Privacy Policy

The Company processes personal information for the following purposes. Personal information being processed shall not be used for any purpose other than those stated below. If the purpose of use changes, necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act will be implemented. 1. Website Membership Registration and Management Personal information is processed for the purposes of confirming membership registration intent, identity verification for membership services, maintaining and managing membership, identity verification under limited identification systems, preventing unauthorized use, confirming parental consent for children under 14, various notifications, and grievance handling. 2. Provision of Goods or Services Personal information is processed for the purposes of product delivery, service provision, sending contracts and invoices, content provision, customized service provision, identity verification, age verification, payment and settlement, and debt collection. 3. Grievance Handling Personal information is processed for the purposes of verifying the identity of complainants, confirming complaints, contacting for fact-finding, and notifying processing results.

① The Company processes and retains personal information within the period of personal information retention and use prescribed by law or agreed upon when collecting personal information from data subjects. ② The processing and retention periods for each type of personal information are as follows: 1. Website membership registration and management: Until withdrawal from the website 2. Provision of goods or services: Until completion of supply and payment settlement 3. Retention under applicable laws: Contract and subscription withdrawal records for 5 years under the E-Commerce Act, payment and supply records for 5 years, consumer complaint and dispute resolution records for 3 years

① The Company processes personal information of data subjects only within the scope specified in Article 1, and provides personal information to third parties only in cases falling under Article 17 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law. ② The Company currently does not provide personal information to third parties. If provision to third parties becomes necessary in the future, separate consent will be obtained from data subjects before provision.

The Company processes the following personal information items: • Required items: Name, contact number, email • Optional items: Company name • Automatically collected items: Access IP, cookies, service usage records, access logs, visit dates

① The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved. ② The procedures and methods for destruction are as follows: • Electronic file format: Securely deleted so that recovery and reproduction are impossible • Records, printouts, written materials: Shredded or incinerated

The Company takes the following measures to ensure the safety of personal information: • Administrative measures: Establishment and implementation of internal management plans, regular employee training • Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information • Physical measures: Access control to server rooms and data storage facilities

① Data subjects may exercise the following personal information protection rights at any time: 1. Request to view personal information 2. Request for correction in case of errors 3. Request for deletion 4. Request to suspend processing ② The above rights may be exercised through written request, telephone, or email to the Company, and the Company will take action without delay. ③ If a data subject requests correction or deletion of errors in personal information, the Company shall not use or provide such personal information until the correction or deletion is completed.

The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing and to handle grievances and damage relief related to personal information processing by data subjects. • Personal Information Protection Officer: Dasom Min (CEO) • Contact: +82-10-5958-1199 • Email: contact@mindasom.com Data subjects may direct all inquiries, complaints, and requests for damage relief related to personal information protection arising from the use of the Company's services to the Personal Information Protection Officer.

This Privacy Policy is effective from February 22, 2026. If there are any changes, we will notify through the website notice board at least 7 days prior to the effective date.