Governance

Strengthening sustainability through responsible governance

As the highest decision-making body for sustainability, the Board of Directors provides leadership on long-term sustainable management and monitors related risks.

With the compliance and ethical values as its foundation, OLIVE YOUNG establishes the internal standards and advances its compliance system.

OLIVE YOUNG clearly recognizes the importance of information security and personal data protection. To prioritize the safeguarding of customer information, the company has established and maintains a company-wide data security management system.

01 Board of
Directors

Board of Directors
Classification Name Gender Career Details Term of Office Affiliated Committee
Executive Director Lee Sun-jung Female CEO of CJ OLIVE YOUNG Corp. 1) January 18, 2023 to March 18, 2026 Independent Director Nomination Committee
Compensation Committee
Jang Ji-min Male Head of Management Support, CJ OLIVE YOUNG Corp. March 31, 2025 to March 18, 2028 Audit Committee
Compensation Committee
Other non-executive director Lee Jong-hwa Male Head of Portfolio Strategy Team 2, CJ Corp. January 18, 2023 to March 18, 2026 Compensation Committee
Independent Director Jang Geum-ju Female Professor, School of Business Administration, University of Seoul March 31, 2025 to March 18, 2028 Audit Committee
Independent Director Nomination Committee
Compensation Committee
Huh Sung-wook Male Professor, School of Law, Seoul National University March 31, 2025 to March 18, 2028 Audit Committee
Independent Director Nomination Committee
Compensation Committee

1) To ensure efficient business operations and strategic consistency based on a strong understanding of the health and beauty industry, the CEO also holds the position of Chairman of the Board.

02 Committees
under
the Board of
Directors

  • Audit Committee
  • Independent
    Director
    Nomination
    Committee
    Compensation
    Committee
  • Compensation
    Committee

03 Board Expertise
Training

Grounded in a foundation of compliance and ethical values, Olive Young establishes internal standards and strengthens its voluntary compliance system.

01 Compliance
Management
System

OLIVE YOUNG Code of Conduct

Olive Young has established a Code of Conduct to guide proper behavior and ethical decisions in its relationships with customers, shareholders, partners, and the global community, and to play a vital role in social and economic progress. We will actively carry out ethical management, based on the Code of Conduct which reflects CJ's management philosophy, to ensure sustainable growth in the global market and become a respected and trusted company.

KOREAN ENGLISH CHINESE
JAPANESE VIETNAMESE INDONESIAN
  • Our promise to customers

    We are committed to delivering ethical and honest ONLYONE products and services to our customers and ensuring secure protection of their personal information.

  • Our promise to shareholders and investors

    We adhere to disclosure principles, strictly manage insider information and comply with and protect policies regarding confidential business information.

  • Our promise to CJ employees

    We seek to create a healthy and safe workplace, striving for a balance between respect for colleagues and protection of privacy.

  • Our promise to partners

    We compete fairly to reinforce trade order and deal with partners honestly for a mutually beneficial industrial ecosystem.

  • Our promise to global community

    We strive to realize social values through respecting human rights and protecting the environment, while respecting the international trade order and the relevant laws of each country.

Compliance Management Committee

In July 2019, Olive Young enacted and enforced the Compliance Management Committee regulations, and in August 2019, the CEO publicly expressed the company's commitment to compliance through a declaration to reinforce compliance management. The Compliance Management Committee holds an annual meeting to review and approve major matters in regards to compliance management.

Compliance Management Committee Regulations

Defines the basic procedures and key matters for the composition of the Compliance Management Committee and the implementation of ethical management.

Compliance Management Committee Status
Compliance Management Committee Status
Category
(date)		 Details of Activity
1st meeting
(July 2019)		 Introduction of Compliance Program for Fair Trade, etc.
2nd meeting
(September 2020)		 CP performance report, Compliance WEEK, etc.
3rd meeting
(November 2021)		 Report on CP risk identification and inspection results, resumption of CP working group meetings, etc.
4th meeting
(November 2022)		 Details withheld for confidentiality reasons.

ISO 37301 (Compliance Management Systems)

Olive Young acquired the ISO 37301 certification to internalize a culture of compliance throughout the company and build a compliance management system adhering to global standards. We continue to monitor changes in domestic and international regulations and advance our compliance management system by appointing compliance coordinators in each organizational unit.

02 Compliance
Program

OLIVE YOUNG Compliance Program

To promote ethical management and prevent legal risks, Olive Young operates a Compliance Program (CP) — a system designed to voluntarily ensure adherence to fair trade and related laws.

8 Components of OLIVE YOUNG
Compliance Program

STEP1. Established Compliance
System for OLIVE YOUNG
  • 01 Establish and
    implement CP
    standards and
    procedures
  • 02 CEO's
    commitment
    to
    compliance
  • 03 Designate
    and
    operate
    compliance
    managers
  • 04 Produce and
    utilize
    compliance
    manual
STEP2. Operation and Stabilization
  • 05 Conduct
    compliance
    training
  • 06 Establish
    internal
    monitoring
    system
  • 07 Penalize
    employees
    who violate
    laws and
    regulations
  • 08 Evaluate CP
    effectiveness
    and
    adopt
    measures for
    improvement

Manual and Training for Compliance

Olive Young has a compliance manual based on the applicable business laws, which is readily accessible to all employees at all times. Moreover, through the compliance training held periodically across the company within each department, we are striving to raise awareness of compliance and foster a right sense of compliance among employees.

Internal Monitoring System

The dedicated compliance team conducts continuous or periodic monitoring on departments and areas prone to ethical violations. In the event of an issue, the team responds promptly, analyzing the causes and results thoroughly and taking steps to prevent recurrence. The Compliance Management Committee reviews and approves disciplinary actions for violators, as identified by Internal Monitoring System, and also determines future plans and strategies of the compliance program.

01 Data Security
System

Data Security and Privacy Policy

CJ Olive Young complies with both domestic and international data privacy regulations and has established Data Security and Privacy Policy that aligns with its business practices and corporate culture. It contains data security rules and 13 specific guidelines for practical use and is reviewed and revised regularly, at least once a year. Furthermore, the company makes the privacy policy readily accessible on each service website, enabling customers to review it any time. CJ Olive Young protects customers' personal data with the highest priority in accordance with its privacy protection principles.

Link to privacy policy

Information Security Committee

Olive Young holds an Information Security Committee meeting once a year. Olive Young is enhancing its information security management system under the leadership of the Chief Information Security Officer (CISO) and the Chief Privacy Officer (CPO) within the Information Security Center.

  • Information
    Security
    Committee

    • Presided by CISO
    • Held periodically (once a year)

  • Information
    Security Center     Chief Information
    Security Officer
    (CISO)     Chief Privacy
    Officer (CPO)

    • Overseeing Data Privacy and Information Security Issues and Collaborating on Data Security Policies
    • Reporting Security Matters to CEO When Necessary

ISMS-P Certification

Olive Young has obtained ISMS-P (Information Security Management System & Personal Information Protection) certification, a national standard in South Korea for information and privacy protection. Through the operation of its online platforms — including Olive Young Online Mall, Global Mall, and D.PLOT — the company continues to elevate its security posture and strengthen personal data protection efforts.

ISMS-P Mark

Scope Online shopping malls
(Olive Young Online Mall, Global Mall)

Validity period Until December 5, 2026

02 Data Security
Management

Simulated Training for Data Leak Incidents

To reinforce its cybersecurity response capabilities across the company, we conduct simulated training based on various security threat scenarios, at least once a year. Simulations raise awareness of security incidents among all employees and help them experience how to respond promptly in real-life situations.

Regular Simulation-Based Training

  • Simulated leak incident

    Various threat, scenarios are applied

  • Response training

    Relevant departments participate to experience the necessary response procedures

  • Training result analysis

    Areas for improvement are identified and integrated into future trainings

Incident Response Manual

We take thorough preventive and corrective security measures, develop and distribute internal incident response manuals for various types of incidents, such as intrusions, data leaks, and ransomware infections. The Response Manual for Personal Data Leak provides detailed procedures based on laws, and also remediation procedures to minimize the impact of data breaches, helping employees respond promptly and effectively.

Personal Data Breach Response Procedures

  • Security incident identification

    Identifying and reporting a security incident

  • Security incident response

    Reporting to regulatory bodies, analyzing the risks and taking corrective actions promptly

  • Follow-up measures

    Analyzing the cause and establishing measures to prevent recurrence

Data Security Trainings for Employees

We require all employees, including executives, to sign an information security pledge and conduct information protection training at least once a year. Additionally, personal information handlers receive specialized training that covers legal updates and personal information protection measures.

03 Partner Data
Security

Preventive Data Security Measures
Frequency
At least once a year
Target
Employees of partners handling personal information
Content
Understanding personal data and protection principles at each stage, signing a security pledge
Partner Security Audits
Frequency
At least once a year
Target
Registered partners, etc.
Content
Inspecting personal data management status through the Personal Information Protection Association (OPA), providing support to implement corrective measures to overcome deficiencies found
Evaluation and Guidance on Personal Data Protection
Frequency
As needed
Target
Registered partners, etc.
Content
Evaluating data security and privacy measures of partners during contract negotiations and helping implement corrective measures for any identified deficiencies