Privacy Policy

The Company collects the following information to provide Company services to users.

1. Required information: ID, email address, name, date of birth, and contact information

The Company collects the following information for statistics/analysis of users' service usage and for detection/analysis of fraudulent use. (Fraudulent use refers to acts such as repeatedly withdrawing and re-registering membership, purchasing and canceling products, illegally obtaining economic benefits such as discount coupons and event benefits provided by the Company, acts prohibited by the Terms of Service, and illegal acts such as identity theft.)

1. Required information: Service usage records, cookies, access location information, and device information

The Company collects users' personal information in the following ways:

1. Users entering their personal information on the Company's website
2. Users entering their personal information through services other than the website provided by the Company, such as applications
3. Users entering personal information by receiving emails sent by the Company
4. Users entering information in the course of using Company services such as customer center consultations and bulletin board activities

The Company uses personal information in the following cases:

1. For Company operations such as delivery of notices
2. For service improvement for users, such as responding to inquiries and handling complaints
3. For providing Company services
4. For restricting use of members who violate laws and Company terms, and for preventing and sanctioning acts that hinder smooth service operation, including fraudulent use
5. For developing new services
6. For marketing such as event and promotion announcements
7. For demographic analysis and analysis of service visits and usage records
8. For forming relationships between users based on personal information and interests

1. The Company retains and uses users' personal information for the period necessary to achieve the purpose of collecting and using personal information.
2. Notwithstanding the preceding paragraph, the Company retains service fraudulent use records for up to 1 year from the time of membership withdrawal to prevent fraudulent registration and use according to internal policies.

The Company retains and uses personal information in accordance with relevant laws as follows:

1. Information and retention period according to the Act on Consumer Protection in Electronic Commerce
   1. Records on contracts or withdrawal of subscription: 5 years
   2. Records on payment and supply of goods: 5 years
   3. Records on consumer complaints or dispute handling: 3 years
   4. Records on display/advertising: 6 months
2. Information and retention period according to the Protection of Communications Secrets Act
   1. Website log records: 3 months
3. Information and retention period according to the Electronic Financial Transactions Act
   1. Records on electronic financial transactions: 5 years
4. Act on the Protection and Use of Location Information
   1. Records on personal location information: 6 months

In principle, the Company destroys personal information without delay when the purpose of processing users' personal information has been achieved, when the retention and use period has passed, or when personal information is no longer needed.

The Company destroys users' personal information in the following procedures and methods:

1. Information entered by users for membership registration is transferred to a separate DB after the purpose of personal information processing has been achieved (separate filing cabinet for paper), stored for a certain period according to internal policies and other relevant laws for information protection reasons (see retention and use period), and then destroyed.
2. The Company destroys personal information for which destruction reasons have occurred through approval procedures from the personal information protection officer.

The Company deletes personal information stored in electronic file format using technical methods that make records unrecoverable, and destroys personal information printed on paper by shredding with a shredder or incineration.

1. The Company obtains the user's explicit prior consent when transmitting advertising information for commercial purposes using electronic transmission media. However, prior consent is not required in the following cases:
   1. When the Company has directly collected contact information from the recipient through a transaction relationship for goods and intends to transmit advertising information for commercial purposes about goods of the same type as those transacted with the recipient within 6 months from the date the transaction ended
   2. When a telemarketing seller under the "Door-to-Door Sales Act" verbally informs the recipient of the source of personal information collection and makes telemarketing calls
2. Notwithstanding the preceding paragraph, when the recipient expresses refusal to receive or withdraws prior consent, the Company does not transmit advertising information for commercial purposes and notifies the results of processing the refusal to receive and withdrawal of consent.
3. When the Company transmits advertising information for commercial purposes using electronic transmission media during the hours from 9 PM to 8 AM the next day, the Company obtains separate prior consent from the recipient notwithstanding Paragraph 1.
4. When the Company transmits advertising information for commercial purposes using electronic transmission media, the following matters are specifically stated in the advertising information:
   1. Company name and contact information
   2. Statement regarding refusal to receive or withdrawal of consent to receive
5. When the Company transmits advertising information for commercial purposes using electronic transmission media, the Company does not take any of the following measures:
   1. Measures to evade or interfere with recipients' refusal to receive or withdrawal of consent to receive advertising information
   2. Measures to automatically create phone numbers, email addresses, or other contact information of recipients by combining numbers, symbols, or letters
   3. Measures to automatically register phone numbers or email addresses for the purpose of transmitting advertising information for commercial purposes
   4. Various measures to conceal the identity of the sender of advertising information or the source of advertising transmission
   5. Various measures to deceive recipients and induce replies for the purpose of transmitting advertising information for commercial purposes

1. The Company allows membership registration only for users aged 14 and above to protect the personal information of children under 14 years of age.
2. Notwithstanding Paragraph 1, if the user is a child under 14 years of age, the Company obtains consent from the child's legal representative for the collection, use, and provision of the child's personal information.
3. In the case of Paragraph 2, the Company additionally collects the legal representative's name, date of birth, gender, duplicate registration confirmation information (ID), and mobile phone number.

1. Users and legal representatives can view or modify their registered personal information at any time and request withdrawal of consent for personal information collection.
2. To withdraw consent for collection of registration information, users and legal representatives can contact the personal information protection officer or person in charge by letter, phone, or email, and the Company will take action without delay.

1. Users can request correction of errors in personal information from the Company through the method described in the preceding article.
2. In the case of the preceding paragraph, the Company will not use or provide personal information until the correction of personal information is completed, and if incorrect personal information has already been provided to a third party, the Company will promptly notify the third party of the correction processing results so that the correction can be made.

1. Users must keep their personal information up to date, and the user is responsible for problems arising from inaccurate information entered by the user.
2. In the case of membership registration using another person's personal information, user status may be lost or the user may be punished under relevant personal information protection laws.
3. Users are responsible for maintaining the security of their email addresses and passwords and cannot transfer or lease them to third parties.

The Company takes necessary technical and administrative protective measures to ensure the security of users' personal information so that it is not lost, stolen, leaked, altered, or damaged.

The Company processes personal information terminated or deleted at the request of the user or legal representative in accordance with the "Retention and Use Period of Personal Information" collected by the Company and ensures that it cannot be viewed or used for any other purpose.

Users' passwords are stored and managed using one-way encryption, and verification and changes to personal information can only be made by the person who knows the password.

1. The Company does its best to prevent users' personal information from being leaked or damaged due to hacking, computer viruses, or other information network intrusions.
2. The Company uses the latest antivirus programs to prevent users' personal information or data from being leaked or damaged.
3. The Company uses intrusion prevention systems to ensure security in case of emergencies.
4. The Company (when collecting and retaining sensitive personal information) ensures that personal information can be safely transmitted over the network through encrypted communication.

The Company limits the number of personal information processing personnel to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for personal information processors.

When the Company becomes aware of the loss, theft, or leakage (hereinafter "leakage, etc.") of personal information, it immediately notifies the relevant user of all of the following matters and reports to the Korea Communications Commission or the Korea Internet & Security Agency.

1. Personal information items that have been leaked, etc.
2. Time when leakage, etc. occurred
3. Measures that users can take
4. Response measures by the information and communications service provider, etc.
5. Department and contact information where users can receive consultation

Notwithstanding the preceding article, if there are legitimate reasons such as the inability to contact the user, the Company may substitute the notice in the preceding article by posting on the Company's website for at least 30 days.

1. The Company does not enter into international contracts that contain content that violates the Personal Information Protection Act and other relevant laws regarding users' personal information.
2. The Company obtains the user's consent when providing (including viewing), entrusting processing, or storing (hereinafter "transfer") users' personal information overseas. However, if all matters in each subparagraph of Paragraph 3 of this Article are disclosed or notified to the user in accordance with the Personal Information Protection Act and other relevant laws through electronic mail or other methods prescribed by Presidential Decree, the consent procedure for personal information processing entrustment/storage may be omitted.
3. When obtaining consent under the main text of Paragraph 2 of this Article, the Company notifies the user of all of the following matters in advance:
   1. Personal information items to be transferred
   2. Country to which personal information is transferred, date and method of transfer
   3. Name of the person receiving personal information (in the case of a corporation, the name and contact information of the information management officer)
   4. Purpose of use and retention/use period of personal information by the person receiving personal information
4. When transferring personal information overseas with consent under the main text of Paragraph 2 of this Article, the Company takes protective measures in accordance with the Presidential Decree of the Personal Information Protection Act and other relevant laws.

1. The Company uses automatic personal information collection devices (hereinafter "cookies") to store and retrieve usage information to provide individualized customized services to users. Cookies are small pieces of information sent by the server (http) operating the website to the user's web browser (including PC and mobile) and may be stored in the user's storage space.
2. Users have the option to accept cookies. Therefore, users can set options in their web browser to allow all cookies, require confirmation each time a cookie is stored, or refuse to store all cookies.
3. However, if you refuse to store cookies, you may have difficulty using some of the Company's services that require login.

You can allow or block cookies through web browser option settings.

1. Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data
2. Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and other site data
3. Whale: Settings menu at the top right of the web browser > Privacy protection > Cookies and other site data

1. The Company designates the following departments and personal information protection officers to protect users' personal information and handle complaints related to personal information:
   1. Personal Information Protection Officer
      1. Name: Seongjun Hwang
      2. Position: Development Manager
      3. Email: seongjun@ittae.com