Privacy Policy

This Privacy Policy is a guideline to protect users' valuable personal information and rights, and to smoothly handle users' grievances related to personal information. The Company collects, uses, and provides personal information based on user consent and complies with relevant laws.

1. Collection of Personal Information

① The Company collects only the minimum personal information necessary to provide services.

② The Company processes required items necessary to provide services with the user's consent.

③ Personal information may be collected without consent when there are special provisions in laws or to comply with legal obligations.

④ The Company processes personal information within the retention and use period under relevant laws or the period agreed upon when collecting personal information.

⑤ The personal information items and collection/use purposes collected by the Company are as follows:

• Required collection items: Name, address, gender, date of birth, email address, mobile phone number, encrypted identity verification information
• Collection and use purpose: Prevention of service misuse, grievance handling and dispute resolution
• Retention and use period: Destroyed without delay when the collection/use purpose is achieved (however, certain items are retained for a certain period according to relevant laws)

2. Purpose of Using Personal Information

The user's personal information collected by the Company is collected and used only for the purposes below. Personal information is not used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent from users in advance will be implemented.

• ① Service provision, service maintenance and improvement, new service provision, stable service use environment provision
• ② Prevention of unauthorized use, restriction of violations of laws and service terms, consultation and dispute resolution related to service use, record preservation for dispute resolution, individual notification
• ③ Service usage statistics, customized service provision through analysis of service access/usage records
• ④ Marketing information guidance and participation opportunity provision, advertising information provision

3. Provision of Personal Information to Third Parties

In principle, the Company does not provide or disclose users' personal information to third parties. However, there are exceptions in the following cases:

• When the user has consented in advance to provision for service use
• When there are special provisions in laws or it is unavoidable to comply with legal obligations
• When there is an urgent risk to the life or safety of the user or third party in a state where the user's prior consent cannot be obtained and it is necessary to eliminate it

4. Entrustment of Personal Information

① Entrustment of personal information processing means entrusting personal information to an external trustee for the business processing of the person providing the personal information. Even after personal information is entrusted, the entruster (the person who provided the personal information) is responsible for managing and supervising the trustee.

② The Company may entrust the processing of users' personal information, and in this case, information about the entrustment will be disclosed through this Privacy Policy without delay.

5. Additional Use and Provision Judgment Criteria

When the Company uses or provides personal information without the consent of the data subject, the personal information protection officer checks whether additional use or provision of personal information is being made by considering the following matters:

• Whether it is related to the original collection purpose
• Whether there is predictability for additional use or provision of personal information in light of the circumstances of collecting personal information or processing practices
• Whether it unfairly infringes on the interests of the data subject
• Whether necessary measures have been taken to secure safety such as pseudonymization or encryption

6. User Rights and How to Exercise Rights

Users can exercise the following rights as data subjects:

① Users can exercise their rights to view, correct, delete, and request suspension of processing of their personal information at any time through writing, e-mail, etc. to the Company.

② When a user requests correction of errors in personal information or requests suspension of processing, the Company does not use or provide the personal information until the correction is completed or until the request for suspension of processing is withdrawn.

③ The exercise of rights in this Article may be restricted in accordance with relevant laws on personal information and provisions of other laws.

7. Rights Exercise of Child Users Under 14 Years Old and Their Legal Representatives

① The Company must request the consent of the legal representative to process the personal information of child users, including collection, use, and provision.

② Child users and their legal representatives may request necessary measures for personal information protection such as viewing, correcting, and deleting the child user's personal information as themselves and their legal representatives to the Company in accordance with relevant laws on personal information and this Privacy Policy, and the Company must respond without delay.

8. Destruction and Retention of Personal Information

① In principle, the Company destroys the personal information without delay when the personal information processing purpose is achieved.

② In the case of electronic file format, it is safely deleted so that it cannot be recovered and regenerated, and in the case of personal information recorded and stored on paper such as other records, printouts, and documents, it is destroyed by shredding or incineration.

③ When relevant laws stipulate information retention for a certain period, personal information is safely retained for that period in accordance with the regulations.

9. Personal Information Protection Officer

The Company designates and operates a personal information protection officer as follows to take overall responsibility for personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing:

10. Reporting and Consultation on Personal Information Infringement

Data subjects can contact the following organizations if they need to report or consult on other personal information infringements:

• Personal Information Infringement Report Center: privacy.kisa.or.kr | 118 (no area code)
• Supreme Prosecutors' Office Cyber Investigation Department: spo.go.kr | 1301 (no area code)
• National Police Agency Cyber Safety Bureau: cyberbureau.police.go.kr | 182 (no area code)

11. Changes to Privacy Policy

The Company's Privacy Policy may be changed according to relevant laws and internal policies. When the Privacy Policy is changed such as addition, modification, or deletion, the Company announces it through the website at least 7 days before the effective date. However, in the case of important changes to user rights, it will be announced at least 30 days before the effective date.

12. Measures to Ensure Safety of Personal Information

The Company takes the following technical/managerial and physical measures necessary to secure the safety of personal information in accordance with relevant laws: