SDT

SDT Inc. (hereinafter referred to as "the Company" or "SDT") values the personal information of customers (hereinafter referred to as "customers" or "users"), and the "Personal Information Protection Act", "Act on Promotion of Information and Communications Network Utilization and Information Protection" and the corresponding Korean national laws. This Privacy Notice informs you about the purpose and method of using your personal information, and what measures are being taken to protect your personal information.

If the company revises the personal information processing policy, users will be notified through changes to this website notice or notice to directly affected individuals.

The company handles the following personal information items.

The company collects personal information in the following ways.

• ①In the process of using the service, when the customer directly enters information after consenting to the collection of personal information.
• ②Inquiries through the ‘Contact Us’ page, telephone inquiries, email inquiries, fax inquiries, written inquiries, in-person inquiries, other inquiries, etc.
• ③In the process of application for participation in online and offline events.

The company processes users' personal information for the following purposes, and does not use it for any other purpose.

• ①User consultation processing: Receiving consultations and complaints, and notification of processing results.
• ②Service provision: Service provision and service quality improvement, prevention of illegal use in service and securing stability, development of new service/technology, provision of personalized service.
• ③Marketing and advertising promotion: Provision of advertising information such as marketing, product, and event promotion.
• ④Commercial statistics preparation and information analysis: Analysis of service access and usage history by user.

The company processes and retains personal information within the period of retention and use of personal information in accordance with the relevant laws and regulations or within the period of retention and use of personal information explicitly requested by users when the company collects personal information.

However, in the following cases, the company may retain personal information until the end of the relevant reason.
If an investigation or investigation due to a violation of the relevant laws and regulations is in progress, until the investigation or investigation is completed.

The company may retain personal information in accordance with relevant laws as follows.

In principle, the company immediately destroys the information after the purpose of collection and use of personal information has been achieved. The destruction procedure and method are as follows.

- Destruction procedure: The personal information entered by the user for inquiry and event participation is transferred to a separate DB (separate filing box in the case of paper) after the purpose is achieved, and in accordance with internal policies and other information protection reasons according to related laws (refer to Period of retention and use) are stored for a certain period of time and then destroyed. Personal information transferred to a separate DB will not be used for any other purpose other than the retention of personal information, unless it is required by law.

- Destruction method: Personal information stored in electronic file format is deleted using an non-recoverable technical method. Personal information printed on paper is shredded with a shredder or destroyed through incineration.

In principle, the company does not provide users' personal information to third parties. However, exceptions are made in the following cases.

• ①When users consent to collection and usage of personal information in advance.
• ②In accordance with the provisions of laws and regulations or when there is a request from the investigation agency in accordance with the procedures and methods stipulated in the laws for the purpose of investigation.

SDT may employ other companies and individuals to perform functions on our behalf. Examples include: delivering SDT hardware, sending communications, processing payments, assessing credit and compliance risks, analyzing user data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Notice and as permitted by relevant data protection law.

Users can exercise the following privacy-related rights to the company at any time.

• ①Request to view personal information
• ②Request for correction if there are errors in personal information
• ③Request to delete personal information
• ④Request to suspend processing of personal information

If you wish to view and correct personal information, please contact the customer center in writing, by phone (+82) 2-3453-7494, or by email privacy@sdt.inc, and we will take immediate action. In addition, customers can withdraw their consent to the collection, use, and provision of personal information at any time through inquiry, etc. If the customer withdraws consent and the company takes measures such as destroying the customer's personal information in response, we will notify the customer without delay.

The company does not collect personal information of children under the age of 14 that requires the consent of a legal representative. If a child under the age of 14 provides personal information to the company contrary to the company's intention, users and their legal representatives can inquire or modify the registered personal information of themselves or the child under the age of 14 at any time. In order to inquire or correct personal information of users or children under the age of 14, contact the person in charge of personal information management in writing, by phone (+82) 2-3453-7494, or by email privacy@sdt.inc, and we will take immediate action.

The company uses 'cookies' to store and retrieve usage information from time to time to provide users with individually customized services. Cookies are very small text files sent to the user's browser by the server used to operate the company's website and are stored on the user's computer hard disk. The company uses cookies for the following purposes.

• ①It is used to provide optimized information to users by identifying the types of visits and usage, popular search terms, and secure access to each service and site visited by the user.
• ②Users have the option to allow cookies. Therefore, the user may allow all cookies by setting options in the web browser, check each time a cookie is saved, or refuse all cookies.
• ③As a method of rejecting cookie settings, you can accept all cookies by selecting the option of your web browser, check each time you save a cookie, or refuse to save all cookies. You can refuse to save cookies by setting the options in the Tools > Internet Options > Privacy menu at the top of the web browser.
• ④However, if the user refuses to install cookies, the functionality of company services may be reduced.

When the company transfers personal information to another person due to transfer of all or part of its business or company merger, etc., the company must notify the user in advance of the following matters:

• ①The fact that personal information is being transferred.
• ②Name (in the case of a corporation, the name of the corporation), address, phone number, and other contact information of the person to whom the personal information is transferred.
• ③Methods and procedures to be taken if the information subject does not want the transfer of personal information.

The company has designated the person in charge of personal information management to protect users' personal information and to handle complaints related to personal information as follows:

If you need to report or consult about personal information infringement, please contact the Korea Information Security Agency (KISA) Personal Information Infringement Report Center. In addition, if a user has suffered financial or mental damage through personal information infringement, he/she/they/ze can apply for damage relief to the Personal Information Dispute Mediation Committee of the Korea Information Security Agency (KISA).

• - KISA Privacy Protection (http://privacy.kisa.or.kr / 118)
• - National Police Agency Cyber Security Bureau (http://cyberbureau.police.go.kr 182)
• - Cyber Investigation Division, Supreme Prosecutors' Office (http://spo.go.kr / +82 2-3480-3570)
• - Personal Information Infringement Report Center (operated by Korea Internet & Security Agency) (http://privacy.kisa.or.kr / 118)
• - Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency) (http://www.kopico.go.kr / +82 1833-6972)

The company is taking protective measures (network firewall) to block DDoS attacks and intrusions from outside and prevent information loss, theft, leakage, forgery, external attacks, and hacking. We also protect information through end-to-end encryption. In addition, we limit the number of employees handling personal information to a minimum and manage the implementation and compliance of this policy through security training for related employees, and promptly take corrective action if problems are found.

This Privacy Policy goes into effect from the effective date, and if there are additions, deletions or corrections of changes in accordance with laws and policies, we will notify you through a notice 7 days prior to the enforcement of the changes. However, we will notify you at least 30 days in advance when there is a significant change in user rights, such as changes in the items of personal information collected and the purpose of use.

The announcement and effective date of this Privacy Notice are as follows.

Announcement Date: May 01, 2022
Effective Date: May 01, 2022