Article 1 (Purpose)

1. Kreaon Co., Ltd. (hereinafter referred to as the "Company") regards the protection of personal information of users as very important and complies with the regulations on the protection of personal information under the Personal Information Protection Act. The Company hereby informs you of how the personal information you provide is used for what purposes and in what ways, and what measures are taken to protect personal information.
2. This Privacy Policy may be subject to change due to changes in government laws or guidelines, or for the purpose of providing better services. In such cases, the Company will notify you through the notice on the website or via email.
3. The Company makes efforts to ensure that users can easily access the Privacy Policy by disclosing it on the first page of the website or through a connected screen.
4. The Company establishes procedures for revising the Privacy Policy in order to continuously improve the Privacy Policy.

Article 2 (Consent to Collection of Personal Information and Collection Methods)

1. Article 2 (Consent to Collection of Personal Information and Collection Methods) The Company provides a procedure for users to click "Agree" or "Disagree" regarding the contents of the Company's consent form or terms of use, and if the user clicks "Agree", it is deemed that the user has consented to the collection of personal information. However, the Company may collect and use the user's personal information without consent in accordance with applicable laws in the following cases:
   • When it is difficult to obtain general consent due to economic or technological reasons that are necessary to fulfill a contract for the provision of information and communication services.
   • When it is necessary for billing and settlement purposes related to the provision of information and communication services.
   • When there is a special provision in the law.
   • When there is a reasonable relevance to the purpose of collection, there is no disadvantage to the data subject, and safety measures have been taken.
     • Considering the original purpose of collection and the relevance to it, predictability of additional use of personal information based on the collection situation or processing practice, infringement of the data subject's interests, and measures such as pseudonymization or encryption for ensuring safety.
2. When the company collects personal information, it informs the users in advance and obtains their consent. The company collects personal information through the following methods:
   • When the user agrees to the collection of their personal information during the process of applying for a partnership, registering for membership on the website, or using the service, and directly enters the information or fills out an offline document.
   • When the company receives personal information from affiliated services, organizations, etc.
   • When personal information is collected through customer service consultation process via webpage, app, email, fax, phone, etc.
   • When personal information is collected through events or promotions both online and offline.

Article 3 (Purpose of Collection and Use of Personal Information and Collection Items)

1. The Company collects essential personal information necessary for the provision of services and does not request personal information that violates users' human rights, such as race, religion, beliefs, and health status. Users may refuse to provide the following personal information, but if they refuse to do so, they may not be able to use some or all of the services.

   1-1. Purpose of collection and use: Performance of contracts and provision of services, consultation/complaint handling, notification of important matters

   Classification: Essential informationCollection and use items: 1) Name (nickname), email address 2) Contract information related to the use of the service, its status, inquiries, and processing history (if applicable), login token 3) Device location information

   Retention and use period: Until the user withdraws membership. However, except for cases where it is necessary to retain it under relevant laws and regulations, it will be destroyed immediately after the purpose is achieved.

   1-2. Collection and Use Purpose: Social SignUp

   Classification: Required InformationCollection and Use Items: Google account (email, name), Apple account (email, name), Facebook account (email, name)Retention and Use Period: Until the member withdraws. However, items will be destroyed without delay upon achievement of the purpose, except when retention is required by related laws and regulations.

   1-3.  Purpose of Collection and Use: Complaint Reception and Measures for Rights Infringement

   Classification: Required information

   Items collected and used: In case of self-report, name, date of birth, mobile phone number, email information and other personal identification information. In case of proxy report, information of the representative (address, phone number, copy of ID, email address, date of birth) and a copy of the business registration certificate.

   Retention period: Until the completion of the purpose of collection and use. However, if it is necessary to retain it pursuant to related laws and regulations, it will be retained and managed according to the laws and regulations.

2. In the process of using the service for the purpose of ensuring stability of the service, providing a safe service, and restricting illegal activities in accordance with the law and the terms of service, information may be automatically generated or collected.

   • Service usage records, access logs, transaction records, IP information, cookies, records of improper or illegal usage, mobile device information (model name, mobile carrier information, OS information, screen size, language and country information, advertising ID, device identification information, etc.)

   • For the purpose of ensuring the stability of the service, providing a safe service, and restricting acts that violate laws and service terms of use, information may be automatically generated or collected during the process of using the service. This includes service usage records, access logs, transaction records, IP information, cookies, records of abusive and wrongful use, and mobile device information (model name, mobile carrier information, OS information, screen size, language and country information, advertising ID, device identification information, etc.).

   • Information collected by law regarding members.

     Classification	Retention period	Basis for retention
     Service login record:	3 Months	Article 15-2 (Duty to cooperate of telecommunications business operators) of the Act on Protection of Communications Secrets • Storage of communication data for confirmation under Article 41 of the same Act (Duty to cooperate of telecommunications business operators, etc.)
     Record of consumer complaints or dispute resolution	3 Years
     Record of contracts, withdrawal of subscription, etc. and supply of goods, such as payment history	5 Years	Article 6 (Retention of transaction records, etc. by business operators) of the Act on Consumer Protection in Electronic Commerce, etc. • Article 6 of the Enforcement Decree of the same Act (Subjects of transaction records preserved by business operators)
     Records related to display/advertising	6 Months
     Ledgers and supporting documents related to all transactions specified by tax laws	5 Years	National Tax Basic Law, Article 85-3 (storage and preservation of ledgers, etc.)
     Records related to electronic financial transactions	5 Years	Electronic Financial Transactions Act, Article 22 (creation, retention, and disposal of electronic financial transaction records)
     Information on financial transactions subject to actual name verification and reporting, and customer identification data	5 Years	Specific Financial Information Act, Article 5-4 (retention period of financial transaction information held by financial institutions, etc.)

3. Sensitive personal information that could potentially violate the basic human rights of users, such as race or ethnicity, beliefs or religion, place of origin or domicile, political inclination or criminal records, medical information, etc., will not be collected.

4. User's personal information is used only for a limited period during which the service is provided from the time of using the service. If a user requests termination of the agreement, withdraws consent to the collection and use of provided personal information, or the purpose of collection and use is achieved, or the retention and use period expires, the user's personal information will be promptly destroyed.

   • Personal information printed on paper: shredded with a shredder or incinerated.
   • Personal information stored in electronic files: deleted using a technically irreversible method to prevent the reuse of the record.

5. If a user requests to access the transaction information that the company holds with the user's consent, the company takes necessary measures to promptly confirm the details.

6. All personal information of users collected by the company for service provision is transmitted to a data center located in the Republic of Korea region of AWS (Amazon Web Services) using secure encryption communication from the collection stage and stored during the retention period specified in the company's privacy policy. The security of the cloud can be confirmed through international certification programs obtained by AWS, and the joint responsibility document between the company and the cloud service provider, AWS, can be found at this link. (https://aws.amazon.com/compliance/shared-responsibility-model/)

Article 4 (Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information)

1. A cookie is a small amount of information that a website sends to the user's browser (Internet Explorer, Chrome, Firefox, other mobile browsers). The company uses 'cookies' to store and retrieve information about users on a regular basis. Cookies identify the user's computer or mobile device, but do not personally identify the user. In addition, members have the option to choose whether to accept cookies.
   • You can have the option to accept all cookies, receive notifications when a cookie is installed, or refuse all cookies by going to the tool > internet options tab in the top of the web browser (such as Internet Explorer, Chrome, Firefox, and other mobile browsers).
   • In the case of mobile devices, you can control cookie settings in the 'Settings' menu or in the settings menu of each mobile browser. However, if you refuse cookies, there may be some restrictions on using services that require logging in.
2. Operation of Cookies
   • Cookies may be used to ensure the security and convenience of the service, such as managing login session duration.
   • They may also be used to provide tailored information, such as optimized advertisements, based on the user's website usage patterns.