<SoosuStudio>('onewallet.kr' hereinafter referred to as 'ONEWallet') establishes and discloses this privacy policy to protect the personal information of data subjects in accordance with Article 30 of the Personal Information Protection Act and to handle related grievances quickly and smoothly.

○ This privacy policy applies from February 9, 2020.

1. (Purpose of processing personal information) <SoosuStudio>('ONEWallet') processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following purposes, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.

  1. Utilization in marketing and advertising Personal information is processed for purposes such as determining access frequency or statistics related to members' service usage.

2. (Processing and retention period of personal information) ① <SoosuStudio> processes and retains personal information within the period of retention and use of personal information agreed upon when collecting personal information from the data subject, or in accordance with the period of retention and use of personal information required by applicable laws. ② The period of each personal information processing and retention is as follows.

3. (Rights and obligations of data subjects and legal representatives and how to exercise them)

① Data subjects may exercise their rights to access, correct, delete, or suspend processing of their personal information from SoosuStudio at any time.

② Requests for the rights pursuant to Paragraph 1 may be made to SoosuStudio in writing, by email, facsimile, or any other means prescribed by the Personal Information Protection Act and SoosuStudio will take necessary measures without delay.

③ Requests for the rights pursuant to Paragraph 1 may be made through a legal representative or authorized agent of the data subject. In such cases, the legal representative or authorized agent must submit a power of attorney according to the form prescribed in Annex No. 11 of the "Regulations on Personal Information Processing Methods (No. 2020-7)."

④ The right to access personal information and the right to suspend processing may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

⑤ Requests for correction or deletion of personal information may not be made for personal information that is specified as the object of collection by other laws.

⑥ SoosuStudio confirms whether the requester is the data subject or a legitimate representative when fulfilling requests for rights of access, correction or deletion, or suspension of processing.

4. (Items of personal information being processed) ① <SoosuStudio> processes the following personal information items.

5. (Destruction of personal information)

① <SoosuStudio> destroys personal information without delay when the retention period of personal information expires, the purpose of processing personal information has been achieved, or when the personal information is no longer necessary. ② If the retention of personal information is required by other applicable laws despite the expiration of the period of retention agreed upon with the data subject or the achievement of the purpose of processing, the personal information is retained separately in a database or storage area. 1. Legal basis: 2. Personal information items being retained: Account information, transaction date ③ The procedure and method of destruction of personal information are as follows. 1. Destruction procedure: <SoosuStudio> selects personal information that has become unnecessary and obtains the approval of the personal information protection manager of <SoosuStudio> to destroy the personal information. 2. Destruction method: Personal information in electronic file format is permanently deleted using technical measures that prevent the recording from being played back.

6. (Measures to ensure the safety of personal information) <SoosuStudio> takes the following measures to ensure the safety of personal information.

  1. Regular internal audits: To ensure the safety of personal information handling, internal audits are conducted regularly (once every quarter).
  2. Minimization and education of personal information handling personnel: <SoosuStudio> designates personnel responsible for handling personal information and limits them to a minimum to manage personal information and implements measures to minimize personnel.
  3. Technical measures against hacking: <SoosuStudio>('ONEWallet') has installed security programs to prevent personal information leaks and damage caused by hacking or computer viruses, and periodically updates and inspects them. The system is installed in areas where external access is controlled, and is monitored and blocked technically and physically.
  4. Encryption of personal information: Passwords for personal information are encrypted and stored and managed so that only the data subject knows them. Important data is encrypted or uses separate security functions, such as file locking, when transmitting files or data.

7. (Installation, operation, and refusal of automatic collection devices for personal information) <SoosuStudio> does not use "cookies" that store and retrieve usage information of data subjects.

8. (Personal Information Protection Manager) ① <SoosuStudio> takes overall responsibility for processing personal information and designates a personal information protection manager to handle complaints and remedies related to the processing of personal information by data subjects. The personal information protection manager is as follows. Personal Information Protection Manager • Name : Kim Minsoo • Position : CSO • Title : CSO • Contact : [email protected]