The Company processes personal information for the following purposes. The personal information processed shall not be used for any purpose other than the following purposes,
If the purpose of use changes, we will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

① Homepage membership and management
Confirmation of the intention to join the membership, identification and authentication of the person in accordance with the provision of membership services, maintenance and management of membership, and prevention of unauthorized use of the service,
When processing personal information of children under the age of 14, we process personal information for the purpose of confirming the consent of the legal representative, various notices and notifications, and grievance handling.

② Provision of goods or services
We process personal information for the purpose of delivering goods, providing services, sending contracts and invoices, providing content, providing customized services, identification, age verification, payment and settlement of fees, and collecting debts.

③ Utilization for Marketing and Newsletter Sending and AdvertisingTo develop new services (products) and provide customized services, provide event and advertising information and participation opportunities, and verify the validity of the service,
We process personal information for the purpose of identifying the frequency of access or statistics on members' use of the Service.

The Company processes the following items of personal information

• ① Provision of inquiry service
  1. Required items: Name, e-mail, company/affiliation name, department name
• ② Utilization for marketing and advertising
  1. Required items: Name, e-mail, company/affiliation name, department name

• ① The Company shall process and retain personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
• ② The period of processing and retention of personal information agreed upon when collecting personal information from the information subject is as follows.

※ If there are special provisions in laws and regulations in this regard, it will be kept in accordance with the provisions of those laws and regulations.

• ③ The personal information retained by the relevant laws and regulations and the retention period are as follows.

• ① The Company shall process personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and shall not provide personal information to third parties without the consent of the information subject, special provisions of the law, etc.
  The Company shall provide personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act.
• ② The Company provides personal information to third parties based on the prior consent of the customer as follows.

• ① The information subject may exercise the right to view, correct, delete, or suspend the processing of personal information at any time against the Company.
• ② The exercise of rights under Paragraph 1 may be made in writing, e-mail, facsimile transmission (FAX), etc. to the Company in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act.
  The Company will take action without delay.
• ③ The rights under Paragraph 1 may be exercised through a representative, such as the legal representative of the information subject or a person who has been delegated.
  In this case, a power of attorney in the form of Attachment No. 11 to the "Notification on the Method of Processing Personal Information (No. 2020-7)" must be submitted.
• ④ The information subject's request to view and suspend the processing of personal information may be restricted by Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
• ⑤ In the case of a request for the correction and deletion of personal information, the correction and deletion of personal information cannot be requested when the personal information that is the subject of the request for correction and deletion is specified as the subject of collection under other laws and regulations.
• ⑥ The Company shall verify whether the person making a request for access, correction or deletion, or suspension of processing in accordance with the rights of the information subject is the information subject or the legitimate representative of the information subject.

① The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.

② Even if the personal information retention period for which consent has been obtained from the information subject has elapsed or the purpose of processing the personal information has been achieved,
If the personal information is required to be retained in accordance with the relevant laws and regulations under Article 3, Paragraph 3 of this Guideline, the personal information shall be transferred to a separate database (DB) or stored in a different place.

③ Personal information under Paragraph 2 shall not be used for any purpose other than the purpose for which it is retained, except as required by law.
④ The procedures and methods for destroying personal information are as follows.

• 1. Destruction Procedure
  The Company shall select the personal information for which the reason for destruction has occurred and destroy the personal information with the approval of the personal information protection officer of the Company.
• 2. destruction method
  Information in the form of electronic files shall be destroyed using technical methods that do not allow the records to be reproduced.
  Personal information printed on paper shall be destroyed by shredding or incineration.

The Company takes the following measures to ensure the safety of personal information.

① Conducting regular self-audits
The Company conducts self-audits on a regular basis (once a quarter) to ensure the stability of personal information handling.

② Minimization and training of employees handling personal information
By designating employees who handle personal information and limiting those who handle personal information to those in charge, we take measures to manage personal information by minimizing the number of employees who handle personal information.

③ Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for the safe handling of personal information.

④ Technical measures against hacking, etc.
The Company installs security programs to prevent leakage and damage of personal information due to hacking or computer viruses, and periodically updates and checks them,
The Company installs personal information processing systems in areas where access is controlled from the outside, monitors them technically and physically, and blocks unauthorized access to personal information processing systems.

⑤ Encryption of personal information
The password of the user's personal information is encrypted and stored and managed so that only the user can know it, and important data is encrypted for file and transmission data or
We use separate security functions such as encrypting files and transmission data or using a file lock function.

⑥ Storage of access records and prevention of forgery and alteration
Records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent access records from being forged, altered, stolen, or lost.

⑦ Restriction of access to personal information
The Company takes necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information,
We use an intrusion prevention system to control unauthorized access from the outside.

⑧ Use of locks for document security
Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.

⑨ Access control for unauthorized persons
We have a separate physical storage location for personal information and have established and operated access control procedures for it.

• ① The Company uses 'cookies' to store and retrieve user's usage information from time to time in order to provide individualized customized services to users.
• ② Cookies are small amounts of information sent to the user's computer browser by the server (http) used to operate the website and are also stored on the hard disk of the user's PC computer.
  1. Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, and secure connection.
  2. Installation, operation and rejection of cookies: You can reject the storage of cookies through the option settings in the Tools>Internet Options>Privacy menu at the top of your web browser.
  3. If you refuse to save cookies, you may experience difficulties in using customized services."

• ① The Company shall be responsible for the processing of personal information in general, and shall handle complaints and damage relief of information subjects related to the processing of personal information. The Company designates a personal information protection officer and a person in charge of personal information protection as follows.

② The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. that occurred while using the Company's services (or business) to the personal information protection officer and the department in charge of personal information protection. The Company will respond to and handle inquiries from the information subject without delay.

The information subject may request to view personal information pursuant to Article 35 of the Personal Information Protection Act to the following departments. The Company will endeavor to promptly process the information subject's request for access to personal information.

The information subject may apply to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc. for dispute resolution or consultation in order to receive relief due to personal information infringement.

• In addition, please contact the following organizations for other personal information infringement reports and consultations.
  1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
  4. National Police Agency: (without area code) 182 (cyberbureau.police.go.kr)

We will notify you of any additions, deletions, or modifications to the current Privacy Policy at least 7 days prior to the revision.
However, if there is a significant change in user rights, such as the collection and utilization of personal information or provision to third parties, we will notify you at least 30 days in advance.

This Privacy Policy is effective as of April 26, 2021.