EubizSolution (hereinafter referred to as “the Company”) has established the following privacy policy in accordance with the Personal Information Protection Act to protect users’ personal information

and rights and to handle user complaints related to personal information efficiently. If the Company revises this privacy policy, it will be announced on the website notice board (or individually notified). 1. Purpose of Collection and Use of Personal Information The Company processes personal information for the following purposes.

The processed personal information will not be used for any purposes other than the following, and if the purpose of use is changed, the Company will obtain prior consent.A. Website Membership Registration and ManagementProcessing for confirming membership registration intention, identity verification for membership-based services, maintaining and managing membership status,

identity verification under the limited real-name verification system, prevention of fraudulent use of services, various notifications, complaint handling, and preservation of records for dispute resolution.B. Handling Civil ComplaintsProcessing for verifying the identity of the complainant, confirming complaint details, contacting and notifying for fact investigation, and providing notification of processing results.C. Provision of Goods or ServicesProcessing for product delivery, service provision, invoice issuance, content provision, customized service provision, identity and age verification, and payment/settlement.D. Marketing and Advertising UseProcessing for development of new services (products), provision of customized services, delivery of event and promotional information and participation opportunities,

service and advertisement provision based on demographic characteristics, effectiveness verification of services, analysis of access frequency, and compilation of user service usage statistics.2. Items of Personal Information Collected and Collection MethodsA. Items CollectedA-1. When Registering for Membership - Required items: Name, gender, login ID, password, email, date of birth, address, mobile phone number

- Optional items: Home phone number, SMS consent, email consent

- Purpose of collection: User identification, delivery of notifications, confirmation of user’s intention, complaint resolution, and communicationA-2. Automatically Collected Items - Access IP information, cookies, service usage records, access logs, etc.A-3. Others (e.g., events, marketing activities) - Collected items: Address, date of birth, phone number, mobile number, name, email, etc.

- For specific purposes, the Company may collect personal information temporarily with prior notice.B. Collection Methods
- Website (membership registration), written forms, phone, fax, inquiry boards, event participation, service usage, member information modification3. Consent to Collection of Personal Information The Company provides a procedure where users can click the “Agree” button regarding the privacy policy or terms of use. Clicking the “Agree” button is deemed consent to the collection of personal information.4. Use of Cookies and RefusalA. The Company uses cookies to provide personalized services by storing and retrieving usage information.B. Cookies are small pieces of data sent from a server (http) used to operate the website to the user’s browser and may be stored on the user's hard disk. - Purpose of cookies: Analyze usage patterns, popular search terms, secure access status, etc., to provide optimized information

- Cookie settings and refusal: Cookies can be refused through browser settings (Tools > Internet Options > Privacy)

- If cookies are refused, customized services may not be available5. Retention and Use Period of Personal InformationA. The Company processes and retains personal information within the retention/use period as agreed by the information subject or as required by law.B. Each category of information is destroyed once the collection or provision purpose is fulfilled: - Membership data: Upon withdrawal or termination of membership

- Temporary purposes such as surveys or events: Upon the end of the activityC. However, information may be retained if required by law, such as under the Commercial Act or the Act on Consumer Protection in Electronic Commerce: - Contract or withdrawal records: 5 years

- Complaint or dispute resolution records: 3 years6. Provision and Sharing of Personal Information to Third Parties The Company does not provide personal information beyond the stated purposes without user consent, except as required by law. Exceptions include:

- When users have given prior consent

- When necessary for billing related to service provision

- When necessary for contract performance (e.g., product delivery/installation)

- When there is sufficient basis for legal disclosure to prevent harm to others

- For statistical, marketing, or market research purposes (in anonymized form)

- When required by law or upon legal request from investigative agencies

- When obtaining normal consent is impractically difficult due to economic/technical reasons7. Rights of Information Subjects and How to Exercise ThemA. Users may exercise the following rights regarding their personal information: - Request to access personal information

- Request correction of errors

- Request deletion

- Request to suspend processingB. Rights can be exercised in writing, by email, or fax using the prescribed form (Form No. 8 under the Enforcement Rule of the Personal Information Protection Act), and the Company will respond promptly.C. If correction or deletion is requested, the Company will not use or provide the personal information until the matter is resolved.D. Rights may also be exercised by legal representatives or delegated agents (requires Form No. 11 under the relevant regulations).8. Destruction of Personal InformationA. Destruction ProcedureThe information entered by users is moved to a separate database (in case of paper, a separate document) after achieving its intended purpose.

It is stored for a specified period according to internal guidelines and related laws or immediately destroyed thereafter. Personal information transferred to a separate database is not used for other purposes unless required by law.B. Destruction Deadline Personal information of users is destroyed within five (5) days after the end of the retention period.

When the personal information becomes unnecessary due to achieving its processing purpose, termination of the related service, or closure of the business, such information is destroyed within five (5) days

from the date it is recognized as unnecessary for processing.

C. Destruction MethodInformation stored as electronic files is destroyed using technical methods that prevent record restoration.
Personal information printed on paper is shredded or incinerated.9. Measures to Ensure the Security of Personal InformationA. Minimization and Training of Personnel Handling Personal InformationThe Company designates specific employees responsible for handling personal information, limits this responsibility to those personnel, and implements measures to minimize the management of personal information.B. Conducting Regular Internal AuditsThe Company conducts regular internal audits (once every quarter) to ensure security in handling personal information.C. Establishment and Implementation of an Internal Management PlanThe Company establishes and implements internal management plans to securely handle personal information.D. Encryption of Personal InformationUser passwords are stored and managed in encrypted form so only the user can know them. Critical data is protected by encrypting files and transmitted data or using separate security features like file-locking.E. Technical Measures Against Hacking and Other ThreatsTo prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, regularly updates and inspects them, and installs systems in restricted-access areas, technically and physically monitoring and blocking external intrusions.F. Restricting Access to Personal InformationThe Company takes necessary measures to control access to personal information by granting, modifying, or revoking access rights to the database system processing personal information, and prevents unauthorized external access using intrusion prevention systems.G. Retention of Access Records and Prevention of AlterationThe Company keeps and manages records of access to the personal information processing system for at least six (6) months and employs security features to prevent alteration, theft, or loss of access records.H. Use of Locking Devices for Document SecurityDocuments and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.I. Control of Unauthorized Personnel AccessThe Company maintains separate physical storage locations for personal information and establishes and operates procedures controlling access to these locations.10. Personal Information Protection OfficerA. The Company designates the following Personal Information Protection Officer to oversee and take responsibility for personal information processing tasks,

including handling user complaints and remedies related to personal information processing. Name:
Position:
Department:
Telephone:
Fax:
Email: B. Information subjects may direct all inquiries, complaints, and requests for remedies regarding personal information protection arising during their use of the Company's services (or business) to the Personal Information Protection Officer and the responsible department. The Company will respond to and address inquiries from information subjects without delay.11. Changes to the Privacy PolicyA. This Privacy Policy shall be effective from the date of enforcement. Any additions, deletions, or amendments to the policy in accordance with laws and company guidelines shall be announced via the notice board at least seven (7) days prior to the implementation of changes.