ITL Co., Ltd. establishes its privacy policy and makes it public in order to protect the personal information of data subjects and handle their grievances promptly and efficiently under Article 30 of the Personal Information Protection Act.

○ This privacy policy takes effect from Jan. 1, 2023.

Article 1 (Purpose of Personal Information Processing)

ITL Co., Ltd. (hereinafter referred to as the “Company”) processes personal information for the following purpose. Personal information is not used for any other purposes than the intended purpose shown below. If the purpose of use of personal information changes, the Company will take necessary measures such as obtaining additional consent from the data subject in accordance with Article 18 of the Personal Information Protection Act.

1. Provision of goods or services
   • Personal information is processed to provide in-app and web services.

Article 2 (Period for Processing and Retaining Personal Information)

1. ITL Co., Ltd. uses and holds personal information within the legal period of using and retaining personal information or the period of using and retaining personal information consented by the data subject during personal information collection.
2. The period for the processing and retaining of personal information is as shown below.

Article 3 (Personal Information Items to be Processed)

1. ITL Co., Ltd. processes the following personal information items.
   • < Provision of goods or services >
     • Required item: Provision of in-app and web services
     • Optional item:

Article 4 (Procedure and Method of Destroying Personal Information)

1. ITL Co., Ltd. shall destroy personal information without delay when such information becomes unnecessary owing to the expiry of the retention period, the attainment of the purpose of personal information processing, etc.
2. If personal information must be continuously retained in accordance with other statutes even though the retention period of such information consented by the data subject expires or the purpose of personal information processing is attained, the personal information shall be moved to a separate database (DB) or stored in a separate place.
   • Legal grounds:
   • Personal information items to be retained: mobile number and username
3. The personal information destruction procedure and method are as shown below.
   • Destruction procedure
     ITL Co., Ltd. shall select personal information subject to destruction and destroy the information after obtaining approval from the privacy officer.
   • Destruction method
     When personal information subject to destruction is selected, the privacy officer of ITL Co., Ltd. shall delete the database (DB) of personal information completely.

Article 5 (Rights and Duties of Data Subjects and Legal Representatives, and How to Exercise Them)

1. A data subject may request access to, correction, or erasure of their personal information and suspension of the processing of such information from ITL Co., Ltd. at any time.
2. A data subject can request access to their personal information from the Company in writing, by e-mail or fax under Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act as stated in Paragraph 1. The Company will take necessary measures immediately.
3. A data subject may exercise their rights through their representative such as a legal representative and a person delegated by them as stated in Paragraph 1. In such a case, a power of attorney (Attached Form 11 of Notification of Personal Information Processing Methods) shall be submitted.
4. When a data subject requests access to their personal information or suspension of the processing of such information, their rights may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
5. A data subject’s request for erasure is not permitted if the said personal information shall be collected by other statutes.
6. Upon receipt of the request for access, correction, or erasure of personal information, and suspension of processing of personal information, the Company shall confirm whether the person who has submitted the request is the principal or the duly authorized representative.

Article 6 (Matters Concerning Measures to Ensure Safety of Personal Information)

ITL Co., Ltd. takes the following measures to ensure the safety of personal information:

1. Establishment and implementation of in-house management plan
   The Company establishes and implements an in-house management plan to process personal information safely.
2. Minimization of privacy officers and their education
   The Company minimizes privacy officers to protect personal information.

Article 7 (Installation and Operation of Automatic Personal Information Collection Tool and Denial Thereof)

ITL Co., Ltd. shall not save data subjects’ use information or use frequently loaded “cookies”.

Article 8 (Matters Concerning Collection, Use, Provision, and Denial of Behavioral Information)

Matters Concerning Collection, Use, Provision, and Denial of Behavioral Information

ITL Co., Ltd. does not collect, use, or provide behavioral information for external marketing purposes such as personalized online advertisements.

Article 9 (Judgment Criteria for Additional Use and Provision)

ITL Co., Ltd. may additionally use or provide personal information without the data subject’s consent in accordance with Article 15 (3) and 17 (4) of the Personal Information Protection Act and Article 14 (2) of the Enforcement Decree of the Personal Information Protection Act. The following matters are considered to additionally use or provide personal information without the data subject’s consent:

▶ Whether the purpose of additionally using or providing personal information is consistent with that of the initial purpose of collecting such information;

▶ Whether there is predictability for additional use and provision of personal information, taking into account the circumstance in which the personal information is collected or the custom of processing such information;

▶ Whether the additional use or provision of personal information impinges on the interests of the data subject;

▶ Whether necessary safety measures, such as assumed names or encryption, are taken.
※ The Company shall prepare and disclose the judgment criteria for the additional use or provision of personal information at its own discretion.

Article 10 (Matters Concerning the Privacy Officer)

1. ITL Co., Ltd. shall designate a privacy officer, as shown below, who comprehensively takes charge of personal information processing and handles grievances and remedial compensation in relation to personal information processing.

   ▶ Privacy officer

   • Name: Kim Beom-jun
   • Position: Privacy officer
   • Rank: General Manager
   • Contact information: +82-62-573-4100, itl01@naver.com, +82-62-573-4100
     * Contact the data security department.

   ▶ Data security department

   • Name: Kim Beom-jun
   • Position: Privacy officer
   • Rank: General Manager
   • Contact information: +82-62-573-4100, itl01@naver.com, +82-62-573-4100
     * Contact the data security department.
2. A data subject may contact the privacy officer and relevant department when they have any questions regarding topics including personal information protection, handling of grievances, and remedial compensation, while they are using the Company’s services (or business). The Company will reply to and take care of data subjects’ inquiries without delay.

Article 11 (Designation of Domestic Agent)

A data subject may contact the Company’s domestic agent designated under Article 39-11 of the Personal Information Protection Act for handling grievances concerning personal information.

▶ ITL Co., Ltd. will put forth the efforts to promptly process the privacy officer’s duties including the handling of personal information grievances. ITL Co., Ltd. designated a domestic agent under Article 39-11 of the Personal Information Protection Act.

• Domestic agent’s name: ITL Co., Ltd.
• Domestic agent’s address: 46 Cheomdanventure-ro, Buk-gu, Gwangju
• Domestic agent’s telephone number: +82-62-573-4100
• Domestic agent’s e-mail: it4100@kakao.com

Article 12 (Department Responsible for Receiving and Handling Request for Access to Personal Information)

A data subject may request access to their own personal information from the department shown below, under Article 35 of the Personal Information Protection Act. ITL Co., Ltd. will do its best to take care of data subjects’ request for access to personal information promptly.

▶ Department responsible for receiving and handling request for access to personal information

• Department: Technology Division
• Personnel in charge: General Manager Kim Beom-jun
• Telephone number: +82-62-573-4100

Article 13 (Remedial Compensation for Infringement on Data Subject’s Rights)

A data subject may request a dispute settlement or consulting from institutes such as the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center in order to resolve their personal information infringement issues. Contact the following organizations for personal information infringement report and counseling.

1. Personal Information Dispute Mediation Committee: +82-1833-6972 (www.kopico.go.kr)
2. KISA Personal Information Infringement Report Center: +82-118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: +82-1301 (www.spo.go.kr)
4. Korean National Police Agency: +82-182 (ecrm.cyber.go.kr)

A person whose rights or interests are infringed due to a disposition or omission conducted by the head of a public organization regarding a request made under the regulations stipulated in Article 35 (Access to Personal Information), Article 36 (Correction or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

※ * Visit the website of the Central Administrative Appeals Commission (www.simpan.go.kr)) for further details of administrative appeals.

Article 14 (Change in Privacy Policy)

1. This privacy policy takes effect from Jan. 1, 2023.