Pocketdols Personal Information Processing Policy Article 1 Purpose 1. Neohago Co., Ltd. (hereinafter referred to as the 'Company') is committed to providing members with a Pocketdols service (hereinafter referred to as the 'Service') to value members' personal information and effectively manage and secure their personal information. 2. The Company complies with laws and regulations related to personal information protection, such as the Act on Promotion of Information and Communication Network Utilization and Information Protection. Through the personal information handling policy, the Company notifies you of the purpose and method of using the personal information provided by members and what measures are being taken to protect personal information. 3. The Company posts this policy on the Pocketdols service screen so that members can easily view this policy at any time. 4. 'Company' collects personal information in the following ways. (1) Membership registration, 'Service' inquiry, event application, delivery request, etc. (2) Collection through creation information collection tool Article 2 Personal information items to be collected and collection methods 1. ‘Company’ prepares a consent procedure for the use of the ‘Service’ terms and conditions and collection and use of personal information when a member signs up, and if a member chooses to agree, it'll be considered that he/she agrees to the use of the collection of personal information. 2. ‘Company’ may collect personal information as follows to provide ‘Service’ and fulfill contracts, such as membership subscription consultations and ‘Service’ applications. (1) Common to members -Required items: Email account, password (encrypted and stored for non-decryption), profile name, 'Service' version, OS, OS version, device model name, terminal unique ID ('Company' randomly grants to the member's terminal) ID), language used, country or region of residence, Time Zone -Optional: mobile phone number, profile picture (including meta-information), status message, items, and products, etc. Paid 'Service' purchase history 3. In the process of using 'Service', 'Service' usage record, access log, cookie, access IP information, ID, payment record, etc. can be automatically generated and collected. 4. 'Company' collects personal information in the following ways. (1) Membership registration, 'Service' inquiry, event application, delivery request, etc. (2) Collection through the collection tool of generated information Article 3 Purpose of collection and use of personal information ‘Company’ uses the collected personal information for the following purposes. 1. Execution of the contract regarding the provision of ‘Service’ (1) Content provision, delivery of goods 2. Member Management (1) Preventing illegal use of unauthorized members and unauthorized use due to the use of the membership service, confirming duplicate subscriptions, confirming the intention of joining the membership, keeping records for mediation of disputes, handling complaints, and delivering notices 3. Used for marketing and advertising (1) Development of new 'Service' and provision of customized 'Service', provision of 'Service' and advertisement display according to statistical characteristics, 'Service' validation, identification of access frequency, statistics on members' use of 'Service', the provision of events and advertising information and participation opportunities Article 4 Sharing and provision of personal information 1. “Company” uses the personal information of users as notified in "Article 3 Purpose of collection and use of personal information" and does not use beyond the scope without the user's prior consent or in principle, the personal information of the user is not disclosed to the outside. However, the following cases are exceptions. (1) When users agree to disclosure in advance (2) Under the provisions of laws and regulations, or for investigation purposes, if there is a request from an investigative agency under the procedures and methods prescribed in the laws and regulations (3) If information must be shared with third parties such as events, a separate notice will be posted on the event page. 3. Period of retention and use of the provided information: Personal information is retained and used within one year after the transaction of the person and the recipient is terminated, and after the transaction is terminated, personal information is retained and maintained in the necessary range for investigation of financial accidents related to the purpose of use described above, dispute resolution, complaint handling, and the fulfillment of obligations to comply with laws and ordinances. Article 5 Retention and use period of collected personal information 1. If a member withdraws from membership or is subject to the deletion of a member account due to misrepresentation of personal information, the collected personal information is completely deleted and is processed so that it cannot be used for any purpose. 2. The member's personal information is destroyed without delay when the purpose of collecting and using personal information is achieved under Article 7, Paragraph 1 of this Personal Information Handling Policy. However, if it is necessary to preserve personal information under the internal policy of 'Company' or related laws and regulations, personal information may be kept for the period specified below. (1) Due to internal policy, the following information is stored for one year and destroyed. -Records of fraud use -An e-mail account is encrypted and stored (for sending out an email and CS response after withdrawal) (2) According to the Act on Consumer Protection in Electronic Commerce, the following matters are stored for a certain time and then destroyed. (Retention period in parentheses) -Records of contract or withdrawal of subscription (5 years) -Records on payment and supply of goods (5 years) -Records of handling consumer complaints or disputes (3 years) -Records on display/advertising (6 months) (3) After books and supporting documents for all transactions prescribed by the Tax Law under the National Tax Basic Law are stored for 5 years, they are destroyed. (4) According to the Electronic Financial Transactions Act, records related to electronic financial transactions are kept for 5 years and destroyed. (5) Under the Communication Secrets Protection Act, records of visits to “Service” are retained for 3 months and destroyed. Article 6 Personal information destruction procedures and methods 1. In principle, 'Company' destroys the information without delay after the retention period has passed or the purpose of collecting and using personal information has been achieved. 2. Destruction procedure (1) The information entered by a member for joining the membership is, in principle, destroyed without delay when the purpose of collection and use of personal information is achieved and is not used for any purpose other than retention unless otherwise required by law. 3. Method of destruction (1) The printed personal information is crushed by a shredder or destroyed through incineration, and personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record. Article 7 Rights of members and method of exercise 1. Members can check, view, or modify their personal information at any time, and may request termination of membership or suspension of processing personal information. However, in such cases, the use of some or all of the ‘Service’ may be restricted. 2. Members can view and edit their personal information directly from [Account] in the ‘Service’. In addition, the member can cancel the use contract at any time through [Withdraw your membership] in the ‘Service’, and if canceled, all personal information of the member is deleted. However, if it falls under Article 5, Paragraph 2 of the personal information handling policy, it may be kept for a certain time under relevant laws and regulations. 3. When a member requests correction or deletion of his/her personal information, 'Company' takes the necessary measures without delay after confirming the member’s identification. In addition, personal information such as deletion of a member's account may be destroyed at the discretion of the person in charge of personal information management in cases falling under the subparagraphs of Article 20, Paragraph 1 (restriction of use, etc.) of the Terms and Conditions of the Service. 4. If a request for correction of errors in personal information is made, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the result of the correction process so that the correction can be made. 5. 'Company' handles personal information that is canceled or deleted at the request of a member as specified in Article 6 of the personal information handling policy and cannot be viewed or used for other purposes. 6. The exercise of rights under Paragraphs 1 and 2 may be made in writing, by e-mail, etc. through a legal representative of the data subject or an agent such as a person who has been delegated. In this case, the member must submit a power of attorney under Appendix 11 of the Enforcement Rules of the Personal Information Protection Act. Article 8 Technical and administrative measures for personal information protection 'Company' is taking the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in handling the personal information of members. 1. Technical measures (1) 'Company' is doing its best to prevent the leakage or damage to members' personal information by hacking or computer viruses. To prevent personal information from being damaged, data is backed up from time to time, and the latest vaccine program is used to prevent users' personal information or data from being leaked or damaged. Through encrypted communication, personal information can be safely transmitted over the network. In addition, the ‘Company controls unauthorized access from the outside using an intrusion prevention system and is trying to equip all possible technical devices to secure security systematically. 2. Administrative measures (1) Employees of the ‘Company’ who are handling personal information are limited to the person in charge, and a separate password for this is regularly updated, and the compliance with the privacy policy is always emphasized through frequent training for the person in charge. (2) ‘Company’ always designates a personal information manager in charge of checking the implementation of the personal information handling policy, and if problems are found, the ‘Company’ tries to correct them immediately. However, 'Company' is not responsible for any problems caused by personal information leakage due to user's negligence or Internet problems. Article 9 Matters concerning the installation/operation and rejection of automatic collection of personal information ‘Company’ installs/operates cookies to provide a faster web experience to users, and users may refuse it. 1. What is a cookie? (1) Cookies are very small text files sent by the server used to operate the website to the user's browser. Cookies are stored on the storage of the user's device. (2) Cookies do not collect personally identifiable information, and users may refuse or delete cookies at any time. 2. Purpose of cookies (1) ‘Company’ can save setting values specified by users or an operator's favorable pages through cookies to support a faster and more convenient web environment for users. (2) ‘Company’ can easily identify the user's preferences/interests through cookies and use them to provide ‘Service’ suitable for users. 3. Installation/Operation and rejection of cookies (1) Users have the option to install cookies. (2) Users may allow all cookies through setting the option of the web browser, check each time when cookies are stored, or refuse to store all cookies. However, if users refuse to install cookies, the use of the web becomes inconvenient and they may have difficulty using some ‘Service’ that requires login. (3) Setting method for each browser -Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings -Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content settings button for personal information > Cookies Article 10 Link website ‘Company’ can provide a link to other companies’ websites or materials to members through the ‘Service’. In this case, the 「Personal Information Handling Policy」 of the website is not related to the 「Personal Information Handling Policy」 of "Service", so please check the 「Personal Information Handling Policy」 of the newly visited website. Article 11 Personal information manager ‘Company’ designates a personal information manager responsible for collecting opinions and handling complaints about personal information. 1. Personal information manager (1) Company/Service: Neohago Co., Ltd. (2) Name: Jeon chanseob, Team Leader (3) E-mail: cs@pocketdols.com 2. Customer service (1) Company/Service: Neohago Co., Ltd. (2) Name: Jeon chanseob, Team Leader (3) E-mail: cs@pocketdols.com 3. Personal information manager’s office hours (1) Weekdays: 09:00 ~ 18:00 / Break time: 12:30 ~ 13:30 (2) Closed on Saturdays, Sundays, and holidays. 4. Reporting or consulting organizations on other personal information infringement (1) Personal Information Infringement Report Center (https://privacy.kisa.or.kr/ Phone number: 118 without area code) (2) Cyber Investigation Division, Supreme Prosecutors' Office (http://www.spo.go.kr / Phone: 02-3480-2000) (3) National Police Agency Cyber Safety Bureau (http://www.cyber.go.kr / Phone number: 182 without area code) Article 12 Revision of personal information handling policy 1. When changing this Privacy Policy, 'Company' specifies the reason for the change and the date of application, and notifies the current Privacy Policy through the notice in the 'Service' from 7 days before the effective date. However, if there is a change in content that is important to the user's rights or obligations, the notice will be given at least 30 days in advance. 2. Following Paragraph 1, ‘Company’ announces the changes under Paragraph 1 and notifies a user is deemed to express his/her intention unless he/she shows an intention of rejection by the date of application of the change. If a user does not express the intention of rejection explicitly, it is assumed that the user has agreed to the changes. 3. Despite Paragraph 2, ‘Company’ is subject to a separate consent process from the user him/herself if additional personal information is collected from the user or provided to a third party. This Privacy Policy applies from April 14, 2020. -Announcement date: April 14, 2020 -Effective Date: April 14, 2020