Company SCV (hereinafter referred to as "Company" or "XYZ") values the confidentiality of customer information and makes every effort to effectively manage and securely protect personal information of customers. The Company complies with various laws related to personal information protection, including the "Act on Promotion of Information and Communications Network Utilization and Information Protection." Additionally, the Company has established a privacy policy to ensure compliance and provides easy access to this policy for customers. The Company's privacy policy may be subject to changes due to amendments in related laws, guidelines, or internal operational policies. In case of any changes to the privacy policy, the revised content will be promptly notified.

Personal information refers to information about individuals that can identify specific individuals based on real names and other details (including information that can identify specific individuals when easily combined with other information). The personal information collected by the Company is used for the following purposes.

1. Processing matters related to service registration/changes/cancellations, inquiries related to after-sales service, etc., concerning service contracts.

2. Settlement of service usage fees, payment, collection, and personal authentication processes.

3. Determination of eligibility for fee reductions and provision of other services.

4. Use in various marketing activities including introduction of new products provided directly or through business partnerships, event announcements, customer attraction and management, service site usage statistics, newsletter distribution, customer surveys, etc.

5. Shipping of goods, invoice issuance, verification of legal representatives, record keeping for dispute resolution.

6. Outsourcing of necessary tasks for service provision to subcontractors as stated in this processing policy.

The Company collects only the minimum personal information necessary for service registration, consultation, and service provision.

1. The following items are collected at the time of membership registration - Mandatory items: ID, password, user name, company name, email address, business registration number, mobile phone number (or landline number) - Optional items: Address, fax number

2. In addition, the following information may be generated and collected during service usage, event participation, and other business processes - Service usage records, payment method information including bank/credit card information, billing and payment, service suspension records, access logs, cookies, IP address, PC information

3. The Company collects personal information through the following methods. a. Personal information provided by customers for membership registration, consultations via phone, fax, internet service sites, etc. b. Information generated or collected through service usage or business processing tools

The Company obtains consent from customers regarding the collection of personal information. For personal information collection, customers are provided with procedures to click on the "Agree" or "Disagree" button regarding the contents of the privacy policy or service terms and conditions. Clicking on the "Agree" button implies consent to the collection of personal information.

The retention and use period of customer's personal information are as follows.

1. The Company retains and utilizes collected personal information during the period of customer's service usage (from registration to termination) or the dispute handling period (retention period) as per legal requirements.

2. The retention period is up to 6 months after termination in cases of fee settlement, overdue fees, or ongoing fee-related disputes until resolution. However, information is retained according to specific legal regulations if applicable.

3. For terminated customers, personal information is retained according to Article 85-3 of the National Tax Basic Act. a. Retained items: Name, ID, password, phone number, email address, address, department information, legal representative information, service usage records, access logs, IP information, fee details (billing amount, VAT amount, collection amount, billing date, collection date), payment records, payer name, service usage, reduction amount and reason, billing address for fees, etc. b. Retention period: 5 years

4. Other a. Log records necessary for providing communication confirmation materials, IP addresses, etc., are retained for 3 months (Telecommunications Secrecy Protection Act). b. Tracing data related to the location of information and communication devices connected to the communication network and the subscriber number of the counterpart during provision of communication confirmation materials: 12 months (Telecommunications Secrecy Protection Act). c. Records related to display/advertisements: 6 months (Act on Consumer Protection in Electronic Commerce, etc.). d. Records related to contracts or withdrawal of offers: 5 years (Act on Consumer Protection in Electronic Commerce, etc.). e. Records related to supply of payments and goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.). f. Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.). g. Records related to collection/processing/use of credit information: 3 years (Act on the Use and Protection of Credit Information).

The Company promptly destroys personal information after the purpose of collection and use has been achieved. However, if a customer has not used the website for 1 year, the Company notifies them in advance, segregates and manages personal information separately, and then destroys it. The procedure and method of destruction are as follows.

1. Destruction Procedure a. Personal information provided by customers is destroyed after being stored for a certain period according to Article 5 (Retention and Use Period), internal policies, and related laws. b. Destruction targets: Personal information of customers whose retention period has expired or who have had their personal information managed separately for 1 year due to no website usage.

2. Destruction Method a. Personal information stored in electronic file formats (DB, etc.): Deleted using technical methods that cannot be restored. b. Personal information written on paper (documents): Shredded or incinerated.

Except as stated in the "Purpose of Collection and Use of Personal Information," the Company does not use or provide customers' personal information beyond the scope notified in "Collection and Use Purposes of Personal Information." However, under certain circumstances, personal information may be provided without customer consent in accordance with relevant legal regulations

1. When necessary for settlement of service charges related to service provision.

2. When obtaining customer consent is significantly difficult due to economic or technical reasons necessary for the performance of contracts related to service provision.

3. When there is a request from a related agency for investigation purposes according to relevant legal regulations.

4. When provision is required in accordance with special provisions of related laws through lawful procedures.

The Company operates by outsourcing personal information processing tasks for customer convenience, service contract execution, after-sales service provision, and related tasks. The outsourcing details are as follows

1. The Company does not contract with children under 14 years of age due to the nature of the service, and does not collect personal information of children under 14 years of age.

2. Customers have the right to access their personal information, request correction of any errors, and the Company promptly takes necessary measures. In case of requests for correction, the Company refrains from using the information until the correction is completed. Additionally, if incorrect personal information has already been provided to third parties, the Company notifies them promptly of the correction results to ensure the correction is made. Customers can access and correct personal information via the service site (www.kinx.net) by entering their ID and password and logging in to the "User Information" menu. However, for some services, you may need to submit a separate change request form in writing and send it by fax to process changes.

3. Customers may withdraw consent for the collection, use, and provision of personal information at any time. You can withdraw consent through written communication or email according to Annex 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company promptly takes necessary measures after confirming the identity of the customer.

The Company operates 'cookies' to identify and store necessary information when operating the service site. Cookies are small text files sent by the Company's server to the customer's web browser and stored on their computer's hard disk. Customers can decide whether to allow or refuse information collection through cookies by setting the security policies of their web browsers.

1. Information collected and purposes of using cookies.

2. Customers have the right to choose whether to install cookies. Therefore, you can adjust the level of information collection through cookies by setting the option in the web browser. You can adjust the level of information collection through cookies by selecting [Internet Options] -> [Security] -> [Custom Level] in the [Tools] menu of the web browser. b. You may choose to confirm each time cookies are stored or refuse to store all cookies. However, refusing to install cookies may cause difficulties in providing services.

The Company has established technical and managerial measures to ensure the safety of customer's personal information from loss, theft, leakage, alteration, or damage.

1. Technical protection measures a. Personal information is protected by passwords, and important data is further secured through encryption of files and transmission data or using file locking (Lock) functions. b. To prevent customer personal information from being leaked due to hacking or similar incidents, systems are installed in restricted areas inaccessible from outside.

2. Administrative safeguards a. The company minimizes and manages the access rights of personnel who can handle customers' personal information, and ensures compliance with laws and policies through education. The individuals who handle customers' personal information are as follows. 1. Those who engage in marketing activities by directly or indirectly dealing with customers 2. Personnel responsible for personal information management and protection tasks, such as the Personal Information Protection Officer and other personal information management staff 3. Personnel for whom the processing of personal information is unavoidable for business purposes b. When hiring new employees, we prevent the leakage of information (including personal information) by having them sign a confidentiality agreement. c. The handover of duties for personnel handling personal information is carried out thoroughly while maintaining security, and the responsibilities for any personal information breaches are clearly defined both during and after employment. d. The company designates the computer room and data storage areas as restricted zones, controlling access to these areas. e. When collecting or providing payment information such as a customer's bank account or credit card number for the purpose of entering into a service agreement or providing a service, necessary measures are taken to verify the identity of the customer. f. The company is not responsible for issues arising from the customer's mistakes or inherent risks of the internet. To protect personal information, customers must thoroughly manage and be responsible for their own ID and password. g. In the event of personal information loss, leakage, alteration, or damage due to internal management errors or technical issues, the company will promptly inform the customer and take appropriate measures.

Customers with inquiries, opinions, or complaints related to personal information protection should send their comments via email to the Personal Information Protection Officer or designated personnel listed below. We will promptly receive and address the matter and inform you of the results.

1. Personal Information Protection Manager a. Management Responsible Person: [Name] b. Management Contact Person: [Name] c. Phone Number: 000-0000-0000 d. Email: aaa@aaa.com

2. For reporting or consulting on other personal information breaches, please contact the following organization a. Cyber Safety Bureau, National Police Agency: Website http://cyberbureau.police.go.kr / Phone: 182 (without area code) b. Cyber Investigation Division, Supreme Prosecutors' Office: Website http://www.spo.go.kr / Phone: 1301 (without area code) c. Personal Information Dispute Mediation Committee: Website http://www.kopico.go.kr / Phone: 1833-6972

Any additions, deletions, or modifications to the privacy policy will be announced on the service site's "Notice" section at least 7 days before the changes take effect.

Article 1 (Effective Date) ① This privacy policy will take effect from January 1, 2020. ② This privacy policy will take effect from January 1, 2021. ③ This privacy policy will take effect from January 1, 2022.