Privacy Policy

01. Purpose of Privacy Protection Policy

‘McDonald’s Korea LLC.’ (The “Company”) regards personal information of our customers as important and complies with the laws and regulations regarding protection of customers’ Personal Information including ‘the promotion of information and communication network use and protection of information’.
Through this privacy protection policy (the “Policy”), the Company informs its customers of the purpose of use and method for personal information provided by them and the measures taken by the company for privacy protection. If it modifies or revises its privacy protection policy, the Company will make public notice of the details and reason of such modification or revision through notice page of application or individual notice without delay.

02. Purpose of Using Information to be Collected

Company collects and uses personal information for the following purposes.

03. Personal information items to be collected

  1. 3_1 Q) What are required Personal Information items collected by the Company and the purpose and method of such collection and use? In order to provide services to customers, the Company collects and uses the Personal Information of customers as follows
    Type Purpose of collection and use Items collected and used and method of collection
    Required Provide application service Name, mobile phone number, ID (e-mail), password and order history
    Respond to customer inquiries and civil complaint Name, contact, name of stores used, e-mail, and matters of inquiry or civil complaints (including attached file) provided by the customers of Application while making their customer inquiries
    Analyze customers and provide customized services Name, mobile phone number, ID (e-mail), password and order history
  2. 03_2. Q) What are the selective items of Personal Information collected by the Company,purpose of collection and use and method of collection? In order to provide giveaway and various event benefits to the customers, the Company collects and uses the following Personal Information.
    Type Purpose of collection and use Items collected and used and method of collection
    Selective Provide information related to various events and goods Name, ID(e-mail), contact and address of Customers through coupon
    Carry out customized marketing activities by Customers and Customer analysis Personal Information (name, sex, birth date, mobile phone number, e-mail and order history) provided by the Customers while becoming a member of Application

04. Period of retention and use of Personal Information collected

  1. Q) Until when the Company will retain Personal Information collected by it?
    1. 1. Company retain and use personal information of customers from the date of their consent to personal information processing to the date of finalization of withdrawal of membership (For selective personal information, this period shall be up to the date of withdrawal of either consent to such processing or membership)
    2. 2. Notwithstanding the foregoing Paragraph 1., Company may retain Personal Information for the period as required by the laws in cases where the Company shall retain the Personal Information under other laws including the Act on the Consumer Protection in the Electronic Commerce Transactions as follows.
      - Act on the Consumer Protection in the Electronic Commerce Transactions.
      . Record of contract entered into and cancelled: 5 years
      . Record of payment and supply of goods: 5 years
      . Record of treatment of consumer complaint or disputes: 3 years
      - Communications Privacy Act
      Record of login: 3 months
    3. 3. Notwithstanding the foregoing Paragraph 1., the Company will discard Personal Information of Customers who have not used McDoonald’s service for not less than 1 year. Provided that, if any special provisions are prescribed in other laws and regulations, the Company shall comply with those provisions.

05. Matters of consignment of Personal Information processing

  1. 05_1. Q) Does the Company consign Personal Information processing? For smooth handling of service provision and customer information, the Company consign Personal Information processing to other companies as follows:
    Consignee Duties consigned
    MILVUS Handle civil complaint
    CapGemini Handle civil complaint and system maintenance
    McDonald’s Corporation Handle system maintenance and operation
    AWS Handle server hosting
    Microsoft Azure Handle server hosting
    Plexure Implement customized app services and send ads
  2. 05_2. Q) Are there cases where the Company consigns Personal Information processing with consent of Customers? In order to provide information and promotion (including giveaways and various event benefits) related to McDoonald’s to customers, the Company consigns the processing of Customer’s information as follows.
    Consignee Duties consigned
    Daewon Tax Consulting LLC. Report incomes related to various promotion giveaway
    MILVUS Carry out Customer analysis and report the result thereof by utilizing the gender, order information, mobile phone number and e-mails provided by the Customers while becoming a member and making an order.
  3. 05_3. Q) Among the above consigned duties, is there a case where the company consigns the processing of personal information to a foreign firm? The company may consign the processing of the above personal information to an overseas corporation, and the consigned duties are as follows.
    Consignee Duties Consigned
    McDonald’s Corporation Personal Information Item Name, mobile phone number, e-mail, password and order history
    Country and Person in Charge USA (1035 W Randolph St, Chicago, IL 60607) (contact.privacy@us.mcd.com)
    Consignment Date and Method Send encrypted data when signing up and using membership
    Duties Consigned Handle system maintenance and operation
    Period Until withdrawal of membership or termination of consignment contract
    Amazon Web Service Inc. Personal Information Item Name, mobile phone number, e-mail, password and order history
    Country and Person in Charge Singapore (27 Tampines Street 92, Singapore 528878) (aws-korea-privacy@amazon.com)
    Consignment Date and Method Send encrypted data when signing up and using membership
    Duties Consigned Handle server hosting
    Period Until withdrawal of membership or termination of consignment contract
    Microsoft Azure Personal Information Item Name, mobile phone number, e-mail, password and order history
    Country and Person in Charge Netherlands, Agriport 601, Middenmeer Ireland, Leopardstown, Dublin (azuresupport@microsoft.com)
    Consignment Date and Method Send encrypted data when signing up and using membership
    Duties Consigned Handle server hosting
    Period Until withdrawal of membership or termination of consignment contract
    Plexure Personal Information Item Name, mobile phone number, e-mail, password and order history
    Country and Person in Charge USA (2021 Midwest Road Suite 200 Oak Brook Chicago, IL) (datacompliance@plexure.com)
    Consignment Date and Method Send encrypted data when signing up and using membership
    Duties Consigned Implement customized app services and send ads
    Period Until withdrawal of membership or within 30 days from termination of consignment contract
    Capgemini America, Inc. Personal Information Item Name, mobile phone number, e-mail, password and order history
    Country and Person in Charge USA (79 Fifth Avenue, 3rd Floor, New York, New York 10003) (dataprivacyoffice.nar@capgemini.com)
    Consignment Date and Method Send encrypted data when signing up and using membership
    Duties Consigned Handle app and system development, maintenance and repair
    Period Until withdrawal of membership or termination of consignment contract

06. Matters of provision of Personal Information to a 3rd party

  1. Q) Which Personal Information is required for the Company to provide to a 3rd party? In Principle, the Company uses the Personal Information of members within the scope consented by them and will not use or provide to others or other company and institutions beyond such scope. Provided that the Company may use and provide such Personal Information under the procedure and manner as required by the laws and regulations to the extent that the Company is required to submit Personal Information under applicable laws and regulations.

07. Matters of process and method of destruction of Personal Information

  1. Q) How the Company destructs Personal Information? After identifying any Personal Information to be destructed, the Company permanently delete any personal information stored in the form of electric file by using technological method making that information not to be regenerated. Otherwise, the Company destructs personal information in a form of hard copies, record, document or stored in other record means by shredding with a pulverizer or incinerating it. Provided that, if any Personal Information shall be retained under other laws, the Company will retain such Personal Information for the period as set forth in Paragraph 3 (2) hereof.

08. Matters of measures to secure security of Personal Information

  1. Q) Which measures are taken by the Company for secure security of Personal Information? Company takes the following measures to secure security of Personal Information.
    1. • Managerial measures- establish and execution of internal management plan and provide regular IP protection education for the staffs
    2. • Technical measures- manage access authority to IP processing system, install access control system, encryption of identification information and install security programs.
    3. • Physical measures- have access control for the place for storing Personal Information the computer room and data storage room

09. Matters of right and obligations of information subject and method of exercise of them

  1. Q) Which rights the Customer and its legal representative have and how such rights are exercisable?
    1. A. Customers and their legal representatives may access and make corrections on their personal information registered at any time and request deletion or withdrawal of their consent to provision of such information to the Company.
    2. B. Company does not collect any Personal Information of children under 14. Provided that , upon request of their legal representatives, the Company will guarantee their legal rights (including right to access, make corrections, delete and suspend processing of their Personal Information)
    3. C. If any Customer desires to access, make corrections, delete him or her Personal Information and when he or she make customer inquiries in the Application or contact any customer service or responsible staff for Personal Information management, the Company will take measures without delay.
    4. D. If any Customer requests to the Company to correct the error of personal information, the Company will not use or provide that personal information until the correction of such error is completed. Moreover, if we have already provided incorrect personal information to a third party, we will make that incorrect information corrected by informing the result of correction to that third party without delay.

10. Operation of Cookie

The Company does not install or operate any ‘cookie,’ which saves and identifies your information frequently.

11. Matters of responsible person for protecting Personal Information

  1. Q) For any inquiry on Personal Information processing, how the Customer act? The Company designates the following department and person in charge of personal information in order to protect personal information of customers and deal with complaints from customers:
    1. • Customer service center: +82-80-208-1588
    2. • Name of person in charge of personal information management: Kim, Cheolhong
    3. • E-mail: DataPrivacy@kr.mcd.com
    If you need to report on or consult about infringement of personal information, please contact the following institutions:
    1. 1. Personal Information Dispute Mediation Committee
      (http://privacy.kisa.or.kr/kor/committee/committee03_new.jsp)
    2. 2. Information Protection Mark Certification Committee
      (www.eprivacy.or.kr/ 02-580-0533~4)
    3. 3. Internet Crime Investigation Center of the Central Public Prosecutors Office
      (http://www.spo.go.kr/ 02-3480-2000)
    4. 4. National Police Agency Cyber Terror Response Center
      (http://www.netan.go.kr/ 02-393-9112)

12. Change in Privacy Policy

This policy will be revised and implemented from 11/23/2021.

See previous privacy policy (from 07/01/2019 to 11/22/2021).