |
localization |
Essential cookie |
Automatically collected via cookies when visiting the website |
|
Service usage analysis |
_shopify_analytics |
Essential cookie |
Collected via cookies with user consent when visiting the website |
4. Use of Cookies
① What are cookies?
Cookies are small pieces of information stored in a user’s browser when visiting a website and are used to provide website functionality and improve user experience.
② Essential cookies are necessary for providing services and are always active.
Analytics cookies are only used when users provide prior consent.
③ For detailed information regarding cookie usage, please refer to “3. Personal Data Collected, Purpose of Use, and Collection Methods.”
5. Retention and Use Period of Personal Data
The Company destroys personal data without delay once the purpose of processing has been achieved.
However, if retention is required by applicable laws, the information will be retained for the period prescribed by such laws.
6. Provision of Personal Data to Third Parties
In principle, the Company does not provide personal data to external parties.
However, exceptions apply in the following cases:
• When required by law
• When prior consent has been obtained from the user
The Company processes personal data within the scope specified in Article 3 and does not process or provide it beyond the intended scope without prior consent.
When personal data is provided to a third party, the Company will inform the user of the following and obtain consent.
|
Recipient |
Purpose of Use |
Personal Data Provided |
Retention and Use Period |
|
None |
- |
- |
- |
7. Outsourcing of Personal Data Processing
If the Company outsources personal data processing to a third party, the Company stipulates matters such as prohibition of processing personal data beyond the purpose of the outsourced work, technical and managerial safeguards, restrictions on re-outsourcing, supervision of the processor, and liability for damages in written agreements in accordance with applicable laws.
The Company also supervises whether the processor safely handles personal data.
The processors and outsourced tasks are as follows:
|
Processor |
Outsourced Work |
Data Provided |
||
|
notivation |
Service operation support |
|
||
|
Shopify |
Platform operation |
|
||
If the outsourced tasks or processors change, the Company will disclose such changes without delay through this Privacy Policy in accordance with applicable laws.
8. Cross-border Transfer of Personal Data
The Company may transfer personal data to countries outside the Republic of Korea in order to provide services.
For the purposes specified in this Privacy Policy, personal data may be processed outside the user’s country of residence (including countries outside the European Economic Area).
When transferring personal data to another country, the Company verifies and ensures that the following safeguards are in place.
• Server Location: Canada (Shopify Inc., Canada)
• Transfer Country: Republic of Korea
• Legal Basis: Standard Contractual Clauses (SCC) under Article 46 of the GDPR
https://help.shopify.com/ko/manual/privacy-and-security/privacy/gdpr/comply-with-gdpr
• Protective Measures: Encryption, access control, internal management systems
• Data Transferred and Collection Method:
Cookie identifiers, IP address, browser information, access logs
If the level of personal data protection in a specific country does not meet international standards, the Company will implement additional safeguards to ensure that transferred data receives an equivalent level of protection and will ensure that such data is not transferred to third parties within that country.
9. Rights of Users and Legal Representatives
Users and legal representatives may at any time access, correct, or request deletion of their personal data or the personal data of children under the age of 14.
For inquiries related to access, correction, or deletion of personal data, please contact the person in charge listed in “1. Information about the Personal Data Controller” via written request, telephone, or email. The Company will respond without delay.
Users have the following rights:
• The right to access, correct, delete, or transfer personal data
• The right to restrict or object to the processing of personal data
• The right to withdraw consent for personal data processing
• The right to lodge complaints with a data protection authority
However, some personal data may be retained due to legal or contractual obligations or legitimate business needs.
10. Cookie Settings and Withdrawal of Consent
Users may withdraw consent for analytics cookies at any time through cookie settings.
Users may also block cookies through browser settings. However, blocking cookies may restrict the use of certain website functions.
Examples of browser settings:
Internet Explorer
[Tools] → [Internet Options] → [Privacy] → Adjust privacy level
Safari
Settings icon → Preferences → Privacy → Cookie settings
Chrome
Settings icon → Advanced Settings → Content Settings → Cookies
※ Some services may be limited if cookies are blocked.
11. Security Measures for Personal Data Protection
Personal data is securely protected through appropriate safeguards, including restricted access and compliance with security standards.
The Company implements the following technical and administrative measures:
• Encryption of personal data
• Minimization of access rights
• Operation of security systems
• Establishment of internal management policies
12. Protection of Minors’ Personal Data
The Company does not collect personal data from children under the age of 13. If such collection becomes necessary, the Company will obtain consent from the legal guardian.
13. Complaints to Supervisory Authorities
Residents of the Republic of Korea may file complaints with the Personal Information Protection Commission (PIPC).
Residents of the European Union may lodge complaints with their local Data Protection Authority (DPA).
14. Changes to this Privacy Policy
This Privacy Policy may be revised in accordance with changes in the scope of services or applicable laws.
Users are encouraged to review this Privacy Policy periodically to stay informed about how personal data is handled.
The Company will provide notice of any changes at least 7 days in advance through the website.
• Effective Date: March 9, 2026
