Personal Information Processing Policy of Won Design Co., Ltd

In accordance with Article 30 of the Personal Information Protection Act, Won Design Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses the following guidelines for handling personal information in order to protect the personal information of the data subject (customer) and to promptly and smoothly deal with the related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 1. Complaint Handling Personal information is processed for the purpose of verifying the identity of the inquirer, confirming the inquiry details, contacting and notifying for fact-finding, and notifying the results of processing.

Article 2 (Retention and Use Period of Personal Information)

① The Company processes and retains personal information within the retention and use period of personal information under the law or the period of use agreed upon by the data subject at the time of collection. ② The retention and use period for each type of personal information is as follows. 1. Complaint Handling: Until the service use contract or service use is terminated 2. Records related to consumer complaints or disputes: 3 years

Article 3 (Provision of Personal Information to Third Parties)

The Company does not provide personal information to third parties except in cases where there is separate consent from the data subject or special provisions of law that fall under Article 17 of the Personal Information Protection Act.

Article 4 (Entrustment of Personal Information Processing)

① The Company entrusts the following personal information processing tasks to ensure smooth personal information management. Recipient: Geukdong ENC Purpose: Computer processing of personal information for product inquiry consultation and other inquiries Items: Name, Phone Number, Email, Address Period: 3 years (if there is a need to retain it under relevant laws, the retention period will apply) ② When entering into a consignment contract, the Company specifies in documents such as contracts matters related to the prohibition of personal information processing outside the purpose of consignment, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the trustee safely processes personal information. ③ If the content of the consignment work or the trustee changes, the Company will disclose it without delay through this personal information processing policy.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)

① Data subjects may exercise their rights to access, correct, delete, and suspend the processing of personal information at any time against the Company. ② The exercise of rights under paragraph 1 can be made to the Company in writing, by email, or by facsimile (FAX) in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay. ③ The exercise of rights under paragraph 1 can be made through a representative, such as a legal representative or a person delegated by the data subject. In this case, a power of attorney in accordance with Form 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted. ④ Requests for access to and suspension of processing of personal information may be restricted in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act. ⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a target of collection in other laws. ⑥ The Company verifies whether the person making the request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.

Article 6 (Personal Information Items Being Processed)

The Company processes the following personal information items. 1. When applying for online consultation ∙ Required items: Name, Email, Phone Number, Address 2. When applying for other inquiries ∙ Required items: Email

Article 7 (Destruction of Personal Information)

① The Company will destroy personal information without delay when it is no longer necessary, such as when the retention period has expired or the purpose of processing has been achieved. ② The Company destroys personal information by the following methods. - Electronic files: Deleting files and formatting storage media such as disks - Paper documents: Shredding or incinerating

Article 8 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information. 1. Administrative measures: Establishment and implementation of internal management plans, regular training for employees and workers 2. Technical measures: Management of access rights such as setting passwords for personal information processing systems (or computers where personal information is stored), installation of security programs such as vaccine software, encryption of files where personal information is stored 3. Physical measures: Locking of places where personal information is stored and kept, access control, etc.

Article 9 (Installation and Operation of Automatic Personal Information Collection Devices and Refusal Matters)

① The Company uses 'cookies' to store and retrieve user information in order to provide individualized customized services to users. ② Cookies are small amounts of information sent by the server (http) operating the website to the user's computer browser and are sometimes stored on the hard disk of users' PC computers. A. Purpose of using cookies: It is used to provide optimized information to users by identifying the visit and usage patterns of each service and website visited by users, popular search terms, security access status, etc. B. Installation, operation, and refusal of cookies: Users can refuse to store cookies through the option settings in the tools > Internet options > Privacy menu at the top of the web browser. C. If you refuse to store cookies, you may experience difficulties in using customized services.

Article 10 (Personal Information Protection Officer)

① The Company is responsible for overseeing personal information processing tasks and has designated a Personal Information Protection Officer as follows to handle complaints and remedies related to personal information processing. Name: Choi Jeong-seok Phone number: 010-7709-6572 Email: livewithme@naver.com ② Data subjects can contact the Personal Information Protection Officer regarding all inquiries, complaint handling, and remedies related to personal information protection that arise while using the Company's services. The Company will respond to and address the inquiries of data subjects without delay.

Article 11 (Remedies for Infringement of Rights)

Data subjects can contact the following organizations for remedies, consultations, etc. regarding personal information infringement. ▶ Personal Information Infringement Reporting Center (Operated by the Korea Internet & Security Agency) - Responsibilities: Reporting personal information infringement, applying for consultations - Website: privacy.kisa.or.kr - Phone: (Without area code) 118 - Address: (58324) 3rd Floor, Personal Information Infringement Reporting Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong) ▶ Personal Information Dispute Mediation Committee - Responsibilities: Applying for personal information dispute mediation, collective dispute mediation (civil resolution) - Website: www.kopico.go.kr - Phone: (Without area code) 1833-6972 - Address: (03171) 4th Floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul ▶ Cyber Crime Investigation Unit, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr) ▶ Cyber Safety Bureau, National Police Agency: 182 (http://cyberbureau.police.go.kr)

Article 12 (Changes to the Privacy Policy)

This privacy policy will be effective from May 20, 2025.