Article 1 (Purpose) ① Moulder (hereinafter referred to as the "Company") highly values the personal information of data subjects and complies with the Personal Information Protection Act (hereinafter referred to as the "Act") and the Act on Promotion of Information and Communications Network Utilization and Information Protection. ② This Policy aims to stipulate detailed matters concerning the standards for processing personal information, types of personal information infringement, and preventive measures, in accordance with Article 12, Paragraph 1 of the Act. ③ "Personal Information" refers to information relating to a living individual that can identify the individual by name, resident registration number, etc. (including information that, even if it cannot identify a specific individual on its own, can be easily combined with other information to do so). Article 2 (Categories of Personal Information Collected) The Company collects only the minimum personal information necessary for service use at the time of membership registration. To the extent permitted by relevant laws or regulations, when a Member accesses this website or uses the Company's services through this website, the Company may collect the Member's personal information as follows: Mandatory Information for Member Management: Name, email address, password, mobile phone number, date of birth, company name. Additional Information for Service Use: Consent to receive marketing information. Information Automatically Collected: Identity verification information (CI, DI), telecom operator name, domestic/foreign national information, age information, service usage records, access logs, access IP information, cookies, visit date and time, fraudulent use records, device information (OS, unique device identifier, advertising ID), online behavioral information, location information, etc. ※ Members have the right to refuse the collection and use of the above personal information; however, refusal to collect and use mandatory information may restrict the use of services provided by the Company. ※ The Company allows membership registration only for individuals aged 14 or older and, as a general rule, does not collect personal information of children under the age of 14 for whom the consent of a legal guardian is required for the collection and use of personal information. Article 3 (Purpose of Collection and Use of Personal Information) The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Act. Membership registration and ID issuance, identity verification procedures for service use, confirmation of contract conclusion for service use, maintenance and management of membership qualifications, prevention of fraudulent service use, etc. Smooth communication for conveying various notices and notifications, verifying the identity of complainants, confirming complaint details, contacting for fact-finding, notifying processing results, etc., for handling complaints and inquiries. Provision and improvement of services, etc. Guidance on other new service information, new product or event information, provision of customized services, customer consultation related to services, customer information management and statistics, audits, monitoring, investigation of incidents related to paid services, securing shipping addresses for events, and fulfillment of other legal obligations. Article 4 (Method of Obtaining Consent for Collection of Personal Information) ① The Company obtains consent for the collection of Members' personal information. In relation to the collection of Members' personal information, the Company has established a procedure whereby Members can click an "Agree" button regarding the content of the Company's Privacy Policy, Membership Terms and Conditions, or other service terms of use. If the Member clicks the "Agree" button, it is deemed that they have consented to the Company's collection of personal information. ② Notwithstanding the above provisions, personal information may be collected and used without consent in any of the following cases: When the personal information is necessary to fulfill a contract regarding the provision of information and communication services, and it is clearly difficult to obtain normal consent due to economic or technical reasons. When necessary for the settlement of fees related to the provision of information and communication services. When there are special provisions in other laws. When the personal information is necessary to fulfill a contract, and it is clearly difficult to obtain normal consent due to economic or technical reasons. When there is a reasonable connection to the original purpose of collection, no disadvantage is incurred by the data subject, and security measures have been applied – determined by comprehensively considering all of the following: relevance to the original purpose of collection, predictability of additional use of personal information in light of collection circumstances or processing practices, whether the data subject's interests are infringed, and application of necessary security measures such as pseudonymization or encryption. Article 5 (Processing and Retention Period of Personal Information) ① The Company processes and retains personal information within the personal information retention and use period stipulated by laws and regulations, or the period consented to by the data subject at the time of collecting personal information. ② The processing and retention periods for each category of personal information are as follows: a. Member Management: Retained until membership withdrawal or expulsion. b. Additional Information for Service Use: Retained until membership withdrawal or expulsion, or until the end of service provision. However, if retention is required for a mandatory period under relevant laws or for the Company's business purposes, it will be stored for that period and then destroyed. c. Retention of Personal Information under Other Relevant Laws: 1) Act on Consumer Protection in Electronic Commerce, etc. - Records on labeling and advertising: 6 months - Records on contracts or withdrawal of offers, etc.: 5 years - Records on payment of charges and supply of goods, etc.: 5 years - Records on consumer complaints or dispute resolution: 3 years 2) Protection of Communications Secrets Act - Service usage records, access logs, access IP information: 3 months 3) Value-Added Tax Act - Information related to transaction details such as tax invoices, receipts, etc.: 5 years ③ In principle, after the purpose of collecting and using personal information is achieved, the relevant information is destroyed without delay. ④ However, even if the purpose of collecting or receiving personal information has been achieved, the Company may retain and use personal information for submission, etc., if it is deemed necessary for fulfilling obligations under relevant laws such as the Commercial Act or for complying with requests or orders from supervisory authorities, without destroying it. ⑤ If there are outstanding claims or debts related to the use of Moulder Services, personal information may be retained until such claims or debts are settled. Article 6 (Separate Storage of Personal Information of Long-Term Non-Using Members) ① In accordance with relevant laws, the accounts of long-term non-using Members are converted to a dormant state, and their personal information is encrypted and stored separately. 1. Relevant Laws: Article 21, Article 39-6 of the Act, and Article 16 of the Enforcement Decree of the Act. 2. Dormant Member: A Member whose account has been converted to a dormant state due to not using the service for one year or more. ② In the following cases, to protect the Member's rights and interests, the account will not be converted to a dormant state: 1. Members who are receiving services under a separate service contract. ③ At least 30 days before the conversion to dormant state, dormant-to-be Members will be notified in advance via email of the scheduled conversion date, the fact that their information will be stored separately, and the items of personal information. If information for this notification method is missing or incorrect, it will be replaced by a notice on the website's bulletin board. ④ If a dormant-to-be Member logs in before the pre-notified scheduled conversion date, their account will not be converted to a dormant state, and they can continue to use the services as before. ⑤ The fact of conversion to a dormant state will be notified to the dormant Member via email. ⑥ Separately stored personal information will be retained for a certain period in accordance with relevant laws and destroyed after the end of that period. However, personal information that has not been destroyed will be provided again at the time of service resumption if the user requests to resume service use. Article 7 (Provision of Personal Information to Third Parties) ① The Company will not use or provide the Member's personal information to other individuals or companies/organizations beyond the scope notified in this Policy, except with the Member's consent, as stipulated by relevant laws, or when necessary for the provision of services offered by the Company to the Member. When providing personal information to a third party, the Company will notify the recipient, purpose, items of personal information to be provided, etc., through the Privacy Policy and website, and then obtain consent. Example) Recipient | Purpose of Provision | Items Provided | Retention & Use Period ------- | -------- | -------- | -------- Kakao Corp. | Service affiliation, cost settlement, user convenience | Payment information (payment amount) | Until the purpose of using personal information is achieved; however, if retention is necessary under relevant laws, until that point, then destroyed without delay. ② Members may request the cessation of third-party provision under Paragraph 1 of this Article at any time through the Company's Data Protection Officer and the department in charge of personal information management. ③ Notwithstanding Paragraph 1 of this Article, personal information may be provided without the Member's consent in the following cases, as stipulated by relevant laws: 1. When necessary for statistical purposes, academic research, or market research in accordance with relevant statistics laws, etc., and provided in a form where specific individuals cannot be identified. 2. When there are special provisions in laws such as the Telecommunications Basic Act, Telecommunications Business Act, Local Tax Act, Consumer Protection Act, Bank of Korea Act, Criminal Procedure Act, etc. 3. When providing personal information by order of a government agency (including quasi-governmental agencies) or a court. 4. When there is a reasonable connection to the original purpose of collection, no disadvantage is incurred by the data subject, and security measures have been applied – applicable only when comprehensively determined by considering all of the following: relevance to the original purpose of collection, predictability of additional use/provision of personal information in light of collection circumstances or processing practices, whether the data subject's interests are infringed, and application of necessary security measures such as pseudonymization or encryption. Article 8 (Linked Sites) The Company may provide Members with links to other companies' websites or materials. In such cases, the Company has no control over external sites and materials and therefore cannot be held responsible for or guarantee the usefulness of services or materials provided therefrom. If you click on a link included by the Company and move to another site's page, that site's privacy policy is unrelated to the Company, so please review the policy of the newly visited site. Article 9 (Outsourcing of Personal Information Processing) ① For smooth personal information processing, the Company may outsource the collection/processing/management of personal information as follows. The Company's personal information processing consignees and entrusted tasks are as follows: Consignee (Processor) | Entrusted Tasks ------- | -------- XXXXX Inc. | Mobile phone payment, identity verification ② In accordance with Article 26 of the Act, for service improvement and smooth fulfillment of contractual obligations, the Company specifies in contracts or other documents matters concerning the prohibition of personal information processing for purposes other than performing the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the consignee, and liability for damages, and supervises whether the consignee processes personal information securely. ③ When providing or sharing Members' personal information with partner companies, the Company will notify the Member in advance through the Privacy Policy of the recipient or sharer, the purpose, the items of personal information to be shared, etc., and then obtain consent. ④ If the content of the entrusted tasks or the consignee changes, it will be disclosed through this Policy without delay. Article 10 (Rights and Obligations of Data Subjects and Method of Exercising Them) ① Members may request access to their personal information files held by the Company in accordance with Article 35 (Access to Personal Information) of the Act. Access may be restricted under Article 35, Paragraph 4 of the Act upon request for access to personal information. ② Members may request correction or deletion of their personal information files held by the Company in accordance with Article 36 (Correction and Deletion of Personal Information) of the Act. However, deletion cannot be requested if the personal information is specified as an object of collection in other laws. ③ Members may request the suspension of processing of their personal information files held by the Company in accordance with Article 37 (Suspension of Processing of Personal Information, etc.) of the Act. A request for suspension of processing of personal information may be refused under Article 37, Paragraph 2 of the Act. ④ When collecting personal information from a child under the age of 14 or intending to provide a child's personal information to a third party, the Company obtains the consent of their legal guardian. ⑤ In this case, the Company may request information from the child, such as the legal guardian's name, necessary to obtain the legal guardian's consent. ⑥ The legal guardian may withdraw consent for the child's personal information mentioned above and may request access to or correction of errors in the personal information provided by the child. ⑦ The Company does not provide or share information about a child with third parties without the legal guardian's consent and prohibits the use and provision of the child's personal information until errors are corrected if the legal guardian requests correction of errors in the personal information collected from the child. Article 11 (Procedures and Methods for Destroying Personal Information) ① Members may withdraw their consent to the collection, use, and provision of personal information, which they agreed to at the time of membership registration, at any time through methods such as membership withdrawal. ② For personal information for which a withdrawal request has been made, it is a general rule to destroy it without delay when the purpose of collection and use has been achieved or the retention and use period of personal information for which consent was obtained has expired. However, this does not apply if personal information must be preserved according to relevant laws, and information entered by the Member for membership registration, etc., may be stored for a certain period according to internal policies and other relevant laws before being destroyed. ③ The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the personal information retention period or achievement of the processing purpose. ④ Personal information stored for a certain period will not be used for any other purpose not consented to, unless required by law. ⑤ The Company selects the personal information for which a reason for destruction has occurred and destroys the personal information after obtaining approval from the Company's Data Protection Officer. ⑥ The Company destroys personal information printed on paper by shredding or incineration, deletes personal information stored in electronic file format using a technical method that makes records irreproducible, and destroys personal information stored on electronic storage media using a permanent deletion device. Article 12 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices) ① Cookies are small amounts of information that Moulder Services transmit to the Member's browser (Internet Explorer, Chrome, Firefox, other mobile browsers). The Company uses "cookies" to store and frequently retrieve information about Members. Cookies identify the Member's computer or mobile device but do not personally identify the Member. Members have the option regarding cookies. Therefore, Members can set options in their web browser to allow all cookies, confirm each time a cookie is saved, or refuse to save all cookies. ② Cookie storage can be refused through the option settings in the Tools > Internet Options > Privacy menu at the top of the web browser. However, please be aware that if you refuse to install cookies, you may not be able to receive some of the Company's services. ③ Cookies are used to provide optimized information to Members as follows by identifying visit and usage patterns for each service and website visited by the Member, popular search terms, security access status, etc.: a. Provide differentiated information for each device by loading advertising identifiers and device IDs into cookies. b. Used for target marketing by analyzing the access frequency or duration of stay of Members and Non-Members to understand Members' tastes and interests. Provides personalized services on the next visit by analyzing detailed information about clicked items and traces of information viewed with interest. Used as a measure for service reorganization, etc., by analyzing Members' habits. Article 13 (Measures to Ensure Personal Information Security) The Company takes the following technical and administrative measures to ensure safety so that Members' personal information is not lost, stolen, leaked, altered, or damaged. Technical Measures) Customers' personal information is protected by passwords, and important data is protected through separate security functions by encrypting files and transmitted data or using file lock functions. The Company has adopted a security device (SSL) that can securely transmit personal information on the network using an encryption algorithm. To prevent customers' personal information from being leaked due to hacking, etc., the Company uses devices that block external intrusions and monitors intrusions 24 hours a day by installing an intrusion detection system on each server. Administrative Measures) The Company's internal management plan is implemented in compliance with the internal management guidelines of the Ministry of the Interior and Safety, and employee training is conducted regularly. Necessary measures for access control to personal information are taken by granting, changing, and revoking access rights to the personal information processing system. Unauthorized external access is controlled using an intrusion prevention system, and access to computer rooms and data storage rooms is controlled. The Company is not responsible for issues arising from a Member's personal mistakes or inherent risks on the network. Each Member is responsible for appropriately managing their ID and password to protect their personal information. In other cases, if personal information is lost, leaked, altered, or damaged due to internal administrator mistakes or technical management accidents, the Company will immediately inform you of the facts through appropriate contact methods and prepare countermeasures. Article 14 (Data Protection Officer and Department in Charge of Personal Information Management) In accordance with Article 31 of the Act, the Company has designated a Data Protection Officer to protect Members' personal information and handle related complaints. If you have any inquiries regarding personal information, please contact the Data Protection Officer below. The Company will respond to your inquiries promptly and faithfully. The Company does its best to ensure that Members can use the information provided safely. However, despite taking technical complementary measures, the Company is not responsible for damage to information due to accidents that may occur due to network risks such as hacking, or for various disputes arising from posts created by Members. • CEO: Hyorin Choi • Company Name: Moulder • Contact Number: +82 10-2282-8700 • Email: hyorin.choi@moulder.ai Article 15 (Remedies for Infringement of Rights and Interests) If your personal information has been infringed and you need to report it or seek consultation, you can contact the following organizations for assistance: Personal Information Infringement Report Center: (No area code) 118, https://privacy.kisa.or.kr Supreme Prosecutors' Office Cyber Investigation Division: (No area code) 1301, https://www.spo.go.kr Korean National Police Agency Cyber Bureau: (No area code) 182, http://cyberbureau.police.go.kr Personal Information Dispute Mediation Committee: 1833-6972, http://www.kopico.go.kr Article 16 (Changes to the Privacy Policy) This Policy may be amended by addition, deletion, or modification for purposes such as reflecting changes in laws, policies, or security technology. If the Privacy Policy is changed, the Company will post the changes, and the amended Privacy Policy will take effect 7 days after the date of posting. However, if significant changes to Member rights occur, such as changes in the items of personal information collected or the purpose of use, advance notice will be given at least 30 days prior. Effective Date: January 13, 2025. Announcement Date: January 13, 2025.