Sungwon Industry Co., Ltd.(hereinafter referred to as the Company) has established and discloses its privacy policy as follows in accordance with the Article 30 of the Personal Information Protection Act, to protect the personal information you provide us and to process all relevant issues as smoothly and quickly as possible.

Article 1 (Purpose of Processing Personal Information) The Company processes personal information for the following purposes. Personal information processed will not be used for any purpose other than the following purposes, and in the event the purpose of use is changed, the Company shall perform all necessary measures such as obtaining separate consent in accordance with the Article 18 of the Personal Information Protection Act.

1.Website Member Registrations and Management
The Company processes personal information to, confirm intent to register as a member; identify and authenticate identities; maintain and manage membership qualifications; prevent unauthorized use of service; confirm legal representatives’ consent when processing personal information of children under the age of 14; and for various announcements, notifications and complaints processing.

2.Provision of Goods or Services
The Company processes personal information to, deliver goods; provide services; deliver contracts and bills; provide content; provide customized services; authenticate identities; verify ages; process payments; and for debt collection.

3.Complaint Processing
The Company processes personal information to, confirm identities of those raising complaints; check the content of complaints; to contact and notify those raising complaints to investigate the facts and situations; and for notifying the results of complaint processing.

Article 2 (Period of Retention and Use of Personal Information)

① The Company processes and retains personal information in accordance with the laws or within the period consented by the data subject at the time of collection of such personal information.

② The periods of retention and use of personal information are as follows.

1.Website Member Registrations and Management : Until members withdraw from website membership
The Company, however, processes and retains personal information until the purpose of its retention and use has been achieved for the following purposes.
1) Until the investigation ends when an investigation on legal violation is being carried.
2) Until the debt settlement ends when a claim-obligation relationship from the use of website remains.

2.Provision of Good and Services: Until goods or services are supplied or until the payments have been made.
the Company, however, processes and retains personal information until the purpose of its retention and use has been achieved for the following purposes.
1) The records on transactions, such as marks, advertisements and contents of the contracts and execution thereof in accordance with the 「Act on the Consumer Protection in Electronic Commerce, etc.」
  - Records on marks and advertisements: 6 months
  - Records on cancellation of an order or termination of a contract, payment and supply of goods: 5 years
  - Records on consumer complaints and dispute resolution: 3 years
2) The retention of the communication confirmation data under the Article 41 of the 「Protection of Communications Secrets Act」
  - The date of telecommunications by subscribers; the time that the telecommunications commences and ends; the subscriber's number of the other party; the frequency of use; and the data for tracing a location of information communications apparatus connecting to the information communications networks: 1 year
  - The data on computer communications, Internet log data and the data for tracing the connecting locations: 3 months

Article 3 (Rights and Obligations of the Data Subject and Methods for Exercising Such Rights)

① The data subject may exercise the following rights related to the protection of personal information at any time against the Company.

1. Right to request access to personal information
2. Right to request correction of any error regarding their personal information
3. Right to request deletion of information
4. Right to request discontinuance of personal information processing

② The rights under Paragraph 1 may be exercised by phone, e-mail or etc. to the Company and the Company shall take necessary measures therefor without any delay.

③ In case the data subject requests to correct or delete any error, etc. in personal information, the Company shall cease to process the relevant personal information until the completion of the requested correction or deletion.

④ The rights under Paragraph 1 may be exercised through a legal representative or the person appointed under a power of attorney. In such cases, the data subject is required to submit a letter of delegation as specified in attached Form 11 of the Enforcement Rule of the Personal Information Protection Act.

⑤ The data subject must not infringe upon personal information or privacy of himself/herself or any third party in violation of the Personal Information Protection Act or any other relevant laws.

Article 4 (Items of Personal Information Processed) The Company processes the following items of personal information.

1.Website Member Registrations and Management
ㆍEssential Items: Name, date of birth, ID, password, address, phone number, gender, email address, I-PIN number
ㆍOptional Items: marital status, interests

2.Provision of Goods and Services
ㆍEssential Items: Name, date of birth, ID, password, address, phone number, gender, email address, I-PIN number, credit card number, bank account number
ㆍOptional Items: Interests, purchase history

3.In the course of using services, the items of personal information as described below may be created and collected.
ㆍIP address, cookies, MAC address, service log, connection log, bad user behavior history

Article 5 (Destruction of Personal Information)

① The Company destroys user personal information immediately after the period of retaining personal information ends or the purposes of processing personal information are attained

② owever, even after the period of retaining personal information ends or the purposes of processing personal information are attained, if is required to preserve the personal information under other statutes, the Company preserves personal information by transferring them to a separate database or location.

③ The procedures, deadlines and methods for destroying personal information are as follows:

1.Procedures for Destruction
the Company selects the personal information to be destroyed and the personal information is destroyed by approval of manager/officer in charge of protecting personal information in the Company.

2. Methods for Destruction
The personal information recorded and stored in electronic files will be destroyed by means of low-level formatting or other similar methods to prevent the recovery of the records, while personal information recorded and preserved in paper documents will be destroyed with a shredder.

Article 6 (Measures for Ensuring Safety of Personal Information) The Company takes the measures necessary to ensure safety of personal information. 1. Managerial Measures: Establishment and implementation of internal information management plans, periodical employee training, etc.
2. Technical Measures: Management of access to the personal information processing system, installation of an access control system, encryption of unique identifying numbers, installation of security programs
3. Physical Measures: Controlling access to computer rooms and data storages

Article 7 (Matters Related to Installing, Operating and Disabling Automatic Data Collection Tools)

① the Company collects information about how the users use the website of the Company, through 'cookies' to provide individually tailored services to users.

② Coookies are files containing small information the server (http) used to run the website sends to users’ computer browsers. They are saved on the hard disk of users’ computers.

A. urpose of the Use of Cookies: Used to provide optimized information to the users by figuring out the patterns of visits to and use of the websites and services the users visit, popular search keywords and use of security connection.

B. Installing, Enabling and Disabling Cookies: Cookies can be disabled on [Internet Option]>[Personal Information Tab].

C. However, if the user refuses to install cookies, the user may have difficulties using customized services.

Article 8 (Personal Information Protection Manager)

① The Company is responsible for all works in relation to the processing of personal information and has designated the following personal information protection manager for the handling complaints or providing remedies for damages in relation to the processing of personal information.

▶ Personal Information Protection Manager

Name: Gyeong-sik Moon
Position: Chief of Sales Management Department Contact Info: Phone 031-511-0265, sungwon0474@naver.com, Fax 031-511-0267
※ Users are connected to the Personal Information Protection Department.

▶ Personal Information Protection Department

Name of Department: Sales Management Department
Person in Charge: Gyeong-sik Moon
Contact Info: Phone 031-511-0265, sungwon0474@naver.com, Fax 031-511-0267

② The data subject can contact the personal information protection manager or department to inquire about all issues related to personal information protection, complaints and remedies. the Company shall respond and process the inquiries without any delay.

Article 11 (Requesting Access to Personal Information) The data subject may request the department specified below for access to personal information in accordance with the Article 35 of the Personal Information Protection Act. the Company shall take every measures so that such request of the data subject is processed as quickly as possible.

▶ Department in Charge of Receiving and Processing Request for Access to Personal Information

Name of Department: Sales Management Department
Person in Charge: Gyeong-sik Moon
Contact Info: Phone 031-511-0265, sungwon0474@naver.com, Fax 031-511-0267

Article 12 (Remedy for Infringement on Rights and Interests) The data subject can consult and inquire the institutions specified below on remedies for the damages related to infringement of personal information.

The following institutions are independent from the Company and are institutions users can contact if users are not satisfied with the measures and results of the Company’s complaints processing and remedies or if users are seeking more further assistance.

▶ Personal Information Infringement Report Center (Korea Internet & Security Agency)

- Responsibilities: Personal information infringement reports, consultations
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: Personal Information Infringement Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do (58324) (301-2 Bitgaram-dong )

▶ Personal Information Dispute Mediation Committee

- Responsibilities: Applications on personal information dispute mediation, group dispute mediation (civil remedies)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: 4F, Government Complex-Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul (03171)

▶ Cybercrime Investigation Department of Supreme Prosecutors' Office : 02-3480-3573 (www.spo.go.kr)

▶ Korea National Police Agency Cyber Bureau : 182 (http://cyberbureau.police.go.kr)