SK Communications (hereinafter, referred to as “the Company”) regards the privacy of users as highly important and complies with all regulations concerning the protection of personal information as required by any applicable laws and regulations concerning privacy, including the Personal Information Protection Act, the Act on Promotion of Utilization of Information and Communications Network, as well as the Act on the Protection and Use of Location Information.

By stating its privacy policy as shown below, the Company hereby informs the user of how and why the personal information provided by the user to the Company is used and what measures are taken by the Company for the protection of their personal information. The Company’s privacy policy is subject to change in accordance with any subsequent changes in the laws, regulations, and notifications, or the Company’s Terms of Service and internal policies. When the privacy policy is amended, the Company shall publish the changes on a service page or notify the user.
The user may choose not to accept the following details concerning the collection, use, provision, consignment, or any other use, of their personal information. However, it should be noted that, if the user does not accept the privacy policy, they may not be given access to the service in whole or in part.

The user should check the privacy policy from time to time as they continue to use the service.

• Purposes of the Collection and Use of Personal Information
• Types of Personal Information Collected and Methods of Collection
• Periods of Storage and Use of Personal Information Collected
• Procedure and Method for Destruction of Personal Information
• Provision and Sharing of Personal Information
• Consignment Process for Personal Information
• Refusal to Install/Operate Mechanisms That Automatically Collect Personal Information
• Technical/Administrative Measures for the Protection of Personal Information
• Rights of Users and Methods of Exercising Rights
• Privacy Officers, Inquiries, and Reporting
• Supplementary Provisions

1. Purposes of the Collection and Use of Personal Information

Personal information is any information about a living person that allows the identification of that person (including any information that may not provide identification of a specific person, by itself, but may provide easy identification when combined with other information). Personal information collected by the Company is used for the following purposes:

1) Provision of service

Providing content, purchase and payment rates. delivering goods, use of address book and contacts information on the user's device for app recommendation, to answer questions about the service.

2) User management

Providing membership services, personal identification verification, record keeping for preventing abuse by bad users and dispute resolution, processing complaints, delivering notices, etc.

3) Development of new services, improvements to service, marketing, and advertising

Developing and specializing new services (products), providing customized services, improvements to service, providing services and advertising exposure based on demographic characteristics, measuring access frequency and statistics concerning the user’s use of the service, providing advertising information, including promotional events and offering opportunities to participate in events, etc. (The user’s personal information is not provided to the individual or organization requesting the placement of such advertisements.)

2. Types of Personal Information Collected and Methods of Collection

※ Signups are permanently closed. We store personal information of existing members who have purchased items to allow them to use those items.

[Types of personal information collected]

1. 1)At initial member sign-up and when using the Service, the Company collects the following information for member identification and the provision of optimized service.

   <Members who sign up with an email address>

   • - Required: Name, email address, password

   <Members who sign up with their Facebook account>

   • - Required: Facebook user id number, name, email address
     

   <Members who sign up with their Google account>

   • - Required: google user id number, name, email address
     

   <Members who sign up with Sina Weibo>

   • - Required: name, email address
2. 2) While using the service, the following information may be collected with the user’s consent.
   • - Email address, password(If sign up with an external account, can input an optional password).
   • - To register partnership/suggestions: Company name(organization name), contact name, phone number, email address, webpage address, and FAX number
3. 3) While using the service, or during the operation of the business, the following information may be generated and collected.
   • - Service usage records, cookies, access logs, IP addresses, abuse records, country code, device information (manufacturer(company name), model name, screen resolution, app speed, OS version)

[Methods of collection]

The Company collects personal information using the following means:

1. 1) Collected at member sign-up, through event participation, by fax, by phone, by email, through on/offline websites and applications, through the customer center, and when requesting deliveries
2. 2) Collected from partner companies
3. 3) Collection through tools that compile generated information

3. Periods of Storage and Use of Personal Information Collected

By principle, the Company destroys, without delay, any personal information whose purpose and use has been accomplished. However, the Company preserves the following information for specified periods of time with the member’s consent or when the stipulations of relevant laws and regulations require such preservation.

1. 1) Personal information preserved concerning commercial transactions
   1. (1) Information preserved: commercial transaction records
   2. (2) Basis for preservation: Law concerning consumer protection in Commercial Law, E-commerce, etc.
   3. (3) Period of preservation: - records concerning contracts, subscription withdrawals, etc.: 5 years
      - records concerning provision on payments, services, etc.: 5 years
      - records concerning consumer complaints and dispute settlements: 3 years
2. 2) Personal information preserved concerning log records
   1. (1) Information preserved: Access records
   2. (2) Basis for preservation: Protection of Communications Secrets Act
   3. (3) Period of preservation: 3 months

4. Procedure and Method for Destruction of Personal Information

On principle, the Company destroys, without delay, any personal information when its purpose and use has been accomplished or when its period of preservation or use has expired. However, according to the Personal Information Protection Laws, the personal information of members who have no record of usage for a year are safely retained and separated from currently using members' information.
Procedures and methods for the destruction of personal information are as follows.

1. 1) Procedure for the destruction of personal information
   

   Any personal information entered by the user for membership sign-up, or any other purpose, after such purpose and use has been accomplished, it will be destroyed. But, in accordance with relevant laws and regulations (see Periods of Storage and Use of Personal Information Collection), it can be stored for a specified period of time and them destroyed. This personal information is not used for any purpose other than preservation, unless otherwise required by applicable laws and regulations..

2. 2) Method of destroying personal information
   

   Any personal information printed out on paper (printed, letters, etc.) is destroyed with a shredder or by incineration. Any personal information stored in electronic files is permanently deleted using methods with no possible means of restoration.

5. Provision and Sharing of Personal Information

On principle, the Company only uses the user’s personal information for the purpose of collection and use, and does not disclose it to other persons, enterprises, or organizations. However, the following exceptions may apply:

1) When prior consent is given by the user

The Company obtains user consent by informing the user who the business partners are, which information is required, why it is required, as well as how long, and through what means, it is protected/managed before the information is collected or provided. If the user does not give consent, no additional information shall be collected or shared with any business partners.

2) When required by stipulations in laws and regulations, or when requested by law enforcement agencies for investigation purposes through the procedures and methods stipulated by laws and regulations

6. Consignment Process for Personal Information

For providing professional customer support and service, the Company consigns the following personal information processing tasks to third parties.
To ensure the complete protection of personal information when establishing consignment contracts, the Company clearly states the details in the consignment contracts concerning strict compliance with instructions for the protection of personal information, the non-disclosure of personal information, and liability for any accidents.

[Service contractors]

• - Contractor : BSH Co., Ltd., Transcosmoskorea Co., Ltd.
• - Consigned Task : BSH Co., Ltd.(Service operations, Public relations , CS operations), Transcosmoskorea Co., Ltd.(Service operations, Public relations , CS operations, Customer Center operation)
• - Period of storage and use of personal information: Until membership cancellation, possession and in the end of the period of use, until expiration of consignment contract

7. Refusal to Install/Operate Mechanisms That Automatically Collect Personal Information

[Use of cookies]

The Company may use any mechanisms that automatically collect personal information (cookies, etc.).

When you visit the Service, we may use cookies to automatically store and import your information for the provision of your personalized and customized service. These are small data files that your browser places on your computer.

1. 1) We may use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage by our users and web traffic routing on our services, and to improve our services.
2. 2) Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.

* How to unset a cookie (with Internet Explorer)
: click tools on your web browser > go to internet options > go to personal information
(You may unset cookies, provided that you agree there may be certain difficulties in using log-in services of websites.

[Application Log Analysis Using Google Firebase Analytics]

Google Firebase Analytics is used to analyze user actions or the behavior on our service.
The user can refuse the use of Google Firebase Analytics by enabling it inside of our service.

[App Error Analysis Using Google Firebase Crashlytics]

Our company uses Firebase Crashlytics, an application error analysis tool provided by Google. In this case, the company does not collect any personally identifiable information that is not related to application errors. The user can refuse the use of Google Analytics for Firebase by enabling it inside of our service.

[Customized ads]

If a user access to an external service provider's services with an external account, that external service provider can link user's device information (ads ID, ads parameter), which has no individual identification, with external service account information to offer customized ads.

* Example of setup method
: Access Facebook settings [link]; or choose advertisements rejection options through device's ID advertisements reset settings.

8. Technical/Administrative Measures for the Protection of Personal Information

1. 1) Technical measures
   1. (1) The Company safely protects the user’s personal information using security features in accordance with relevant laws and regulations, and internal policies.
   2. (2) The Company makes every effort to prevent damage/loss by computer viruses by using secure antivirus programs. In order to ensure the protection of personal information, antivirus programs are updated regularly, and if there is a sudden virus outbreak, the antivirus programs are updated as soon as effective countermeasures have been made available.
   3. (3) The Company stores and manages the user’s password in an encrypted form and employs security measures for safely transmitting personal information over the network.
   4. (4) The Company also uses security measures for blocking outside intrusions and monitors the system for intrusion on a 24/7 basis in order to prevent any leakage of the user’s personal information by hacking, etc.
2. 2) Administrative measures
   1. (1) The user must take precautions not to lose their device or disclose their password to third parties. Particularly, if the device is lost without any self-protection (locking mechanism) in place, third parties may use the user’s personal information with malicious intent. Also, the user’s ID and password should not be shared with others and the password should be changed regularly.
   2. (2) The Company strictly limits the handling of personal information to be done only by those performing administrative tasks related to personal information and those who absolutely need to access personal information due to the nature of their work. The Company also provides regular training to such employees to emphasize the importance of complying with the privacy policy.

9. Rights of Users and Methods of Exercising Rights

- Children under the age of 14 cannot sign up for the service. If any child under the age of 14 is found to have signed up, the Company can immediately terminate the underage user from the service.
- Children under the age of 14 who signed up for the service may request the Company to terminate their membership or to cancel their membership using the Service Settings menu.
- Any user may view or edit their registered personal information and request the termination of their membership at any time.
Any user may view or edit their personal information by clicking ‘Settings’ within the application and may cancel their membership by clicking ‘Settings ’.
- If a user requests a correction of an error on the personal information, that personal information cannot be provided or used until the correction is done. Also, if the wrong personal information was provided to 3rd party, the corrected results will be notified immediately to the 3rd party. When the personal information is terminated or eliminated by the user, the company will not view or use the personal information, other than what is according with the terms "Periods of Storage and Use of Personal Information Collected".

10. Privacy Officers, Inquiries, and Reporting

The Company employs privacy officers who are responsible for the protection of the users’ personal information and the handling of complaints concerning their personal information. For any questions concerning a users’ personal information, please contact the Chief Privacy Officer(Data Protection Officer), or the Deputy Privacy Officer, below:

Chief Privacy Officer(Data Protection Officer)

Cho Yu-Hyoung General Manager (Infra Division) ㅣ +82 1599-2705 ㅣ nate_privacy@nate.com

Deputy Privacy Officer

Lee Gyeong-A (Security Team) ㅣ +82 1599-2705 ㅣ nate_privacy@nate.com

Inquiries concerning the infringement of personal information may be directed to the Personal Information Infringement Report Center, the Cybercrime Investigation Department of the Supreme Prosecutors’ Office, Republic of Korea, the Cyber Security Bureau of Korea National Police Agency, etc.

11. Supplementary Provisions

1. 1) In the case of an amendment to this privacy policy, the Company shall announce the reason for the amendment, and the effective date of the amendment, along with the current, effective privacy policy on a service page starting from 10 days in advance of the effective date and up to one day in advance of the effective date.
   However, when there are changes to significant details concerning the rights and obligations of the user, the announcement shall be made at least 30 days in advance.
2. 2) If the user does not explicitly express their refusal, despite the Company’s announcement that the user’s acceptance would be deemed as expressed unless the user clearly expresses their refusal before the effective date of the amendment, as the Company announces the amendment in accordance with Paragraph 1, the user will be deemed as having accepted the amendment.
3. 3) Despite Paragraph 2, if the Company needs to collect additional personal information from the user, or provide additional personal information to third parties, the Company shall obtain additional consent to do so directly from the user.

This privacy policy shall enter into effect on January, 4, 2021

Change Announcement date of this privacy policy: December, 21, 2020

Enforcement date of this privacy policy: January, 4, 2021

Previous Privacy Policy