Privacy Policy | DREAMTECH

[Dreamtech Co., Ltd.] (here in after referred to as “the Company”) hereby establishes and discloses its personal information processing policies in the following. The personal information processing policies aim to protect the personal information of information subjects in accordance with Article 30 of the 「Personal Information Protection Act」 and to quickly and smoothly handle any related complaints.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed shall not be used for any purpose other than those listed below. Should the purpose of use change, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Inquiry Response (Contact): Purpose of Processing: Responding to inquiries about the Company; Items Collected: [Required] Name, Email Address, Phone Number

2. Ethics Management Reporting Processing: Purpose of Processing: Handling reports and grievances related to ethics management; Items Collected: [Required] Name, Email Address, Phone Number

3. Website Usage: Purpose of Processing: Gathering service usage statistics and access frequency; Items Collected: User's browser type and OS, access records (IP Address, access time), etc.

Article 2 (Processing and Retention Period of Personal Information)

1. The company processes and retains personal information for the period of retention and use of personal information that has been specified by the related laws, or the period of retention and use of personal information agreed upon when the personal information is collected.
2. The processing and retention period of personal information is as follows.
- ① The company retains and uses personal information until the purpose of its collection and use has been fulfilled (final answer to customer inquiries).
- ② If the user wants to delete his or her personal information, the company will delete the personal information without delay.
3. The Company does not currently outsource personal information processing tasks. Should outsourcing occur in the future, the Company will disclose the contractor and the outsourced tasks through this Personal Information Processing Policy.

Article 3 (Providing Personal Information to a Third party)

1. In principle, the company processes the user's personal information within the range specified for the purpose of collection and use, and except in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the user's consent and special provisions of the law, the company will not process the information in a manner that goes beyond the scope of the original purpose, or provide it to a third party without the prior consent of the user.

Article 4 (Information Subject’s Rights and Duties and Method of Exercise)

1. The user may view or modify the personal information registered with the company at any time, and may request to withdraw his or her consent to its collection. If users wishing to view/modify their personal information or to withdraw consent contact the person in charge of personal information protection or the department in charge of the company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, the company will take action without delay.
2. If a user requests the correction of errors in personal information, the personal information will not be used or provided until such correction has been made. In addition, if incorrect personal information has already been provided to a third party, the correction will be reported to the third party without delay. The Company handles personal information that has been voided or deleted at the request of a user as specified in ‘Article 2 Processing and Retention Period of Personal Information,’ and processes it so that it cannot be viewed or used for any other purpose.
3. The rights of a data subject may be exercised through a legal representative or an authorized agent. In such cases, a power of attorney in the format prescribed in Appendix Form No. 11 of the “Public Notice on Personal Information Processing Methods” must be submitted. The legal representative of a child under the age of 14 may request access to, correction, deletion, or suspension of processing of the child’s personal information from the company.
4. If a request to view and suspend personal information is made, the user’s rights may be restricted as per Article 35(5) and Article 37(2) of the Personal Information Protection Act.
5. For some personal information, deletion cannot be requested if the personal information is specified as a mandatory target of collection in other laws.
6. In accordance with Article 35(2) of the Personal Information Protection Act, a data subject may request the company to transfer his or her personal information held by the company to the data subject or a third party. Upon such request, the company shall, without undue delay, implement the transfer after taking necessary technical and administrative protective measures, and in the event of a legitimate reason for delay, notify the data subject of the reason.Pursuant to Article 35-2 of the Personal Information Protection Act, the data subject may request the company to transfer their personal information held by the company to themselves or a third party. Upon request, the company shall transfer the information without delay after implementing technical and administrative protective measures. If there is a delay for a legitimate reason, the company shall notify the reason.
7. In accordance with Article 37(2) of the Personal Information Protection Act, a data subject has the right to refuse decisions made solely through the fully automated processing of personal information, the right to request an explanation regarding such decisions, and the right to raise an objection to those decisions.

Article 5 (Installation, Operation, and Refusal of Automatically Collecting Devices)

1. The Company uses cookies to store and periodically retrieve usage information in order to provide personalized services to data subjects.
2. Cookies are small pieces of information sent by the server (https) used to operate the website to the user's computer browser and may be stored on the hard disk of the user's PC.
3. Data subjects can configure settings such as accepting or blocking cookies through their web browser settings. Refusing to store cookies may result in limitations on service use.
4. The method for changing cookie settings is as follows.
- • Chrome: Top right ‘More (⁝)’ > Settings > Privacy and security > Cookies and other site data
- • Edge: Top-right ‘...’ > Settings > Cookies and site permissions > Manage cookies and site data
- • Safari, iOS: Settings > Safari > Advanced > Block All Cookies

Article 6 (Cross-Border Transfer of Personal Information)

The Company is not currently transferring personal information overseas. Should any future transfer plans arise, the Company will obtain the data subject's consent in accordance with relevant procedures and disclose the details in its processing policy.

Article 7 (Destruction of Personal Information)

1. The company will destroy the personal information without delay when it is no longer necessary, such as when the personal information retention period has elapsed or the purpose of its collection has been achieved.
2. When the personal information must to be kept in accordance with other decrees even though the personal information retention period agreed upon by the user has elapsed or the purpose of its collection has been achieved, the personal information is preserved by moving to a separate database (DB) or by changing the storage location.
3. The procedure and method of personal information destruction are as follows.
- ① Destruction procedure: The company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the company’s personal information protection officer.
- ② Destruction method: The company destroys personal information recorded and stored in the form of electronic files using a method such as a low level formatting so that the records cannot be reproduced, while personal information recorded and stored in paper documents is destroyed by crushing it with a grinder or through incineration.

Article 8 (Measures to Ensure the Safety of Personal Information)

The company takes the following measures to ensure the safety of personal information.

1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights to information such as through personal information processing system, installation of access control system, encryption of unique identification information, installation of security programs, etc.
3. Physical measures: Access control in the computer room, data storage room, etc.

Article 9 (Person in Charge of Personal Information Protection)

1. The company has designated the following person in charge of personal information protection, to take full responsibility for the work of personal information processing and to handle user complaints and remedies for damage related to personal information processing.

Chief Privacy Officer		Personal Information Protection Department
Name	Byun Hyochang	Department Name	Corporate Development
Position	Director	Person in Charge	Byun Hyochang
Contact	(T) 070-5176-6541 / (F) 070-5176-6547	Contact	(T) (T) 070-5176-6541 / (F) 070-5176-6547

2. Users can contact the information protection officer and the department in charge of personal information protection with any inquiries related to personal information protection, complaint handling, damage relief, etc. The company will respond and handle user inquiries without delay.

Article 10 (Remedy for Infringement of Rights and Interests)

Users can make inquiries regarding damage relief, consultation, etc. for personal information infringement to the following organizations.

The following organizations are separate from the company. Please feel free to contact them if you are not satisfied with the company's own handling of a personal information complaint or a request for damage relief, or if you need more detailed assistance.

Personal Information Dispute Mediation Committee	(No area code required) 1833-6972	www.kopico.go.kr
Personal Information Infringement Reporting Center	(No area code required) 118	privacy.kisa.or.kr
National Police Agency	(No area code required) 182	ecrm.poice.go.kr

Article 11 (Change of personal information processing policy)

The company will notify users through a notice on the website if there is a change in the privacy policy (addition, deletion, or modification of contents). Also, the policy before and after the changes will be compared and disclosed so that users can easily check the change in contents.