Sungwon ind Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy in accordance with Article 30 of the Personal Information Protection Act, to protect the personal information of data subjects and to ensure the prompt and smooth handling of related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. 1. Providing responses and managing inquiries submitted through the website.

Article 2 (Processing and Retention Period of Personal Information)

1. 1. The Company processes and retains personal information within the period agreed upon by the data subject at the time of collection or within the period required by applicable laws and regulations.
2. 2. The processing and retention period is as follows:

   - Within 3 years from the date the website inquiry is received.

Article 3 (Provision of Personal Information to Third Parties)

1. The Company uses personal information only within the scope notified in advance and does not disclose it externally or use it beyond the stated scope without the prior consent of the data subject. However, exceptions apply in the following cases:
   - Where the data subject has given prior consent.
   - Where disclosure is required by law, or where requested by an investigative agency in accordance with legally prescribed procedures and methods.

Article 4 (Entrustment of Personal Information Processing)

1. In principle, the Company does not entrust the processing of personal information without the user’s consent. However, for smoother and improved customer service, the Company may entrust the management of personal information to a limited extent to external service providers. In such cases, the Company will disclose the name of the consignee, purpose, duration, and terms of the entrustment (including compliance with relevant laws, prohibition of third-party sharing, and responsibility provisions) through public notices or this privacy policy and will obtain prior consent when required.

Article 5 (Rights and Obligations of Data Subjects and Exercise Methods)

1. 1. Data subjects may exercise the following rights related to personal information protection at any time with respect to the Company:

   - Request to access personal information
   - Request correction if there are errors
   - Request deletion
   - Request suspension of processing

2. 2. These rights may be exercised in writing, by telephone, or by email, and the Company will take prompt action without delay.
3. 3. When a data subject requests correction or deletion of personal information, the Company will not use or provide the information until the correction or deletion has been completed.
4. 4. These rights may also be exercised by a legal representative or an authorized agent of the data subject. In such cases, a power of attorney in accordance with Form No. 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.
5. 5. Data subjects must not infringe on their own or others’ privacy or personal information processed by the Company in violation of relevant laws such as the Personal Information Protection Act.

Article 6 (Items of Personal Information Processed)

1. 1. For providing responses to website inquiries and managing inquiry status:

   - Required items: Name, contact information (telephone number, email address), company name

2. 2. In the course of using internet services, the following information may be automatically generated and collected:

   - IP address, cookies, MAC address, service usage records, visit history, records of improper use, etc.

Article 7 (Destruction of Personal Information)

1. 1. When the retention period has expired or the purpose of processing has been achieved and personal information is no longer necessary, the Company shall destroy such personal information without delay.
2. 2. The procedures and methods of destruction are as follows:

   - Destruction procedure: The Company selects personal information for destruction upon occurrence of the reason, obtains approval from the person in charge of personal information protection, and proceeds with destruction.
   - Destruction method: Personal information printed on paper will be shredded or incinerated, and electronic files will be permanently deleted using technical methods that prevent data recovery.

Article 8 (Measures to Ensure the Security of Personal Information)

1. The Company takes the following measures to ensure the security of personal information:
2. 1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
3. 2. Technical measures: Management of access rights to personal information processing systems.

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

1. 1. The Company uses ‘cookies’ to store and retrieve usage information in order to provide users with personalized services.
2. 2. Cookies are small data files sent by the web server (HTTP) to the user’s browser and may be stored on the user’s hard drive.
3. 3. Purpose of using cookies: To analyze the types of visits and usage patterns, popular search terms, and security connection status of each service or website visited by users in order to provide optimized information.
4. 4. Installation, operation, and rejection of cookies: Users can refuse cookie storage by setting options in their web browser (Tools → Internet Options → Privacy menu).
5. 5. If the storage of cookies is refused, some personalized services may be limited.

Article 11 (Remedies for Infringement of Rights)

1. Data subjects may contact the following institutions for inquiries, counseling, or remedies regarding personal information infringements. (The institutions listed below are independent from the Company. Please contact them if you are dissatisfied with the Company’s internal complaint resolution process or need further assistance.)
2. 1. Personal Information Infringement Report Center (Korea Internet & Security Agency)

   - Main tasks: Reporting and consulting on personal information infringements
   - Website: privacy.kisa.or.kr
   - Phone: 118 (no area code)
   - Address: 3F, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324, Republic of Korea
3. 2. Personal Information Dispute Mediation Committee

   - Main tasks: Mediation and collective dispute resolution (civil settlement)
   - Website: www.kopico.go.kr
   - Phone: +82-1833-6972 (no area code)
   - Address: 12F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Republic of Korea
4. 3. Supreme Prosecutors’ Office Cyber Crime Investigation Division: +82-02-3480-3573 (www.spo.go.kr)
5. 4. National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

Article 12 (Changes to the Privacy Policy)

1. This Privacy Policy shall take effect from December 1, 2024.

Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

Article 48 (Prohibition of Acts of Infringement on Information and Communications Networks)

1. 1. No person shall access an information and communications network without proper authorization or beyond the scope of permitted access rights.
2. 2. No person shall, without justifiable reason, damage, delete, alter, or forge any information system, data, or program, or transmit or distribute any program (hereinafter referred to as “malicious program”) that may interfere with the operation thereof.
3. 3. No person shall cause disruption to an information and communications network by sending a massive amount of signals or data, or by processing unauthorized commands, for the purpose of hindering the stable operation of the network.

Article 65 (Penal Provisions)

1. 1. Any person who falls under any of the following subparagraphs shall be punished by imprisonment for not more than five years or by a fine not exceeding 50 million won.
2. 2. An attempt to commit any offense referred to in subparagraph (1) 9 shall also be punishable.