Privacy Policy

To protect the information (hereinafter "personal information") of individuals (hereinafter "users" or "individuals") who use the services provided by the Company (hereinafter "Company services"), we comply with relevant laws including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter "Information and Communications Network Act"), and establish this privacy policy (hereinafter "this Policy") to handle complaints related to personal information protection of service users promptly and smoothly.

In accordance with relevant laws and this Policy, the Company may collect users' personal information, and collected personal information may be provided to third parties only with the individual's consent. However, when legitimately required by laws and regulations, the Company may provide collected personal information to third parties without prior individual consent.

The Company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.

1. The Company discloses this Policy through the first page of the Company's homepage or a screen linked to the first page so that users can easily check this Policy at any time.
2. When disclosing this Policy pursuant to paragraph 1, the Company uses font size, color, etc. to make it easy for users to check this Policy.

The Company outsources personal information processing tasks as follows for smooth personal information operations.

1. This Policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or government or Company service policies or contents.
2. When revising this Policy pursuant to paragraph 1, the Company shall give notice by one or more of the following methods.
   • Notice through the notice board on the first page of the Company's Internet homepage or through a separate window
   • Notice to users by written document, fax, email, or similar methods
3. The Company shall give notice pursuant to paragraph 2 at least 7 days prior to the effective date of the revised Policy. However, for important changes to user rights, notice shall be given at least 30 days in advance.

The Company collects the following information to provide services to users.

1. Required information: Device information, service usage records

The Company collects the following information for statistics/analysis of users' service usage and identification/analysis of fraudulent use.

1. Required information: Service usage records, cookies, access location information, and device information

The Company collects users' personal information through the following methods.

1. Information automatically collected through applications and other services provided by the Company
2. Information entered by users during the process of using the Company's services such as customer center consultations

The Company uses personal information in the following cases.

1. When necessary for Company operations such as delivery of notices
2. For service improvement such as responding to inquiries and handling complaints
3. To provide Company services
4. For measures to restrict use of users who violate laws and Company terms, and for prevention and sanctions against actions that interfere with smooth service operation, including fraudulent use
5. For new service development
6. For demographic analysis and analysis of service visits and usage records

The Company retains and uses users' personal information for the period necessary to achieve the purposes of collection and use of personal information.

The Company retains and uses personal information as follows in accordance with relevant laws.

1. Information and retention period under the Act on Consumer Protection in Electronic Commerce
   1. Records on contracts or withdrawal of subscription: 5 years
   2. Records on payment and supply of goods, etc.: 5 years
   3. Records on consumer complaints or dispute resolution: 3 years
   4. Records on display/advertising: 6 months
2. Information and retention period under the Protection of Communications Secrets Act
   1. Website log records: 3 months
3. Information and retention period under the Electronic Financial Transactions Act
   1. Records on electronic financial transactions: 5 years
4. Act on the Protection and Use of Location Information
   1. Records on personal location information: 6 months

In principle, the Company destroys personal information without delay when the purpose of processing has been achieved, the retention and use period has expired, or personal information is no longer needed.

The Company destroys users' personal information through the following procedures and methods.

1. Information collected for service use is transferred to a separate DB (separate filing cabinet for paper documents) after the purpose of personal information processing is achieved and stored for a certain period according to internal policies and other relevant laws regarding information protection (refer to retention and use period), then destroyed.
2. The Company destroys personal information for which destruction reasons have occurred after approval by the personal information protection officer.

The Company deletes personal information stored in electronic file format using technical methods that make records unrecoverable, and destroys personal information printed on paper by shredding or incineration.

1. When transmitting commercial advertising information using electronic transmission media, the Company obtains the user's explicit prior consent. However, prior consent is not required in the following cases:
   1. When the Company has directly collected contact information from the recipient through a transaction relationship, and intends to transmit commercial advertising information for goods similar to those transacted with the recipient within 6 months from the end of the transaction
   2. When a telemarketer under the Door-to-Door Sales Act makes a telemarketing call after verbally informing the recipient of the source of personal information collection
2. Notwithstanding the preceding paragraph, if the recipient expresses refusal to receive or withdraws prior consent, the Company shall not transmit commercial advertising information and shall notify the processing results of refusal to receive and withdrawal of consent.
3. When transmitting commercial advertising information using electronic transmission media from 9 PM to 8 AM the next day, the Company obtains separate prior consent from the recipient regardless of paragraph 1.
4. When transmitting commercial advertising information using electronic transmission media, the Company clearly states the following in the advertising information.
   1. Company name and contact information
   2. Indication of matters concerning expression of intention to refuse receipt or withdraw consent
5. When transmitting commercial advertising information using electronic transmission media, the Company does not take any of the following actions.
   1. Measures to avoid or obstruct refusal of advertising information or withdrawal of consent
   2. Measures to automatically generate recipient contact information such as phone numbers or email addresses by combining numbers, symbols, or characters
   3. Measures to automatically register phone numbers or email addresses for the purpose of transmitting commercial advertising information
   4. Various measures to conceal the identity of the advertising information sender or the source of advertising transmission
   5. Various measures to induce replies by deceiving recipients for the purpose of transmitting commercial advertising information

To protect the personal information of children under 14 years old, the Company only allows service use to users aged 14 or older.

1. Users and legal representatives can view or modify their registered personal information at any time and can request withdrawal of consent for personal information collection.
2. To withdraw consent for personal information collection, users and legal representatives can contact the personal information protection officer or person in charge by written document, phone, or email, and the Company will take action without delay.

1. Users can request correction of errors in personal information to the Company through the method in the preceding article.
2. In the case of the preceding paragraph, the Company will not use or provide personal information until the correction is completed, and if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction results without delay to ensure correction.

1. Users must keep their personal information up to date, and users are responsible for problems arising from inaccurate information entry.
2. Those who steal others' personal information may be punished under relevant personal information protection laws.

The Company takes necessary technical and administrative protective measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged when processing users' personal information.

Personal information deleted at the request of users or legal representatives is processed according to the "Retention and Use Period of Personal Information" collected by the Company and is processed so that it cannot be viewed or used for other purposes.

1. The Company does its best to prevent users' personal information from being leaked or damaged due to hacking, computer viruses, or other intrusions into information and communications networks.
2. The Company uses the latest antivirus programs to prevent users' personal information or data from being leaked or damaged.
3. The Company uses intrusion prevention systems to ensure the best security in preparation for emergencies.
4. The Company enables secure transmission of personal information over networks through encrypted communication for sensitive personal information (when collected and stored).

The Company limits the number of personnel handling personal information to the minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for personal information processors.

When the Company becomes aware of loss, theft, or leakage (hereinafter "leakage, etc.") of personal information, it shall immediately notify the relevant user of all of the following matters and report to the Korea Communications Commission or Korea Internet & Security Agency.

1. Items of personal information that were leaked, etc.
2. Time of occurrence of leakage, etc.
3. Measures that users can take
4. Response measures of the information and communications service provider
5. Department and contact information where users can receive consultation

Notwithstanding the preceding article, if there are legitimate reasons such as being unable to contact users, the Company may substitute the notice in the preceding article by posting on the Company's homepage for 30 days or more.

1. The Company does not enter into international contracts containing matters that violate relevant laws such as the Personal Information Protection Act regarding users' personal information.
2. The Company obtains user consent when providing (including inquiry), entrusting processing, or storing (hereinafter "transfer") users' personal information overseas. However, consent procedures for entrusted processing or storage of personal information may be omitted if all matters in each subparagraph of paragraph 3 of this article are disclosed or notified to users in accordance with relevant laws such as the Personal Information Protection Act.
3. When seeking consent pursuant to paragraph 2, the Company shall notify users in advance of all of the following matters.
   1. Items of personal information to be transferred
   2. Country to which personal information is transferred, date and method of transfer
   3. Name of the person receiving personal information (in case of a corporation, its name and contact information of the information management officer)
   4. Purpose of use and retention/use period of personal information by the person receiving personal information
4. When transferring personal information overseas with consent pursuant to paragraph 2, the Company takes protective measures in accordance with Presidential Decree of the Personal Information Protection Act and other relevant laws.

1. The Company uses automatic personal information collection devices (hereinafter "cookies") that store and retrieve usage information to provide individualized customized services to users. Cookies are small amounts of information sent by the server (http) that operates the website to the user's web browser (including PC and mobile) and may also be stored in the user's storage space.
2. Users have the choice regarding cookie installation. Therefore, users can set options in their web browser to allow all cookies, go through confirmation each time a cookie is stored, or refuse storage of all cookies.
3. However, if you refuse to store cookies, some Company services may be difficult to use.

You can allow, block, or manage cookies through your web browser settings.

1. Edge: Settings menu at top right of browser > Cookies and site permissions > Manage and delete cookies and site data
2. Chrome: Settings menu at top right of browser > Privacy and security > Cookies and other site data
3. Whale: Settings menu at top right of browser > Privacy > Cookies and other site data

1. The Company designates the following department and personal information protection officer to protect users' personal information and handle complaints related to personal information.
   1. Personal Information Protection Officer
      1. Name: Seongjun Hwang
      2. Position: Development Lead
      3. Email: seongjun@ittae.com