Article 1 (Purpose) To protect the information of individuals (hereinafter referred to as 'Users' or 'Individuals') using the services (hereinafter referred to as 'Company Services') provided by Gloddy (hereinafter referred to as the 'Company'), and to handle promptly and smoothly the complaints related to the protection of personal information of service users, the Company establishes this Privacy Policy (hereinafter referred to as the 'Policy'), in compliance with relevant laws including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act'). Article 2 (Principles of Personal Information Processing) In accordance with the relevant laws on personal information and this Policy, the Company may collect personal information of users, and the collected personal information may be provided to third parties only with the consent of the individual. However, in cases where it is legally required under regulations, the Company may provide the collected personal information of users to third parties without the individual's consent. Article 3 (Disclosure of this Policy) 1. The Company discloses this Policy to users easily by making it available on the first page of the Company's website or through a linked page from the first page. 2. The Company ensures that the disclosure of this Policy according to the preceding clause is made in a manner that allows users to easily confirm the Policy through measures such as font size, color, etc. Article 4 (Changes to this Policy) 1. This Policy may be revised due to changes in laws related to personal information, guidelines, notifications, or changes in the policies or content of government agencies or the Company's services. 2. When revising this Policy according to clause 1, the Company provides notice through one or more of the following methods: a. Posting on the notice board of the Company's website or a separate window on the homepage. b. Notification through methods such as written communication, facsimile transmission, electronic mail, or similar means. 3. The Company provides notice of the revision as per clause 2 at least 7 days before the effective date of the revised Policy. However, if there are significant changes to user rights, notice will be provided at least 30 days in advance. Article 5 (Information for Membership Registration) For the purpose of user membership registration for the Company Services, the Company collects the following information: 1. Required information: Email address, nickname, gender, date of birth, and mobile phone number 2. Optional information: Profile photo. Article 6 (Information for Identity Verification) For the purpose of user identity verification, the Company collects the following information: 1. Required information: Mobile phone number, email address, name, date of birth, gender, and nationality. Article 7 (Information for Providing Company Services) For the purpose of providing users with the Company's services, the Company collects the following information: 1. Required information: Email address, name, date of birth, and contact information. Article 8 (Information for Service Usage and Detection of Unauthorized Usage) For the purpose of confirming and analyzing user service usage and unauthorized usage, the Company collects the following information: 1. Required information: Service usage records. ※ Unauthorized usage refers to activities such as repeated membership re-registration after withdrawal, repetitive actions like purchasing and canceling products to unlawfully gain economic benefits from discounts, event benefits, etc. provided by the Company, actions prohibited by terms of use, illegal activities such as identity theft, and others. The collected information may be used for statistical analysis and assessment based on users' service usage. Article 9 (Methods of Personal Information Collection) The Company collects user personal information through the following methods: 1. Users inputting their personal information on the Company's website. 2. Users receiving emails sent by the Company and inputting their personal information. Article 10 (Use of Personal Information) The Company uses personal information for the following purposes: 1. Sending notifications related to announcements and the Company's operation. 2. Responding to user inquiries, addressing complaints, and improving services for users. 3. Providing the Company's services. 4. Conducting marketing activities, including events and event notifications. 5. Conducting demographic analysis, analyzing service visits and usage records. 6. Taking measures to prevent and sanction activities that violate laws and the Company's terms of use, including restricting the use of members who violate such terms, preventing and sanctioning actions that disrupt the smooth operation of services, including unauthorized activities. Article 11 (Provision of Personal Information Based on Prior Consent) 1. Despite the prohibition of providing personal information to third parties, the Company may provide personal information to third parties if users have given prior consent or agree to the following items. However, even in this case, the Company provides the minimum necessary personal information in accordance with relevant laws. a. For the purpose of pre-checking information about participants in an event, the Company may provide profile information including names, genders, and ages to users participating in the event. 2. In the event of changes or termination of the third-party provision relationship as described in the preceding clause, the Company notifies and obtains consent from users through the same procedure. Article 12 (Retention and Use Period of Personal Information) 1. The Company retains and uses personal information during the period necessary for the purpose of collecting and using personal information. 2. Notwithstanding the previous clause, the Company retains records of improper service usage for a maximum of one year from the point of user withdrawal to prevent fraudulent re-registration and usage. Article 13 (Retention and Use Period of Personal Information According to Laws) The Company retains and uses personal information as follows in accordance with relevant laws: 1. Under the Act on Consumer Protection in Electronic Commerce, Etc., and the Act on the Regulation of Terms and Conditions, etc. a. Records related to contracts or withdrawal of subscription: 5 years b. Records related to payment and supply of goods, etc.: 5 years c. Records related to handling consumer complaints or disputes: 3 years d. Records related to display and advertisement: 6 months 2. Under the Protection of Communications Secrets Act a. Records of website log data: 3 months 3. Under the Electronic Financial Transactions Act a. Records related to electronic financial transactions: 5 years 4. Under the Act on the Protection and Use of Location Information a. Records related to individual location information: 6 months Article 14 (Principle of Personal Information Disposal) The Company disposes of personal information immediately after the purpose of personal information processing has been achieved, the retention and usage period has expired, or the information is no longer necessary. Article 15 (Processing of Personal Information for Non-Users of the Service) 1. The Company, after one year of non-usage of its services, generally provides prior notice to users and either disposes of or separates the personal information of users. 2. In the case of long-term non-usage, the personal information of users is safely stored separately and users are notified via email at least 30 days before the separation. 3. Long-term non-usage users can continue using the service by logging in to the website (including the mobile app) before their personal information is separated. 4. Long-term non-usage users can restore their accounts according to their consent after logging into the website. 5. The Company disposes of the separated personal information after keeping it for 4 years. Article 16 (Procedure for Personal Information Disposal) 1. The information provided by users for membership registration and other purposes is stored in a separate document after the purpose of personal information processing has been achieved and is retained for a certain period according to internal policies and relevant laws (refer to the retention and usage period). It is then disposed of. 2. The Company disposes of personal information for which disposal is required through the approval process of the Personal Information Protection Officer. Article 17 (Methods of Personal Information Disposal) The Company uses technical methods that prevent the recovery of electronic files to delete electronically stored personal information, and personal information printed on paper is disposed of by shredding or burning. Article 18 (Measures for Sending Advertisements) 1. The Company obtains explicit prior consent from users when sending advertising information for commercial purposes via electronic communication channels. However, the Company does not require prior consent in the following cases: a. The Company sends advertising information for commercial purposes related to goods or services similar to those the user previously engaged in a transaction with, within 6 months from the end of the transaction, even if the user's contact information was collected directly from the user. b. Telephone sellers, in accordance with the Door-to-Door Sales Act, inform the recipient of the source of personal information and solicit phone calls. 2. Despite the previous clause, the Company does not send advertising information for commercial purposes to users who have expressed their refusal to receive such information or withdrawn their consent, and notifies users of the results of their refusal or withdrawal. 3. When sending advertising information for commercial purposes via electronic communication channels between 9 PM and 8 AM the next day, the Company obtains separate prior consent from the recipient, notwithstanding clause 1. 4. When sending advertising information for commercial purposes via electronic communication channels, the Company specifies the following details in the advertising information: a. Company name and contact information b. Instructions for expressing refusal to receive or withdrawing consent 5. The Company refrains from taking the following measures when sending advertising information for commercial purposes via electronic communication channels: a. Measures that avoid or hinder the recipient's refusal to receive or withdrawal of consent. b. Measures that automatically generate the recipient's contact information, such as phone numbers or email addresses, by combining numbers, symbols, or characters. c. Measures that automatically register phone numbers or email addresses for the purpose of sending advertising information. d. Measures that conceal the identity of the sender or the source of the advertising message. e. Measures that deceive recipients into responding for the purpose of sending advertising information. Article 19 (Change of Personal Information, Etc.) 1. Users can request the correction of errors in their personal information from the Company through the methods specified in the previous clause. 2. The Company refrains from using or providing personal information until the correction is completed in the case described in the previous clause. If incorrect personal information has already been provided to a third party, the Company will promptly notify the results of the correction to the third party to ensure that the correction is made. Article 20 (User Obligations) 1. Users must maintain their personal information in an up-to-date state, and they are responsible for any problems arising from inaccurate information input. 2. In cases of using others' personal information for membership registration, users may lose their user qualifications or be subject to penalties according to relevant personal information protection laws. 3. Users are responsible for maintaining the security of their email addresses, passwords, etc., and are not allowed to transfer or lend them to third parties. Article 21 (Company's Management of Personal Information) The Company implements technical and administrative protective measures to ensure the security of personal information in processing user's personal information to prevent loss, theft, leakage, alteration, damage, etc. Article 22 (Handling of Deleted Information) Personal information that has been terminated or deleted at the request of the user or legal representative will be processed according to the "Retention and Use Period of Personal Information" specified by the Company. It will be treated to prevent viewing or use for other purposes. Article 23 (Preparedness for Hacking, etc.) 1. The Company is making its best efforts to prevent leakage or damage to user's personal information due to hacking, computer viruses, and other network intrusions. 2. The Company uses up-to-date antivirus programs to prevent the leakage or damage of personal information and data of users. 3. The Company employs intrusion prevention systems to enhance security in preparation for unforeseen circumstances. 4. The Company ensures the safe transmission of personal information on networks, including sensitive personal information (if collected and retained), through methods such as encrypted communication. Article 24 (Minimization of Personal Information Processing and Education) The Company limits the number of personnel responsible for personal information and emphasizes compliance with laws, internal policies, etc., through management measures, including education of personal information processors. Article 25 (Measures for Personal Information Leakage, etc.) In the event of loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, the Company shall immediately notify the user concerned of all the following matters and report it to the Korea Communications Commission or the Korea Internet & Security Agency: 1. Personal information items subject to leakage, etc. 2. Time of occurrence of leakage, etc. 3. Measures that users can take 4. Measures taken by information service providers, etc. 5. Department and contact information for users to submit inquiries, etc. Article 26 (Exceptions to Measures for Personal Information Leakage, etc.) Notwithstanding the previous Article, the Company may take measures to substitute for notification under the previous Article, such as posting on the Company's website for 30 days or more, if there are valid reasons, such as being unable to determine the user's contact information. Article 27 (Designation of Personal Information Protection Manager of the Company) 1. The Company designates the following department and personal information protection manager to protect users' personal information and handle complaints related to personal information. a. Personal Information Protection Manager 1) Name: Ki-Hyun Ahn 2) Phone number: 010-8969-5610 3) Email: Gloddy.korea@gmail.com Supplementary Provisions This policy will take effect from September 1, 2023.