In accordance with Article 30 of the Personal Information Protection Act, GDL KOREA CO.,LTD establishes and discloses the following personal information processing guidelines to protect the personal information of the information subject and to handle related grievances quickly and smoothly.

Article 1 (Purpose of Personal Information Processing)
The company processes personal information for the following purposes. The personal information being processed is not used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

1. Register and manage homepage membership
Personal information is processed for the purpose of confirming membership intention, maintaining and managing membership by providing membership services, preventing unauthorized use of services, checking the consent of legal representatives, and handling grievances.

2. Provision of goods or services
Personal information is processed for the purpose of shipping goods, providing services, sending contracts and bills, providing content, providing customized services, self-authentication, age authentication, payment and settlement, and collecting bonds.

3. Handling grievances
Personal information is processed for the purpose of identifying the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying the results of the processing.

Article 2 (Processing and Retention Period of Personal Information)
① The company processes and retains personal information within the period of personal information retention, use period, or use period agreed upon when collecting personal information from the information subject under laws and regulations.
② The processing and retention period of each personal information is as follows.

1. Registering and managing homepage membership: Until withdrawing from the website of business operators/organizations
Provided, That in cases falling under the following grounds, until the conclusion of the relevant grounds:
1) Where an investigation, investigation, etc. is in progress due to violation of relevant statutes, until the completion of the investigation, investigation, etc.
2) If a bond or debt relationship remains due to the use of the website, until the settlement of the relevant bond or debt relationship is completed.

Article 5 (rights of users and legal representatives and how to exercise them)

① The data subject may exercise the following rights related to the protection of personal information against the company at any time:
1. Request for personal information access
2. Request correction in case of errors, etc.
3. Request for deletion
4. Request for suspension of processing
② The exercise of rights under paragraph (1) may be conducted by writing, telephone, e-mail, or fax to the company, and the company will take action without delay.
③ If the data subject requests correction or deletion of errors in personal information, the company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of the right under paragraph (1) may be conducted through an agent, such as a legal representative of the data subject or a person delegated. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
⑤ Information subjects shall not infringe on the personal information and privacy of themselves or others handled by the company in violation of related laws and regulations such as the Personal Information Protection Act.

Article 6 (Processing Personal Information Items)
The company is processing the following personal information items.

1. Register and manage homepage membership
Required items:
Selection:

2. Provision of goods or services
Required items:
Selection:

3. The following personal information items can be automatically generated and collected during the process of using the Internet service.
IP address, cookie, MAC address, service usage record, visit record, defective usage record, etc.

Article 7 (Devocation of Personal Information)
① The company destroys the personal information without delay when personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the purpose of processing.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information should be transferred to a separate database (DB) or stored at a different location.
③ The procedures and methods for destroying personal information are as follows.
1. Revocation procedure
The company selects personal information in which the reason for destruction occurs, and destroys personal information with the approval of the company's personal information protection manager.
2. Destruction method
The company destroys personal information recorded and stored in the form of electronic files by using methods such as low level format so that records cannot be reproduced, and destroys personal information recorded and stored in paper documents by grinding or incinerating them with a grinder.

Article 8 (Measures to Ensure the Safety of Personal Information)
The company is taking the following measures to ensure the safety of personal information.
1. Management measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: management of access rights to personal information processing systems, installation of access control systems, and unique identification information
Install encryption, security programs, etc.
3. Physical measures: Control access to computer rooms, data storage rooms, etc.

Article 9 (Matters concerning the installation, operation, and rejection of automatic personal information collection devices)
① The company uses 'cookie' that stores usage information and brings it up from time to time to provide individual customized services to users.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and is sometimes stored on the user's hard disk in their computer.
A. Purpose of use of cookies: It is used to provide optimized information to users by identifying the type of visit and use of each service and website visited by the user, popular search terms, security access, etc.
B. Installation, operation, and rejection of cookies: You can refuse to save cookies by setting options on the Tools > Internet Options > Personal Information menu at the top of the web browser.
C. If you refuse to save cookies, you may have difficulty using customized services.

Article 10 (Personal Information Protection Manager)
① The company is responsible for personal information processing, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of the information subject related to personal information processing.

▶ Person in charge of personal information protection
Name: OOO
Position: OOO
Contact: , ,
※ You will be connected to the privacy department.

▶ Personal Information Protection Department
Department Name: OOO Team
Person in charge: OOO
Contact: , ,

② The information subject can contact the personal information protection manager and the department in charge of all personal information protection inquiries, complaints, and damage relief that occurred while using the company's services (or business). The company will answer and process the information subject's inquiries without delay.

Article 11 (Request for personal information access)
The information subject may request the following department to view personal information pursuant to Article 35 of the Personal Information Protection Act. The company will try to expedite the request for personal information access by the data subject.

▶ Department of receiving and processing requests for personal information access
Department name: OOO
Person in charge: OOO
Contact: , ,


Article 13 (implementation and change of personal information processing policy)
This personal information processing policy will be applied from February 03, 2023.