Privacy Policy

01. Privacy Policy

HanGook McDonald’s Co., Ltd. (hereinafter the “Company”) emphasizes the protection of customers’ personal information and complies with laws and regulations concerning the protection of its customers’ personal information, including the Act on Promotion of Information and Telecommunication Network Utilization and Information Protection, etc., and the Personal Information Protection Act. Through this Privacy Policy (“Privacy Policy”), the Company notifies customers of the purposes and methods by which personal information provided by customers is used, and what measures are being taken to protect the personal information. If the Company amends this Privacy Policy, it will notify the amended terms and causes thereof without delay through the Company’s website and mobile application (“Website”).

02. Collection of Personal Information

Q) What are the items of personal information collected by the Company, purposes of collection and use, and the method of collection?

The Company collects/uses personal information to provide McDelivery Service (“MDS”) as listed below.

[Members]

Items Purpose of Collection/Use Methods of Collection
(Mandatory
Name, mobile phone number, e-mail address,
password, delivery address 		- To provide MDS
- To provide information on MDS and McDonald’s promotions through social media messages and text messages (if agreed to receive advertising information) 		Collected when signing up for membership
(Optional)
Gender		 - To utilize information as statistical data Collected when signing up for membership

[Non-Members]

Items Purpose of Collection/Use Methods of Collection
(Mandatory)
Mobile phone number, delivery address 		- To provide MDS Collected when placing an order
(Optional)
e-mail address		 - To provide information on completed order Collected when placing an order

03. Period of Retention and Use

Q) How long does the company retain the personal information collected as above?

[Members]

  1. The Company can retain and use customer’s personal information from the date of customer’s consent until his/her confirmation of membership withdrawal (for optional items, until the customer terminates his/her agreement on providing the information or his/her membership cancellation is confirmed).
  2. Notwithstanding 1, the personal information will be retained when it is legally required under the Act on the Consumer Protection in Electronic Commerce, etc., or other applicable laws, for a period as prescribed by the law(s).
    1. -Act on the Consumer Protection in Electronic Commerce, etc.
      Records relating to contract and withdrawal of subscription: 5 years
      Records relating to payment and supply of goods, etc.: 5 years
      Records relating to settlement of consumer complaint or dispute: 3 years
    2. -Protection of Communications Secrets Act
      Log-in records: 3 months
  3. Notwithstanding 1, personal information of customers who have not used MDS service for 1 year or longer will be destroyed unless otherwise required by applicable law(s).

[Non-members]

  1. Personal information of customers who have not signed up is retained for 1 year from the collection.
  2. Notwithstanding 1, the personal information will be retained when it is legally required under the Act on the Consumer Protection in Electronic Commerce, etc., or other applicable laws, for a period as prescribed by the law(s).
    1. -Act on the Consumer Protection in Electronic Commerce, etc
      Records relating to contract and withdrawal of subscription: 5 years
      Records relating to contract and withdrawal of subscription: 5 years
      Records relating to settlement of consumer complaint or dispute: 3 years
    2. -Protection of Communications Secrets Act
      Log-in records: 3 months

04. Outsourcing of Personal Information Management

Q) Does the Company outsource the processing of personal information?

The Company outsources personal data handling as follows to provide MDS ensure smooth processing and safe storage of the customer information as well as to offer various promotions and benefits.

Service Provider Outsourced Services
CNT Tech Co. Call Center operation, handling of customer complaints
Food Tech Korea Order brokerage, maintenance of data and system
Capgemini Development, maintenance and repair of the website and relevant system
MESH KOREA Delivery of products
LOGIALL
LOGIALL
Brightbell Development, maintenance and repair of the website and relevant system; overall operation of assorted promotions
CHEON Service Sending out marketing information related to promotions and benefits
Daou Technology
Maillink
Revolution Communications Overall operation of promotions including sending out marketing information of events and benefits; customer data analysis and results reporting using private information provided by customers on McDelivery registration and placement of order
MILVUS
Daum Kakao Sending out customized information via Daum KaKao products/service
McDonald's Corp Management including system maintenance and repair
AWS McDelivery server hosting

Q) Does the Company transfer the personal information to offshore?

The Company transfers personal information with consent of the concerned customer to offshore as listed below:

Outsourcee Transferred Information
McDonald’s Global Markets LLC Personal Information Name, mobile phone number, e-mail address, password, delivery address
Country U.S.A
1035 W Randolph St, Chicago, IL, 60607
Transfer Time and Method Encrypted data is transmitted when joining as a member and using
Outsourcer (Contact Info of Personal Information Manager) McDonald’s Corporation
(contact.privacy@us.mcd.com)
Transferred Task Management including system maintenance and repair
Retention and Use Period of Private Information Until termination of membership or service partnership
AWS Personal Information Name, mobile phone number, e-mail address, password, delivery address
Country Singapore
27 Tampines Street 92, Singapore 528878
Transfer Time and Method Encrypted data is transmitted when joining as a member and using
Outsourcer(Contact Info of Personal Information Manager) Amazon Web Service Inc.
(aws-korea-privacy@amazon.com)
Transferred Task McDelivery server hosting
Retention and Use Period of Private Information Until termination of membership or service partnership
Capgemini Personal Information Name, mobile phone number, e-mail address, password, delivery address
Country U.S.A
79 Fifth Avenue, 3rd Floor, New York, New York
10003
Transfer Time and Method Encrypted data is transmitted when joining as a member and using
Outsourcer(Contact Info of Personal Information Manager) Capgemini America, Inc.
(dataprivacyoffice.nar@capgemini.com)
Transferred Task Development, maintenance and repair of the website and relevant system
Retention and Use Period of Private Information Until termination of membership or service partnership

05. Disclosure to Third Parties

Q) What are the items of personal information the Company transfer to a third party?

Recipient Recipients’ Purpose of Use Items of Transferred Personal Information Retention and Use Period by Recipients
*McDonald’s Franchisee Handling of delivery order and settlement of customer’s complaints *Personal information relating to delivery order: name, mobile phone number, e-mail address, and delivery address provided by the customer
*Personal information relating to handling of customer complaints: name, contact information, name of visited restaurant, e-mail address, inquiry, or complaints (including any attachment by the customer) 		Personal information will be destroyed without delay when membership is withdrawn and MDS service is not use for 1 year (However, if personal information must be kept even after withdrawal according to relevant regulations, until the relevant period expires)

* Click to view the list of McDonald’s franchise restaurants >> 클릭

06. Personal Information Disposal Procedures and Methods

Q) How does the Company dispose collected personal information?

When the Company identifies personal information that needs to be disposed of, information in electronic copy will be permanently deleted making them unrecoverable, and document, printouts, and any other hard copy information will be shredded. However, personal information that is required to be retained for a period as specified in Article 3-2.

07. Personal Information Security Measures

Q) What measures does the Company undertake to ensure the security of collected personal information?

The Company is taking measures as listed below to ensure the data is securely protected.

08. Rights and obligations of customers on personal information collection and how to exercise those rights

Q) What kind of rights do the customers and his/her legal representative have, and how do they exercise such rights?

  1. Customer and his/her legal representative may at any time access and correct the registered personal information and may request to delete the personal information or withdraw consent on provision of personal information.
  2. Personal information of minors under the age of 14 is not collected. However, if requested by his/her legal representative, the rights as prescribed by applicable laws and regulations are guaranteed (rights to request disclosure, correction, destruction, and suspension of personal information of the minor, etc.).
  3. If you wish to access, corrector delete such information, you may either use the 1:1 customer center within the website or contact the Personal Information Manager described below and measures will be taken immediately.
  4. If any correction of errors in the personal information is requested, the relevant personal information will not be used or transferred unless the correction is completed. If the erroneous personal information is already transferred to a third party, such third party will be immediately notified so that the errors can be corrected.

09. Use of Cookies

Q) Does the Company operate a device that automatically collects the personal information, such as Internet access information file?

The Company operates cookie in order to improve the Website services by finding out the interest and preference of users upon analyzing the frequency of access to the Website for visiting time. A cookie is a small piece of text file that the server used in operating the Company’s Website transmits to your browser and is saved in the hard disk of your computer.

You have the right to allow installation of cookies. By selecting the settings option in your web browser, you can choose to enable all cookies, confirm cookies whenever cookies are saved, or choose not to save all cookies.

10. Protection of Personal Information

Q) What can I do if I have inquiries concerning the processing of personal information?

The Company operates a customer center as follows in order to protect the customers’ personal information as well as to address complaints arising out of the personal information and designates the Personal Information Manager. Please direct any complaints concerning the protection of personal information that may arise in the course of using the service of the Company to the customer center.

Should you wish to report, or need any consultation concerning, any infringement of personal information, please contact the following institutions.

  1. Personal Information Infringement Report Center : (without area code)118 (privacy.kisa.or.kr)
  2. Personal Information Dispute Mediation Committee :1833-6972(www.kopico.go.kr)
  3. Supreme Prosecutors’ Office Cybercrime Investigation Division : (without area code)1301, cid@spo.go.kr (spo.go.kr)
  4. National Police Agency Cyber Bureau : (without area code)182 (cyberbureau.police.go.kr)

11. Changes of Personal Information Protection Policy

1. This personal information protection policy is applied from Oct. 27th, 2022, and the changes compared to the previous version are as follows.

Changes Reason for Change
Change of outsourcee from “COMAS INTERACTIVE Co., Ltd.” to “Revolution Communications Co., Ltd.”
Change of outsourcee from “McDonald’s Corporation” to “McDonald’s Global Markets LLC 		Change of outsourcee
Addition of “LOGIALL Co.,Ltd.” as product delivery outsourcee New outsourcee

2. View previous personal information protection policy