• KEOWON Co., Ltd(hereinafter referred to as "Company") establishes and discloses the Personal Information Management Policy(also referred to as "Privacy Policy") as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.

Article 1. Purpose of processing personal information

• The company processes personal information for the following purposes. The personal information being processed is not used for purposes other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be taken.
• 1. Homepage membership registration and management
  We process personal information for the purpose of preventing illegal use of the service.
• 2. Civil petition handling
  Personal information is processed for the purpose of confirming the identity of the complainant, confirming the complaints, contacting and notifying for fact-finding, and notifying the results of processing.
• 3. Use for marketing and advertising
  Personal information is processed for the purpose of determining the access frequency or statistics on the member's service use.

Article 2. Processing and retention period of personal information

• ① The company processes and retains personal information within the period of retention and use in accordance with the laws or within the period of retention and use agreed upon when collecting personal information from the data principal.
• ② Each personal information processing and retention period is as follows.
• <Homepage membership registration and management>
  - Personal information related to <Homepage membership registration and management> is retained and used for the above purpose of use until <3 years> from the date of consent for collection and use.
  Basis for retention: Consent to personal information
  Related laws: Records on consumer complaints or dispute settlement: 3 years
  Exception reasons:

Article 3. Rights and duties of information principal and legal representative, and how to exercise them

• ① The information principal can exercise the right to The company at any time, such as requesting to view, correct, delete, and suspend processing of personal information.
• ② Exercising the rights pursuant to paragraph 1 may be made to The company pursuant to Article 41 (1) of the Enforcement Decree of the 「Personal Information Protection Act」 through writing, e-mail, fax, etc., and The company will take action without delay.
• ③ Exercising the rights pursuant to paragraph 1 can be done through the legal representative of the information principal or through an agent such as a person who has been delegated. In this case, a power of attorney must be submitted in accordance with the form of Attached Sheet No. 11 of "Notice on the Processing Method of Personal Information (No. 2020-7)".
• ④ The rights of the information principal may be restricted according to Article 35 (4) and Article 37 (2) of the 「Personal Information Protection Act」 when requesting to view and suspend personal information.
• ⑤ Request for correction and deletion of personal information cannot be requested if the personal information is specified as the object of collection in other laws.
• ⑥ The company can verifies whether the person who made the request for access, correction or deletion, or suspension of processing is the person or a legitimate agent.

Article 4. Preparation of personal information items to be processed

• ① The company processes the following personal information items.
• 1. <Civil petition handling>
  - Required items: company name, name, phone number, e-mail, address
  - Optional items:
• 2. <Use for marketing and advertising>
  - Required items: company name, name, phone number, e-mail, address
  - Optional items:

Article 5. Disposal of personal information

• ① The company disposes the personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing.
• ② The procedure and method of personal information disposal are as follows.
• 1.Disposal procedure
  The company selects the personal information which need to be disposed, and dispose the personal information with the approval of the personal information protection manager of The company.
• 2. Disposal method
  Information with electronic file format is disposed by a technical method that cannot reproduce the record.

Article 6. Measures to ensure the safety of personal information

• The company takes the following measures to ensure the safety of personal information.
• 1. Establishment and implementation of an internal management plan
  We have established and implemented an internal management plan for the safe processing of personal information.
• 2. Technical measures against hacking, etc.
  The company installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, and sets a system in an area where access from outside is controlled by technically and physically to monitor and block.
• 3. Restricted access to personal information
  Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from outside is controlled using an intrusion prevention system.
• 4. Access control for unauthorized persons
  A separate physical storage place where personal information is stored is set up and access control procedures are established and operated.

Article 7. Refusal of Installation and Operation of Automatic Personal Information Collection Device

• ① The company uses 'cookies' that store and retrieve usage information from time to time in order to provide personalized services to users.
• ② Cookies are a small amount of information sent to the user's computer browser by the server (http) used to operate the website, and may be stored on the hard disk of the user's PC computer.
  A. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage, popular search terms, secure access, etc. for each service and website visited by the user.
  B. Installation, operation and rejection of cookies: You can refuse to store cookies by setting options in the Tools>Internet Options>Personal Information menu at the top of the web browser.
  C. If you refuse to store cookies, you may experience difficulties in using customized services.

Article 8. person in charge of personal information protection

• The company is responsible for the handling of personal information, and appoints the person in charge of personal information protection as follows for the handling of complaints and damage relief of the information principal related to the processing of personal information.
• Personal Information Protection Officer
  Name: Cheong-a Park
  Position: CEO
  Contact: 82-31-769-9274
  E-mail: designlayered@naver.com

Article 10. Remedy for Infringement of Rights and Interests

• In order to receive relief for personal information infringement, the information principal may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center. For other personal information infringement reports and consultations, please contact the following organizations.
• 1. Personal Information Dispute Mediation Committee: 82-1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center: 82-118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: 82-1301 (www.spo.go.kr)
  4. National Police Agency: 82-182 (cyberbureau.police.go.kr)
• Responding to requests pursuant to Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing, etc.) of the 「Personal Information Protection Act」, A person who has been infringed upon his/her rights or interests due to the disposition or omission performed by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act.
• ※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).