Chapter 1: General Provisions

Article 1 (Purpose)

Metacode ENT, Ltd. (hereinafter referred to as the "Company") complies with relevant legal provisions, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Communication Secrets Protection Act. The Company strives to protect the rights and interests of users by establishing a privacy policy based on applicable laws and regulations concerning the processing of personal information related to the services provided by the Company. This privacy policy applies to the use of services provided by the Company and includes the following contents.

Article 2 (Collection and Use of Personal Information)

1. ① The Company processes users' personal information to provide seamless service as follows:

   Classification(Task Name)	Purpose of Processing	Information to be Collected and Used	Retention/Use Period
   Membership Registration	• Verification and Authentication of the User's Identity • Delivery of Various Notices and Notifications	Required Information: Email address corresponding to the ID, nickname	Until the user withdraws membership. ※ If an investigation or inquiry is being conducted due to a violation of relevant laws, it will be retained until the conclusion of the investigation or inquiry, in accordance with internal regulations or relevant laws.
   Information Generated and Collected during Service Usage	• Smooth Operation and Improvement of the Service • Prevention of Unauthorized Use of the Service	Required Information: Country, visit date and time, service usage records, device information (OS, screen size, device type, location information, device identifier, advertising ID), device token	Same as above
   Identity Verification (KYC)	Provision of Identity Verification (KYC) Service	Required Information: Name, CI (Customer Identifier), DI (Device Identifier), mobile phone number, date of birth, gender, telecommunications company, information about domestic/foreign status, and other information required for identity verification (KYC)	Until the user withdraws membership or revokes consent. ※ If an investigation or inquiry is being conducted due to a violation of relevant laws, it will be retained until the conclusion of the investigation or inquiry, in accordance with internal regulations or relevant laws.

2. ② User's personal information is collected during the process of user registration and service usage when the user agrees to the collection of personal information and provides information directly during service usage.

3. ③ The Company processes and retains personal information within the period specified in the relevant laws or within the period agreed upon by the information subject at the time of collecting personal information. However, in the following cases, personal information is processed and retained until the end of the respective reasons:

   • 1. In case of ongoing investigations or inquiries due to violations of relevant laws, until the end of the investigation or inquiry.
   • 2. In case of the existence of creditor-debtor relationships resulting from website usage, until the settlement of the relevant creditor-debtor relationship.
   • 3. In case of the obligation to retain according to relevant laws, until the end of the specified retention period:
     1. - Communication Secrets Protection Act: Website visit records (3months).
     2. - Act on Promotion of Information and Communications Network Utilization and Information Protection: Records of personal identification (6 months).

Article 3 (Handling of Personal Information of Children Under 14 Years of Age)

The Company does not collect or use information about individuals under the age of 14 who require the consent of their legal representatives, such as parents or guardians, or individuals of the age for which parental consent is required according to the user's country.

Article 4 (Outsourcing of Personal Information Processing)

The Company outsources personal information processing tasks for efficient personal information management and supervises whether the entrusted party processes personal information safely.

Article 5 (Overseas Transfer of Personal Information)

The Company entrusts the personal information of users to overseas cloud services for data analysis and data loss prevention.

Article 6 (Personal Information Disposal Procedure)

• ① When personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose, the Company promptly disposes of such personal information. However, in cases where there is a specified retention period within the Company's internal policies or relevant laws, the personal information is stored and managed separately for a certain period before disposal.

• ② Personal information printed on paper is shredded or incinerated, and electronically stored records are deleted using technical methods that prevent reproduction.

Article 7 (Rights, Obligations, and Exercise Methods of Information Subjects and Legal Representatives)

• ① Information subjects can inquire about or modify personal information, request the withdrawal of consent for collection/use, or request termination of membership.
• ② The exercise of the above rights can be made through the personal information protection officer by sending an email or other means according to applicable laws.
• ③ The exercise of rights can also be done through the legal representative or a proxy with delegated authority. In this case, the person making the request must submit a power of attorney.
• ④ The right to access and request processing suspension of personal information may be limited according to applicable laws.
• ⑤ The request for correction and deletion of personal information cannot be made in cases where the relevant personal information is specified as a collection target under other laws.
• ⑥ The Company confirms whether the requester of access, correction, deletion, or suspension of personal information is the information subject or a legitimate representative.

Article 8 (Security Measures for Personal Information)

The Company establishes and operates the necessary technical, administrative, and physical protection measures for security in accordance with applicable laws, including:

• 1.Technical countermeasures against hacking, etc

  1. - Installation and regular updates of security programs to prevent personal information leakage and damage caused by hacking, computer viruses, and similar threats.
  2. - Implementation of systems in restricted access areas with both technical and physical monitoring and blocking measures to prevent unauthorized access from external sources.

• 2. Monitoring and detection of network traffic to identify attempts of illegal information alteration and other unauthorized activities.

• 3. Preservation and prevention of tampering access records.

  1. - Retention and management of access records (web logs, summary information, etc.) to the personal information processing system for a minimum of 2 years.
  2. - Implementation of security features to ensure the integrity and protection of access records against tampering, theft, or loss.

• 4. Access control to personal information.

  1. - Establishment and operation of procedures for granting, modifying, and revoking access permissions to the systems processing personal information.
  2. - Utilization of intrusion detection systems to control unauthorized access attempts from external sources.

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

• ① The Company uses "cookies" for the following purposes. A cookie is a small amount of information that the server (http) used to operate the website sends to the user's computer browser or mobile application, and is stored on the user's computer's internal hard disk or mobile device.

  1. 1. Purpose of cookie use: To provide convenient service functions.
  2. 2. Disadvantages of refusing to store cookies: There may be difficulties in using customized services.
  3. 3. Installation/Operation and Rejection of Cookies: Depending on the type of browser or app, you can refuse to save cookies in the following ways:
  4. - How to set cookies if you use Google Chrome: Settings > Privacy and security > Cookies and other site data.
  5. - How to set cookies if you use Microsoft Edge: Settings > Site permissions > Cookies and site data.
  6. - How to set cookies if you use Safari: Preferences > Privacy > Cookies and website data.
  7. - How to set cookies if you use the Safari App: Settings > Safari > Block All Cookies.
  8. - How to set cookies if you use Chrome App: Settings > Site settings > Cookies.
  9. - Android: Settings > Apps > Select Service > Storage > Clear Cache.
  10. - iOS: Settings > Privacy > Tracking > Disable Service App.

• ② In order to provide users with a better experience, the Company uses a "web log analysis tool" that automatically collects and analyzes behavioral information such as visit records and access methods when accessing the homepage/app. In some cases, the Company outsources web log analysis to a third party, and the information collected in the process may be transferred overseas.

Article 10 (Personal Information Protection Officer)

The Company designates a personal information protection officer who is responsible for the overall management of personal information processing and handles complaints and damage relief related to personal information processing. Please contact the responsible department for quick and sufficient responses to user inquiries.