MEGAZONE CLOUD Corp.(hereinafter the "Company") is committed to protecting users' personal information and rights, and strives to handle users' privacy-related issues smoothly. The Company complies with the Personal Information Protection Act and other relevant laws and regulations. Through its Privacy Policy, the Company provides guidance on procedures and standards for processing personal information, as well as methods for handling complaints. In the event of revisions, the Company ensures that users can easily check the changes through version management.

Article 1 (Purposes of Processing of Personal Information)

The Company shall use collected personal information for the following purposes. Purposes for collecting and using Personal Information and shall not exceed the following scope. If the purpose of collection and use is changed, separate consent is required in accordance with Article 18 of the Personal Information Protection Act.
1. Registration Information: User identification, service provision, delivery of notifications.
2. Customer Service Inquiry Information: Technical support, service consultation.

Article 2 (Personal Information to be Collected)

The Company collects and processes the following personal information.
1. Personal Information Collected for Service Provision

2. Information automatically collected during service use

3. The Company does not collect the personal information of the children under the age of 14 who require the consent of a legal representative.

Article 3 (Retention and Usage Period of Personal Information)

The Company processes and retains personal information in accordance with the retention and usage periods prescribed by relevant laws or the period for which consent has been obtained from the user.

1. The processing and retention periods for each type of personal information are as follows:
1) Membership Registration Information: Upon membership withdrawal or contract termination
2) Demo Experience Application Information: 3 years from the date of collection
3) Inquiry Registration Information: 3 years after membership withdrawal or contract termination
2. The mandatory retention periods prescribed by relevant laws are as follows:

Article 4 (Consignment and Overseas Transfer of Personal Information Processing)

The Company outsources the processing of personal information both domestically and internationally as follows to ensure smooth business operations.
1. Domestic consignment for personal information processing

2. Overseas consignment for personal information processing

3. The Company requires the service provider (outsourcing party) to implement technical and administrative protective measures to safely process users' personal information, including ensuring the safe handling of personal data, managing access or connection logs, prohibiting the use of personal information for purposes other than those specified, restricting subcontracting of outsourced tasks, and ensuring encryption. The Company also conducts regular management and supervision to ensure that the service provider is securely managing the personal information.

Article 5 (Provision of Personal Information to third-party)

The Company processes users' personal information only within the scope specified in the "Purpose of Personal Information Processing" and may provide personal information if there is customer consent or if requested in accordance with legal procedures.
1. Personal Information Provision to Third Parties (When providing integrated authentication services for MegaZone Group companies):

Article 6 (Personal Information Destruction)

In principle, the Company will destroy, without delay, users’ personal information once the purpose for its collection and use has been satisfied. 
1. In cases where the Company is required by a relevant law or regulation to retain personal information past the retention period consented by the information subject or the purpose of processing has been achieved, the Company retains the personal information by transferring it to a separate database or changing the storage location.
2. The following describes the procedures and methods used by the Company to destroy personal information.
1) Destruction Procedures : The Company selects the personal information to be destroyed and destroys the personal information after obtaining approval from the personal information protection manager.
2) Destruction Methods : The Company destroys personal information recorded and stored in electronic files by deleting the files beyond restoration, and personal information recorded and stored in paper documents by shredding or incinerating the documents.

Article 7 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.
1. Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures : control on the access to the personal information processing system, etc., safety measures for archiving access records and preventing forgery and alteration, installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software 
3. Physical measures : prohibition on the access to the computer room, data storage room, etc.

Article 8 (Installation, Operation, and Rejection of Automatic Collecting Device of Personal Information)

The Company uses "cookies" that save and frequently retrieve Customer information to provide personalized and customized services.
1. Cookies are small text files sent to the Customer's browser by the server(http) that hosts the Company website, and they are stored in the hard disk of the Customer's computer.
2. Purpose of Cookies : The cookies are used to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
1) Installation/operation and rejection of cookies : Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
2) Users who reject enabling cookies may have difficulties using tailored services.
3) How to specify whether or not to accept cookies
ⅰ) Chrome : Settings menu at the top right side of the web browser > Show Advanced Settings at the bottom of the screen > Content Settings in Privacy > Cookies
ⅱ) Safari : choose Safari > Preferences, click Privacy, then manage cookies and website data
ⅲ) Edge : Click on the More actions button in the top right corner and select Settings > Click Site permissions
ⅳ) Microsoft Edge : Settings menu > Click Site permissions > Cookies and site data

Article 9 (Personal Information Protection Manager)

The Company takes full responsibility for overseeing the processing of personal information and has designated a Personal Information Protection Officer (PIPO) and a dedicated department to handle complaints and remedy any issues related to personal data processing. To ensure the security of personal information, the Company has implemented the following measures:
1. Personal Information Protection Officer and Responsible Department:

Article 10 (Rights, Obligations, and Exercise Methods of Users and Legal Representatives)

1. Users may exercise the following rights related to personal information protection at any time with the Company by contacting the appropriate department specified under Personal Information Rights Protection.
1) Request to view personal information
2) Request to correct any errors
3) Request to delete personal information
4) Request to stop processing personal information
2. When a user exercises the rights mentioned in Paragraph 1, the Company will take immediate action in accordance with the Personal Information Protection Act.
If a user requests correction or deletion of personal information due to errors, the 3. Company will not use or provide the personal information in question until the correction or deletion is completed.
4. Users may exercise their rights through a legal representative or an authorized agent. In this case, the user must submit a Power of Attorney in accordance with the format prescribed in Annex 11 of the Notification on Personal Information Processing Methods (Notice No. 2020-7).
5. In cases where special provisions exist under the law, the Company may refuse to fulfill requests for personal information access or stop processing.
6. As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
7. In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.

Article 11 (Department Responsible for Personal Information Access Requests and Related Processing)

Pursuant to Article 35,36 and 37 of the Personal Information Protection Act, data subjects may request to have a correction᛫deletion, suspension of processing, etc.to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the rights of the information.

Article 12 (Remedies for Infringement of User Rights)

If you need to report or consult about a personal information breach, please contact the following institutions:

Article 13 (Links to Third Party Sites)

The Services may include links that direct users to other websites or services whose privacy practices may differ from the Company. Since the Company does not have any control over the third party sites, the Company cannot be held responsible for and cannot guarantee the usefulness of the services provided by them. If users submit information to any of those third party sites, the information is governed by their privacy policies, not this one. The Company encourages users to carefully read the privacy policy of any website you visit.

Article 14 (Obligation to Notify Prior to Amendment)

The Privacy Policy will be promptly updated on the website in the event of any additions, deletions, or corrections in accordance with relevant laws and policies. Users will be notified of such changes without delay, and previous versions of the Privacy Policy can be reviewed through the relevant page.
This Privacy Policy takes effect from 2024.12.31.