General Provisions

• “Personal information” refers to information that pertains to a living person, including the full name, resident registration number and image by which the individual in question can be identified. It includes information that cannot be used on its own, but can be used with other information to identify the individual in question.
  [Article 2.1 of the Personal Information Protection Act]
• The Company attaches a great deal of importance to users’ personal information and abides by all laws and ordinances relating to the protection of personal information.
• The Company only handles the minimum amount of personal information that is needed to achieve the purpose of processing personal information.
• Through its privacy policy, the Company informs users of the purposes and the ways the Company uses users’ personal information and what measures the Company takes to protect such personal information.
• The Company ensures that users can readily view its privacy policy at all times by displaying its privacy policy on the initial screen of its representative home page.
• The Company may revise its privacy policy, as applicable laws or internal management regulations are modified or otherwise changed. Upon revision of its privacy policy, the Company will announce the same through a notice on its representative home page (www.e-won.co.kr) (or by notifying each user).

The purpose of personal information

The purpose of personal information processing The Company processes personal information for the following purposes: The personal information processed by the Company will not be used otherwise than for the following purposes and will seek prior consent if the purpose of use thereof is changed.

The personal information of visitors to the Company’s representative home page: such personal information is processed by the Company to answer questions concerning the matters they want to know about the Company.

The processing and retention period of personal information

• The personal information will be retained and used by the Company till “purposes of collecting and using the personal information” mentioned above are fully achieved. The personal information is retained by the Company for approximately 3 years in order to utilize the same as the data constituting the basis supporting the content of its consultation activities.
• Upon request of the user concerned, the Company promptly delete the user’s personal information without delay.

Matters regarding the entrustment of the processing of personal information

• The Company may entrust specialized outside service providers with the collection, storage, processing, use, provision, management, destruction, etc. (hereinafter referred to as “processing”) of users’ personal information, in order to facilitate the execution of its activities, including without limitation the provision of better services and convenience for users.
• If the Company entrusts any specialized outside service provider with the handling of users’ personal information, the content of the entrusted activities and the service provider are described in the table below.

• In entrusting the processing of such personal information, the Company expressly sets forth the service provider’s responsibilities by entering into an entrustment agreement or otherwise, including without limitation compliance with the relevant provisions of applicable laws concerning the protection of personal information; confidentiality of personal information and prohibition of the provision thereof to a third party; liability for damages; period of entrustment; and return and destruction of personal information and retains such agreement in writing or electronically.
• In principle, the Company does not entrust the processing of personal information otherwise than for the purpose of providing its services, without the consent of the user concerned. Notwithstanding the foregoing, if the need arises, the Company notifies the user concerned of the content of the activities to be entrusted and the service provider’s name and obtains consent from the user.

Matters regarding rights and obligations of the subject of personal information and methods of exercising such rights

• The user may at any time access or request the correction of his/her personal information retained by the Company; the description of the use and/or provision thereof by the Company; the description of the user’s consent given to the collection, use and provision thereof by the Company. When requested by the user to correct errors existing in his/her personal information, the Company promptly makes corrections thereof without delay if it is deemed necessary to correct or delete the same.
• Please contact our personal information representative in writing, over the phone, by e-mail, etc. to request access to, correction or deletion of the description of your consent given to the Company, and necessary actions will be promptly taken by the Company.
• If a person acting on behalf of the user visits the Company to request access to or certification of the aforementioned information, the Company closely identifies the representative by requesting him/her to provide a power of attorney and his/her identification by which the Company can confirm whether the representative has been duly authorized by the user.
• The user may request access to, correction or deletion of his/her personal information.

Personal information items to be processed

• Items of personal information to be collected : name/ company name/ contact information/e-mail address
• The basis for retaining personal information and applicable laws : guidelines for the protection of personal information under applicable laws, including without limitation 「the Personal Information Protection Act」 and 「the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.」, and the Enforcement Decrees thereof
• The following information may be automatically generated and collected in the course of using the services:
  - Records regarding the use of services (access date and time) and access IP information

Matters regarding the installation/operation of automatic personal information collection device and refusal thereof

• Purposes of using cookies
  - The Company uses cookies which serves to store and, from time to time, retrieve the information on the subject of personal information, in order to provide customized services. A cookie means a small amount of information transmitted by the website server to the browser of the subject of personal information and is stored in the hard disk of the subject’s personal computer. When a user visits the website afterward, the website server reads the contents of the cookie stored on the user's hard disk, maintains the user's preferences, and uses the cookie to provide customized services
  - Cookies automatically/actively collects no information that can identify any individual, and the user may at any time refuse to store or delete such cookies.
• Installation/operation of cookies and refusal thereof
  - The subject of personal information has the option to install cookies. By setting up an option in his/her web browser, therefore, the subject may allow all cookies to be stored or cause such cookies to go through his/her confirmation whenever they are stored, or may refuse to store all cookies. If the user refuses to store cookies, however, the user may have difficulty using certain services that require the user to sign up.
  
  How to specify whether to allow the installation of cookie (For Internet Explorer)
  ① Select [Internet option] from [Tools] menu.
  ② Click [Privacy] tab.
  ③ Set the [Privacy level].

Matters regarding personal information destruction

• The Company promptly destroys personal information when the purpose of collecting and using such personal information or the retention period thereof has expired, except where such personal information has to be retained with the consent of the user concerned or pursuant to the relevant provisions of the Terms of Use or applicable laws.
• The Company destroys personal information recorded on paper by shredding with a shredder or through incineration, while it destroys personal information electronically stored, by using such methods that render such information impossible to be regenerated.

Matters regarding personal information protection manager

The Company has appointed, as follows, the responsible persons to direct the overall activities regarding the processing of personal information and also resolve complaints raised by the subject of such personal information and remedy the damage suffered.

Matters regarding changes in the privacy policy

• This privacy policy shall come into effect on the effective date (September 30, 2011) and in case of additions of future changes, deletions and/or corrections made pursuant to applicable laws and relevant guidelines, if any, the Company will announce the same through a notice on its web site prior to such additions, deletions and corrections. Matters regarding securing the safety of personal information

Matters regarding securing the safety of personal information

In processing users’ personal information, the Company takes proper technical and administrative measures, as follows, to secure safety so as to protect such personal information from loss, theft, leakage, alteration or damage

• Countermeasures against hacking, etc.
  - The Company makes its utmost endeavors to prevent users’ personal information from being leaked or otherwise damaged through hacking, computer viruses, etc. The Company applies security devices (such as SSL, etc.) serving to safely transmit personal information on the network by using safe password algorithms. In addition, the Company controls unauthorized access from outside by using an intrusion prevention system and also endeavors to furnish itself with all technical equipment available to secure safety in a systematic manner.
• The minimum number of personnel in charge of processing personal information and education
  - The Company’s employees involved in processing users’ personal information are limited to designated representatives in charge and separate passwords are granted exclusively for this purpose and regularly renewed. In addition, the Company gives education to representatives in charge from time to time, thereby ensuring that they will comply with the Company’s privacy policy.
• The Company grants access to personal information to the minimum number of personnel who have the need to know such personal information.