1. General Provisions

The Company informs the users through the Policy how and why the Company uses personal information provided by its users and the measures taken to protect their personal information. The Policy is also made available from the main page of this Website so that users can easily view the details at any time. The Policy is subject to change at any time according to modification of relevant laws, regulations and guidelines as well as changes to the Company’s operation policies. In this regard, the Company has prepared procedures necessary for continued improvement. Should there be any change to the Policy, it will be made public immediately through this Website so that users can be well informed. Users are thereby recommended to check the Policy regularly when visiting this Website.

2. Collectible Personal Information and Collection Methods

Most of the Company’s Website services are accessible without registering any personal information. However, a minimum level of personal information is collected for services listed below to provide improved, quality services.

The Company has a procedure in place to obtain users’ consent for collecting their personal information. The Company has prepared a tool (“Consent” and “Do Not Consent” buttons) for users to express their consent or not to the collection and use of their personal information when providing their name, e-mail address and contact number. Upon clicking the “Consent” button, users are regarded to have provided their consent to collection and use of their personal information.

The Company collects and use the following personal information based on the Personal Information Protection Act.

※ The following personal information items can be created automatically for collection while using the services.
- IP connection information and others.

3. Purpose of Collecting and Using Personal Information

The Company shall use collected personal information only to identify customers and provide prompt response to customer inquiries and business proposals. Should there be any change to this purpose, the Company shall take necessary measures to obtain additional consent, according to relevant laws and regulations.

4. Personal Information Protection for Children under 14 Years of Age

Company membership is available to individuals over 14 years of age. The Company does not collect personal information of children under 14 years of age.

5. Entrustment of Personal Information Processing

The Company shall entrust one or more specialist service providers with part of the Company’s tasks for effective service maintenance and management for users. The entrusted companies cannot use personal information for purposes other than the reasons it is collected. Also, the Company shall carry out regular monitoring and inspections to prevent relevant personal information from illegal use. The Company shall notify the users in advance when entrusting part of the Companies tasks to any third party.

6. Information Processing, Retention and Destruction

The Company shall process and retain information provided by users when they use Company services such as customer inquiries and business proposals. The personal information shall be immediately destroyed when the information is no longer required for reasons including accomplishment of the purpose of use.
However, personal information shall be retained for a given period pursuant to relevant laws and regulations including the Commercial Act for the purpose of clarifying rights and obligations in relation to transactions. Application information is as follows:

- Retention period for records about customer complaints or dispute settlements: 3 years

Personal information stored in electronic file format shall be deleted using technical measures so that records cannot be recovered. Personal information stored in the form of paper documents shall be destroyed using document shredders or be incinerated.

7. Installation, Operation of Automatic Personal Information Collection Devices and Refusal to Such Devices

This Website does not use cookies. Cookies are a small bundle of data files sent from the HTTP server to a user’s browser and stored in the user’s computer hard disk drive.

Users can adjust their browser options to accept all the cookies, send notifications when cookies are installed, or refuse all cookies. Cookies expire when closing a browser.

8. Confidentiality

The Company shall not reveal any personal information acquired while conducting its business or provided by the users, and necessary measures shall be taken to keep the confidentiality. However, the confidentiality obligation shall not apply in the following cases:

• Information that was already available to the general public before being provided to this Website
• Information not disclosed by the Website
• Information lawfully acquired by the Website from a third party
• Information independently developed by this Website without user intervention
• Information that is approved by the user to be disclosed.
• Other cases allowed by relevant laws and regulations

The above exceptions shall not be excluded from the Company’s efforts to prevent indiscriminate disclosure of information against the original purpose of collection and use.

9. Linked Sites

This Website can provide links to other company’s websites or material to its users. In this case, this Website shall not be responsible nor guarantee the utility of the services or materials provided therein as this Website has no control over such websites and material.

When users are redirected to another website by clicking a link in this Website, users are recommended to review the policies of the newly visited website as its privacy policy is not relevant to this Website.

10. User Rights and How to Exercise the Rights

Users can make a request at any time to modify or delete their personal information. Such requests can be made via telephone or e-mails to the designated personnel described in 14. Managers and Officers in Charge of Personal Information Protection.

If a request is made by a user to modify his/her personal information, the related personal information shall not be processed or provided until the requested modification is completed accordingly.

If incorrect personal information has already been provided to a third party, the Company shall notify the third party without delay the results of the modification process so that the information can be corrected accordingly.

11. Postings

The Company values user postings and uses its best endeavors to protect them from being misrepresented, damaged or deleted.
However, the above protection measures shall not apply in the following cases:

• - Spam postings (e.g.: chain mails, pyramid schemes or ads for specific websites)
• - Malicious postings that defame anyone by disseminating false information.
• - Personal information disclosure of anyone without his/her consent, copyright infringement of this Website or a third party, etc.
• - Other postings that do not pertain to the designated theme of the discussion boards.

When somebody’s personal information is disclosed without his/her consent, this Website preserves the right to delete certain parts of the information or may be obfuscated in order to promote desirable culture of discussion boards.

If a posting can be moved to another discussion board with a different theme, the posting’s new location is indicated in the posting to avoid any misunderstanding.
In cases other than the above, postings can be deleted after an explicit or individual warning is given.

12. Measures to Ensure the Safety of Personal Information

In compliance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative and physical measures that are required to ensure the safety of personal information.

A. Minimum number of personal information handlers

Personal information handlers’ authority is minimized to protect personal information.

B. Training for personal information handlers

Training sessions are held twice a year to raise the awareness of personal information protection.

C. Internal inspections

In-house inspections are carried out regularly to ensure the safety of personal information processing.

D. Internal management planning and execution

Internal management plans are established and executed for safe processing and management of personal information.

E. Personal information encryption

Users’ personal information and passwords are encrypted for storage and management. Independent security software is used to ensure safe transfer of such information.

F. Anti-hacking measures, etc.

The Company has installed and regularly updates/examines security software to prevent personal information from being disclosed or damaged from hacking, computer viruses, etc. Installed at a location where access from outside is restricted, the system is monitored and blocked through technical and physical measures.

G. Restricted access to personal information

The Company is taking necessary measures for managed access to personal information by granting, changing and lapsing access rights to the database system that processes personal information. Intrusion-blocking systems are also in place to control unauthorized outside access.

H. Retention of access records and prevention of falsification/alteration

Access records to the personal information processing system are retained and managed for a minimum of one year. Security software is utilized to prevent falsification/alteration, theft and/or loss of access records.

I. Use of locking devices for document security

Documents, digital data storage devices, etc. that contain persona information are kept in secure locations with locking devices.

J. Access restrictions to unauthorized persons

Physical storage is allocated to store personal information, and an access control procedure is established and operated at the location.

K. Safety precautions against disasters and calamities

The Company has developed emergency procedures including the Disaster Contingency Plan to prepare for calamities including natural disasters, and regularly examines the procedures.

13. User Opinion Collection and Complaint Handling

Opinions given by users are valued by this Website and they have the right to receive dependable answers to their inquiries. The Company’s Customer Service Center operates in this Website to facilitate communication with users. All enquiries shall be replied to in 24 hours after receipt. In principle, however, enquiries received after work hours, weekends and holidays shall be processed the next working day. For other inquiries or consultations regarding personal information, please contact the agencies listed below.

Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (http://www.kopico.go.kr)

Personal Information Infringement Report Center: (no area code) 118 (http://privacy.kisa.or.kr)

Cyber Investigation Department, Supreme Prosecutors’ Office: (no area code) 1301 (http://www.spo.go.kr)

Cyber Bureau, National Policy Agency: (no area code) 182 (https://ecrm.cyber.go.kr)

14. Manager(s) and Officer(s) in Charge of Personal Information Protection

This Website makes its best efforts so that users can use quality information in a safe environment. In protecting personal information, the Personal Information Protection Officer shall take responsibility if any event occurs in conflict with the Policy notified to the users. However, the Company shall not be held responsible for any unexpected problems that result in information damage caused by basic network risks, such as hacking, despite having taken supplementary technical measures, and for any disputes arising out of postings written by visitors. Please find below information of the persons handling the members’ personal information who will respond promptly and sincerely to inquiries regarding personal information.

Personal Information Protection Officer

Name: Choi, Jae-geuk

Title: Head of the Center

Department: Information Protection Center

Personal Information Protection Manager

Name: Yoon, Soon-young

Title: Manager

Contact no.: 070-7800-4176

e-mail : darktep@sk.com

15. Notification of Changes to the Privacy Policy

The Privacy Policy currently in force was established on November 15, 2021. The content may be added, deleted or amended if any changes are made to government policies or security technologies. Such changes shall be notified on the Website at least 7 days in advance of the amendment.

• Privacy Policy Version: v1.0
• Effective Date: Nov. 15, 2021