1. Information to be collected and method of collection (1) Personal information items to be collected

The company may collect information directly provided by the user, such as name, ID, e-mail address, date of birth, telephone number, country information, and information (device information, log information, location information and We may also collect other information, such as your preferences for the use of our services, advertising environment, pages you visit, etc.

(2) Method of collection

The Company collects the information of users in a way of the followings

• • webpage, written form, fax, telephone calling, e-mailing, tools for collection of created information
• • provided by partner companies

2. Use of collected information Processing personal information by the Company shall be lawful only if and to the extent that at least one of the following applies

• • A user has given consent to the processing of his or her personal information.
• • Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract
• • Processing is necessary for compliance with a legal obligation to which the Company is subject
• • Processing is necessary in order to protect the vital interests of users, or other natural persons
• • Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company
• • Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).

3. Disclosure of collected information Except for the following cases, the Company will not disclose personal information with a 3rd party

• • when the Company disclosing the information with its affiliates, partners and service providers
• • when the users consent to disclose in advance
• • when disclosure is required by the laws

4. Commission for collected personal information For carrying out services, the Company commissions external professional companies (subcontractors) to process personal information as follows. This commissioned works for processing personal information is carried out by each subcontractor and service only if necessary for providing that service.

In commissioning process of personal information, in order to secure safety of personal information , the Company supervises and ensure to expressly state in the agreement with subcontractors so that those subcontractors will safely process personal information by strictly complying with directions regarding personal information protection, keeping personal information secret, not disclosing it to a 3rd party and being liable for accidents and returning or destructing personal information upon termination of the commission or process. 5. Period for retention and use of personal information In principle, the Company destructs personal information of users without delay when the purpose of its collection and use has been achieved the legal or management needs are satisfied or users request. 6. Procedure and method of destruction of personal information In principle, the Company destructs the information immediately after the purposes of its collection and use have been achieved without delay: Provided that, if any information is to be retained as required by relevant laws and regulations, the Company retain it for the period as required by those laws and regulations before destruction and, in such event, the personal information which is stored and managed separately will never be used for other purposes. The Company destructs: hard copies of personal information by shredding with a pulverizer or incinerating it; and delete personal information stored in the form of electric file by using technological method making that information not restored. 7. Cookies The Company may collect collective and Popup, log history, etc. through 'cookies'. Cookies are very small text files to be sent to the browser of the users by the server used for operation of the websites of the Company and will be stored in hard-disks of the users' computer. These functions are used for evaluating, improving services and setting-up users' experiences so that much improved services can be provided by the Company to the users.

The users have an option for cookie installation. So, they may either allow all cookies by setting option in web browser, make each cookie checked whenever it is saved, or refuses all cookies to be saved: Provided that, if the user rejects the installation of cookies, it may be difficult for that user to use the parts of services provided by the Company. 8. User’s right The users or their legal representatives, as main agents of the information, may exercise the following rights regarding the collection, use and sharing of personal information by the Company.

• • The right to access to personal information : The users or their legal representatives may access the information and check the records of the collection, use and sharing of the information under the applicable law.
• • The right to rectification : The users or their legal representatives may request to correct inaccurate or incomplete information.
• • The right to erasure : The users or their legal representatives may request the deletion of the information after the achievement of their purpose and the withdrawal of their consent.
• • The right to restriction of processing : The users or their legal representatives may make temporary suspension of treatment of personal information in case of the disputes over the accuracy of information and the legality of information treatment, or if necessary to retain the information.
• • The right to data portability : The users or their legal representatives may request to provide or transfer the information.
• • The right to object : The users or their legal representatives may suspend the treatment of personal information if the information is used for the purpose of direct marketing, reasonable interests, the exercise of official duties and authority, and research and statistics.
• • The right to automated individual decision-making, including profiling : The users or their legal representatives may request to cease the automated treatment of personal information, including profiling, which has critical impact or cause legal effect on them.

If, in order to exercise the above rights, you, as an user, use the menu of 'amendment of member information of webpage or contact the Company by sending a document or e-mails, or using telephone to the Company ( person in charge of management of personal information or a deputy), the Company will take measures without delay: Provided that the Company may reject the request of you only to the extent that there exists either proper cause as prescribed in the laws or equivalent cause. 9. Security The Company regard the security of personal information of uses as very important. The company constructs the following security measures to protect the users' personal information from any unauthorized access, release, use or modification.

• • Encryption of personal information
  1. - Transmit users' personal information by using encrypted communication zone
  2. - Store important information such as passwords after encrypting it
• • Countermeasures against hacking
  1. - Install a system in the zone the external access to which is controlled so as to prevent leakage or damage of users' personal information by hacking or computer virus
• • Establish and execute internal management plan
• • Install and operate access control system
• • Take measures to prevent forging or alteration of access record

10. Protection of personal information of children In principle, the Company does not collect any information from the children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction.

11. Modification of Privacy Protection Policy The Company has the right to amend or modify this Policy from time to time and, in such case, the Company will make a public notice of it through bulletin board of its website (or through individual notice such as written document, fax or e-mail) and obtain consent from the users if required by relevant laws.

12. Data transfer to other countries Considering it engages in global businesses, the Company may provide the users' personal information to the companies located in other countries for the purpose as expressly stated in this Policy. For the places where the personal information is transmitted, retained or processed, the Company takes reasonable measures for protecting those personal information.

※ Contact information of Company Please use one of the following methods to contact dwprivacy@dongwha.com should you have any queries in respect to this policy or wish to update your information.