Privacy Policy

1. The lists of personal information collected

The company collects the following personal information.

1. 1.1Make Inquiries
   1. Mandatory Items: name, contact number, email
   2. Optional Item: Address

2. Purpose of collecting and using personal information

The company utilizes the personal information collected for the following purposes.

1. 2.1 Contacting
   1. Handling customer inquiries and complaints

3. The period of retention and utilization of personal information

Personal information handled by the company is processed within the scope specified for collection and utilization purposes, and the retention period stipulated by the Privacy Act and related statutes is applied and implemented.

1. 3.1 Contact Information
   1. 6 months after receiving enquiries

4. Disposal procedures and methods of personal information

In principle, the company destroys such information without delay after the purpose of collecting and using personal information is achieved. However, this may not be the case if the preservation is required under other laws. The procedure of disposal and method are as follows.

1. 4.1 Disposal procedure
   1. Unnecessary personal information and personal information files are stored for a certain period of time and destroyed after the objective is achieved according to the reasons for information protection applying with internal policies and other related statutes (see retention and service period).
2. 4.2 Disposal method
   1. The personal information printed on the paper is pulverized with a shredder or destroyed through incineration.
   2. Personal information stored in the form of an electronic file is deleted using a technical method that arecord is not able to bereproduced with.

5. Information on the installation, operation and rejection of the automatic collection of personal information

The company does not operate 'cookie' to store and retrieve your information from time to time.

6. The rights of the informant and the method of its exercise

As an informant, you can exercise the following rights.

1. 6.1 Requesting access to personal information
   1. A. The personal information files held by the company may be required to be accessed in accordance with Article 35 (the access personal information)However, the access to personal information can be restricted in accordance with Article 35 paragraph 4 of the Act.
2. 6.2 Requires correction and deletion of personal information
   1. A. The company may request correction and deletion of personal information files in accordance with Article 36 of the Personal Information Protection Act (correcting and deleting personal information).
   2. B. If the personal information is stipulatedas a collection target in other laws, it cannot be requested to delete it.
   3. C. In the case of children who are under the age of 14, the legal representative shall have the right to inquire or revise the child's personal information and the right to withdraw the consent to use it.
3. 6.3 Request for personal information processingsuspension
   1. A. The company may request suspension of personal information files in accordance with Article 37 of the Personal Information Protection Act (such as suspension of personal informationprocessing) However, if a request for suspension of personal information processing is made, the request for suspension of processing can be rejected in accordance with Article 37 paragraph 2 of the Act.
   2. ① In case there are special regulations in the law or it is inevitable to comply with the statutory obligations;
   3. ② In case there is a risk of harming another person's life, body, or unfairly infringing on another person's property and other interests;
   4. ③ In the event that the contract is difficult to execute without processing personal information, such as failing to provide the information subject and the agreed services, the information subject has not clearly indicated its intention to terminate the contract;

7. Technical, administrative and physical countermeasuresin relation to personal information

Under Article 29 of the Personal Information Protection Act (Duty of Safety Measures), the company takes the technical, administrative, and physical measures necessary to ensure safety as follows:

1. 7.1 Conducting regular self-audits
   1. In order to secure stability in relation to personal information handling, we conduct our own audit on a regular basis (once a quarter).
2. 7.2 Restricting access to personal information
   1. Measures are taken to control access to personal information through granting, changing, and terminating the rights of accessing to database systems that handle personal information. Unauthorized access from outside is controlled using the intrusion prevention system.
3. 7.3 Access control for unauthorized persons
   1. A. The company implements and operates an access control procedure having the physical storage location where personal information is stored.

8. Director and department in charge of privacy

In order to protect the personal information of the informant and to handle complaints related to personal information, the company appoints the relevant departments and personal information protection director as follows:

1. Informant can contact the personal information protection manager and the responsible department for all inquiries related to personal information protection, complaints, and relief caused by using the company's service (or business).
2. The company will answer and process inquiries from the informant without delay

9. Notification obligation

If the current privacy policy is added, deleted, or modified, it will be notified at least seven days before the amendment through the 'News Center' on its website.

1. Announcement date: 2019 February 27th
2. Implementation date: 2019 March 6th