Lobin Co. (hereinafter referred to as “Company”) is bound by the following privacy policy established by the “Company” to process the personal information, and shall protect the personal information, rights and interests of the Users in accordance with Article 30 of the Personal Information Protection Act.

Article 1. Purpose of Processing the Personal Information

① The “Company” collects and manages the personal information for the following purposes. The processed personal information shall not be used for purposes other than the following and, in the case of change in such purposes, the “Company” shall take necessary actions, such as obtaining a separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Membership: Confirmation of intention to sign up as a member, verification of qualification for access to membership services, retention and maintenance of membership qualification, compliance with the enforced limited identification, prevention of unauthorized use of services, verification of legal representative for processing of personal information of children under the age of 14, notification of important matters regarding services and management of claims.
2. Services: Providing services, delivering agreement and invoices, verifying identity, and settling payments.
3. Supports: Verification of claimant’s identity, confirmation of the claims, communication and notification of verification purposes, and notification of processing status.

Article 2. Processing and Retention Period of the Personal Information

① When collecting the personal information from the Users or during the retention period of the personal information in accordance with the Personal Information Protection Act, the “Company” shall process and retain the personal information within the processing and retention period consented by the users.

② The processing and retention period of the personal information shall be as follows:

1. Personal information regarding registration and management of the membership: Until the termination of the membership. However, the personal information shall be retained until the circumstances are resolved for the following cases:
   1. Investigation in association with violation of laws: Until the investigation is completed
   2. Accounts payable outstanding from use of the services: Until the outstanding amounts are paid in entirety
2. Personal information regarding use of the services: Until the payment for the services are settled and the services are provided. However, the personal information shall be retained until the circumstances are resolved for the following cases:
   1. Records related to transactions at the homepage including representations, advertisements, terms and conditions of the transactions, and performance of such terms and conditions in accordance with the Consumer Protection Act in Electronic Commerce.
      1. Records on representations and advertisements: Six(6) months
      2. Record on agreements, withdrawal, payment, relevant services associated with the transactions: Five(5) years
      3. Records on user complaints or dispute settlements: Three(3) years
   2. Records related to verification of communications in accordance with Article 41 of the Communication Secret Protection Act
      1. Records on date and time of telecommunication of the members, counterparty’s registration number, frequency of use, location tracking data of distribution station: One(1) year
      2. Records on communications by computers, internet log data, access point tracking data: Three(3) months

Article 3. Providing the Personal Information to the Third Party

The “Company” processes the personal information of the User in accordance with Article 1 hereof, and provides the personal information of the user to a third party only in accordance with Article 17 of the Personal Information Protection Act.

Article 4. Entrustment of the Personal Information Processing

① The “Company” entrusts processing of the personal information to third parties for enhanced usability as follows:

• None

② The “Company” specifies certain conditions in the entrustment agreements including prohibition of processing the personal information for the purposed other than entrustment, technical and administrative protection measures, restriction on re-entrustment, management protocol of the trustee and responsibility of indemnification, and supervises the trustee accordingly.

③ Company shall notify changes of the trustee or scope of entrustment by way of updating this privacy policy.

Article 5. Rights and Duties of the Users Providing the Personal Information

① The user providing the personal information can exercise the following rights in association with the protection of the personal information at any time:

1. Inspection of the personal information provided
2. Correction, modification or deletion of the personal information provided
3. Deletion of the personal information provided
4. Suspension of processing the personal information provided

② The user providing the personal information can exercise its rights in accordance with Section 1 above by way of submitting the requesting document via mail, email or fax, and the “Company” shall take necessary actions without delay.

③ If the user providing the personal information requests correction, modification or deletion of the personal information provided, the “Company” shall not use or provide the personal information to third parties until such correction, modification or deletion is completed.

④ The User providing the personal information may delegate the exercise of its rights provided in Section 1 above to a legal representative or an agent. In this case, the power of attorney, in accordance with Annex 11 of the Enforcement Ordinance of the Personal Information Protection Act, shall be submitted.

⑤ The information subject shall not infringe on the personal information and privacy of the person or other person handled by the “Company” in violation of related laws such as the Personal Information Protection Act.

Article 6. Items for Processing the Personal Information

① The “Company” processes the following items of the personal information:

1. Registration and management of the membership
   1. Required items: Name, date of birth, user ID, password, address, phone number, gender, email address
   2. Optional items: Marital status, area of interest
2. Delivery of the services
   1. Required items: Name, date of birth, user ID, password, address, phone number, gender, email address, payment information such as credit card number or bank
   2. Optional items: Area of interest, previous purchase history

② The following personal information may be automatically produced and collected during the use of internet browser:

• IP address, cookies, MAC address, record of services used, visit log and defective usage record

Article 7. Destruction of the Personal Information

① The “Company”, in principle, shall delete the personal information without delay, if the purpose of processing the personal information is achieved.

② Nevertheless, if the personal information needs to be preserved pursuant to relevant laws and regulations, the “Company” shall transfer such information to a separate storage space for preservation.

③ The procedures and methods of destroying the personal information are as follows:

1. Procedures: The “Company” shall destroy any unnecessary personal information under the responsibility of the person in charge of the personal information.
2. Methods: Electronic data shall be destroyed through technical methods making it impossible to be restored. Paper documents containing the personal information shall be shredded or incinerated.

Article 8. Measures to Secure Safety of the Personal Information

① The Company is taking the following measures to ensure the safety of personal information:

1. Administrative measures: Establishment of an administrative manual and education of the staff with the manual
2. Technical measures: Restriction of access to the personal information, encryption of the personal information, and installation and maintenance of computer security software
3. Physical measures: Control of physical access to the storage facility

Article 9. Installation, Operation or Rejection of Automatic Data Collecting System

① The “Company” may use cookies, automatically collecting and storing data of the users, to provide a user experience customized for each user.

② A cookie is a fragmented piece of data sent from an organization’s web server to the user’s web browser, and can be stored in the user’s computer hard drive.

1. The Company uses cookies to collect new information about the user and provide services without requiring any additional data input by the user.
2. The User can choose not to allow use of cookies by clicking ‘Tools’ > ‘Internet Options’ > ‘Privacy’ menus in sequence at the top of the internet browser and changing options selected.

③ The user may not be able to customize user experiences in using the services provided by the “Company”, if choosing not to allow use of cookies.

Article 10. Personnel Responsible for Protecting the Personal Information

① The “Company” designated the following person as the information security officer taking charge of protecting the personal information and communicating with the users regarding relevant matters:

• Data Protection Officer

Name: Harim Lee
Title: CPO
Email: dboard@lobin.co

(Directed to the Department of Data Protection.)

② The users providing the personal information may contact the Information Security Officer or Department of Information Security for any question, claim and/or indemnification in association with matters related to the personal information in using the services provided by the “Company”.

Article 11. Request for Inspection of the Personal Information

① Pursuant to Article 35 of the Personal Information Protection Act, the user providing the personal information may request inspection of the personal information provided directly to the following contact of the “Company”. The “Company” shall handle the request without delay.

Article 12. Remedies for Infringed Rights or Interests

① The user providing the personal information may consult with the following organizations for remedies regarding the infringement of the personal information:

1. Personal Information Infringement Report Center
   1. Scope: Report infringement on the personal information and request for consultation to resolve infringement
   2. Website: privacy.kisa.or.kr
   3. Phone: +82-118 (without area code)
   4. Address: 3F Personal Information Infringement Notification Center, 9 Jinheung-gil, Naju, Jeollanan-do, Republic of Korea 58324
2. Personal Information Dispute Mediation Committee
   1. Scope: Mediate the personal information dispute or collective disputes
   2. Website: www.kopico.go.kr
   3. Phone: +82-1833-6972
   4. Address: 3F, Government Complex in Seoul, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea 03171
3. Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
4. National Police Agency Cyber Safety Bureau: 182 (without area code) (cyberbureau.police.go.kr)

Article 13. Effective Date

This privacy policy shall be taken into effect on January 1, 2023.