Aju Corporation

1. Purpose of Collection and Use of Personal Information

The Company collects only the minimum personal information necessary for providing services for the following purposes, and does not use the collected information for any purpose other than those specified, nor disclose it to external parties without the user’s consent.

2. Retention and Use Period of Personal Information

The Company processes and retains personal information within the period permitted by applicable laws and regulations, or within the period agreed upon at the time of collection from the user. The retention and use periods of personal information are as follows:

• Complaint Handling and provision of goods or services: Personal information will be promptly destroyed once the purposes set forth in Article 1 have been achieved.
• Exceptions
  1. Where investigations or inquiries are ongoing due to violations of relevant laws, personal information will be retained until the completion of such investigations or inquiries.
  2. Where obligations or rights (such as claims or debts) remain due to website use, personal information will be retained until such obligations are settled.

3. Provision of Personal Information to Third Parties

The Company processes and retains personal information within the period permitted by applicable laws and regulations, or within the period agreed upon at the time of collection from the user. The Company may provide personal information to third parties under the following circumstances:

1. When the user has given prior consent.
2. When required by law, or when an investigative agency requests such information in accordance with the procedures and methods prescribed by law for investigation purposes.

4. Outsourcing of Personal Information Processing

① The Company outsources the processing of personal information as follows to ensure smooth service delivery and improvement:

② When entering into an outsourcing agreement, the Company specifies in the contract, in accordance with Article 26 of the Personal Information Protection Act, matters regarding prohibition of processing for purposes other than the performance of outsourced tasks, implementation of technical and administrative safeguards, restrictions on re-outsourcing, management and supervision of the subcontractor, and liability for damages. The Company also supervises the subcontractor to ensure the secure processing of personal information.

③ If there are any changes in the details of the outsourced tasks or in the service provider, the Company will disclose such changes without delay through this Privacy Policy.

5. Destruction of Personal Information

The Company, in principle, destroys personal information without delay once the purpose of collection and use has been achieved. The procedures and methods for destruction are as follows:

1. ① Destruction Procedure
• The Company selects personal information for which the reason for destruction has occurred and destroys it with the approval of the Personal Information Protection Officer.
2. ② Destruction Method
• Personal information printed on paper is destroyed by shredding or incineration.
• Personal information stored in electronic file format is deleted using technical methods that make record restoration impossible.

6. Rights of Users and Legal Representatives and How to Exercise Them

Users may exercise their rights regarding the access, correction, deletion, and suspension of processing of their personal information in accordance with the Personal Information Protection Act and other applicable laws.

1. ① Method and Procedure of Exercising Rights: Requests may be made via phone, in writing, e-mail, or through the Company’s website. The Company will not require additional documents or procedures beyond those necessary for the request and will not ask for any supporting materials not required at the time of personal information collection.
2. ② Rights may also be exercised through a user’s legal representative or a delegated agent. In such cases, the representative must submit a letter of authorization from the data subject.
3. ③ The legal representative of a child under 14 years of age may exercise rights related to the protection of the child’s personal information.

7. Installation and Operation of Automatic Collection Devices and Refusal

The Company does not use cookies or other automatic collection devices that store or retrieve user information.

8. Personal Information Protection Officer

To protect users’ personal information and handle related complaints, the Company designates the following department and Personal Information Protection Officer:

1. Personal Information Protection Officer
   • Name & Position: Hwan-Sung Lim, Head of Division
2. Personal Information Protection Department
   • Name & Position: Yong-Hwan Maeng, Team Leader
   • Contact: +82-2-3475-9842

You may report any privacy-related complaints arising while using the company's services to the Personal Information Protection Officer or the relevant department. The company will provide a prompt and sufficient response to users' reports. For other inquiries or reports regarding personal information infringements, please contact the following organizations.

1. - Personal Information Infringement Report Center, privacy.kisa.or.kr / (without area code) 118
2. - Personal Information Dispute Mediation Committee, www.kopico.go.kr / (without area code) 1833-3672
3. - Supreme Prosecutors' Office Cyber Investigation Division, spo.go.kr (cid@spo.go.kr) / (without area code) 1301
4. - Cyber Safety Bureau of the National Police Agency, cyberbureau.police.go.kr / (without area code) 182

9. Technical and administrative measures to protect personal information

When handling users' personal information, the company implements the following technical and administrative measures to ensure the security of personal information and prevent it from being lost, stolen, leaked, falsified, altered, or damaged.

1. ① Technical Measures

   To prevent the leakage of users’ personal information due to hacking or other external intrusions, the Company installs intrusion prevention systems and vulnerability analysis systems on each server. In addition, the Company strives to enhance security by implementing various programs and safeguards, such as managing access authority for personal information processing systems and installing access control systems.

2. ② Managerial Measures

   The Company limits access to users’ personal information to the minimum number of personnel. The relevant personnel are as follows:

   1. The Chief Privacy Officer and staff in charge of personal information protection tasks
   2. Other personnel who inevitably handle personal information for business purposes

The Company provides regular in-house and outsourced training for employees handling personal information regarding supervision, acquisition of new security technologies, and obligations to protect personal information. The transfer of duties related to personal information is carried out thoroughly under secure conditions, and responsibilities for personal information incidents are clearly defined during and after employment.
If personal information is lost, stolen, leaked, forged, altered, or damaged due to mistakes by internal managers or technical incidents, the Company will immediately notify users and take appropriate measures and compensation.

10. Changes to the Privacy Policy

In the event of additions, deletions, or revisions to the Privacy Policy due to changes in government policy or security technology, the Company will notify users through the website at least seven (7) days before the amendment takes effect.