1. personal information we collect and how we process it

• A. Items of personal information we collect
  • Required information: We collect and process user's ID, password, name, date of birth, contact information (email, mobile phone number), identification value (CI, DI), legal representative information for minors under the age of 14, and nationality for foreigners when registering.
  • Optional Information: You may provide a minimum amount of information (Optional Information) at your option, and the Company may process it only if you enter the information. However, if the user does not enter the optional information, there is no restriction on the use of the service.

    • Step-by-step personal information collection

      1. Steps to sign up
      A. Individual Members

      • Required fields: ID, password, name, date of birth, gender, contact information (email, mobile phone number), and identification value (DI).
      A. Minor Members under the age of 14

      • Required fields: ID, password, name, date of birth, gender, identification value (CI, DI), legal representative information(name, credentials, email)
      B. International foreign members

      • Required: Username, Password, Date of Birth, Gender, Email, Nationality
      D. SNS Easy Login Members

      • Required fields: ID, mobile phone number, email
    • 2. authentication steps
      When verifying your identity

      • Name, date of birth, gender, domestic/foreigner, mobile phone number, mobile carrier information (optional) or i-pin information (optional), and identification value (CI, DI) are collected for service provision, when consent of a legal representative is required, and when identification is required to comply with applicable laws.
    • 3. Other procedural personal information collection items

      In the process of using the service, the following information is automatically generated and collected.

      • IP address, cookies, date and time of visit, service usage history, bad usage history, device token when installing mobile apps, device information (model name, OS version, device license number, firmware version, etc.), carrier information
        The following information is collected automatically when you use the Help Center.
      • PC Web Customer Center: ID, email
      • Mobile Customer Center: ID, email, device information (model name, OS version, firmware version)
    • 4. Optional Personal Information Collected

      In the process of applying for additional services and events using an ID, the following information is collected only for users of such services (members who have separately agreed).

      • Optional: username, email, phone number, address, name, contact number
      B. How we handle personal information

      We process personal information in the following ways

      • Homepage, mobile, paper form, fax, phone, contact us, email, event entry, shipping request
      • From our partners
      • Collection through the Generated Information Collection Tool
      A. Handling Unique Identifiers

      We process personal information in the following way

      • Uniquely identifiable information is defined in Article 24 (1) of the Personal Information Protection Act and Article 19 of the Enforcement Decree of the Personal Information Protection Act as "information prescribed by presidential decree" and refers to resident registration numbers, passport numbers, driver's license numbers, and alien registration numbers.
      • The Company collects and processes uniquely identifiable information for the following purposes
        • Complying with obligations to use transaction and payment services
        • Charging taxes to in-kind prize winners
      • The uniquely identifiable information collected will not be used or provided for any purpose other than the purpose of personal information processing, except as stipulated by the Personal Information Protection Act or other laws, and is encrypted and securely managed.

2. purpose of processing personal information

The Company processes personal information for the following purposes and does not use it for purposes other than the following, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

• A.Fulfillment of contracts for the provision of services and settlement of charges for the provision of services

  Provide content, provide certain personalized services, deliver goods or send invoices, authenticate, pay for purchases and bills, and collect payments.

• B.Member Management

  Provision of membership services, personal identification, use restriction measures for users who violate the terms of use, sanctions for acts that interfere with the smooth operation of the service and illegal use of the service, confirmation of the intention to subscribe, limit the number of subscriptions and subscriptions, confirmation of the consent of the legal representative when collecting personal information of children under the age of 14, confirmation of the consent of the legal representative when proceeding with payment for minors under the age of 19, confirmation of the identity of the legal representative in the future, record keeping for dispute settlement, handling of complaints such as complaint handling, delivery of notices, confirmation of the intention to withdraw from membership

• C.Developing new services and utilizing marketing and advertising

  Developing new services and providing customized services, providing services and displaying advertisements according to statistical characteristics, verifying the validity of services, providing event information and participation opportunities, providing advertising information, identifying access frequency, and statistics on members' use of services

3. sharing and providing personal information

The Company uses users' personal information within the scope notified in "2. Purpose of processing personal information" and does not use it beyond the scope or disclose the user's personal information to the outside without the user's prior consent. However, the following cases are exceptions.

• A.If the user has given prior consent

  If there is a situation where personal information is shared or provided to a third party separately when using the Service, the Company will notify the user in advance or obtain consent in accordance with the 「 Personal Information Protection Act」and 「Act on Promotion of Information and Communications Network Utilization and Information Protection 」 and the 「 SMS Privacy Policy」.
  [Third-party sharing and providers of personal information].
  Providers: TOSPAYMENTS, credit card companies (Shinhan, Samsung, Lotte, Nonghyup, Hyundai, Kookmin, Hana, BC)
  Purpose: Content license payment

• B. Our Other Services
• c. In accordance with the provisions of laws and regulations, or at the request of an investigative agency in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation.

4. Delegation of Personal Data Processing

The Company entrusts the processing of personal information as follows to improve its services, and stipulates the necessary matters in accordance with Article 26 of the Personal Information Protection Act when contracting with entrusted processing organizations, and supervises the safe processing of personal information.
The company's personal information consignment processing organizations and consignment tasks are as follows.
Some services may provide customer service for payment and refunds from external content providers.

5. PersRetention and use period of personal information

In principle, users' personal information is destroyed without delay when the purpose of processing personal information is achieved. However, the following information will be retained based on Article 21 of the Personal Information Protection Act for the retention period specified as the reason for retention below. It is stored in a separate safe storage space separated from the existing storage space to comply with Article 21, Paragraph 3 of the Personal Information Protection Act.

• A.Reasons for retaining information based on the company's internal policies
  • Reason for retention: Prevention of confusion in the use of the service and fraudulent use (abnormal use of the service, such as fraudulent registration), such as resolution of consumer complaints and disputes in the event of membership withdrawal.
  • Preserved items: ID, identification value (CI, DI), mobile phone number (one-way encryption (hashing) that cannot be decrypted)
  • Retention period: 6 months
• B.Reasons for retaining information under applicable laws and regulations

  If it is necessary to preserve member information in accordance with the provisions of related laws, such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company shall retain member information for a certain period of time as prescribed by related laws.

  • Reason for retaining records on contracts or withdrawal of subscription: Act on Consumer Protection in Electronic Commerce, etc.
    Retention period: 5 years
  • Reason for retaining records on payment and supply of goods: Act on Consumer Protection in Electronic Commerce, etc.
    Retention period: 5 years
  • Reason for retaining records on electronic financial transactions: Electronic Financial Transactions Act
    Retention period: 5 years
  • Reason for retaining records on consumer complaints or dispute handling: Act on Consumer Protection in Electronic Commerce, etc.
    Retention period: 3 years
  • Reason for retaining website browsing history: Protection of Communications Secrets Act Retention
    period: 3 months

6.Procedures and methods for destroying personal information

In principle, personal information of users is destroyed without delay when the purpose of collecting and using personal information is achieved. However, information required to be kept by other laws and regulations shall be kept separately for a certain period of time set by laws and regulations and then destroyed immediately.

• A. Destruction Procedures
  • When the purpose of collecting and using the user's personal information is achieved, it is destroyed without delay, and if it must be kept in accordance with other laws and regulations, it is transferred to a separate DB and stored safely for a certain period of time in compliance with relevant laws and internal regulations, and then destroyed without delay.
  • The personal information will not be used for any purpose other than the purpose of retention, except as specified by law.
• I. Destruction Methods
  • Personal information printed on paper is destroyed by shredding or incineration.
  • Personal information stored in the form of electronic files is deleted using technical methods that make the records unrecoverable.
• C. Personal information expiration (dormant account policy)
  • The personal information of dormant service users who have no record of service use for one year is stored and managed separately from the personal information of users. However, if requested by the dormant service user, the personal information will be provided again at the time of resuming service use.
  • We will notify you, by email or otherwise, at least 30 days in advance of your account being placed on inactive status.
  • Personal information kept separately will not be used or provided unless there are special provisions in other laws and regulations. In addition, personal information kept separately will be destroyed without delay after the expiration of a certain period of time specified in relevant laws and regulations, and users will be notified of the contents by email or other means 30 days in advance of the time of destruction.

7.Rights of users and legal representatives and how to exercise them

• Users and their legal representatives may view or modify their personal information or that of their children under the age of 14 at any time, and if they do not agree to the Company's processing of their personal information, they may refuse consent or request to cancel their membership (withdrawal). However, in such cases, it may be difficult to use some or all of the services.
• To view or modify the personal information of a user or a child under the age of 14, click "Change Personal Information" (or "Modify Member Information"), and to cancel membership (withdraw consent), click "Withdraw Membership" to view, modify, or withdraw directly after going through the identification procedure.
• Alternatively, you can write, call, or email our Privacy Officer and we will take action without delay.
• If a user requests correction of errors in personal information, we will not use or provide the personal information until the correction is completed. In addition, if we have already provided incorrect personal information to a third party, we will notify the third party of the correction without delay so that the correction can be made.
• The Company handles personal information that has been terminated or deleted at the request of the user or legal representative as specified in "5. Retention and Use Period of Personal Information" and does not allow it to be viewed or used for any other purpose.

8. Installation/operation and rejection of automatic personal information collection devices

• A. What are cookies?
  • In order to provide personalized and customized services, the Company uses "cookies" to store and retrieve user information from time to time.
  • A cookie is a very small text file that is sent to your browser by the server used to operate the website and is stored on your computer's hard disk. The next time you visit the website, the website server will know the contents of the cookie stored on your hard disk and use it to maintain your preferences and provide personalized services.
  • Cookies do not automatically or actively collect personally identifiable information, and you can refuse to have these cookies stored or delete them at any time
• B.How we use cookies

  To understand the types of services and websites you visit and use, popular and search terms, secure connection, news editorial, and user size to provide you with customized and optimized information, including advertisements.

• C.Installing/operating and rejecting cookies
  • You have a choice about the installation of cookies, so you can accept all cookies, confirm each time a cookie is stored, or refuse to store all cookies by setting options in your web_browser.
  • However, if you refuse to store cookies, you may have difficulty using some services that require you to log in.
  • Here's how to specify whether to allow cookies to be installed (for Internet Explorer)
    • ① Select [Internet Options] from the [Tools] menu.
    • ② Click the [Privacy tab].
    • ③ Set the [Personal information processing level].

9. Technical and administrative protection measures for personal information

In processing users' personal information, the Company takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged.

• A.Password encryption

  The password for your user ID (ID) is stored and managed encrypted, so only you know it, and you can view and change your personal information only if you know your password.

• B.Measures against hacking, etc.

  The Company is doing its best to prevent users' personal information from being leaked or damaged by hacking or computer viruses. We back up data from time to time in case of damage to personal information, use the latest antivirus programs to prevent leakage or damage to users' personal information or data, and securely transmit personal information on the network through encrypted communication. We also use an intrusion prevention system to control unauthorized access from the outside, and strive to have all possible technical devices to ensure systemic security.

• C.Minimize and train processing staff

  The company's personal information processing staff is limited to the person in charge, and a separate password is assigned to them and regularly updated, and compliance with the privacy policy is always emphasized through frequent training for the person in charge.

• D.Operation of the Privacy Shield Organization

  In addition, the Company checks the implementation of the personal information processing policy and the compliance of the person in charge through the in-house personal information protection organization, etc. and makes efforts to immediately correct and correct any problems found. However, even if the Company fulfills its obligation to protect personal information, the Company shall not be liable for any damages not attributable to the Company, such as the user's own carelessness or accidents in areas not managed by the Company.

10. Contact information for the Privacy Officer and designee

Users may report any complaints related to personal information protection arising from the use of the Company's services to the person in charge of personal information protection or the department in charge.
The Company will provide a prompt and sufficient response to users' complaint

If you need to report or consult about other privacy violations, please contact the following organizations

• Personal Information Dispute Resolution Board (www.kopico.go.kr, phone 1833-6972)
• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
• Cybercrime Investigation Division of the Supreme Public Prosecutors' Office (www.spo.go.kr / 1301 without area code)
• National Police Agency Cyber Investigation Bureau (police.go.kr / 182 without area code)
• Youth Information Use Safety Net Green i-Net (www.greeninet.or.krwww.greeninet.or.kr / 02-523-3566)

11. other

The Company may provide you with links to other companies' websites or materials. In such cases, the Company has no control over the external sites and materials and therefore cannot be responsible for and does not endorse the usefulness of any services or materials provided by them. If you click on a link contained by the Company and are taken to a page on another site, please check the policy of the newly visited site as the privacy policy of that site is independent of the Company.

12. Duty to Notify

If there are any additions, deletions, or modifications to this Privacy Policy due to changes in legal policies or security technologies, we will notify you through the "We inform you" bulletin board on the homepage or a separate notice at least 7 days prior to the implementation of the changed Privacy Policy.

• Privacy Policy Effective Date: November 17, 2022