CLEOSIS Personal Information Treatment Policies

CLEOSIS (hereinafter referred to as “Company”) very seriously takes into consideration protection of customers’ personal information, and complies with the Act Relating to Promotion of Information Communications Network and Personal Information Protection. The Company hereby notifies customers for what uses and in what ways we use the personal information provided by customers and what measures we take to protect the personal information. When the personal information treatment policies are amended, the Company will notify customers thereof through the website notifications (or individual notifications).

Items of Personal Information to be Collected and Collection Methods

The Company collects the following personal information for purposes of providing membership services, including membership subscriptions, consultations, prevention of wrongful uses:

• * Required items : names, IDs, passwords, e-mail addresses, addresses, mobile phone numbers, telephone numbers, IP addresses, payment records,
• * Selective items : Information required by the Company to provide customized services.

Purpose of Collection and Use of Personal Information

The Company uses the collected personal information for the following purposes:

• Payment of costs incurred as a result of performing agreements on provisions of services or providing services, Provisions of the contents, purchases or cost payments, deliveries of goods or sending bills, etc., verifying identifications for financial transactions, and financial services
• Control of Members

To verify identifications for uses of membership services, to identify individuals, to prevent wrongful uses of bad members or unauthorized uses, to verify intents for subscriptions, to verify ages, to verify the consent of a legal representative for collecting personal information of children of not more than fourteen (14) years old, to handle civil complaints including handling grievances, to convey notifications

• Use for Marketing and Advertisements

To convey information for advertisements including events, to figure out contact frequencies, to obtain statistics on service uses by members

Retention and Use Period for Personal Information

In principle, after the purposes of collecting and using personal information have been fulfilled, the Company shall without delay destroy relevant information; provided, however, that the Company shall retain personal information for a certain period of time where it is required to do so for purposes of confirming transactions related management and rights under the provisions of relevant laws including the Commercial Code and the Act Relating to Consumer Protection in Electronic Commercial Transactions as follows:

• Records on agreements or withdrawals of offers : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
• Records on payments and supplies of goods : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
• Records on complaints of consumers or dispute resolutions : three (3) years (the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.)
• Where personal information has been collected for temporary purposes, such as questionnaires, events : at the time of completion of a particular questionnaire or event
• Records on verification of identification: six (6) months (the Act Relating to Information Communication Network Promotion and Personal Information Protection)
• Records on visits (log-ins) : three (3) months (the Communication Secret Protection Act)

Destruction Procedures and Methods for Personal Information

The Company in principle shall without delay destroy relevant information after the purposes of collecting or using personal information have been fulfilled. The destruction procedures and methods shall be as follows:

• Destruction Procedures

The information entered by users for use of the services is moved to a separate database after the purposes have been fulfilled (a separate document in the case of a sheet), and destroyed after the information has been saved for a certain period of time according to the information protection reasons under the internal policies or other relevant laws (for your reference, see the retention and use period for personal information). The personal information separately moved to a database is not used for purposes other than the purpose of being preserved unless it is so required by laws.

• Destruction Methods
1. * The personal information printed out in sheets shall be shredded by paper shredders or destroyed by way of incineration.
2. * The personal information saved in an electronic file format shall be deleted with the use of technical methods in which records cannot be regenerated.