Service Inquiry

The Company processes personal information for the purposes described below. Personal information will not be used for any purposes other than those stated, and if the purposes of use change, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

• • Website Membership Registration and Management: Confirming intent to register, maintaining and managing membership status, preventing unauthorized use of services, providing various notices, and handling complaints.
• • Provision of Goods or Services: Providing services, delivering content, offering personalized services, identity verification, age verification, payment and billing, and debt collection.
• • Complaint Handling: Verification of the complainant’s identity, review of the complaint, contact and notification for fact-finding, and notification of the handling results.
• • Use for Marketing and Advertising: Development of new services (products) and provision of personalized services, provision of event and promotional information and opportunities to participate, delivery of services and advertisements based on demographic characteristics, tracking access frequency, and compiling statistics on members’ use of services.

The company processes and retains personal information within the period of use and retention consented to by the data subject or within the period prescribed by applicable laws and regulations.
The retention and use period for each type of personal information is as follows:

• Website Membership Registration and Management
• • Retention Period: Until membership withdrawal.
• • However, if an investigation or inquiry is underway due to a violation of applicable laws, the provision of goods or services will continue until the conclusion of such investigation or inquiry.
• • Records Related to Contracts or Withdrawal of Subscription: 5 years
• • Records of Payment and Supply of Goods or Services: 5 years
• • Records of Consumer Complaints or Dispute Resolution: 3 years
• • Records Related to Labels and Advertising: 6 months

The company processes personal information only for the purposes stated in Article 1 and provides it to third parties only with the data subject’s consent or as required by law.
The company provides personal information to third parties as follows:

• Payment Service Providers
• • Recipient: [Name of the Payment Gateway Provider]
• • Purpose of Use by the Recipient: To provide payment services
• • Personal Information Provided: Name, contact information, and payment information
• • Retention and Use Period by the Recipient: 5 years after the completion of the transaction

The company outsources the following personal information processing tasks to ensure smooth handling of personal information:

• Website Operation and Maintenance
• • Outsourcing Recipient: [Name of IT Service Provider]
• • Details of Outsourced Tasks: Website operation, system maintenance, and technical support
• • Outsourcing Period: Duration of the contract
• When concluding an outsourcing contract, the company specifies in the contract or other documents, in accordance with Article 26 of the Personal Information Protection Act, matters such as the prohibition of personal information processing beyond the purpose of the outsourced task, technical and managerial protective measures, restrictions on subcontracting, supervision of the contractor, and liability for damages. The company also monitors whether the contractor processes personal information securely.

Data subjects may exercise the following rights related to the protection of personal information with the company at any time:

• 1. Request for Notification of Personal Information Processing Status
• 2. Request to Access Personal Information
• 3. Request to Correct or Delete Personal Information
• 4. Request to Suspend Personal Information Processing
• Data subjects may exercise their rights with the company in writing, via email, or by facsimile (FAX) in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act. The company will take action without delay upon receipt.
• Data subjects may also exercise their rights through a legal representative or an authorized agent. In this case, a power of attorney must be submitted in accordance with Form No. 11 of the “Notification on the Method of Processing Personal Information (No. 2020-7).

The company processes the following personal information items:

• Website Membership Registration and Management
• • Required Items: Name, ID, Password, Phone Number, Email Address
• • 선택항목: 생년월일, 성별, 주소 Optional Items: Date of Birth, Gender, Address The following personal information items may be automatically generated and collected during the use of Internet services.
• • IP address, cookies, MAC address, service usage records, visit logs, and records of improper use, etc.

The company will promptly destroy personal information once its retention period has expired or the purpose of processing has been achieved, and the information is no longer necessary. If personal information must be retained under other laws even after the expiration of the consented retention period or the achievement of the processing purpose, such information will be transferred to a separate database (DB) or stored in a different location.
The procedures and methods for destroying personal information are as follows:

• Destruction Procedure: The company selects personal information for which a reason for destruction has arisen and, with the approval of the company’s Personal Information Protection Officer, proceeds to destroy the personal information.
• Destruction Method
• • Information in electronic file form is destroyed using technical methods that make record recovery impossible.
• • Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

In accordance with Article 29 of the Personal Information Protection Act, the company implements the following technical, managerial, and physical measures necessary to ensure the security of personal information:

• 1. Minimization and Training of Personnel Handling Personal Information: The company designates personnel who handle personal information and limits access to these individuals, implementing measures to manage personal information with minimal exposure.
• 2. Regular Internal Audits: The company conducts regular internal audits (once per quarter) to ensure the security of personal information handling.
• 3. Establishment and Implementation of an Internal Management Plan: The company establishes and implements an internal management plan to ensure the secure processing of personal information.
• 4. Encryption of Personal Information: Personal information is securely stored and managed through encryption and other protective measures.
• 5. Storage and Protection of Access Records: Access logs to the personal information processing system are retained and managed for at least one year, and security features are used to prevent tampering, theft, or loss of these records.
• 6. Access Restriction to Personal Information: The company implements necessary measures to control access to personal information by granting, modifying, and revoking access rights to database systems that process personal information. Unauthorized external access is also controlled using intrusion prevention systems.
• 7. Use of Locks for Document Security: Documents and secondary storage media containing personal information are stored in secure locations with locks.
• 8. Access Control for Unauthorized Persons: Physical storage locations containing personal information are separated and managed under established access control procedures.

The company uses "cookies" to store and periodically retrieve user information in order to provide personalized services to users.

• Purpose of Using Cookies
• • It is used to track the user’s visits and usage patterns on each service and website, popular search terms, and secure connection status, in order to provide users with optimized information.
• Installation, Operation, and Refusal of Cookies
• • You can refuse the storage of cookies by adjusting the options in the Privacy menu under Tools > Internet Options in your web browser.
• • If you refuse the storage of cookies, you may experience difficulties using personalized services.

The company oversees and is responsible for all tasks related to the processing of personal information and has designated the following Personal Information Protection Officer to handle complaints and provide remedies related to the processing of personal information.

• Personal Information Protection Officer (PIPO)
• • Name: Seungcheol Kim, Vice President
• • Contact: sckim@kuls.co.kr
• Data subjects may direct any inquiries, complaints, or requests for remedies related to the protection of personal information arising from the use of the company’s services (or business) to the Personal Information Protection Officer or the relevant department. The company will respond to and address the inquiries without delay.

This Privacy Policy applies from the effective date. Any additions, deletions, or corrections in accordance with applicable laws and policies will be notified through the notice section at least seven days prior to the effective date of the changes.

Data subjects may request access to their personal information in accordance with Article 35 of the Personal Information Protection Act through the following department. The company will make efforts to ensure that such requests are processed promptly.

• Department for Receiving and Handling Personal Information Access Requests
• • Person in Charge: Gaeun Kim, Manager
• • Contact: kekim@kuls.co.kr
• In addition to the department for receiving and handling access requests mentioned in paragraph 1, data subjects may also request access to their personal information through the Personal Information Protection Committee’s “Personal Information Protection Comprehensive Support Portal” website (www.privacy.go.kr).

Data subjects may contact the following organizations for remedies, consultation, or inquiries regarding personal information infringements.

• Personal Information Protection Commission (PIPC)
• • (no area code) 1833-6972 (privacy.go.kr)
• Personal Information Infringement Report Center
• • (no area code) 182 (privacy.go.kr)
• Supreme Prosecutors’ Office
• • (no area code) 1301 (www.spo.go.kr)
• National Police Agency
• • (no area code) 182 (ecrm.cyber.go.kr)
• A data subject whose rights or interests have been infringed due to a disposition or inaction by the head of a public institution in accordance with Articles 35 (Access to Personal Information), 36 (Correction or Deletion of Personal Information), and 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For more information regarding administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr ).