Personal Information Processing Policy

Personal Information Processing Policy: No. 1

(2024.12.00 Enacted)

Personal Information Processing Policy

Galaxia Metaverse Co., Ltd. (hereinafter referred to as the "Company") processes and safely manages personal information in compliance with the Personal Information Protection Act and related statutes for the protection of freedom and rights of data subjects. Accordingly, in order to guide data subjects on procedures and standards for processing personal information pursuant to Article 30 of the Personal Information Protection Act, the personal information processing policy will be established and disclosed as follows in order to facilitate the processing of personal information quickly and smoothly.

Table of Contents

General Provisions of Article 1

Article 2 Purpose of Processing Personal Information

Article 3 Items of personal information collected and purpose of use

Article 4 Processing and Retention Period of Personal Information

Article 5 Procedures and Methods for Destruction of Personal Information

Article 6 Provision of Personal Information to a Third Party

Article 7 Entrustment of Personal Information Processing

Article 8 Measures to ensure the stability of personal information

Article 9 Matters concerning the installation, operation, and rejection of automatic personal information collection devices

Article 10 Rights and obligations of data subjects and legal representatives and methods of exercising them

Article 11 Personal Information Protection Officer

Article 12 Changes to Personal Information Processing Policy

Article 1 (General Rules)

1. "Personal Information" means information about surviving individuals (including information that can be easily combined with other information, even if this information alone cannot identify a particular individual).

2. The term "data subject" means a person who can be identified by the processed information and is the subject of the information.

3. The company always makes it easy to check the personal information processing policy by releasing it on the first screen of the website. Also, if we revise the personal information processing policy, we will notify it through the website.

4. Each business unit may operate a separate personal information processing policy according to the characteristics of their work. In this case, the personal information processing policy of each business unit will be applied first, and please check the personal information processing policy announced on the website.

Article 2 (Purpose of Processing Personal Information)

The company processes personal information for the following purposes. The personal information we are processing will not be used for any purpose other than the following purposes, and if the purpose of use changes, we will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Purpose of processing mandatory consent items

The company's service is a non-real-name web service that does not require personal identification information or collection or identification procedures for identification, except for e-mails, which are essential items for membership registration.

2. Service delivery

Personal information can be requested and processed for the purpose of confirming civil complaints, such as withdrawal of subscription of purchased products, handling inquiries, dispute resolution, contact and notification for fact investigation, and notification of processing results.

3. Service development and customized service delivery

Providing event and advertising information, identifying access frequency, using marketing, and statistical analysis

Article 3 (Articles and Purpose of Use of Personal Information Collected)

Since the service is characterized by the provision of non-real name web services, it does not collect personal information of users (including personal information as defined in Article 2 of the Personal Information Protection Act) that can be easily combined with other information. Provided, That personal information may be collected to a minimum pursuant to subparagraph 2 or 3 of Article 2, and shall be used only for the following purposes.

Reasons for holding information according to the company's internal policy

1. Membership management

- Retention period: Until withdrawal of service

- Reason for possession: Service delivery

2. records of illegal use

- Retention period: 1 year

- Reason for holding: Prevention of illegal use

3. Content of posts and chats

- Retention period: Jun Young-gu

- Reason for holding: Prevention of fraud and resolution of disputes among members within the service

Reasons for holding information under relevant laws and regulations

1. Records on Electronic Financial Transactions

- Retention period: 5 years

- Reason for holding: Electronic Financial Transactions Act

2. Record of contract or withdrawal of subscription, etc

- Retention period: 5 years

- Reason for Holding: Act on Consumer Protection in Electronic Commerce, etc

3. Record of payment and supply of goods, etc

- Retention period: 5 years

- Reason for Possession: Act on Consumer Protection, etc. in Electronic Commerce, etc

4. Record of consumer complaints or dispute settlement

- Retention period: 3 years

- Reason for Holding: Act on Consumer Protection, etc. in Electronic Commerce, etc

5. Website Visits Record

- Retention period: 3 months

- Reason for possession: Communication Secret Protection Act

Article 4 (Period of Processing and Retention of Personal Information)

Users can withdraw their consent to the collection and use of personal information at any time through membership registration, etc. If you want to withdraw your consent, contact the company email, etc. and we will immediately take necessary measures to withdraw your membership. If you take measures such as withdrawing your consent and destroying your personal information, we will notify the user without delay.

Article 5 (Procedures and Methods for Destruction of Personal Information)

If a separate consent is obtained from the data subject for the use and retention period of personal information, or if the law imposes an obligation to store personal information for a certain period of time, the personal information shall be safely stored in accordance with the law, and if personal information becomes unnecessary, such as the expiration of the holding period and the achievement of the processing purpose, the personal information shall be destroyed without delay.

The methods of destroying personal information are as follows.

1. Personal information recorded and stored in the form of electronic files is deleted through a technical method that cannot be reproduced.

2. Personal information recorded and stored in paper documents is shredded or incinerated with a grinder to destroy.

Article 6 (Provided by a third party of personal information)

The company shall use personal information within the scope of the purpose of collecting personal information, and shall not use personal information beyond that scope or provide or share it with third parties: Provided, That the following cases are excluded.

1. If a separate consent is obtained from the data subject

2. If there are special provisions in other laws

3. Where the data subject or its legal representative is unable to express his or her intention or cannot obtain prior consent due to an unknown address, etc., and is clearly deemed necessary for the benefit of life, body, or property of the data subject or a third party

4. 4. Where personal information is provided in a form that a specific individual cannot be identified as necessary for the purpose of statistics preparation and academic research, etc

5. Where it is impossible to perform the duties under the jurisdiction prescribed by other Acts unless personal information is used for purposes other than its purpose or provided to a third party, and has been deliberated and resolved by the Protection Committee

6. Where it is necessary to provide treaties or other international agreements to foreign governments or international organizations for the implementation of international agreements

Where it is necessary for the investigation of a crime and the filing and maintenance of a prosecution

7. Where it is necessary for the performance of the court's judicial affairs

8. Where it is necessary for the execution of punishment (刑), supervision, and protection disposition

Article 7 (Consignment of Personal Information Processing)

The service does not entrust the processing of the user's personal information.

Article 8 (Measures to ensure the stability of personal information)

The company is taking the following measures to ensure the safety of personal information.

1. Management measures: Establishment and implementation of internal management plans, regular employee training, etc

2. Technical measures: Restricting and minimizing access to personal information, installing security programs, installing access control systems

3. Physical Measures: Office Access Control, Server Access Control

Article 9 (Matters concerning the installation, operation, and rejection of automatic personal information collection devices)

The company operates 'cookie' that stores and finds your information from time to time. A cookie is a small text file sent to your browser by a server used to run a company's website and is stored on your computer's hard disk or mobile.

The company uses cookies for the following purposes.

1. It is used to provide optimized information to users by identifying the type of visit and use of each service and website visited by the user, popular search terms, security access, etc.

2. Personalized services are provided by identifying the degree of participation in various events and the number of visits

3. Users can enable or disable cookie saving using the basic features of their web browser. However, disabling cookie saving can cause difficulties in using customized services.

<Allow/Block Cookies in Web Browser>

- Chrome: Web Browser Settings > Privacy and Security > Delete Internet Usage History

- Edge : Web browser settings > Cookies and site privileges > Cookies and site data management and deletion

<Allow/Block Cookies in Mobile Browser>

- Chrome: Mobile Browser Settings > Privacy and Security > Delete Internet Usage History

- Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies

- Samsung Internet : Mobile Browser Settings > Internet Usage History > Delete Internet Usage History

Article 10 (Rights and obligations of data subjects and legal representatives and methods of exercising them)

The data subject may exercise the following privacy-related rights to the company at any time.

1. Request for access to personal information

2. Request correction if there is an error, etc

3. Request for deletion

4. Request to stop processing

The exercise of rights related to personal information protection can be done to the company in writing or through company e-mail, and the company will take action without delay.

If the data subject requests correction or deletion of errors in personal information, the company will not use or provide the personal information until the correction or deletion is completed.

The exercise of rights can be done through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit the power of attorney in writing, e-mail, etc.

Article 11 (Personal Information Protection Officer)

In order to protect personal information and handle complaints related to the processing of personal information, the company designates the person in charge of personal information protection and related departments as follows.

1. a person in charge of personal information protection

- Statement: Han Fei-yong

- Position: Chief Information Protection Officer (CISO)

- Position: General Manager

- Contact : 1577-0535, galaxiametaverse@galaxia.co.kr

2. Department in charge of personal information

- Department Name: Security Team

- Contact : 1577-0535, galaxiametaverse@galaxia.co.kr

The data subject may contact the person in charge of personal information protection and the department in charge of all personal information protection-related inquiries, complaint handling, and damage relief that occurred while using the company's service. The company will respond to and process the information subject's inquiries without delay.

If you need to report or consult other personal information infringement, please contact the agency below.

1. Personal Information Infringement Reporting Center (privacy.kisa.or.kr / 118)

2. Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)

3. Cyber Investigation Division of Supreme Prosecutors' Office (spo.go.kr / 1301)

4. Cyber Investigation Bureau of the National Police Agency (ecrm.police.go.kr / 182)

Article 12 (Change in Personal Information Processing Policy)

This Privacy Policy will take effect from December 00 2024