To protect users' personal information, 'HDC Holdings' (hereinafter referred to as the 'company') complies with the personal information protection provisions in related laws, such as the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the 'Personal Information Protection Act', and has the following personal information processing policy. Through the privacy policy, the company informs how users' personal information is collected and used for what purposes, and what measures the company is taking to protect users' personal information.

1. Personal information items processed

• A. Mandatory : name, cell phone number, e-mail and company
• B. Optional: None
• C. Personal information collection method: website (IR meeting requests and IR e-mail inquiries)

2. Purposes of personal information processing

• A. Fulfilling the contract for service provision
• B. Collecting customer information to answer customers' questions and provide information
• C. Authentication for service use, identification, handling complaints and delivery of notices

3. Personal information processing and retention period

The company will notify users when collecting personal information, and if the retention period to which users consented expires, the company will immediately destroy the relevant information. If it needs to be retained for a certain period for the purpose of checking the rights and obligations related to transactions as follows according to related laws, e.g. the Commercial Act, the Framework Act on National Taxes, Act on the Consumer Protection in Electronic Commerce, Etc., however, it will be retained for a certain period of time. In this case, the company will use the retained personal information only for the purpose of retention, and the retention period and retained items are as follows:

• Records about contracts or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
• Records about payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
• Records about the handling of consumer complaints or disputes: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
• Records about tax payment evidence: 5 years (Framework Act on National Taxes)

4. Matters concerning destruction of personal information

• A. The information you entered to use the destruction procedures and service will be destroyed immediately after the purpose is achieved unless there is a reason to retain personal information pursuant to other related laws.

• B. Destruction method: Personal information printed on paper will be shredded or incinerated, and personal information, saved in electronic files, will be deleted using a technical method that makes it impossible to reproduce it.

5. Matters concerning provision of personal information to a third party

The company will not provide users' personal information to the outside in principle. In the following events, however, an exception will be made.

• A. In the event that users' prior consent was obtained; and
• B. In the event that the investigating agency requests it according to laws or the procedure or method prescribed in relevant laws for the purpose of investigation.

6. Matters concerning the outsourcing of personal information

The company outsources personal information processing to external companies to provide services.If an outsourcing contract is concluded, the company stipulates matters necessary for safely protecting personal information and complies with related laws and supervises it.If the details of outsourced work are changed, the company will notify them in the website's announcements.

7. Matters concerning the purpose and refusal of automatic collection of personal information

The company installs and operate devices for automatically collecting personal information, such as 'cookies' that finds and stores users' information all the time, and 'ActiveX' (hereinafter referred to as "cookies, etc."). A cookie is a very small text file that the server, used for managing the website, sends to users' browser, and saved in users' computer hard disk.

• A. Purposes of using cookies, etc.
  • Understanding users' preferences and interests by analyzing users' access frequency or duration, and using them to improve service
  • Tracking information on the items that users visited on the website and the items they showed interest in, and providing product information on their next visit to the website
• B. How to refuse cookies
  • Users have an option to install cookies. Accordingly, they can refuse cookie settings by using the options in their web browser to allow all cookies, confirming cookies whenever they are saved, or refusing to save all cookies.
  • Example (web browser): Change the settings at Tools at the top of the web browser > Internet options> Personal information. If you refused to install cookies, however, there may be difficulty in us providing service.
  • To prevent personal information from being disclosed to unauthorized persons through the website, P2P and share settings, the company sets up the personal information processing system and the PC of the personal information processor.
  • When personal information is collected, used and destroyed, the evidence of collection is left according to the standards recommended by laws (related laws like the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act), and the company has internal policies and processes and provides training in relation therewith.

8. Matters concerning measures to ensure the stability of personal information

In processing users' personal information, the company has the following technical and administrative measures to stably prevent the loss, theft, leakage, alteration or modification of personal information.

• A. Technical protective measures

  • Users' personal information is protected by passwords, and the company uses a security system (SSL) that can use encryption algorithms to safely transmit personal information on the network.
  • In order to prevent intrusion, e.g. hacking, the company uses security systems like firewall, web firewall and IPS to control unauthorized access from the outside, and has technical devices for systematically ensuring personal information security.

• B. Administrative protective measures

  • The company limits the privilege to access users' personal information to the minimum number of people possible.
  • To prevent personal information from being disclosed to unauthorized persons through the Internet website, P2P and share settings, the company sets up the personal information processing system and the PC of the personal information processor.
  • When personal information is collected, used and destroyed, the evidence of collection is left according to the standards recommended by laws (related laws like the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act), and the company has internal policies and processes and provides training in relation therewith.
  • Before they join the company, the company receives the security pledge from all employees to prevent information leakage, and has an internal procedure for monitoring the implementation of the privacy policy and employees' compliance.
  • Personal information handlers' business handover is done thoroughly while security is maintained, and the company clearly defines responsibilities for personal information accidents when employees join and leave the company.
  • The company will not take any responsibility for accidents caused by users' mistakes or the basic risks of the Internet.

• C. Physical protective measures

  • The company designates the computing room and the archive as special protection areas, and restricts access to these places.

9. Matters concerning the rights and obligations of information subject and the method of exercising them

Users and their representatives must enter their up-to-date personal information correctly to prevent unexpected accidents from happening. Users and their legal representatives will be held responsible for any and all accidents caused by the incorrect information they enter, and if false information, e.g. stolen information of others, is entered, service use may be restricted. Users and their legal representatives have the right to have their personal information protected, and the obligation to protect their personal information and make sure that others' personal information is not infringed on. Users and their legal representatives should take care not to leak their personal information, or damage the personal information of others including their postings. If you fail to fulfill your responsibilities, and damage others' information and dignity, you may be punished according to the "Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc." , the "Personal Information Protection Act", etc..

• A. Accessing and correcting personal information

  Users can access their registered personal information through the HDC website at any time.

• B. Collecting opinions and handling complaints

  The HDC website has channels for expressing opinions and filing complaints in relation to personal information protection.

If you have any complaints related to personal information, send your opinions to the privacy officer of the HDC website. Then, HDC will notify the results of handling the complaints to you.

10. Matters concerning protecting the personal information of children under 14 years of age

The company does not allow users under 14 to sign up for membership. However, information related to the contract must be collected with the consent of their legal representatives.

11. Complaints related to personal information

The company appoints the following departments, privacy officers and chief privacy officer to protect the personal information of customers and handle complaints related to personal information.

If you need to report or need advice on personal information infringements, please contact the following agencies.

12. Obligation to notify policy changes

If the company revises the privacy policy, it will notify it in the website announcements (or through notices to individuals). The privacy policy will go into effect on November 1, 2018, and the previous privacy policy will be replaced by this privacy policy.