The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

① The Company processes and retains personal information within the period of personal information retention and use under the Act or within the period of personal information retention and use agreed upon by the information subject.

② The processing and retention period of each personal information is as follows.

The Company does not collect personal information for children under the age of 14.

① The Company provides personal information to third parties only in cases that comply with Articles 17 and 18 of the Personal Information Protection Act, such as with the information subject's consent or specific legal provisions.

② The Company processes personal information of the information subject only within the scope notified to the information subject or as specified in the Terms of Service, and does not use the information beyond the scope or provide it to a third party. However, if stipulated in laws or regulations, the Company may provide personal information under the provisions of lawful procedures.

① The Company entrusts the processing of personal information as follows for an efficient processing of personal information.

② The Company, when signing an outsourcing contract, specifies matters related to responsibilities, such as prevention of personal information processing for purposes other than the purpose of outsourcing, technical and managerial safeguards of personal information, prohibition of sub-outsourcing, management and supervision of the entity who provides outsourcing services, and damage compensations, etc., to supervise whether the outsourcing service provider safely processes personal information, pursuant to Article 26 of the Personal Information Protection Act.

③ If there are changes in the outsourced work or the outsourced entity, this privacy policy will be updated promptly.

① The Company deletes personal information without delay when personal information becomes unnecessary, such as when the retention period has expired, or the purpose of processing has been achieved.

② If personal information must be retained under other relevant laws or regulations after the retention period of personal information, for which consent was obtained from the information subject, has expired or the processing purpose has been achieved, the Company shall move the relevant personal information to a separate database (DB) or store it in a different location for preservation.

③ The procedures and methods of deleting personal information are as follows:

- The Company selects personal information for deletion when there is a reason for deletion and deletes the personal information upon approval from the Chief Privacy Officer.

- The Company deletes personal information recorded and stored in electronic file format in a manner that ensures the information cannot be reproduced, and personal information recorded and stored on paper is shredded using a shredder.

① The information subject may exercise the rights of access, correction, deletion, suspension of processing against the Company at any time.

② The exercise of rights under paragraph 1 may be conducted in writing, e-mail, fax, etc. pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take immediate action.

③ The exercise of rights may be conducted through an agent, such as the legal representative of the information subject or a person authorized by him/her. In this case, the information subject should use the power of attorney form provided in Appendix 11 of the Notification on the Personal Information Processing Methods (No. 2020-7).

④ The rights of the information subject to request access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.

⑤ Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information is subject to collection.

⑥ The Company verifies whether the person exercising the rights of access, correction, deletion, suspension of processing, is the information subject himself/herself or a legitimate representative.

The Company takes the following measures to ensure the security of personal information

① The Company may use "cookies" that store and recall usage information from time to time in order to provide individual customized services,

② Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on the user's PC computer's hard disk.

1. Purpose of Use of Cookies: Cookies allow users customized information by providing visiting patterns and types of use, popular searches, and secure access, etc.

2. Set up, Operation and Refusal of Cookies: Tools at the top of your web browser > Internet Options> Settings > Options in Private Information Menu to save or refuse cookies.

3. Refusing to save cookies may cause difficulties in using customized services.

① The Company is in charge of personal information processing, and the officer in charge of personal information protection is designated as follows for handling complaints, damage relief, etc. of the information subject related to personal information processing.

② The information subject may contact the Chief Privacy Officer and the department in charge of all personal information protection inquiries, complaints, damage relief, etc. arising from the use of the Company's services (or business). The Company will respond and handle inquiries from the information subject without delay.

① The information subject may request access to personal information under Article 35 of the Personal Information Protection Act.

② The Company will respond and handle inquiries from the information subject without delay.

Information subjects can seek remedies for personal information infringement by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, and other relevant agencies. For further reports or consultations on personal information infringement, please contact the following organizations.

① If there is an addition, deletion, or modification of the contents of this privacy policy, it will be notified on the website seven days before the change is implemented.

② This privacy policy is effective from March 28, 2025.