Chapter 1 General Rules

The Dongyang Calligraphy Association (hereinafter “Association”) complies with all regulations related to the protection of personal information, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the “Information and Communications Network Act”), as well as notices, directives, and guidelines established by relevant countries.

The table of contents of this privacy policy is as follows.

1. Significance of the Privacy Policy
2. Personal information collection items and collection methods
3. Purpose of use of personal information
4. Retention and use period of personal information, procedure and method of destruction
5. Provision of personal information to a third party
6. Outsourcing the handling of personal information
7. Rights of users and legal representatives and how to exercise them
8. Matters relating to the installation, operation, and refusal of an automatic personal information collection device
9. Personal Information Manager
10. Obligation to notify before revisions

‍

Article 1 (Significance of the Privacy Policy)

The Dongyang Calligraphy Association (hereafter “the Association”) values the protection of the personal information of members who use the online services provided by the Association through the Privacy Policy, and is always doing its best to protect the personal information of members.

‍
The privacy policy has the following important meanings.

- The Association transparently provides information related to “personal information protection,” such as what information it collects, how to use the collected information, who to share it with (“entrust or provide”) as needed, and when and how to destroy information that has achieved the purpose of use.

- As the data subject, we will inform you what rights users have with respect to their personal information and what methods and procedures they can use to exercise them.

- In the event of a personal information infringement incident, we will tell you who to contact and what help you can get in order to prevent further damage and repair damage that has already occurred.

Article 2 (Personal Information Collection Items and Collection Methods)

1) The Association collects the following personal information for membership registration, consultation, service application, etc.

(Personal information collection items and collection methods) Categories Collection and usage items Purpose of use Required items

Name, email, mobile phone number, password, date of birth, address, KakaoID, NavRID, Facebook ID, InstagramID)

① Operation and management of membership services (registration and withdrawal processing, etc.)

② Communication channels such as changes in terms of use, service product terms, and privacy policies, and notices of important matters such as service changes, interruptions, failures, and infringement incidents

③ Information on service complaints and grievance handling results

④ Viewing member information and implementing the right to correct personal information in accordance with laws and regulations relating to the protection of personal information

⑤ Fulfilment of retention and preservation obligations under relevant laws and regulations such as the Information and Communications Network Act

Stages of using the service

Collection of service usage stages, usage items, purpose of use, required items, and information by payment method - credit card, bank transfer (virtual account), real-time account transfer

① Billing, payment, settlement, and discounts due to execution of paid service contracts and service provision

② Outsourcing the execution of paid service contracts (* The company does not directly store information such as credit card number, expiration date, and mobile phone number entered by members during the purchase and payment stages.)

Buyer's name, contact information (mobile phone number, email address), recipient's name, recipient's contact information (mobile phone number, landline phone number), shipping address The original and meta information of photos uploaded by members for the purpose of using the service required for order delivery of products

① Provision of MD services, etc., and production of products

② Improvement of services

Required items (creation information) Member's device information (smartphone) Device information (device ID or IMEI)

① Preventing fraudulent use of services

② Fast complaint handling in the event of a service failure

Service usage history, site visit history, cookies, etc.

① Check service usage history

② Fulfilment of obligations to hold and provide information in accordance with relevant laws and regulations

③ User access frequency analysis, customer

④ Use of statistics to provide customized services to users
Expansion of service system infrastructure for smooth service provision

2) Method of collection ∙ Personal information directly entered by users during membership registration, service use, delivery requests, and application for exhibition events through the website. ∙ Personal information entered by users can be collected through web pages, email, fax, phone, etc. during the consultation process through the customer center ∙ Personal information can be received from partners when using a login service through a partner account or when a user participates in partner events • Information such as usage records can be automatically collected during the user's service usage process

Article 3 (Purpose of Use of Personal Information)

1) Execution of contracts relating to service provision and settlement of fees based on service provision - provision of content, payment of purchases and fees, delivery of goods or delivery of invoices, etc., authentication of financial transactions, and financial services

2) Member management - Handling complaints and delivering notices such as identity verification, personal identification, prevention of fraudulent use by bad members, prevention of unauthorized use, age verification, and complaint handling due to the use of membership services

3) Use in marketing and advertising Development and customization of new services (products), delivery of advertising information such as events, provision of services and advertisement based on demographic characteristics, identification of access frequency, or statistics on members' use of services

Article 4 (Period of Retention and Use of Personal Information, Procedure and Method of Destruction)

If the purpose of membership withdrawal or collection and use of personal information is achieved, the member's personal information will be destroyed without delay. However, personal information of members is retained only for the following reasons and periods as an exception

1) When due to the company's internal policy

1. Preventing bad users from re-signing up, preventing fraudulent use, and responding to other complaints

- Retention period: 6 months after membership withdrawal (however, in the case of a complaint, until the complaint is resolved)

- Retained information: ID, email, registration date, withdrawal date

2. Service improvements

- Retention period: 1 month from the date of collection

- Retained information: Original and meta information of photos uploaded by members for the purpose of using the service

2) When a member directly requests the preservation of personal information or when the company has obtained individual consent from the member

- Retention period and retention information: Retention for the relevant period only for the items and periods requested or agreed by the member

3) When it is decided to preserve without the user's consent in accordance with laws and regulations

- If it is stipulated to be preserved without the user's consent in accordance with laws and regulations, records relating to consumer protection contracts or withdrawal of subscriptions in e-commerce, etc. 5 years of records relating to consumer protection in e-commerce, etc., records relating to consumer protection, commercial law, basic national tax law, income tax law, corporate tax law, value-added law payment and supply of goods, etc., documents related to commercial books and business, 5 years, records on consumer complaints or dispute handling in e-commerce, etc. 3 years 3-month history of visits to the law website

4) Application of a personal information expiration date system

If there is no record of the fact or activity of the user using the service for 1 year (hereinafter referred to as the “Personal Information Validity Period”), the user is notified in advance based on Section 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and personal information is stored and managed separately for the safe protection of personal information. The company will give advance notice through email, text message, mobile phone, or other means of contact entered by the member up to 30 days before the expiration date of personal information. However, even for members who have reached the expiration date of personal information, if the member has individual consent, such as a request for a separate renewal of the validity period, or if another law determines a separate retention period, it will be kept for the period specified by the relevant law and then taken action. Even if the personal information is separated separately due to the expiration date system, members can reuse the service after verifying their identity if they wish to reuse the service.

5) Destruction procedure

Information entered by users for membership registration etc. is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document box) and stored for a certain period of time in accordance with internal policies and other relevant laws and regulations (see Period of Retention and Use) and then destroyed. Personal information transferred to a separate DB will not be used for purposes other than being held unless required by law.

6) How to destroy

Personal information stored in the form of an electronic file is deleted using a technical method that cannot reproduce the record. Personal information printed on paper is crushed with a shredder or destroyed through incineration.

Article 5 (Provision of personal information to third parties)

1) As a general rule, the Association does not provide users' personal information to the outside world. However, exceptions are made in the following cases.

1. When users have agreed in advance

- Retention period and retention information: Retention for the relevant period only for the items and periods requested or agreed by the member

2. When there are special provisions in other laws

Article 6. (Outsourcing of personal information handling)

1. The Association entrusts the processing of personal information to an external company in order to improve services and smoothly execute contracts. The company does not entrust your information to an external company without your consent. If such a need arises in the future, we will notify the customer about the consignee and the details of the outsourced work, obtain prior consent if necessary, or make an announcement through this privacy policy.

Outsourced work details

Management of all Doners' business, use of customer and order information

CJ Logistics, Post Office, Rosen courier product delivery business

Transfer of payment information such as credit cards required to purchase KG Inisys and Kakao Pay products, electronic payment methods including cash payments, other payment methods using electronic methods, electronic financial transaction methods, etc., and mobile phone micropayments

() Kakao AlimTalk, Biz Message Sending Agency Co., Ltd.

SMS, MMS and other text message sending services

Newsletter delivery business

Amazon Web Services Personal Information Storage and Global CS Business Processing Using AWS Computer Facilities

2. In order to provide customized services and advertisements, the Association entrusts the processing of advertisement identification information, cookie information, and IP addresses (to the extent partially masked) to the following companies. The company does not provide information that can identify an individual other than the above information in connection with this outsourced work, and if it refuses to provide such services, the settings can be changed by the method described in section 9 below. The above advertisement identification information and cookie information may be transferred overseas for the purpose of outsourcing work, and the transferred information will be stored during the period of provision of this service.

Outsourced work details

Google (US) - Use of Google Analytics services, Google Ads marketing services (provision of customized ads)

Facebook (US), () Kakao

Google Marketing Platform construction and maintenance work

The Association does not entrust your information to an external company without your consent. If such a need arises in the future, we will notify the customer about the consignee and the details of the outsourced work and obtain prior consent if necessary.

2-1) Transfer of personal information overseas

Trustee Company Transfer Country Outsourcing Business Description and Purpose Transfer Item Transfer Date and Method Retention Period of Use of Google US Google Analytics Service Google Ads Marketing Service (provision of customized advertisements) Ad identification information and cookie information, IP address (partial masking range) Transmission via the network at the time of use of the service Until membership withdrawal or termination of the contract of entrustment contract Facebook US marketing work (provision of customized advertisements) Ad identification information and cookie information, IP address (to the extent partially masked) Transfer via the network until membership withdrawal or termination of the contract of entrustment

Article 7 (Rights of users and legal representatives and how to exercise them)

1) Users and legal representatives can view or modify the registered personal information of themselves or children under the age of 14 at any time, and may also request cancellation of registration.

2) To view and edit the personal information of users or children under the age of 14, you can directly view, correct, or withdraw after going through the identity verification process by unsubscribing to 'Edit Member Information' (withdrawing consent). Alternatively, contact the person in charge of personal information management in writing, phone, or email and we will take action without delay.

3) If you request correction of an error in personal information, the personal information will not be used or provided until the correction is completed. Also, if incorrect personal information has already been provided to a third party, the result of the correction process will be notified to the third party without delay so that the correction can be carried out.

4) The Association does not collect personal information from children under the age of 14. If the personal data of a child under the age of 14 is processed despite the company's policy, the legal representative may exercise the rights set forth in paragraphs 1 to 2 at any time.

Article 8 (Matters relating to the installation, operation, and refusal of an automatic personal information collection device)

1) Purpose of use of cookies 1. In order to provide personalized services, the company uses “cookies (cookies)” to store and retrieve information about users from time to time. A cookie is a small amount of information sent by the website server to the user's browser and stored on the user's computer's hard disk.

2. The company can provide specific customized services that are only possible through the use of cookies.

3. The company can use cookies to identify members and keep members logged in.

2) Installing/operating and rejecting cookies

1. Users have the right to choose to install cookies. Therefore, by adjusting the options in the web browser, users can accept/reject all cookies or have them check each time a cookie is stored.

① How to specify whether to allow the installation of cookies in Internet Exploer - The method for specifying whether to allow the installation of cookies (in the case of Internet Explorers) is as follows.

“Tools” menu at the top of the web browser > “Internet Options” menu > “Privacy” tab > Manual settings

② How to specify whether to allow the installation of cookies in Chrome: select the icon at the top right of the web browser > select “Settings” > select “Show advanced settings” at the bottom of the screen > “Content settings” button in the personal information section > Set directly in the cookie section 2. If you refuse to store cookies, it may be difficult to use some services provided by the company, such as personalized services.

3) Information on Google Analytics and customized advertising 1. The company uses Google Analytics, a web analysis service provided by Google, Inc. (hereinafter “Google”) for the purpose of providing better services to customers, to analyze and evaluate how customers use the company's services, identify customer needs, and provide efficient services by improving and customizing services and products.

2. Google Analytics uses “cookies,” which are text files stored on computers, to analyze how users use the website. If you refuse to provide analysis and customized advertising services through Google's external analysis tools, you can refuse Google's data processing by downloading and installing an additional function for the current customer's web browser from tools.google.com/ dlpage/gaoptout. 3. Google sends “cookie” information without the possibility of personal identification to a Google server in the US for analysis of cookie information. For more information on Google's processing of data, please visit www.google.com/ analytics/learn/privacy.html.

Article 9 (Personal Information Manager)

The Association is doing its best to ensure that users can use the company's services safely. Users can report all personal information protection complaints related to the use of the company's services to the dedicated department, and the company responds promptly and sincerely to users' reports.

Edit member information

‍Handling personal information complaints

Contact: info@orientalcalligraphy.org

‍Personal Information Manager

‍Personal Information Protection Officer: Lim Jae-hong

Contact: info@orientalcalligraphy.org

If you need to report or consult about other personal information violations, please contact the following organizations.

1. Privacy Infringement Report Center (privacy.kisa.or.kr /118 without country code)

2. Cyber Investigation Division of the Grand Prosecutor's Office (http://www.spo.go.kr /1301 without country code)

3. National Police Cyber Security Bureau (http://cyberbureau.police.go.kr/182 without country code)

Article 10 (Obligation to Notify Before Revision)

If there are any additions, deletions, or revisions to this Privacy Policy, we will notify you in advance through a 'Notice' at least 7 days prior to the revision. However, when significant changes in user rights occur, such as changes in the items of personal information collected or the purpose of use, etc., we will notify you in advance via the website or email at least 30 days in advance, and user consent can be obtained again if necessary.

‍

[Addendum]

These terms and conditions are effective from January 1, 2019.