Article 1 (Purpose) ① Moulder (hereinafter the ‘Company’) values the personal information of data subjects and complies with the Personal Information Protection Act (hereinafter the ‘Act’) and the Act on Promotion of Information and Communications Network Utilization and Information Protection. ② The purpose of this Policy is to stipulate detailed matters concerning the standards for the processing of personal information, types of personal information infringement, and preventive measures, in accordance with Article 12, Paragraph 1 of the Act. ③ ‘Personal information’ refers to information about a living individual that can identify the said individual through items such as name and resident registration number (including information that, by itself, cannot identify a specific individual but can be easily combined with other information to do so). Article 2 (Items of Personal Information Collected) The Company collects only the minimum personal information necessary for service use upon membership registration. Within the scope permitted by relevant laws or regulations, when a member accesses this homepage or uses the Company's services through this homepage, the Company may collect the member's personal information as follows. ① Required Information for Member Management: Name, email address, password, mobile phone number, date of birth, company name. ② Additional Information for Service Use: Consent to receive marketing information. ③ Automatically Generated and Collected Information: Identity verification information (CI, DI), telecommunication service provider name, domestic/foreign national information, age information, service use records, access logs, access IP information, cookies, visit date and time, fraudulent use records, device information (OS, unique device identifier, advertising identifier), online behavioral information, location information, etc. ※ Members have the right to refuse the collection and use of the personal information above, but refusal to the collection and use of required information may result in restrictions on the use of the services provided by the Company. ※ The Company allows membership registration for individuals aged 14 and over, and in principle, does not collect the personal information of children under 14 who require the consent of a legal representative for the collection and use of personal information. Article 3 (Purpose of Collection and Use of Personal Information) The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Act. ① For use in identity verification procedures for membership registration, ID issuance, and service use; for confirming the conclusion of a contract for service use; for maintaining and managing membership status; for preventing fraudulent use of services, etc. ② For smooth communication, such as delivering various notices and announcements; for identifying complainants and confirming complaint details; for contact and notification for fact-finding investigations; for notifying processing results, etc., for handling civil complaints and grievances. ③ For providing and improving services, etc. ④ For securing delivery addresses when conducting events, such as providing information on other new services, new products, or events; for providing customized services; for customer consultation related to services; for customer information management and statistics, auditing, monitoring, investigation of accidents related to paid services, and fulfillment of other legal obligations. Article 4 (Method of Consent to Personal Information Collection) ① The Company obtains the member's consent for the collection of personal information. In relation to the collection of the member's personal information, the Company has established a procedure allowing the member to click an 'Agree' button for the contents of the Company's privacy policy, membership terms and conditions, or other service terms of use, and if the member clicks the 'Agree' button, they are deemed to have consented to the Company's collection of personal information. ② Notwithstanding the preceding paragraph, in any of the following cases, the user's personal information may be collected and used without consent. When it is personal information necessary to fulfill a contract regarding the provision of information and communication services, and it is clearly difficult to obtain normal consent for economic or technical reasons. When necessary for the settlement of fees for the provision of information and communication services. When there are special provisions in other laws. When it is personal information necessary to fulfill a contract, and it is clearly difficult to obtain normal consent for economic or technical reasons. When there is a reasonable relevance to the purpose of collection, no disadvantage occurs to the data subject, and security measures have been applied. Relevance to the original purpose of collection. Predictability of additional use of personal information in light of the circumstances of collection or processing practices. Whether the interests of the data subject are infringed. This is judged by considering all matters such as the application of necessary measures to ensure security, including pseudonymization or encryption. Article 5 (Processing and Retention Period of Personal Information) ① The Company processes and retains personal information within the personal information retention and use period stipulated by law or the period for which consent was obtained from the data subject at the time of collecting personal information. ② The processing and retention period for each type of personal information is as follows. Member Management: Retained until the member withdraws or is expelled. Additional Information for Service Use: Retained until the member withdraws or is expelled, or until the service provision ends. However, if storage is required for a mandatory retention period under relevant laws and for the Company's business purposes, it is stored for the corresponding period and then destroyed. Retention of personal information under other relevant laws. Act on Consumer Protection in Electronic Commerce, etc. Records on display and advertising: 6 months Records on contracts or withdrawal of offers, etc.: 5 years Records on payment and supply of goods, etc.: 5 years Records on consumer complaints or dispute resolution: 3 years Communication Secrets Protection Act Service use records, access logs, access IP information: 3 months Value-Added Tax Act Information related to transaction details such as tax invoices and receipts: 5 years ③ In principle, after the purpose of collecting and using personal information has been achieved, the information is destroyed without delay. ④ However, even if the purpose of collecting the personal information or the purpose for which it was provided has been achieved, the Company may not destroy but may use the personal information for submission, etc., if it is deemed necessary for the fulfillment of obligations under relevant laws such as the Commercial Act or for submission upon the request or order of other supervisory authorities. ⑤ If a credit-debt relationship arising from the use of the Moulder Service remains, personal information may be retained until the said credit-debt relationship is settled. Article 6 (Separate Storage of Personal Information of Long-Term Inactive Members) ① In accordance with relevant laws, the accounts of long-term inactive members are converted to a dormant state, and their personal information is encrypted and stored separately. Relevant Laws: Articles 21 and 39-6 of the Act, and Article 16 of the Enforcement Decree of the same Act. Dormant Member: A member who has been converted to a dormant state for not using the service for 1 year or more. ② In the following cases, to protect the member's rights and interests, the account will not be converted to a dormant state. A member who is receiving services under a separate service contract. ③ Thirty days before the conversion to a dormant state, the member scheduled to become dormant will be notified in advance via email of the scheduled conversion date, the fact of separate storage, and the items of personal information to be stored separately. If information for this notification method is missing or incorrect, it will be replaced by a notice on the homepage. ④ If a member scheduled to become dormant logs in before the notified scheduled conversion date, they will not be converted to a dormant state and can continue to use the service as before. ⑤ The fact of conversion to a dormant state will be notified to the dormant member via email. ⑥ The separately stored personal information will be retained for a certain period in accordance with relevant laws and will be destroyed after the said period ends. However, personal information that is not destroyed will be provided again at the time of service resumption upon the user's request. Article 7 (Provision of Personal Information to Third Parties) ① The Company will not use the member's personal information or provide it to other persons or other companies/institutions beyond the scope notified in this Policy, except with the member's consent, as required by relevant laws, or when necessary for the supply of services provided by the Company to the member. When providing a member's personal information to a third party, the Company will notify the recipient, purpose, and items of personal information to be provided through the privacy policy and homepage, etc., in advance, and then seek consent. ② The member may request the suspension of the provision to a third party under Paragraph 1 of this Article at any time through the Company's Personal Information Protection Officer and the department in charge of personal information management. ③ Notwithstanding Paragraph 1 of this Article, in the following cases, personal information may be provided without the member's consent in accordance with the provisions of relevant laws. When necessary for statistical purposes, academic research, or market research in accordance with the relevant Statistics Act, etc., and provided in a form where a specific individual cannot be identified. When there are special provisions in laws such as the Telecommunications Basic Act, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, the Criminal Procedure Act, etc. When providing personal information by order of a government agency (including quasi-governmental agencies) or a court. When there is a reasonable relevance to the purpose of collection, no disadvantage occurs to the data subject, and security measures have been applied. This applies only when a comprehensive judgment is made considering all the following matters: relevance to the original purpose of collection; predictability of additional use or provision of personal information in light of the circumstances of collection or processing practices; whether the interests of the data subject are infringed; and the application of necessary measures to ensure security, including pseudonymization or encryption. Article 8 (Linked Sites) The Company may provide links to other companies' websites or materials to the member. In this case, since the Company has no control over external sites and materials, it cannot be held responsible for and cannot guarantee the usefulness of the services or materials provided therefrom. If you click on a link included by the Company and move to another site's page, the privacy policy of that site is not related to the Company, so please review the policy of the newly visited site. Article 9 (Entrustment of Personal Information Processing) ① For the smooth processing of personal information tasks, the Company may entrust personal information collection/processing/management tasks to an external party as follows. ② For service improvement and smooth fulfillment of contractual matters, the Company, in accordance with Article 26 of the Act, specifies in documents such as contracts matters concerning responsibilities, such as the prohibition of processing personal information for purposes other than the entrusted task, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and compensation for damages, and supervises whether the entrusted party processes personal information securely. ③ When providing or sharing a member's personal information with an affiliated company, the Company will notify the member in advance through the privacy policy of the recipient or sharer, the purpose, and the items of personal information to be shared, and then seek consent. ④ If the content of the entrusted task or the entrusted party changes, we will disclose it through this Policy without delay. Article 10 (Rights and Obligations of Data Subjects and Their Exercise) ① The member may request to view the personal information files held by the Company in accordance with Article 35 (Access to Personal Information) of the Act. Upon a request for access to personal information, access may be restricted under Article 35, Paragraph 4 of the Act. ② The personal information files held by the Company may be requested for correction or deletion in accordance with Article 36 (Correction and Deletion of Personal Information) of the Act. However, if that personal information is specified as an object of collection in other laws, its deletion cannot be requested. ③ The processing of personal information files held by the Company may be requested to be suspended in accordance with Article 37 (Suspension of Processing of Personal Information, etc.) of the Act. Upon a request for suspension of processing of personal information, the request may be refused under Article 37, Paragraph 2 of the Act. ④ When collecting personal information from a child under 14 or intending to provide a child's personal information to a third party, the consent of their legal representative is obtained. ⑤ In this case, the Company may request information from the child, such as the name of the legal representative, necessary to obtain the legal representative's consent. ⑥ The legal representative may withdraw consent for the child's personal information mentioned above and may request to view or correct errors in the personal information provided by the said child. ⑦ The Company does not provide or share information about a child with a third party without the consent of the legal representative, and if the legal representative requests the correction of an error in the personal information collected from the child, the use and provision of that personal information are prohibited until the error is corrected. Article 11 (Procedure and Method of Personal Information Destruction) ① The member may withdraw their consent to the collection, use, and provision of personal information at the time of membership registration at any time through methods such as membership withdrawal. ② In principle, personal information for which a withdrawal request has been made is destroyed without delay when the purpose of its collection and use has been achieved or the retention and use period of the personal information for which consent was obtained has expired. However, this does not apply if personal information must be preserved according to relevant laws, and the information entered by the member for membership registration, etc., may be stored for a certain period according to internal policies and other relevant laws before being destroyed. ③ The Company destroys the relevant personal information without delay when it becomes unnecessary, such as upon the expiration of the personal information retention period or the achievement of the processing purpose. ④ Personal information stored for a certain period will not be used for any other purpose for which consent was not obtained, unless required by law. ⑤ The Company selects the personal information for which a reason for destruction has occurred and destroys the personal information with the approval of the Company's Personal Information Protection Officer. ⑥ The Company destroys personal information printed on paper by shredding it with a shredder or through incineration, deletes personal information stored in electronic file format using a technical method that makes records irreproducible, and destroys personal information stored on electronic storage media using a permanent deletion device. Article 12 (Matters Concerning the Installation and Operation of Automatic Personal Information Collection Devices and Their Refusal) ① A cookie is a small amount of information that the Moulder Service sends to the member's browser (Internet Explorer, Chrome, Firefox, other mobile browsers). The Company uses 'cookies' to store and frequently retrieve information about the member. Cookies identify the member's computer or mobile device but do not personally identify the member. The member has a choice regarding cookies. Therefore, the member can set options in their web browser to allow all cookies, to go through confirmation each time a cookie is saved, or to refuse to save all cookies. ② You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser. However, please be aware that if you refuse to install cookies, you may not be able to receive some of the Company's services. ③ Cookies are used to provide optimized information to the member by identifying visit and usage patterns for each service and website visited, popular search terms, security access status, etc., as follows: a. Provide differentiated information for each device by loading advertising identifiers, device IDs into cookies. b. Used for target marketing by analyzing the access frequency or stay time of members and non-members to identify the member's tastes and interests. Provides personalized service on the next visit by analyzing details about clicked information and traces of information viewed with interest. Used as a measure for service reorganization by analyzing members' habits. Article 13 (Measures for Ensuring Personal Information Safety) The Company is taking the following technical and administrative measures to ensure that the member's personal information is not lost, stolen, leaked, altered, or damaged. Technical Measures) The customer's personal information is protected by a password, and important data is protected through a separate security function by encrypting files and transmitted data or using a file lock function. The Company adopts a security device (SSL) that can safely transmit personal information on the network using an encryption algorithm. To prevent the leakage of the customer's personal information due to hacking, etc., a device that blocks intrusion from the outside is used, and an intrusion detection system is installed on each server to monitor for intrusions 24 hours a day. Administrative Measures) The Company's internal management plan is implemented in compliance with the internal management guidelines of the Ministry of the Interior and Safety, and employee training is conducted regularly. Necessary measures for access control to personal information are taken by granting, changing, and revoking access rights to the personal information processing system, and unauthorized access from the outside is controlled using an intrusion prevention system, and access to computer rooms and data storage rooms is controlled. The Company is not responsible for incidents that occur due to the member's own mistakes or risks that fundamentally exist on the network. Each individual member is responsible for protecting their personal information by properly managing their own ID and password. In the event that personal information is lost, leaked, altered, or damaged due to a mistake by an internal manager, a technical management accident, etc., the Company will immediately inform you of the fact through appropriate contact means and prepare countermeasures. Article 14 (Personal Information Protection Officer and Department in Charge of Personal Information Management) In accordance with Article 31 of the Act, the Company has a Personal Information Protection Officer to protect the member's personal information and handle complaints related to personal information. If you have any inquiries related to personal information, please contact the Personal Information Protection Officer below. The Company will respond promptly and sincerely to your inquiries. The Company is doing its best to ensure that members can use the information they provide safely. However, despite technical security measures, the Company is not responsible for the damage of information due to accidents that may occur due to network risks such as hacking, and for various disputes caused by posts written by the member. • CEO: Hyorin Choi • Company Name: Moulder • Contact Number: +82 10-2282-8700 • Email: hyorin.choi@moulder.ai Article 15 (Remedies for Infringement of Rights and Interests) If your personal information has been infringed and you need to report it or seek consultation, you can contact the following organizations for assistance: Personal Information Infringement Report Center: (No area code) 118, https://privacy.kisa.or.kr Supreme Prosecutors' Office Cyber Investigation Division: (No area code) 1301, https://www.spo.go.kr Korean National Police Agency Cyber Bureau: (No area code) 182, http://cyberbureau.police.go.kr Personal Information Dispute Mediation Committee: 1833-6972, http://www.kopico.go.kr Article 16 (Changes to the Privacy Policy) This Policy may be amended by addition, deletion, or modification for purposes such as reflecting changes in laws, policies, or security technology. If the Privacy Policy is changed, the Company will post the changes, and the amended Privacy Policy will take effect 7 days after the date of posting. However, if significant changes to Member rights occur, such as changes in the items of personal information collected or the purpose of use, advance notice will be given at least 30 days prior. Effective Date: January 13, 2025. Announcement Date: January 13, 2025.