Article 1 (Purpose of Processing Personal Information)

Under Article 15 of the “Personal Information Protection Act,” the Company processes personal information for the following purposes. Personal information will not be used for purposes other than the following. In case there are changes, the Company will take necessary actions, such as obtaining separate consent under Articles 18 and 22 of the “Personal Information Protection Act.”

Article 2 (Categories of Personal Information Collected)

① To provide membership registration, smooth customer consultation, and various services, the Company collects the following minimum personal information:

② ② With the consent of the information subject, the Company processes the following personal information under Article 15, Paragraph 1, Subparagraph 1 and Article 22, Paragraph 1, Subparagraph 7 of the “Personal Information Protection Act.”

③ ③ The following information may be automatically generated or additionally collected during service use or service processing:

Article 3 (Personal Information Collection Method)

The Company collects personal information using the following methods:

• 1. Website collection, written forms, fax, telephone, inquiry boards, email, offline collection (e.g., event participation, seminar attendance).
• 2. Information provided by partner companies.
• 3. Generation information collection tool

Article 4 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the period agreed upon by the data subject or as stipulated by law.
② ② Legal retention periods for mandatory record-keeping are as follows:

Article 5 (Provision of Personal Information)

① The Company processes personal information within the scope specified in Article 1 (Purpose of Processing Personal Information). Personal information will only be provided to third parties with the information subject's consent or under special legal provisions, such as Articles 17 and 18 of the “Personal Information Protection Act.” It will not be disclosed to third parties outside these conditions.
② The Company provides personal information to third parties as follows:

Article 6 (Entrustment of Personal Information Processing)

① The Company entrusts the processing of personal information to improve its services.
② Details of the entrusted agency and its processing tasks are as follows:

③ When entering into an entrustment agreement, the Company ensures compliance with Article 26 of the “Personal Information Protection Act,” which includes prohibiting the use of personal information for purposes other than the entrustment purpose, technical and managerial protection measures, restrictions on re-entrustment, supervision, liability of the trustee, and compensate for damages. The Company also supervises the trustee's personal information handling process.
④ Under Article 26(6) of the “Personal Information Protection Act,” if the trustee subcontracts the entrusted work, the Company’s consent must be obtained.
⑤ In case there are changes to the entrusted work or the trustee, the updated information will be disclosed promptly through this Privacy Policy.

Article 7 (Procedures and Methods for Destroying Personal Information)

① The Company destroys personal information without delay when the retention expires or the purpose of processing is achieved.
② If the retention period agreed by the information subject has expired or the purpose of processing has been achieved but retention is required under other laws, the information will be moved to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows:

• 1. Destruction Procedure: The Company selects personal information to be destroyed and obtains approval from the Personal Information Protection Manager before destruction.
• 2. Destruction Methods: Personal information under electronic files will be destroyed using technical methods that prevent recovery. Personal information under printed files will be shredded or incinerated.

Article 8 (Rights and Obligations of Users and Legal Representatives and Their Exercise Methods)

① ① Information subjects may exercise the following rights related to personal information protection at any time:

• 1. Request access to the subject’s personal information
• 2. Request correction of errors
• 3. Request deletion
• 4. Request suspension of processing

② Rights under Paragraph 1 may be exercised via written request, phone, or email following Article 31-2(1) of the “Personal Information Protection Act Enforcement Decree,” and the Company will act without delay.
③ If the information subject requests corrections or deletions due to errors, the Company will not use and disclose the information until the necessary actions are completed.
④ Rights under Paragraph 1 may be exercised by the information subject’s legal representative or an authorized agent. A power of attorney must be submitted following Form 11 of the “Personal Information Processing Method Notice (No. 2020-7).”
⑤ Requests for access, transmission, and suspension of processing may be restricted under Articles 35(4), 35-2(6), and 37(2) of the “Personal Information Protection Act.”
⑥ Requests for correction and deletion cannot be made if the personal information is specified as a collection target under other laws.
⑦ The Company confirms the identity of the individual or legal representative requesting access, correction, deletion, or suspension of processing.
⑧ After completing the correction, deletion, or suspension of personal information as requested, the Company will notify the information subject of the results.
⑨ If deletion is impossible because the personal information requested by the information subject is specified as a collection target by law, the Company will notify the subject accordingly.

Article 9 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

• 1. Regular Self-Audits
  The Company conducts regular self-audits to ensure the safety of personal information handling.
• 2. Minimization and Training Personal Information Handling Staff
  The Company designates employees to handle personal information and limits processing to the designated personnel while implementing countermeasures to manage personal information.
• 3. Establishment and Implementation of Internal Management Plans
  The Company establishes and implements internal management plans to ensure safe personal information handling.
• 4. Technical Countermeasures Against Hacking
  To prevent the leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, conducts regular updates and inspections, and establishes a system in restricted-access areas for technical and physical monitoring and blocking.
• 5. Encryption of Personal Information
  Users’ personal information is stored and managed in an encrypted format, ensuring that only the user knows the password. Critical data is encrypted or locked for additional security during storage or transmission.
• 6. Storage of Access Logs and Prevention of Tampering
  Access logs to personal information processing systems are stored and managed for at least one year. In the case of adding personal information or processing unique identification information or sensitive information for more than 50,000 information subjects, the Company stores and manages personal information for at least 2 years. Access logs are protected from tampering, theft, or loss through security functions.
• 7. Personal Information Access Restriction
  The Company implements necessary measures to control access to personal information by granting, changing, and deleting access rights to the database system and uses an intrusion prevention system to block unauthorized external access.
• 8. Use of Locking Devices for Document Security
  Documents and supplementary storage devices containing personal information are stored in a safe location with locking devices.
• 9. Access Restriction for Unauthorized Personnel
  Physical storage locations containing personal information are separate, and access control procedures are established and operated.

Article 10 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① The Company uses cookies to provide individually tailored services. Details of cookies are as follows:

• 1. Definition of Cookies
  Cookies are small data files sent by a server to a user’s web browser and stored on the user’s computer hard drive.
• 2. Purpose of Cookies
  Cookies identify service and website visit/use patterns, popular search terms, and secure connections to optimize information for users.
• 3. Installation, Operation, and Refusal of Cookies
  A. Internet Explorer: Tools → Internet Options → Privacy → Advanced Settings → Cookies Settings
  B. Chrome: Settings → Privacy and Security → Clear Browsing Data → Cookie Settings
  C. Safari: Preferences → Privacy Tab → Cookie and Website Data Settings
  D. Microsoft Edge: Settings → Cookies and Site Permissions → Manage and Delete Cookies

② The Company uses “Google Analytics,” a web analytics service provided by Google, to enhance service quality. Details are as follows:

• • 1. Definition of Google Analytics
    Google Analytics analyzes and evaluates how customers use the Company’s services, aiding in users’ demand assessment.
  • 2. Purpose of Google Analytics
    To improve services and products and deliver efficient services.
  • 3. Use of Google Analytics
    The Company does not collect personally identifiable information through Google Analytics or combine collected data with other identifiable information. Data collection is subject to the “Google Privacy Policy” and “Google Analytics Terms of Service.”
    A. Google Privacy Policy
    https://policies.google.com/privacy
    B. Google Analytics Terms of Service
    https://marketingplatform.google.com/about/analytics/terms
  • 4. Opt-Out of Google Analytics
    Users can refuse data collection via Google Analytics
    https://tools.google.com/dlpage/gaoptout

Users can refuse data collection via Google Analytics

Article 11 (Personal Information Protection Manager and Responsible Department)

① The Company appoints a Personal Information Protection Manager and a responsible department to oversee the overall handling of personal information, address data subjects’ complaints, and provide remedies for damages as follows:

② Information subjects can direct all inquiries, complaints, and requests for remedies related to personal information to the above manager and department for prompt response.