The Privacy Policy of BIGBOX Through the BIGBOX Privacy Policy, we inform you what purpose and what manner the personal information you provide is being used for and in and what actions are being taken to protect your privacy. <General> 1) BigBox (hereinafter the "Company") is committed to convenient services. In addition, the Company complies with the ""Information Communication Network Promotion and Information Protection Act" ("Information and Communication Network Act"), and the provisions of privacy protection of the relevant laws and regulations. As such, it is dedicated to the protection of personal information. 2) By releasing this Privacy Policy on the first screen of the BIGBOX homepage (www.playbigbox.com), the Company makes it easy for users to view them at any time. 3) This Privacy Policy is subject to change due to changes in the Company’s internal policy and the related laws and guidelines, and when there is change, the Company immediately notifies its members of the reason for change and contents through homepage. - The term "personal information" refers to the information of a living person, including a name, a resident registration number, a symbol, a voice, a sound, and visual information that can make an individual identified. - The Company shall use the personal information of a user within a scope of (1) the items of personal information collected and the methods of collection and (2) the purpose of collection and the use of personal information. In case of exceeding or changing the scope, the Company will obtain the user's consent in advance. When the Company changes the period of holding and use of personal information, or provides or entrusts personal information to a third party (changes in content are also the same), the Company shall inform all users of major changes and obtain consent through Internet site, telephone, e-mail, etc. However, when there are three cases ("When it is necessary to provide the service by contract with the user and it is difficult to acquire consent", "When it is necessary for the settlement of fees", "When there are special regulations by other laws") that are treated as exceptions, the Company’s notices can replace “getting the consents of users”. 1. The Items of Personal Information to Be Collected and How to Collect 1) When a user uses the service, the Company may collect the following personal information of the user. (i) Personal information collected at the time of initial member registration to provide smooth customer consultation and various services: email, name, mobile phone number, and password (ii) Personal information that can be automatically generated and collected during the course of service use or business process: IP address, cookie, service usage record, access log, the record of the suspension of use, the record of improper use, a user's browser type and OS, search word, the visit date and time, payment record, and personal information collected through the process of receiving personal consent from members 2. The Collection of Personal Information and the Purpose of Use The purposes of the collection of personal information and the purpose of use are as follows. 1) The Management of Members - The Identification of a person for using the service: E-mail address - Complaints handling: e-mail address, mobile phone number, name 2) The settlement of fees relating to the implementation and servicing of the contract - The provision of contents: e-mail address, name, mobile phone number, carrier information, terminal information (model name, OS type and version), the record of app use and connection, authentication record, payment record, connection date & time record, the record of improper use - The record of the use of paid information and payment: payment records 3) The use for the event and marketing - Event: name, e-mail address, mobile phone number - Marketing: telecom carrier information, terminal information, app use and access record, the record of improper use 3. The Period of the Holding and Use of Personal Information 1) In principle, after the purpose of collecting and using personal information is accomplished, the Company will destroy the information without delay. However, it will keep for the following information for a "retention period" in accordance with "retention reasons" set out in the provisions of the Privacy Policy. - Items: password, email address, name, phone number, app use and access records, payment records, the record of improper use - Retention Reasons: for the purpose of handling consumer complaints and dispute resolution at the termination of services by members - Period: 30 days 2) If there is a need to have retention of information in accordance with related laws, including Consumer Protection Act in Electronic Commerce etc. and Commercial Law, the Company may keep the personal information of users for a certain period of time as stipulated by related laws and regulations. In this case, the Company will use the information only for the purpose of keeping it and will keep it for the "Retention Period" in accordance with "Retention Reasons" - The record of contract or the withdrawal of contracts, etc. * Retention Reasons: Consumer Protection Act in Electronic Commerce etc. * Retention Period: 5 years - The record of payment and goods supply * Retention Reasons: Consumer Protection Act in Electronic Commerce etc. * Retention Period: 5 years - The record of consumer complaints or disputes * Retention Reasons: Consumer Protection Act in Electronic Commerce etc. * Retention Period: 3 years 4. The Procedures and Methods of Destroying Personal Information The Company destroys information immediately when the purpose of the collection and use of personal information is achieved. The procedures for destruction and the method are as follows: - Destruction Procedures The Company retains personal information during the Retention Period pursuant to Retention Reasons, and destroys the information in a manner that it cannot be reproduced. - Method of destruction * The personal information stored in the form of electronic files is deleted using a technical method that disables the reproduction of record. * Personal information printed on paper is destroyed in paper shredders 5. Providing and sharing personal information 1) In principle the Company does not provide personal information to outsiders. However, the following cases compose exceptions; - If a user has agreed in advance - If necessary for the settlement of a fee incurred by the provision of the service - In accordance with the provisions of relevant laws and regulations, including Framework Act on Telecommunications and Telecommunications Business Act or if there is a request from an investigating agency in accordance with the procedures and methods set forth in the laws for the purpose of investigation - If personal information is processed into a form that cannot be identified as the information of a specific individual, which is necessary for statistical report, academic research, or market research 6. The Rights of Users and Legal Representatives and How to Exercise the Rights 1) Users and legal representatives may withdraw their consent to the collection of personal information in writing or via telephone, e-mail, etc. In such case, the Company shall take necessary measures, such as the destruction of the personal information concerned, unless stipulated otherwise in the laws and regulations, after the Company confirms the identity of the person. However, if personal information is destroyed due to a membership withdrawal, related information generated and accumulated by the user during the period of the Company's services may be destroyed together. 2) If a legal representative of a user visits and requests reading or correction, the Company may check the visitor is the true legal representative of the user. In this case, the Company may require the visitor to show his or her proof of legal representation. 3) In the event that there is a good reason to refuse his or her request to read or correct the personal information of the user in whole or part, the Company will notify the User without delay and explain the reasons. 7. Technical / Administrative Protections for Personal Information 1) In dealing with your personal information, the Company establishes technical and managerial measures for ensuring the safety of personal information in order to prevent loss, theft, leakage, alteration or damage. - Technical Measures ① Since the personal information of a user is encrypted, the information cannot be known except the user himself or herself. Only the user's request makes it possible to check and change personal information. ② Through encrypted communication, the Company enables a user to transmit his or her personal information securely over the network. ③ To prevent personal information from being leaked or damaged by hacking or computer viruses, the Company is doing its best. ④ The Company regularly backs up personal information for emergency cases, and prepares takes measures to prevent damage from computer viruses by using vaccine programs. ⑤ Through access control to the system, authority management, and vulnerability checks, the Company continues to make efforts to enhance security. - Administrative Measures ① The Company restricts access to the personal information database of users to the minimum number of persons, and the persons allowed are is as follows: A. Those who perform marketing, events, customer support, service operation, and delivery, directly contacting users (including the employees of the consignment and partner companies) B. Those who are in charge of personal information management, such as Personal Information Manager C. Other work-related handling of personal information, the inevitable party ② The Company conducts regular training about its personal information protection obligation for personal information handlers ③ If the department dedicated to privacy affairs, verifying compliance with the Privacy Policy and internal regulations, finds a problem with internal compliance with the privacy policy, the Company will make measures to have it corrected immediately. ④ The Company shall not be held responsible for any problems caused by leakage of personal information, such as name, password, etc, due to the user's negligence or a problem with the Internet. 8. Complaints for Personal Information 1) In order to protect a user's personal information and to handle complaints related to personal information, the Company has designated a person in charge of personal information management as follows. - Personal Information Manager * Company : BigBox * Name: Choi Jung Goo * Phone: 070- 8672 - 9875 * E-mail: shiftKey @ wjcompass .com 2) Users can report all privacy-related complaints (complaints that occur while using company's services) to the person in charge of personal information management (Privacy Officer). The Company will get back to the user quickly in response to the privacy-related complaints. For other reports or advice on privacy needs, please contact the following organizations. - Privacy Complaint Center (privacy.kisa.or.kr / 118 without an area code) - Cyber Criminal Investigation Section in Supreme Prosecutors' Office (www.spo.go.kr / 1301 without the area code) - Cyber Security Administration in the Police (www.ctrc.go.kr / 182 without an area code) 9. Links The Company can offer users some links to other company’s websites or for materials. In this case, because the Company has no control over external sites and data, it shall not be held responsible for the availability of services or the usability of materials, and it shall not guarantee their qualities. When a user clicks a link to move into the webpage on another site, the user should check the policy of a newly visited site because the site's privacy policy is independent of that of the Company. 10. Others If there is any additional deletion or modification of the contents of this Privacy Policy due to changes in laws or policy or security technology, The Company will in advance notify users of a changed Privacy policy through the website (www.playbigbox.com) and its reasons for the change. Effective Date: July 12, 2017