Effective Date: May 5, 2026
Last Updated: May 5, 2026
1. Introduction
Crescent Seoul Co., Ltd. (hereinafter “Crescent Seoul,” “we,” “us,” or “our”) takes the protection of your personal information seriously. We comply with the Personal Information Protection Act of the Republic of Korea, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data-protection laws. This Privacy Policy describes how we collect, use, share, and protect personal information through https://www.crescentseoul.com and through our cosmetics OEM/ODM project-management services.
2. Information We Collect
We collect and process the following categories of personal information:
Contact information: full name, email address, company name, job title, phone number (optional)
Company information: business registration number, destination market, company website, brand stage (e.g., startup, established brand)
Project information: product category, target MOQ, formulation and packaging ideas, design files, marketing claims
Billing and payment information: invoicing details, remitter information (for bank-evidence purposes), DHL account number (at shipping)
Site usage data: IP address, browser and OS, pages visited, cookies, Google Analytics 4 events
Other: inquiry, consultation, and call notes; email and messaging history with our team
3. Purposes of Collection
We use the information we collect only for the following purposes:
Consultation and quoting: initial filtering, discovery calls, Call Prep document preparation, initial quote delivery
Project management: brief review, sample and packaging catalog dispatch, CT and PPS confirmation, mass-production coordination
Contracts and payments: NDA and contract e-signature, invoice issuance, payment reconciliation, refunds and settlements
Shipping coordination: DHL waybill creation, CI/PL/MSDS preparation, country-specific regulatory filings
Legal compliance: tax invoicing, customs documentation, compliance with cosmetics and customs regulations
Site operations: traffic analysis, content performance measurement, security monitoring
We do not use personal information for marketing, advertising, or any other purpose unrelated to your project. Marketing communications such as our newsletter are sent only to recipients who have explicitly opted in.
4. Sharing and Disclosure
We never sell or rent personal information to third parties.
To the extent strictly necessary to fulfill your project, we may share information with the following trusted partners:
Cosmetics manufacturers — brief, design, and volume information for formulation, sample production, and mass production
Packaging suppliers (containers, cartons, labels) — design, quantity, and shipping-destination information
Logistics carriers (e.g., DHL) — recipient information for waybill generation and customs clearance
Payment gateways and banks (e.g., Shinhan Bank SWIFT, PayPal) — payment and remittance processing
Regulatory authorities (e.g., EU CPNP, US FDA / MoCRA) — mandatory product registrations and notifications
Service providers (e.g., Cloudflare, AWS SES, Google Analytics, Anthropic) — hosting, email delivery, analytics, and AI-assisted operations
We may disclose information to authorities when required by law. With your separate consent, project deliverables or testimonials may be featured on our portfolio, blog, or social channels.
5. Data Retention
We retain personal information only for as long as is necessary to fulfill the purposes described in this Policy and to comply with our legal obligations:
Inquiry and quote-stage data that does not result in a transaction: up to 3 years from the last communication
Contract and payment records: 5 years after the end of the transaction (as required by Korean e-commerce and tax law)
Shipping and regulatory documents: for the period required by applicable law (for batch traceability)
Newsletter subscribers: deleted immediately upon unsubscription (email and unsubscribe token)
Once the legal retention period ends, the relevant information is securely deleted or destroyed.
6. Security Measures
We protect your personal information against unauthorized access, disclosure, leakage, alteration, and loss with the following measures:
Transport encryption (HTTPS / TLS 1.2 or higher, with HSTS)
Sensitive assets (design originals, MSDS, etc.) stored in a private R2 bucket and exposed only via short-lived presigned URLs
Admin-area access control, hashed passwords, and protected sessions
Cloudflare Turnstile to mitigate spam and bot abuse
Regular backups, access logging, and security headers (HSTS, CSP, X-Frame-Options, etc.)
7. Your Rights
Subject to applicable law (including GDPR and CCPA), you have the following rights:
Right to access, rectify, or erase your personal information
Right to restrict or object to processing
Right to data portability
Right to withdraw consent (for marketing communications)
Right not to be subject to solely automated decision-making (where applicable)
To exercise any of these rights, please contact us at:
Email: [email protected]
8. International Data Transfers
Crescent Seoul is headquartered in the Republic of Korea. By the nature of our service, personal information collected from clients in the EU, the United States, and other regions is transferred to and processed in Korea.
For transfers from the European Economic Area (EEA), we apply Standard Contractual Clauses (SCCs) or equivalent safeguards under Article 46 of the GDPR. Clients in other regions receive a substantively equivalent level of protection as described in this Policy.
9. Cookies and Analytics
Our Site uses the following tools to analyze usage and improve user experience:
Google Analytics 4 (GA4) — pageviews, traffic sources, and journey analysis
Cloudflare — CDN caching, DDoS protection, and bot detection
Authentication session cookies — first-party cookies used to keep you signed in (no third-party tracking)
You can refuse cookies via your browser settings, although some Site features may be limited as a result.
10. Third-Party Links
Our Site may contain links to third-party websites (e.g., LinkedIn, Instagram, YouTube, payment pages, external resources). We are not responsible for the privacy practices of those sites; please review their policies separately.
11. Changes to This Policy
We may update this Privacy Policy from time to time due to changes in laws, services, or company policy. Updates will be posted on this page, and the “Last Updated” date will be revised accordingly. Material changes will also be communicated separately (e.g., via email or a Site notice).
12. Contact
For questions about this Privacy Policy, please contact us at:
Crescent Seoul Co., Ltd.
Email: [email protected]
Address: Seoul, Republic of Korea