Privacy Policy

1. The Company discloses this Policy on the Company's website homepage or on a linked page so that users can easily review it at any time.

2. When disclosing this Policy pursuant to Paragraph 1, the Company makes it easy to read by utilizing font size, color, etc.

1. This Policy may be amended due to changes in applicable laws, guidelines, notices, government policies, or the Company's service policies or contents.

2. If the Company amends this Policy pursuant to Paragraph 1, the Company will announce the amendment by one or more of the following methods:

• a. Posting a notice on the announcements section of the homepage or through a separate pop-up window
• b. Providing notice to users by written document, facsimile, email, or similar means

3. The Company will announce amendments at least 7 days prior to the effective date. If there are material changes affecting users' rights, the Company will announce at least 30 days in advance.

1. The Company retains and uses personal information for the period necessary to achieve the purposes of collection and use.

2. Notwithstanding the foregoing, under internal policies, records of service misuse may be retained for up to one (1) year from the time of membership withdrawal to prevent fraudulent registration and use.

Retention information and period under the Act on Consumer Protection in Electronic Commerce, etc.

• a. Records on contracts or withdrawal of subscription: 5 years
• b. Records on payment and supply of goods, etc.: 5 years
• c. Records on consumer complaints or dispute resolution: 3 years
• d. Records on labeling/advertising: 6 months

Retention information and period under the Protection of Communications Secrets Act

• a. Website log records: 3 months

Retention information and period under the Electronic Financial Transactions Act

• a. Records on electronic financial transactions: 5 years

Act on the Protection and Use of Location Information, etc.

• a. Records on personal location information: 6 months

1. Information entered for membership registration, etc. will be moved to a separate database (or a separate filing cabinet for paper documents) after the purpose is achieved, stored for a certain period according to internal policies and applicable laws (see retention/use period), and then destroyed.

2. The Company destroys personal information upon approval of the person in charge of personal information protection through the required internal procedures.

1. When sending advertising information for commercial purposes via electronic means, the Company obtains the user's explicit prior consent. However, prior consent is not required in any of the following cases:

• a. If the Company collected contact information directly from the recipient through a transaction relationship, and within 6 months from the end of the transaction, sends advertising information about goods/services of the same kind as those transacted with the recipient
• b. In the case of telephone solicitation sales under the Act on Door-to-Door Sales, etc., where the caller provides notice of the source of personal information and conducts solicitation verbally

2. If the recipient expresses refusal to receive or withdraws prior consent, the Company will not send advertising information and will notify the recipient of the processing result regarding refusal/withdrawal.

3. If sending advertising information via electronic means between 9:00 PM and 8:00 AM the next day, the Company will obtain separate prior consent from the recipient regardless of Paragraph 1.

4. When sending advertising information via electronic means, the Company will clearly state the following items in the advertising information:

• a. Company name and contact information
• b. How to refuse receipt or withdraw consent

5. When sending advertising information via electronic means, the Company will not take any of the following measures:

• a. Measures to evade or obstruct refusal of receipt or withdrawal of consent
• b. Automatically generating recipients' contact information such as phone numbers or email addresses by combining numbers/symbols/characters
• c. Automatically registering phone numbers or email addresses for the purpose of sending advertising information
• d. Measures to conceal the sender's identity or the source of advertising transmission
• e. Deceiving recipients to induce replies for the purpose of sending advertising information

1. Users and their legal representatives may review or modify their registered personal information at any time and may request withdrawal of consent to collect personal information.

2. To withdraw consent for collection of registration information, users and their legal representatives may contact the person in charge of personal information protection by written document, phone, or email, and the Company will take action without delay.

1. Users may request the Company to correct errors in personal information through the methods in the preceding Article.

2. Until correction is completed, the Company will not use or provide the relevant personal information. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay so that correction can be made.

1. Users must keep their personal information up to date, and users are responsible for issues caused by inaccurate information they provide.

2. If a user registers by stealing another person's personal information, the user may lose membership eligibility or be punished under applicable personal information laws.

3. Users are responsible for maintaining the security of their email address, password, etc., and may not transfer or lend them to a third party.

1. The Company will not enter into international contracts that violate applicable laws such as the Personal Information Protection Act regarding users' personal information.

2. To provide (including access), outsource processing, or store users' personal information overseas ("Transfer"), the Company obtains users' consent. However, if the Company discloses all items in Paragraph 3 pursuant to applicable laws and notifies users by email or other methods prescribed by Presidential Decree, consent procedures for outsourcing/storage may be omitted.

3. When obtaining consent for Transfer under Paragraph 2 or notifying users in advance, the Company informs users of all of the following:

• a. Items of personal information to be transferred
• b. Country of transfer, date/time of transfer, and method of transfer
• c. Name of the recipient (for corporations, its name and the contact information of the person in charge of information management)
• d. Purpose and retention/use period of personal information by the recipient

4. If the Company transfers personal information overseas with consent, the Company will take protective measures in accordance with applicable laws and Presidential Decrees.

1. To provide personalized services, the Company uses cookies, which are small pieces of information sent by the server (http) to the user's web browser (including PC and mobile) and may be stored on the user's device.

2. Users have the option to allow cookies. Users can configure their browser settings to allow all cookies, prompt confirmation each time a cookie is saved, or refuse all cookies.

3. However, if users refuse cookies, some services requiring login may be difficult to use.

1. Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the KISA Privacy Call Center, etc. For other reports/consultation regarding personal information infringement, please contact the following organizations:

• Personal Information Dispute Mediation Committee - 1833-6972 - www.kopico.go.kr
• KISA Privacy Call Center - 118 - privacy.kisa.or.kr
• Supreme Prosecutors' Office - 1301 - www.spo.go.kr
• National Police Agency - 182 - ecrm.cyber.go.kr

2. The Company strives to guarantee data subjects' right to informational self-determination and to provide consultation and remedies for damage caused by personal information infringement. If you need to report or consult, please contact the department in Paragraph 1.

3. If a person's rights or interests are infringed due to a disposition or omission by the head of a public institution in response to requests under Articles 35 (access), 36 (correction/deletion), or 37 (suspension of processing, etc.) of the Personal Information Protection Act, the person may file an administrative appeal pursuant to the Administrative Appeals Act.

Central Administrative Appeals Commission: 110 (www.simpan.go.kr)