ZEPHYROS

Personal information refers to information on surviving individuals that can identify individuals of the company by real name, resident registration number, etc. (including information that can easily be combined with other information, even if that information alone cannot identify a particular individual). Personal information collected by the company is utilized for the following purposes:

1. Performance of contracts for service provision and settlement of charges for service provision
   Delivery of content, delivery of goods or invoices, identification and purchase, payment of charges, collection of charges member management
2. Member management
   Identification, personal identification, fraudulent use of non-authorized members, confirmation of intention to sign up, restriction of number of subscriptions, confirmation of consent of legal representatives when collecting personal information of children under the age of 14, preservation of records for dispute settlement, handling complaints, etc
3. Leverage for marketing and advertising
   Advertising information such as new service (product) development and specialization, service provision and advertising according to demographic characteristics, identification of access frequency, statistics on members' service use, and events (your personal information is not provided to individuals or organizations who request advertising.)

[Personal Information Items Collected ]

1. The following information is collected for member identification and optimized service provision at the time of initial membership.
   • Required items: ID, password, name/business name, resident registration number/business registration number, name of person in charge (for corporate members), email address, phone number, mobile phone number, legal representative information if under 14 years of age
   • Selections: Fax number, English name/English address (required information in domain management regulations), phone number of a third party in the user's mobile address book (when using mobile), and device unique number (device ID or IMEI)
   • Payment method according to paid information and service use: bank information, credit card information
2. The following information can be generated and collected during the service use process or business processing process.
   • Service usage records, access logs, cookies, access IP information, payment records, defective usage records, user status information, photos, date and time of visit, gender, date of birth, occupation, company name

[How to collect]

The company collects personal information in the following ways:

1. Membership registration, consultation board, prize event application, and delivery request through the website
2. Gathering through the generation information collection tool
3. Collection through voluntary provision of users during service use

In principle, after the purpose of collecting and using personal information is achieved, the information is destroyed without delay.
However, the following information will be retained for the period specified for the following reasons:

1. • Retention personal information upon withdrawal of members Preservation items: Name, resident registration number, ID, e-mail address, address, phone number, etc. provided by the member
   • Grounds for preservation: disputes over infringement of rights, such as prevention of re-entry of rogue users and defamation, and cooperation in investigation;
   • Preservation period: 1 year after withdrawal from membership
2. If it is necessary to preserve it pursuant to the provisions of related laws, such as the Commercial Act and the Consumer Protection Act in e-commerce, etc., the company keeps member information for a certain period of time prescribed by the relevant laws. In this case, the company uses the stored information only for the purpose of storage, and the retention period is as follows.
   • Records concerning withdrawal of contracts or subscriptions, etc
     • Reason for Conservation: Act on Consumer Protection in Electronic Commerce, etc
     • Retention period: 5 years
   • Records of payment and supply of goods, etc
     • Reason for Conservation: Act on Consumer Protection in Electronic Commerce, etc
     • Retention period: 5 years
   • Records of consumer complaints or disputes
     • Reason for Conservation: Act on Consumer Protection in Electronic Commerce, etc
     • Preservation period: 3 years - records of visits
     • Reason for Preservation: Communication Secret Protection Act
     • Retention period: 3 months

In principle, the company destroys the personal information without delay after the purpose of collecting and using personal information is achieved or the retention and use period has elapsed.
The procedure and method of destruction are as follows.

1. Destruction procedure
   The information you enter for membership registration, etc. will be destroyed after being stored for a certain period of time according to internal policies and other relevant laws (see retention and use period).
   This personal information is not used for any purpose other than being held unless it is under law.
2. Destruction method
   The personal information printed on the paper is destroyed by crushing or burning, and the personal information stored in the form of an electronic file is deleted using a technical method that cannot be reproduced.

In principle, the company only uses your personal information for collection and use purposes and does not disclose it to others or other companies/institution. However, exceptions are made in the following cases.

1. Users have agreed in advance
   • Prior to collecting or providing information, you will be informed of who your business partner is, what information is needed, and how and when it is protected and managed, and if you do not agree, you will not collect additional information or share it with your business partner.
2. Where there is a request from an investigative agency in accordance with the provisions of statutes or in accordance with the procedures and methods prescribed by statutes for the purpose of investigation
3. Use and provision of personal information in accordance with the purpose of use
   • Where the applicant's information is provided to the registered business operator of the domain for the registration of the domain name;
   • For WHOIS services for domain names
   • If the dispute settlement body or court requests the contact number of the domain registrant involved in the dispute;
   • In the event that data on the personal information of an international domain name registrant must be consigned to an overseas escrow company under an agreement with the Internet Corporation for Assigned Names and Numbers (domain name, name server information, expiration date, owner name and address
   • Where a government agency requests domain name, name server information, etc. to perform the duties prescribed by the relevant Act;
   • Where the member's information (name, address, phone number) is used for business contact;
   • Where it is provided in a form that cannot be identified as a specific customer as necessary for statistical preparation, public relations data, academic research, or market research;

In order to improve the service, the company entrusts personal information as follows, and in accordance with the relevant laws and regulations, the necessary matters are stipulated so that personal information can be safely managed.
The details of the company's personal information consignment processing agency and consignment work are as follows.

To provide personalized and customized services to each member, the company uses a cookie that stores and retrieves your information from time to time. Cookies are stored on your computer's hard disk as a small package of data that the server used to run the website sends to your browser.

1. Purpose of using cookies
   • Target marketing and personalized services are provided by analyzing the frequency of access and visiting hours of members and non-members, identifying user preferences and interests, tracking the degree of participation in various events, and number of visits
2. To reject cookie settings
   You have the option of installing cookies. Therefore, you can allow all cookies by setting options in your web browser, check each time the cookies are saved, or refuse to save all cookies.
   * Example of how to set it up (for Internet Explorer)
   : Tools at the top of your web browser > Internet Options > Personal Information However, if you refuse to install cookies, it may be difficult to use some services that require login.

[Technical countermeasures]

1. Each member's personal information is protected by a password, and personal information data is protected through a separate security function.
2. The password creation rules are established and implemented so that users and personal information handlers do not use easy-to-guess numbers such as birthdays, resident registration numbers, and phone numbers as passwords.
3. The company uses antivirus programs and malware defense software to prevent damage from computer viruses, and updates them regularly every day.
4. The company uses expensive routers and L3 switch equipment with intrusion prevention and intrusion detection to secure personal information on the network.
5. The company also operates a triple privacy system by establishing a separate firewall.
6. The company encrypts and stores personal information in the personal information protection system, and operates the system to encrypt and store personal information outside the company's information and communication network or when it is stored on a PC.

[Managing measures]

1. In addition to the above efforts, you should also be careful not to expose your password to a third party. In particular, please always be careful not to leak passwords through PCs installed in public places. It is recommended that only you use your ID and password and change your password frequently.
2. The company will prepare separate computer management regulations in the company regulations and comply with the following matters.
   • Matters concerning the composition and operation of personal information protection rules, such as designation of a person in charge of personal information management;
   • Matters concerning the education of personal information handler;
   • Maintaining access records of the personal information processing system and supervising regular verification
   • Protection measures when printing and copying personal information
   • Other matters necessary for the protection of personal information

• Users and legal representatives can inquire or modify their registered personal information at any time and may request cancellation.
  For users or children under the age of 14 to inquire/modify their personal information, they can view, correct, or withdraw directly after going through the identity verification process by clicking "Information Modification> member withdrawal" on the company's website.
  Or contact the person in charge of personal information management in writing, by phone, or by e-mail, and we will take action without delay.
• If you request correction of an error in your personal information, you will not use or provide the personal information until you complete the correction. In addition, if the wrong personal information has already been provided to a third party, we will notify the third party of the results of the correction process without delay so that the correction can be made.
• The company processes personal information canceled or deleted at the request of the user or legal representative as specified in the "Personal Information Retention and Use Period of Personal Information Collected by the company" and cannot be viewed or used for other purposes.

[About children's membership]

• In order to protect children's personal information, the company must have the consent of a legal representative (parent) if a child under the age of 14 applies for membership. The company can arbitrarily exclude minors under the age of 14 who do not have permission from their parents.
• The legal representative of a minor under the age of 14 may request access, correction, and withdrawal of consent to the personal information of the minor under the responsibility of the agent, and if such request is made, the company will take necessary measures without delay.

[About withdrawal of underage transactions]

The company is obligated to seek the consent of the legal representative (parent) in advance when dealing with a minor, and in the case of a transaction without the consent of the legal representative (parent), the transaction may be canceled. In addition, if a minor's legal representative (parent) who is a trading company requests withdrawal within 7 days of the establishment of the transaction, the transaction will be withdrawn (refunded).

The company has a person in charge of personal information management to protect customers' personal information and handle complaints related to personal information.
If you have any questions about the customer's personal information, please contact the person in charge of personal information management or the person in charge of personal information management below.

• Phone number: +82031 356 3289

You can report any personal information protection-related complaints that occur while using the company's services to the person in charge of personal information management or the department in charge. The company will quickly and fully respond to users' reports.
If you need to report or consult on other personal information violations, please contact the institution below.

• Personal Dispute Mediation Committee (www.1336.or.kr / 1336)
• Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533-4)
• Supreme Prosecutors' Office Internet Crime Investigation Center (http://icic.sppo.go.kr / 02-3480-3600)
• National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)

Addition of contents in accordance with changes in laws and regulations or security technologies. If there is a deletion or modification, we will notify you 7 days before the effective date of the change through the notice on the company's website.

(Effective date) This personal information handling policy will take effect from April 8, 2022.