Manna Company Inc. (“Company,” “we,” “us,” or “our”) may collect, store, use, and share (“process”) your personal information. This Privacy Policy explains how we process and protect your personal information when you use the Kfriday service (the “Service”), and how you may exercise your rights or resolve any related grievances. Please carefully read and review this Privacy Policy which will help you understand your privacy rights and choices.
Your Information We Collect or Receive
Personal Information You Provide Directly
Items Collected | Purpose of Processing |
Full name, nationality, email, age, address, phone number, gender | Membership registration and management |
Payment information (processed directly by third-party payment provider such as Paypal, Wise, Payletter, Portone, Alipay; we do not retain your payment instrument details) | Payment record and provision of services |
same as those collected at registration + transaction-related information (e.g., content and value of packages sent to our warehouse and/or order via Korean shops to our warehouse; spending history on our services) | Customer support |
same as those collected at registration + transaction-related information + usage data related to the Service | Service improvement and development |
same as those collected at registration +relevant platform information (e.g., social media account ids such as Instagram, Tiktok, Twitter, Youtube, if provided) | Marketing |
We do not process your special personal data, such as race and ethnicity, political opinions, religious or philosophical beliefs, genetic data, biometric data for ID purposes, health data, sexual orientation, sexual life data.
Automatically Collected When You Access Our Services
Usage information: IP address, cookies, access logs, service usage records, device information, device model, operating system type and version, and browser type and version, and records of improper usage.
Legal Bases We Rely on to Process Your Data
Consent (withdrawable at any time)
Performance of a Contract (including pre-contractual steps)
Vital interests (e.g., detecting and preventing fraud or abuse)
Public interest or official authority
Legitimate interests pursued by us or third parties, except where overridden by the interests or rights of the data subject
Retention Periods
We will delete and destroy your personal information without delay once the purpose of collection and processing has been achieved, unless retention is required by law. Specifically:
General retention: up to 12 months after collection, unless otherwise required.
Where retention is legally required:
Communications data (Protection of Communications Secrets Act): 3 months
Transaction records (Framework Act on National Taxes): 5 years
Records under the Act on Consumer Protection in Electronic Commerce:
Advertisements: 6 months
Contracts, payments, and supply of goods: 5 years
Consumer complaints or dispute resolution: 3 years
Children’s Privacy
We may collect and process personal information of children under the age of 14 only with the consent of their parent or legal guardian. Without such consent, children under the age of 14 may not use the Service. The minimum age requirement may be higher if required by applicable local laws.
Provision of Personal information to Third Parties
Outsourcing
To ensure smooth operations, we outsource certain personal information processing tasks as follows:
Processor | Outsourced Tasks | Privacy Policy |
Wise, PayPal, Portone, Alipay | Payment processing, fraud prevention, settlement of transactions | |
FedEx, UPS, DHL, Korea Post, Yamato, Aramex, SF Express, Asendia | Cross-border parcel shipping, customs clearance support, package delivery updates | FedEx, UPS, DHL, Korea Post, Yamato, Aramex, SF Express, Asendia |
When entering into outsourcing agreements, we include provisions to prohibit processing beyond the purpose of outsourcing, require technical and administrative safeguards, restrict re-outsourcing, and impose liability for damages. We also monitor whether processors handle personal information safely.
If the scope of outsourced tasks or the processor changes, we will promptly disclose such changes through this Privacy Policy.
Cross-border Transfer
We transfer personal information abroad to third-party processors. In accordance with Article 28-8(2) of the Personal Information Protection Act of Korea, we provide the following information:
Legal basis for transfer | Performance of contract with customer; customer consent |
Destination country | Depends on processor (e.g. USA, EU, Singapore, China, UAE, Japan) |
Retention period | The longer of (i) until the purpose of processing is achieved (e.g. completion of payment or delivery) or (ii) the period required by applicable law |
Timing and method | At the time of payment, information transmitted electronically via secure connection |
Items transferred | Name, email, payment method, transaction details |
Recipients(processors) | Wise, PayPal, Portone, Alipay |
Purpose of processing | Payment processing, fraud detection |
Re-outsourcing | May use local banking partners. We require processors to notify us of any re-outsourcing and to ensure equivalent safeguards. |
How to refuse transfer and effects of refusal | If refused, payment cannot be processed |
Legal basis for transfer | Performance of contract with customer; customer consent |
Destination country | Depends on processor (e.g. USA, EU, Singapore, China, UAE, Japan) |
Retention period | The longer of (i) until the purpose of processing is achieved (e.g. completion of payment or delivery) or (ii) the period required by applicable law |
Timing and method | At time of shipment booking, electronically transmitted |
Items transferred | Recipient name, address, phone, package content/value |
Recipients(processors) | FedEx, UPS, DHL, Korea Post, Yamato, Aramex, SF Express, Asendia |
Purpose of processing | International shipping, customs clearance, delivery updates |
Re-outsourcing | May use local affiliates or subcontractors in destination country. We require processors to notify us of any re-outsourcing and to ensure equivalent safeguards. |
How to refuse transfer and effects of refusal | If refused, delivery cannot be completed |
Destruction of Personal Information
Procedure
Information that has fulfilled its purpose or exceeded retention is identified and destroyed with the approval of the Chief Privacy Officer.
Methods:
Electronic files: permanently deleted with technical measures making recovery impossible.
Paper documents: shredded or incinerated.
You and Your Legal Representatives’ Rights, Obligations, and Exercise Methods thereof
You and your legal representatives have the right to:
Access your personal information
Correct inaccuracies
Request deletion
Request suspension of processing
Request transfer (portability)
Object to processing
Request explanation of automated decision-making
Requests may be made in writing, email, or fax. We will respond without undue delay. Some rights may be restricted by law (e.g., deletion cannot be granted if retention is legally required). We verify the identity of requestors to ensure lawful exercise of rights.
Security Measures
We implement the following safeguards:
Administrative Measures: internal management plans, training, limited access to personnel
Technical Measures: encryption, intrusion prevention, backup, anti-virus, access control
Physical Measures: restricted access to server and storage facilities
If information is lost, leaked, altered, or damaged due to internal error or technical accident, we will notify affected users within 72 hours.
Cookies, Tracking, and Behavioral Information
We use cookies and other tracking technologies to provide personalized services. You may refuse cookies by adjusting browser settings, but refusal may affect your ability to use some features.
Examples of tracking tools:
Tool | Type | Processor | Data Collected |
Google Analytics | Web & app analytics | Google LLC | Usage data |
Google Ads | Advertising & conversion tracking | Google LLC | Advertising and conversion data |
Meta Pixel | Advertising & remarketing | Meta Platforms, Inc. | Advertising and interaction data |
Shop/Payment Processors (Paypal, PortOne, Alipay) | Fraud prevention / transaction tracking | PayPal Holdings, Inc., PortOne, Alipay | Transaction-related metadata. |
Channel.io | Customer chat & support widget | Channel Corp. | Communication and interaction data |
Chief Privacy Officer
We have designated a Chief Privacy Officer responsible for managing personal information processing and handling your grievances and damage relief, as follows:
Chief Privacy Officer
Name: Sinsub Jeong
Position: CEO
Contact: 070-8633-0767, corp@kfriday.net
You may direct all personal information protection-related inquiries, handling grievances, or damage relief arising from using our services to our Chief Privacy Officer or the following department in charge:
Department: Customer Care
Contact: 070-8687-0333, contact@kfriday.net
Updates to this Policy
We may update this Privacy Policy to comply with law or reflect changes in our Services. Changes will be notified at least 30 days in advance, or 7 days if less favorable to you. Notice will be provided on our website or by other appropriate means.
If you continue to use the Services after such notice, you will be deemed to have accepted the changes.
Governing Law
This Policy will be governed by the laws of the Republic of Korea, unless otherwise required by GDPR or other applicable laws.
Effective Date: October 15, 2025