SPACOSA Privacy Policy & Provision of personal information to third parties

Chapter 1 General Provisions

① Personal information refers to information about a surviving individual such as sign, text, voice, sound, and video that can identify a particular individual by name (including information that can be easily combined with other information).

② Personal localization refers to the location of a particular individual (including the ease of combining with other information to locate a particular individual, even if the location alone is not known).

③ The company places great importance on customer's personal information and location information, and complies with the privacy regulations under the laws and guidelines of the Korea Communications Commission.

④ The company will inform you of the purpose and method of using the customer's personal information and location information through the personal information handling policy and what measures are being taken to protect personal information.

⑤ The company is taking measures to make it easy for customers to see and check their personal information on the first screen of the service or on the website.

⑥ The company may revise the personal information handling policy according to the relevant laws and regulations of the Korea Communications Commission or internal operation regulations. If the personal information handling policy is revised, the revision number is assigned to customers.

Chapter 2 Items collected and purpose of use of personal information

① When collecting personal information of customers, the company shall notify them of the scope of collection and the purpose of use in advance through the application for subscription or terms of use, etc. in accordance with the relevant statutes.

② The company collects minimum personal information as follows for membership registration, identification, smooth customer consultation, and various services.
- Scope of personal information collected for membership

Service Title Collection Items
Smartphone applications Mobile phone number, basic information required to authenticate social networking services, email address
Internet Member Services ID, phone number, email address

③ In addition to the information provided by the user, the company can collect information in the process of using the service provided by the company.
- Information collected when using the service

Collection Separation Collection Items
Equipment Information equipment identifier, operating system, hardware version, equipment settings, browser type, and settings
Location Information The company collects your unique user identifier and your location through GPS, WiFi, or wireless network triangulation to obtain your location for service delivery purposes.
When you accept the location sharing service between users, you collect their locations for sharing. The company maintains location information only when the service is reasonable to provide it, and deletes location data related to your personal information.
Companies can maintain anonymized location data for longer periods of time to analyze aggregated trends and indicators. You can also share location information with third parties for advertising, research, and analysis purposes. To deny location data collection, disable Location Services for the apps your company serves in settings on your mobile device. If you delete an account from the app your company serves, the location data will be destroyed.
Log Information IP address, cookie, date of visit, service usage record, bad or abnormal usage record, access log
- Information collected during a customer call
Name, contact, email address, ID

④ The company collects the minimum amount of personal information for the purpose of providing the service as follows, and does not use it for any purpose other purposes.
- Managing and identifying members
- To detect and prevent unauthorized or illegal use or abuse of services
- Implementation of contracts, payment of service charges and settlement of service charges for the service delivery required by the user
- Improve existing services and develop new services
- Announcement of changes to the features or policies of your company's site or application
- We will assist you in connecting with other users you already know and allow others to connect with you with your permission.
- In order to prepare statistics on the use of services of members, provide services according to statistical characteristics, and publish advertisements
- Provide participation opportunities to provide information about promotional events
- in order to comply with the relevant statutes or legal obligations
- Use of information with prior consent from users (e.g., using marketing advertisements)
We agree to obtain your consent if the Company wishes to use any information other than that expressly provided for in this Policy.
[Addend1] Privacy Policy Addendum <2> 'the legitimate processing of personal information according to GDPR'Selection options

⑤ The company does not collect personal information that may clearly infringe on the customer's rights, interests, or privacy, such as ideas, beliefs, or past history without the provisions of the statutes or the client's consent.

Chapter 3 How to collect personal information

① If you sign up for membership in your company's mobile device application, collect personal information that you have agreed to on the specific service screen.
- Application, web page, written form, fax, telephone, email, contact, delivery request

Chapter 4 Use and provision of personal information

① The company uses and provides customer's personal information within the scope of notification for the purpose of collecting and using personal information under the terms and conditions of use and the policy of handling personal information. In particular, we will use and provide personal information with caution in the following cases.
1. Within the service, your profile information (name/photo/phone number/age/gender/nickname and your posts) will be shared with other members.
2. If the company's rights and obligations as a service provider, such as a sale/acquisition merger, are fully inherited or transferred, the customer's personal information shall be informed of the transfer of personal information (name of corporation, address/phone number) and customer's withdrawal.

② Notwithstanding the provisions of the National Tax Service Act, Local Tax Act, Communications Securities Act, Financial Real Name Transaction and Securities Act, Credit Information Use and Protection Act, Telecommunications Business Act, Consumer Fund Act, Bank of Korea Act, Criminal Procedure Act, etc., the company collects the customer's information. (1) However, in the case of related statutes, personal information of customers is not provided unconditionally, but according to the procedures and methods specified in the Act.

③ The company may collect and use personal information without the customer's consent if it is clearly difficult to obtain the usual consent due to economic or technical reasons as necessary to fulfill the contract for the provision of services.

Chapter 5 Period of use and storage of personal information

① In principle, personal information of customers (including dormant customers) shall be used/stored during the service subscription period, but shall be preserved for three months after withdrawing from the membership to prevent illegal users from rejoining, defamation, etc.

A. Reasons for holding information based on internal policies of the company

Preservation evidence Retention History Retention Period
Prevent fraudulent use Fraudulent employment records(Defective, Abnormal Usage Record) 1 year
Processing of civil petitions, etc. Member withdrawal record 7 days from the date of withdrawal

B. Reasons for the possession of information under the relevant statutes
Preservation evidence Retention History Retention Period
Communication Secrets Act Website Visit History 3 months
E-commerce, etc.Consumer Protection Act Records on withdrawal of contracts or subscriptions, etc. 5years
Records of payment and supply of goods, etc. 5years
Records of consumer complaints or dispute handling 3years
History of Display/Advertising 6months
Electronic Financial Transactions Act Records of Electronic Finance 5years

② Customers can set the period of disclosure of personal information, and when the period of disclosure arrives, the company blinds personal information such as customer's posts.

③ All documents, such as a copy of the identification card sent to the company to prove that the member is a member of the company, will be destroyed immediately after identifying himself.

Chapter 6 Collect cookies and similar skills

① The company can collect collect collective and impersonal information through 'cookies'.Cookies are very small text files that are sent to your browser by a server that is used to operate your company's Web site and are stored on your computer's hard disk.
This feature is used to evaluate, improve, and set up a user experience so that companies can provide much better service to users. The items and purpose of collecting cookies collected by the company are as follows:

Categories Cookie Usage Reason and Additional Information
Necessary cookies This cookie is a kind of cookie that users need to use the company's website function. If the user does not allow this cookie, we cannot provide services such as shopping cart and electronic payment. This cookie does not collect information that can be used in the marketing or memory of the site you visit.

- Verify Web Site Login
- Ensure that users are connected to the correct service on the company's website while the company changes the way the website operates.
- Connect users to specific applications or service servers
Enhanced Cookies This cookie collects information about how users use your company's website, including page information that you visit the most. This data helps companies optimize their websites so that users can search them more comfortably. This cookie does not collect information that is user. All information collected by this cookie is batched and anonymous.

- Web analysis: Statistical data on how to use the website is provided
- Error management: Measurement of possible errors can help improve the website.
- Design test: Other design tests on our website
Optional Cookies This cookie is used by the company to memorize settings to provide services and improve user visits. The information gathered by this cookie does not identify you individually.

- Memorize applied settings such as layout, text size, preferences, colors, etc.
Remember when customers respond to our survey

② Users have the option to install cookies. Therefore, you can set options in your web browser to allow all cookies, check each cookie each time it is saved, or refuse to save all cookies. However, if a user refuses to install cookies, it may be difficult to use some of the services provided by the company.

Chapter 7 destruction of personal information

① If the purpose of collecting and using personal information collected is achieved or the retention/use period is terminated, the company shall destroy the information without delay except in cases where it is required to be kept in accordance with the client's consent, terms and conditions.

② The company shreds or incinerates personal information in writing with a shredder, and deletes personal information stored electronically using technical methods that cannot be played back.

Chapter 8 Customer's rights and how they are exercised

① Customers can view or correct personal information held by the company, details of use/provide of personal information, and details of consent for collection/use/provide at any time. If it is deemed necessary to correct or delete such personal information, such as errors in the relevant personal information or the retention period has expired, the company shall revise it without delay.

② For customers who want to view and correct online subscription information, click "Change Member Information" to directly view and correct it, contact the Cyber Customer Center online, or contact the webmaster by e-mail, the company will take necessary measures without delay.

③ When an agent visits and requests proof of perusal, the company submits a letter of attorney, his seal certificate, and the agent's ID card to verify whether the agent has received a legitimate delegation.

④ If a customer requests correction of personal information errors, personal information will not be used or provided until the correction is completed.

⑤ If the company has already provided wrong personal information to a third party, it shall notify the third party of the result of the correction without delay to correct it.

⑥ The customer shall accurately enter personal information and notify the company of any changes, and the responsibility for any changes in customer information that the company does not know is attributable to the customer.

⑦ If a customer steals, infringes, or enters false information, the service may be terminated and the membership may be lost, and they may be punished according to the relevant laws, such as the law.

⑧ If the customer is concerned about disrupting his/her work, such as requiring repeated access to/providing personal information, or costs a considerable amount, the company may defer or reject the customer's request or charge the customer for actual expenses (such as copy fees).

⑨ The user or legal representative may exercise the following rights in connection with the company's collection, use, and sharing of personal information as the subject of information:
- exercising access to personal information
- Modify or Delete
- Temporarily stop processing personal information

⑩ To exercise your rights, the user requests the withdrawal of the previously provided consent when using the "Modify Member Information" menu, sending documents, e-mails, or contacting the company by phone. The company will take action against the company (or its personal information management officer or agent) without delay.
However, the Company may reject your request only if there is an appropriate or corresponding reason as prescribed by law.
[Addend1] Privacy Policy Addendum <2> 'User rights when applying GDPR' Selection options

Chapter 9 Withdrawal of consent for the collection/use/provocation of personal information

① Customers may withdraw their agreement to collect/use/provide personal information at any time. The withdrawal of consent can be done by clicking "delete account" on the in-service setting screen or by contacting the person in charge of personal information management by writing, calling, e-mail, etc., and the company takes necessary measures such as deleting personal information.

② When a customer withdraws consent and takes measures such as destroying personal information, the company notifies the customer at the request of the customer.

③ The company will withdraw its consent to collect personal information (deletion of account) rather than collecting personal information.

Chapter 10 Technical/Management Measures for Personal Information Protection

① technical countermeasures
The company is taking the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged.
1. We are taking measures to prevent forgery/modulation of connection records.
2. Personal information is managed by applying encryption technology to the level of encryption storage or transmission required by relevant laws and regulations, depending on its type.
3. We are taking steps to prevent damage from computer viruses using the vaccine program, and we are updating the vaccine program periodically and providing it as soon as the vaccine is released in the event of a sudden virus outbreak to prevent personal information from being violated.
4. We are adopting a secure device that uses cryptographic algorithms to securely transmit personal information on the network.
5. In preparation for external intrusion such as hacking, we do our best to secure each server by using the intrusion prevention system and vulnerability analysis system.

② administrative measures
1. The company establishes and implements an internal management plan for the protection of personal information.
2. The company restricts access to personal information to the minimum number of people required.
3. The company provides regular in-house training and external consignment training for employees who handle personal information regarding the acquisition of new security technologies and the obligation to protect personal information.
4. The company prepares internal procedures to prevent information leakage by people through security pledge when employees join the company and to audit employees' compliance with personal information handling policies.
5. The personal information handler's handover of duties is strictly carried out in a secure state and the responsibility for personal information accidents is clarified after joining and leaving the company.
6. Personal information and general data are kept separately without being mixed.
7. Access is restricted by setting up computer rooms, data storage rooms, etc. as special protection zones.
8. The company is not responsible for what happens due to customers' mistakes or the dangers of the basic Internet. Customers themselves should properly manage their IDs and passwords and take responsibility for themselves in order to protect their personal information.
9. The company shall take appropriate measures and compensation if personal information is stolen, leaked, tampered with, or damaged due to internal manager's mistake or technical management accident.

Chapter 11 Service Posts

① The company values customers' posts and does its best to protect them from tampering, damaging, or deleting them. However, in the following cases, you can delete, block, change, request to delete/change, warn, suspend use, or take other appropriate measures for the post:
1. Spam posts (e.g. lucky letters, 800 million mail, advertising on a particular site, etc.
2. An article that damages the reputation of others by disseminating facts or false information for the purpose of slandering others
3. Contents that violate the rights of others, such as personal disclosure, portrait rights, or copyright without consent
4. Posts that are contrary to other Acts and subordinate statutes or hinder the customization of fine customs or differ from the subject of the bulletin board

② In order to promote a sound post culture, the company may delete certain parts of others' personal information or post them by modifying them with symbols.

③ In other cases, an explicit or individual warning may be issued before deletion.

④ In principle, the author's individual rights and responsibilities related to the post are the responsibility of the author. Also, it is difficult to protect information that has been voluntarily disclosed through posts, so please consider it before posting the information.

Chapter 12 Provide personal information to third parties

When collecting personal information, the company does not use personal information or provide it to a third party beyond the scope notified to the customer or the service terms and conditions.
However, exceptions shall be made if the client has consent or the provisions of the Act and subordinate statutes. In particular, we will use and provide personal information with caution in the following cases.

1. When the company discloses information to its affiliates, suppliers and service providers;
- Where our affiliates, suppliers and service providers act on behalf of us, such as payment of invoices, execution of orders, delivery of products, settlement of disputes (including disputes in payment and delivery)

2. If the user agrees to pre-disclosure;
- If the user chooses to share the product and service information of a particular company with the relevant company and receive it;
- Where the user chooses to share personal information with other companies' sites or platforms, such as social networking services (SNS);
- Other cases where prior consent is made to share personal information;

3. Where disclosure is required by law:
- If it is to be disclosed by statute
- Where an investigative agency requests disclosure when a crime is detected in accordance with the procedures and methods prescribed by the Act and subordinate statutes;

Chapter 13 Consignment of personal information handling

The company entrusts some services to a professional company to provide improved services. The company stipulates necessary matters to ensure that personal information is safely managed in the case of an entrustment contract in accordance with the relevant laws and regulations.

Trustee Contents of consignment work Retention and use period
inicis Provide electronic payment methods Until the withdrawal of membership or the termination of the entrustment contract
CJ Logistics, Post Office Delivery Commodity Shipping Until the withdrawal of membership or the termination of the entrustment contract

Chapter 14 Person in charge of personal information management and report on counseling

To protect customers' personal information and handle complaints related to personal information, we have a person in charge of personal information management.
If you have any questions regarding the customer's personal information, please contact the person in charge of personal information management or the person in charge of personal information management below.
- SPACOSA Personal information management manager: Kim Won-ki (director), 031-514-6351,
If you need counseling on other personal information, you can contact the Privacy Report Center, the Information Protection Mark Certification Committee, the Internet Crime Investigation Center of the Supreme Prosecutors' Office, and the Cyber Crime Investigation Team of the National Police Agency.
- Privacy Report Center: Call 118 / e-mail / Homepage
- Information Protection Marks Certification Committee: Call 02-580-0533 / Homepage
- Supreme Prosecutors' Office Internet Crime Investigation Center: Call 02-3480-3600 / Homepage
- National Police Agency Cyber Terror Response Center: Call 02-392-0330 / Homepage

Chapter 15 etc.

- Send data to other countries
[Addend1] Privacy Policy Addendum <3> Send data to other countries

- Third-party sites and services
[Addend1] Privacy Policy Addendum <4> Third-party sites and service companies

- Guidelines for California Residents
[Addend1] Privacy Policy Addendum <5> Guide for Users in California

Chapter 16 Attachment

The personal information handling policy was enacted on July 30, 2013, and if the contents are added, deleted or modified due to changes in government policies or security technologies, it will be notified through the "Notice" section of APP and web page before the revision.
- This Privacy Statement to enter into force on July 30, 2013.
- This personal information handling policy has been implemented since May 31, 2018.
- This personal information handling policy will take effect on February 10, 2020.

[Addend1] Privacy Policy Addendum

<1> Legitimate processing of personal information in accordance with GDPR The Company's processing of personal information is only legal if at least one of the following occurs:
• The user agrees to process their personal information.
• Processing is required to take action at the request of the user before the user implements the contract or enters into the contract.
-Member management, identification, etc.
-The provision of services, payment of charges, settlement, etc. required by users who fulfill the relevant contract.
• Processing is required to comply with the company's legal obligations.
-Compliance with relevant laws, regulations, legal procedures and government requests
• Treatment is required to protect the important interests of users or other natural people.
-Detecting, preventing and responding to fraud, abuse, security risks, and technical issues that may harm users or other natural people;
• Processing is required to perform tasks performed in the public interest or to use official rights granted to the company.
• Processing is required for the legitimate benefits pursued by the company or a third party (if such benefits are prioritized by the interests or fundamental rights and freedoms of the data subject requiring personal data protection, especially children).

<2> User's rights when applying GDPR
The user or legal representative may exercise the following rights in connection with the collection, use and sharing of personal information of the Company as the subject of information:
• Access to personal information is accessible to users or legal representatives to view records of the collection, use and sharing of information in accordance with relevant laws.
• rights to modify
-The user or legal representative may request correction of inaccurate or incomplete information.
• rights to delete
-The user or legal representative may request the deletion of the information after achieving the objectives and withdrawing consent.
• Rights to processing restrictions
-The user or legal representative may temporarily suspend the processing of personal information if there is a dispute over the accuracy of the information, the legality of the processing of the information, or if it is necessary to retain the information.
• Data Mobility Rights
-You or your legal representative may request the provision or transfer of information.
• the right to oppose
-The user or legal representative may suspend the processing of personal information if he/she uses personal information for direct marketing, reasonable profits, exercise of official duties and authority, surveys and statistics, etc.
• Automated personal decision making rights, including profiling.
-You or your legal representative may request that you stop automated processing of your personal information, including profiling, which has a significant or legal impact on your personal information.
In order to exercise the above rights, the user shall promptly take action against (the person in charge) the management or representative of personal information if he/she uses the "Modify Web Page Member Information" menu, sends documents or emails, or calls the company. However, the company may reject your request only if there is a justifiable reason or reason equivalent to that prescribed by the Act.

<3> Send data to other countries
The company may provide personal information to companies located in other countries for the purposes specified in this policy in consideration of its global business. The company is taking reasonable measures to protect personal information where it is transmitted, held or processed. (Additional security measures may be available for use in the United States.) In addition, if personal information obtained from the European Union or Switzerland is used or disclosed, the company may be required to comply with US-EU Privacy Shield and Swiss-US.

<4> Third Party Sites and Services
Your company's Web sites, products, and services may contain third-party links, and third-party sites may have different privacy policies. Therefore, the user should additionally check the policy of the third party site linked to the company's site.

<5> Guide for Users in California
If you live in California, you may be entitled to certain rights. To comply with California's online privacy laws, the company is taking necessary precautions to protect its members' privacy.
Users can request confirmation from the company if their personal information is leaked. In addition, all users of the company's website can link their personal accounts to modify their information at any time using the Change Information menu.
The company also does not track website visitors or use 'trace protection' signals. The company does not collect and provide personal identification information through advertising services without the user's consent.