Saltlux shall not use personal information for any purposes other than those intended; if the purpose/s change, Saltlux shall thereupon obtain the consent of the owner/s of the relevant information that is to be used for the new purpose/s. Saltlux uses collected personal information for the following purposes:

• 1. Request for Access to Personal Information: Access to personal information files held by Saltlux may be requested, in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, requests for access to personal information may be restricted, according to Article 35 (5) of the Personal Information Protection Act.
• 2. Collected Items (Required): Name, Company Name, Email, Contacts
• 3. Period of Holding: In principle, after collection and the subsequent collection purposes for personal information have been achieved, the relevant personal information shall be destroyed without delay. Provided, where personal information must be preserved pursuant to any related statutes, personal information may be preserved for a period laid down in related statutes as follows:

• 1) Records of transactions, such as marks, advertisements, content of contracts, and the execution thereof, according to the Act on the Consumer Protection in Electronic Commerce, etc.

• Records of marks and advertisements: June
• Records of consumer complaints and/or settlements of disputes: Three (3) years

• 2) Preservation of communication confirmation data pursuant to Article 41 of the Protection of Communications Secrets Act

• Computer communication, Internet log records, data on tracing the location of connectors: Three (3) months
• Preservation of identity verification information pursuant to Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection: Six (6) months after the posting of that information on a message board

A user, as an owner of information, may exercise the following rights:

• 1. Request for Access to Personal Information: Access to personal information files held by Saltlux may be requested, in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, requests for access to personal information may be restricted, according to Article 35 (5) of the Personal Information Protection Act.

• A. Where access to information is prohibited or restricted by Acts;
• B. Where a third party is likely to be physically harmed, or a third party's property, or other interests, are likely to be unduly infringed upon;
• 다. for each product. Where access to information substantially hinders a public institution performing any of the following:

• Affairs concerning tests of academic achievement, functions and employment, and qualification evaluation
• Affairs concerning an assessment or decision in progress regarding compensation and/or benefits
• Affairs concerning an audit and/or investigation being conducted under other Acts

• 2. Request for Correction or Deletion of Personal Information: An owner of information may request the correction or deletion of his/her personal information held by Saltlux, in accordance with Article 36 (Correction or Deletion of Personal Information) of the Personal Information Protection Act: Provided, that if other statutes stipulate that the particular personal information be collected, the owner of information shall not be able to request the deletion thereof.
• 3. Request for Suspension from Managing Personal Information: An owner of information may request the suspension of the management of his/her personal information held by Saltlux, in accordance with Article 37 (Suspension from Managing Personal Information) of the Personal Information Protection Act: In addition, a legal guardian of a child under the age of 14 years may request access to, the correction, deletion, or suspension of the child's personal information from Saltlux. However, the request for suspension of personal information may be restricted, according to Article 37 (2) of the Personal Information Protection Act.

• A. Where there exist special provisions in any Act, or it is necessary to fulfill an obligation imposed by or under any statute;
• B. Where a third party is likely to be physically harmed, or a third party's property, or other interests, are likely to be unduly infringed upon;
• C. for each product. Where a public institution is unable to conduct its affairs stipulated by or under other Acts unless it manages said personal information;
• D. Where it is impractical to perform a contract, such as a failure to provide an owner of information with stipulated services unless Saltlux does manage their personal information, and the owner of the information fails to clearly express his/her intention to terminate the contract.0

• 4. Regarding the request for access to, correction, deletion, or suspension of management of personal information, Saltlux shall notify the owner regarding the relevant affairs within ten (10) days. Access to, correction, deletion, and/or suspension of the management of personal information may be requested through the relevant department.
• 5. The above-mentioned rights may be executed through a legal representative of an owner of information, or an agent delegated by the owner of said personal information. In this case, a power of attorney must be submitted.

Saltlux shall take the technical, administrative, and physical measures necessary to ensure safety, pursuant to Article 29 of the Personal Information Protection Act.

• 1. Establishment and Execution of Internal Management Plans Saltlux establishes and executes its internal management plan of January 6, 2014, pursuant to the ‘Standard to Secure Safety of Personal Information’ (Notice 2011-43 of the Ministry of Public Administration and Security)
• 2. Minimization and Education of Designated Personal Information Managers: Saltlux shall minimize the designation of personal information managers and conduct regular education programs.
• 3. Restrictions on Access to Personal Information: Saltlux controls access to personal information through the granting, changing and cancellation of access rights to database systems to handle personal information, and prevents illegal access from outside using firewall systems and intrusion protection systems. When a personal information manager accesses personal information systems from outside through information network systems, he/she uses VPN (Virtual Private Network). Saltlux shall record details regarding the granting, changing and cancellation of access rights and store the records for at least three (3) years.
• 4. Encryption of Personal Information: Saltlux shall encrypt, save, and manage users’ personal information. In addition, Saltlux uses separate security functions such as encrypting when saving and transferring important data.
• 5. Technical Measures to Prepare for Hacking and more: Saltlux installs security programs, conducts regular updates and examinations, installs systems in areas of restricted access from outside, and monitors and blocks technically and physically to prevent personal information leakage and damage by hacking or computer viruses.
• 6. Access Control of Unauthorized Persons: Saltlux prepares a separate physical storage place for personal information systems storing personal information, and establishes and operates its access control procedures.

Saltlux will make reasonable efforts to respond to queries regarding personal information protection or reporting/handling personal information infringement.

The Personal Information Management Policies shall apply from July 1, 2015.