The Company processes personal information for the following purposes. The personal information being processed is not used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the 'Personal Information Protection Act'.

1. Service Application and Customer Management

2. Personal information is processed for the purpose of identifying and authenticating users according to service applications and preventing misuse of services.

3. Personal information is processed for customer management purposes following the transition to paid services.

The Company processes and retains personal information within the personal information retention and use period prescribed by law or the personal information retention and use period consented to by the data subject when collecting personal information.

1. Website membership registration and management: Until withdrawal from the Company's website.

2. Provision of goods or services: Until the completion of the supply of goods/services and the completion of payment and settlement. However, if personal information must be retained for a certain period according to other laws, it will be until the end of that period, and the details are as specified in Article 6 of this Privacy Policy.

1. The Company entrusts personal information processing tasks as follows for smooth personal information business processing.

Company Name	Purpose of Entrustment
AWS	Use of Cloud Services

1. When concluding entrustment contracts, the Company, in accordance with Article 26 of the 'Personal Information Protection Act', specifies in documents such as contracts that personal information processing is prohibited for purposes other than performing the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of trustees, compensation for damages, and other responsibilities, and supervises whether the trustee processes personal information safely.

2. If the content of the entrusted task or the trustee changes, we will promptly disclose it through this privacy policy.

3. Fobecon does not provide any customer information to third parties without an official letter and warrant from investigative agencies in order to comply with the law. Additionally, when investigative agencies send a request to Fobecon to access customer information, Fobecon will guide the investigative agency to request the data directly from the customer.

1. Data subjects may exercise rights such as requesting access to, correction of, deletion of, or suspension of processing of personal information to the Company at any time.

2. The exercise of rights under paragraph 1 may be made to the Company by telephone, email, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the 'Personal Information Protection Act', and the Company will take action without delay.

[Reception and Processing Department]

Department	Responsibilities	Contact Number	Email
Service Operations Team	Reception and Processing of Personal Information Access Requests	070-8844-8790	contact@fobecon-ai.com

3. The rights under paragraph 1 may be exercised through a legal representative or a delegate such as a person who has received delegation. In this case, a power of attorney according to Form No. 11 of the 'Notice on the Method of Processing Personal Information (No. 2020-7)' must be submitted.

4. Requests for access to personal information and suspension of processing may be restricted by the rights of the data subject in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the 'Personal Information Protection Act'.

5. Requests for correction and deletion of personal information cannot be requested for deletion if that personal information is specified as a collection target in other laws.

6. When requesting access, correction, deletion, or suspension of processing in accordance with the rights of the data subject, the Company verifies that the person requesting access, etc., is the person themselves or a legitimate representative.

The Company processes the following personal information items for service applications and customer management after service usage transition.

Category	Personal Information Collection Items	Purpose of Collection and Use
Required Items	- Name, ID, Password, Email, Mobile Phone Number	Service application consultation and customer management during service transition
Automatically Generated/Collected Items	Cookies (Access Logs, IP Information)	Service application consultation and customer management during service transition

1. The Company promptly destroys personal information held based on Article 2 of the Privacy Policy when it becomes unnecessary due to the passage of time, account deletion (withdrawal), fulfillment of processing purposes, etc. However, if personal information must be preserved for a certain period according to other laws, that personal information or personal information file is stored and managed separately from other personal information and destroyed after the preservation period expires.

[Related Laws]

Act on Consumer Protection in Electronic Commerce, etc.	Protection of Communications Secrets Act
Records on consumer complaints or dispute resolution: 3 years	Communication fact confirmation data: 3 months
Records on payment and supply of goods, etc.: 5 years
Records on contracts or subscription withdrawals, etc.: 5 years

1. The procedure and method for destroying personal information are as follows.

2. In principle, the Company promptly destroys information after the purpose of collecting and using personal information has been achieved. The destruction procedure and method are as follows.

3. Destruction procedure: Information entered by members for membership registration, etc., is moved to a separate DB (Database) after the purpose is achieved, stored for a certain period according to internal policies and other relevant laws (refer to retention and use period), and then destroyed. Personal information moved to a separate DB is not used for purposes other than those based on law.

4. Destruction method: Personal information stored in electronic file format is deleted using technical methods that cannot reproduce the records. Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

The Company takes the following measures to ensure the safety of personal information.

1. Regular internal audits: We conduct regular internal audits to ensure the safety of personal information handling.

2. Minimization and education of personal information handling staff: We have implemented measures to manage personal information by designating employees who handle personal information and limiting it to the responsible persons to minimize it.

3. Establishment and implementation of internal management plans: We establish and implement internal management plans for the safe processing of personal information.

4. Technical measures against hacking, etc.: The Company installs security programs and conducts periodic updates and checks to prevent personal information leakage and damage due to hacking or computer viruses, and installs systems in areas controlled from external access and technically and physically monitors and blocks them.

5. Encryption of personal information: Users' personal information and passwords are encrypted, stored, and managed. Passwords are known only to the individual, and important data is protected by encrypting files and transmission data or using separate security functions such as file locking.

6. Access control for unauthorized persons

1. The Company uses 'cookies' that store and periodically retrieve usage information to provide individualized customized services to users.

2. Cookies are small pieces of information sent by the server operating the website to the user's computer browser and are sometimes stored on the users' computer hard drives.

3. Purpose of using cookies: They are used to provide optimized information to users by identifying the visit and usage patterns of each service and website visited by users, popular search terms, secure connection status, etc.

4. Installation, operation, and refusal of cookies

• Internet Explorer: You can refuse to store cookies through option settings in the Tools > Internet Options > Privacy menu at the top of the web browser.

• Chrome: You can refuse to store cookies through option settings in the More > Settings > Privacy and Security > Site Settings > Cookies menu at the top of the web browser.

1. The Company designates the following personal information protection officer to take overall responsibility for handling personal information processing tasks and to handle complaints and remedies for damages related to personal information processing for data subjects.

Name	Position	Contact Number	Email
Kim Min-soo	CTO	070-8844-8790	contact@fobecon-ai.com

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc., to receive remedy for damages caused by personal information infringement. For other reports and consultations on personal information infringement, please contact the following institutions.

1. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Reporting Center: (No area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr)

4. National Police Agency: (No area code) 182 (cyberbureau.police.go.kr)

A person whose rights or interests have been infringed due to a disposition or inaction by the head of a public institution regarding a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the 'Personal Information Protection Act' may request an administrative appeal in accordance with the Administrative Appeals Act.

※ For detailed information on administrative appeals, please refer to the Central Administrative Appeals Commission website (www.simpan.go.kr).

This privacy policy is effective from August 13, 2024.

Fobecon Inc. (hereinafter referred to as 'the Company') establishes and discloses the following privacy policy in order to protect the personal information of data subjects in accordance with Article 30 of the 'Personal Information Protection Act' and to handle related complaints promptly and smoothly.