Personal information refers to information about a living individual, such as real name and resident registration number, that can identify individual members of the Company (including information that cannot identify a specific individual by itself but can be easily combined with other information to identify them). The personal information collected by the Company is used for the following purposes:

1. Performance of contracts for service provision and fee settlement for service provision
   Content provision, delivery of goods or sending of invoices, identity verification and purchase, fee payment, fee collection
2. Member management
   Identity verification for membership service use, personal identification, prevention of fraudulent use by bad members and prevention of unauthorized use, confirmation of membership intent, restriction of membership registration and number of registrations, confirmation of legal representative's consent when collecting personal information of children under 14 years of age, verification of legal representative's identity, record preservation for dispute resolution, complaint handling and other grievance handling, delivery of notices
3. Use in marketing and advertising
   Development and specialization of new services (products), service provision and advertisement placement according to demographic characteristics, identification of access frequency, statistics on members' service use, delivery of advertising information such as events (your personal information will not be provided to individuals or organizations that request advertisements)

[Items of Personal Information Collected]

1. The following information is collected at the time of initial membership registration to identify members and provide optimized services:
   • Required items: ID, password, name/company name, resident registration number/business registration number, person in charge (for corporate members), email address, address, phone number, mobile phone number, legal representative information for those under 14 years of age
   • Optional items: Fax number, English name/English address (to secure required information under domain management regulations), third party's phone number in the user's mobile phone address book (when using mobile), device unique number (device ID or IMEI when using mobile)
   • Payment methods for paid information and services: Bank information, credit card information
2. The following information may be generated and collected during service use or business processing:
   • Service usage records, access logs, cookies, access IP information, payment records, bad use records, user status information, photos, visit date and time, gender, date of birth, occupation, company name

[Collection Methods]

The Company collects personal information through the following methods:

1. Membership registration through the website, inquiry boards, prize event applications, delivery requests
2. Collection through generated information collection tools
3. Collection through voluntary provision by users during service use

In principle, personal information is destroyed without delay after the purpose of collection and use of personal information is achieved.
However, the following information is retained for the periods specified below for the following reasons:

1. Personal information retained upon membership withdrawal
   • Retention items: Name, resident registration number, ID, email address, address, phone number, etc. provided by the member
   • Retention basis: Prevention of re-registration by bad users, disputes related to rights violations such as defamation, and cooperation with investigations
   • Retention period: 1 year after membership withdrawal
2. When it is necessary to retain information in accordance with the provisions of relevant laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company retains member information for a certain period specified by relevant laws. In this case, the Company uses the retained information only for the purpose of retention, and the retention periods are as follows:
   • Records related to contracts or withdrawal of subscriptions
     • Retention reason: Act on Consumer Protection in Electronic Commerce, etc.
     • Retention period: 5 years
   • Records related to payment and supply of goods
     • Retention reason: Act on Consumer Protection in Electronic Commerce, etc.
     • Retention period: 5 years
   • Records related to consumer complaints or dispute resolution
     • Retention reason: Act on Consumer Protection in Electronic Commerce, etc.
     • Retention period: 3 years - Records related to visits
     • Retention reason: Protection of Communications Secrets Act
     • Retention period: 3 months

In principle, the Company destroys personal information without delay after the purpose of collection and use of personal information is achieved or the retention and use period has expired. The destruction procedures and methods are as follows:

1. Destruction procedures
   Information entered by members for membership registration, etc. is transferred to a separate database (or a separate filing cabinet in the case of paper documents) after the purpose is achieved, and is stored for a certain period in accordance with internal policies and information protection reasons under other relevant laws (refer to retention and use period) before being destroyed.
   Such personal information will not be used for any other purpose than retention, except as required by law.
2. Destruction methods
   Personal information printed on paper is destroyed by shredding with a shredder or by incineration.
   Personal information stored in electronic file format is deleted using technical methods that make the records irretrievable.

In principle, the Company uses your personal information only for the purposes of collection and use and does not disclose it to other individuals or other companies/institutions. However, exceptions are made in the following cases:

1. When users have given prior consent
   • Before collecting or providing information, we inform members who the business partner is, what information is needed and why, and when and how it will be protected/managed, and we go through the process of obtaining consent. If you do not consent, we do not collect additional information or share it with business partners.
2. When required by law or when requested by investigative agencies in accordance with the procedures and methods prescribed by law for investigative purposes
3. Use and provision of personal information consistent with the purpose of use
   • When providing applicant information to the domain registrar for domain name registration
   • When providing WHOIS service for domain names
   • When a dispute resolution organization or court requests contact information of a domain registrant involved in a dispute
   • When personal information data of international domain name registrants must be entrusted to overseas escrow companies in accordance with contracts with the Internet Corporation for Assigned Names and Numbers (ICANN) (domain name, name server information, expiration date, owner name and address, email address, excluding member ID and password and resident registration number)
   • When government agencies request domain name and name server information, etc. to perform their duties as prescribed by relevant laws우
   • When using member information (name, address, phone number) for business contact
   • When provided in a form that cannot identify a specific customer for statistical purposes, promotional materials, academic research, or market research

The Company entrusts personal information as follows to improve services, and stipulates necessary matters to ensure that personal information is managed safely when concluding entrustment contracts in accordance with relevant laws.
The Company's personal information consignee and entrusted tasks are as follows:

To provide personalized and customized services to each member, the Company uses 'cookies' that store and retrieve member information from time to time. A cookie is a small data package that the server used to operate the website sends to the user's browser and is stored on the hard disk of the member's computer.

1. Purpose of using cookies
   • Analyzing access frequency and visit times of members and non-members, identifying users' tastes and areas of interest and tracking footprints, identifying participation in various events and number of visits, providing target marketing and personalized services
2. Method for refusing cookie settings
   You have the right to choose whether to install cookies. Therefore, you can allow all cookies, go through confirmation every time a cookie is saved, or refuse to save all cookies by setting options in your web browser.
   * Example of setting method (for Internet Explorer)
   : Tools at the top of the web browser > Internet Options > Privacy
   However, if you refuse to install cookies, it may be difficult to use some services that require login.

[Technical Measures]

1. Each member's personal information is protected by a password, and personal information data is protected through separate security functions.
2. Each member's password is established and implemented with password creation rules so that users and personal information handlers do not use easily guessable numbers such as birthdays, resident registration numbers, and phone numbers as passwords.
3. The Company uses antivirus programs and malicious code defense software to prevent damage caused by computer viruses, and updates such software regularly every day.
4. The Company uses expensive routers and L3 switch equipment equipped with intrusion blocking and intrusion detection functions to double-protect personal information on the network.
5. The Company also operates a triple personal information protection system by building a separate firewall system.
6. The Company encrypts and stores personal information in the personal information protection system, and operates the system to encrypt and store personal information when transmitting personal information outside the Company's information and communications network or storing it on a PC.

[Administrative Measures]

1. In addition to the above efforts, members themselves should be careful not to expose passwords, etc. to third parties. In particular, please be careful not to leak passwords, etc. through PCs installed in public places. It is recommended that you use your ID and password only by yourself and change your password frequently.
2. The Company will prepare separate computer management regulations in the Company's regulations and comply with the following matters:
   • Matters concerning the composition and operation of personal information protection organizations, including the designation of a personal information management officer
   • Matters concerning education of personal information handlers
   • Maintaining and regularly checking and supervising access records of personal information processing systems
   • Protective measures when printing and copying personal information
   • Other matters necessary to protect personal information

• Users and legal representatives can inquire or modify their registered personal information at any time and can also request withdrawal from membership.
  To view/modify personal information of users or children under 14 years of age, you can click 'Modify Information' on the Company's homepage, and to withdraw from membership, click 'Modify Information > Withdraw Membership', go through the identity verification process, and then directly view, correct, or withdraw.
  Alternatively, if you contact the personal information management officer in writing, by phone, or by email, we will take action without delay.
• If you request correction of errors in personal information, we will not use or provide the personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction processing result without delay so that the correction can be made.
• Personal information canceled or deleted at the request of users or legal representatives is processed in accordance with the provisions of "Retention and Use Period of Personal Information Collected by the Company" and is processed so that it cannot be viewed or used for any other purpose.

[Regarding Children's Membership Registration]

• In order to protect children's personal information, the Company requires the consent of a legal representative (parent) when a child under 14 years of age applies for membership registration. The Company may arbitrarily exclude minors under 14 years of age who have not obtained parental permission from membership.
• The legal representative of a minor under 14 years of age may request viewing, correction, or withdrawal of consent for the minor's personal information under the responsibility of the representative, and if such a request is made, the Company will take necessary measures without delay.

[Regarding Withdrawal of Transactions with Minors]

The Company has an obligation to obtain the consent of the legal representative (parent) in advance when transacting with a minor, and if the transaction is not approved by the legal representative (parent), the transaction may be canceled. In addition, if the legal representative (parent) of the minor who is the transaction party requests withdrawal within 7 days after the transaction is established, the transaction will be withdrawn (refunded).

To protect customers' personal information and handle complaints related to personal information, the Company has a personal information management officer. If you have any questions related to your personal information, please contact the personal information management officer or personal information management staff below.

• Phone number: 070-4335-3789

You can report all personal information protection-related complaints that occur while using the Company's services to the personal information management officer or the relevant department. The Company will respond to users' reports quickly and sufficiently.
If you need to report or consult about other personal information violations, please contact the following organizations:

• Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)
• Privacy Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
• Supreme Prosecutors' Office Internet Crime Investigation Center (http://icic.sppo.go.kr / 02-3480-3600)
• National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)

If there are additions, deletions, or modifications to the content in accordance with changes in laws, policies, or security technologies, notice will be given through announcements on the Company's website from 7 days before the effective date of the change.

(Effective Date) This Privacy Policy will be effective from January 15, 2021.