1. Items of Personal Information Collected by the Company

(a) Items of personal information collected by the company

1. First, the company collects the following minimal personal information as mandatory items when a customer signs up for membership or when conducting customer consultations and various other services.
   1. [Sign Up]
   2. - Required items: ID, password, name, date of birth, gender, mobile phone number for registration certification, and information on legal representative for children under 14 years of age (name of legal representative, DI, and mobile phone number will be collected and stored until the child reaches adulthood).
   3. - Optional item: E-mail address for emergency contact (You can register as a member without entering the optional item.)
   4. [Group ID Sign Up]
   5. - Required items: Group ID, group name, corporation name (organization name), representative name, business location, representative contact number, manager ID, manager's mobile phone number, department/position of the manager
   6. - Optional item: Representative fax number (You can register as a member without entering the optional item.)
2. Second, the following information can be automatically generated and collected during the service utilization or business process.
   1. - IP address, cookies, visitation date, service use record, defect use record, and device information
3. Third, in the process of applying for additional services and customized services using a Gwangju Boutique Hotel & Residence ID, or during the application process, the following information may be collected only for users of the service:
   1. - When consent is obtained for additional collection of personal information
4. Fourth, when some services, such as adult content, paid services/games, etc., are used, the following information may be collected where it is necessary to certify users in order to comply with relevant laws and regulations:
   1. - Name, date of birth, gender, duplication information (DI), encrypted connecting information (CI), mobile phone number (optional), i-PIN number (when using i-PIN), and nationality information
5. Fifth, the following payment information may be collected during the use of paid services
   1. - When paying by credit card: Credit card company name, card number, etc.
   2. - When paying by mobile phone: Mobile phone number, carrier, payment approval number, etc.
   3. - When paying by account transfer: Bank name, account number, etc.
   4. - When paying by gift certificate: Gift certificate number

(b) Method of collecting personal information

The company collects personal information in the following ways:

1. 1. - Website, written form, fax, telephone, counseling board, e-mail, event application, and delivery request
   2. - Provision from partner companies
   3. - Collection through generated information collection tool

2. Purposes of Collection and Use of Personal Information

(a) Implementation of contracts for the provision of services and settlement of charges for the provision of services

- Provision of content, provision of specific customized services, delivery of goods or invoices, identification, purchase/payment, collection of charges

(b) Member management

- Membership service provision, personal identification, restrictions on use for members who violate the Terms of Use of Gwangju Boutique Hotel & Residence, sanctions against acts that interfere with the smooth operation of services and acts of illegal use of the service, confirmation of intention to join, limits on registration and the number of registrations, verification of consent from legal representatives when collecting personal information of children under 14 years of age, confirmation of the legal representative's identity later, preservation of records for dispute resolution, complaint handling, notification, and confirmation of membership withdrawal

(c) New service development and use in marketing and advertisement

- New service development and provision of customized services, service delivery and advertisement according to statistical characteristics, validation of services, event information and opportunities to participate, advertising information, access frequency identification, and statistics on service use by members

3. Sharing and Provision of Personal Information

The company uses the personal information of users within the scope specified in Article 2, “Purposes of Collection and Use of Personal Information," and does not use personal information beyond this scope without the prior consent of the users nor, in principle, does it disclose the users' personal information to third parties. Exceptions are made in the following cases:

1. (a) When the user has agreed in advance
2. (b) When there is a request from an investigative agency pursuant to the provisions of relevant acts and subordinate statutes or when the procedures and methods prescribed in relevant acts and subordinate statutes call for investigation

4. Terms of Use of Personal Information

The company entrusts personal information as follows to improve services, and provides necessary information for the safe management of personal information in consignment contracts in accordance with the relevant statutes.
Details of the company's personal information consignment and consignment operation are as follows

5. Retention and Use Period for Personal Information

In principle, once the purpose of collecting and using personal information is achieved, the user's personal information is disposed of without delay. However, the following information shall be maintained for a specified period in accordance with the following reasons:

(a) Reasons for information retention according to the company's internal policy

1. Records of fraudulent use (records of unusual use of services such as fraudulent sign-up and disciplinary records)
   1. - Items retained by the company: Mobile phone number for registration verification, legal representative DI for members under 14 years of age.
   2. - Reason for retention: Prevention of illegal subscription and use
   3. - Retention period: 1 year
   4. ※ A “record of fraudulent use” is a record that was restricted by the company due to a fraudulent subscription or postings that violate the company's operational principles.

(b) Reasons for information retention in accordance with relevant laws

When it is necessary to preserve the information in accordance with the provisions of the relevant statutes, such as the Commercial Act and the Electronic Commercial Act, the company shall keep member information for a certain period, as prescribed by the relevant statutes. In this case, the company will use the information only for the purpose, and the retention period will be as follows:

1. Records of contract or withdrawal
   1. - Reason for retention: Act on Consumer Protection in Electronic Commerce Transactions
   2. - Retention period: 5 years
2. Record of payment and supply of goods
   1. - Reason for retention: Act on Consumer Protection in Electronic Commerce Transactions
   2. - Retention period: 5 years
3. Records of electronic financial transactions
   1. - Reason for retention: Electronic Financial Transactions Act
   2. - Retention period: 5 years
4. Records of consumer complaints or dispute handling
   1. - Reason for retention: Act on Consumer Protection in Electronic Commerce Transactions
   2. - Retention period: 3 years
5. Website history
   1. - Reason for retention: Protection of Communications Secrets Act
   2. - Retention period: 3 years

6. Procedures and Methods for Disposal of Personal Information

In principle, the user's personal information is disposed of without delay once the purpose of collecting and using the personal information is achieved. The procedures and methods for disposal of personal information are as follows:

(a) Disposal procedure

1. 1. - Information entered by the user for membership registration is transferred to a separate DB (or in the case of paper, separate document box) after the purpose is achieved and stored for a certain period of time (refer to Retention and use period of Personal information) according to internal policies and other related laws.
   2. - The personal information will not be used for any purpose other than retention unless required by law.

나. Destruction method

1. 1. - Personal information printed on paper is destroyed by shredding or incineration.
   2. - Personal information stored in electronic file formats is deleted using technical methods that prevent records from being accessed.

7. Rights and Practices of Users and Legal Representatives

1. - Users and legal representatives can view or modify the registered personal information of themselves or the children under the age of 14 at any time, and if they do not agree to the processing of the personal information by the company, they refuse to consent or cancel their membership (withdrawal from membership). However, in such a case, some or all of the services may be difficult to use.
2. - Click "Change personal information" (or "Modify member information") for users or children under 14 years of age, or "Withdraw membership" for cancellation of membership (withdrawal of consent) to view, correct or withdraw personal information.
3. - Or, if you contact the person in charge of personal information management in writing, by phone or e-mail, we will take action without delay.
4. - If a user requests a correction of personal information errors, his or her personal information shall not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the results of the correction to the third party without delay so that the correction can be made.
5. - The company handles personal information canceled or deleted at the request of the user or legal representative as specified in "5. Retention and Use Period for Personal Information" and is not allowed to read or use it for other purposes.

8. Installation Information / Operation and Denial of Use of the Personal Information Auto Collector/h3>

(a) What are cookies?

1. 1. - The company uses “cookies” that store and retrieve user information from time to time in order to provide personalized and customized services.
   2. - Cookies are very small text files that the server used to operate the website sends to the user's browser and that are stored on the user's hard disk. Later, when the user visits the website, the website server reads the content of the cookies stored on the user's hard disk and uses them to maintain the user's preferences and provide customized services.
   3. - Cookies do not automatically or actively collect personally identifiable information, and the user can refuse to store or delete these cookies at any time.

나. Company's purpose for using cookies

1. 1. The company provides optimized information including advertisements to users by identifying the types of visits to and use of each service and website of Gwangju Boutique Hotel & Residence, as well as popular search terms, security access status, news editing, and the number of users.

(c) Installation, operation, and rejection of cookies

1. 1. - The user has the option of installing cookies. He or she may allow all cookies by setting the option in the web browser, check each time a cookie is saved, or refuse to save all cookies.
   2. - However, if you refuse to store cookies, some services of Gwangju Boutique Hotel & Residence, which require logging in, may be difficult to use.
   3. - For Internet Explorer, you can specify whether or not to allow cookie as follows:
      ① Select [Internet options] from the [Tools] menu
      ② Click [Privacy tab]
      ③ Set the [Privacy level]

9. Technical and Administrative Protection Measures for Personal Information

The company has implemented the following technical and administrative measures to prevent personal information from being lost, stolen, leaked, tampered with or damaged when handling the personal information of users:

(a) Password encryption

1. 1. - Passwords for the Gwangju Boutique Hotel & Residence member ID are encrypted, stored, and managed so that only the user knows them, and only a user who knows the password can check and change the Personal information.

(b) Countermeasures against hacking

1. 1. The company strives to prevent the personal information of its members from being leaked or damaged by hacking or computer viruses.
      The company frequently backs up data to prevent damage to personal information, uses up-to-date anti-virus software to prevent users from leaking or damaging personal information or data, and safely transfers personal information to the network through cryptographic communication.
      The company uses intrusion prevention systems to control unauthorized access from the outside, and strives to utilize all available technical devices to ensure the security of its system.

(c) Minimization and training of personnel handling personal information

1. 1. The company's personal information handling staff is limited to those in charge; they regularly update the separate passwords, and their training always emphasizes compliance with the Gwangju Boutique Hotel & Residence Privacy Policy

(d) Operation of a dedicated personal information protection organization

1. 1. In addition, the company is making efforts to immediately correct any problems by checking compliance with the Gwangju Boutique Hotel & Residence privacy policy and compliance with the person in charge through an in-company personal information protection organization.
      However, the company shall not be held liable for damages that are not attributable to the company, such as user negligence or accidents in areas not managed by the company.

10. Contact Information of Personal Information Manager and Person in Charge

You may report any personal information complaints that result from the company‘s use of the services to your privacy manager or department. The company will respond quickly to complaints from users.

11. Duty of Notification

If there is any addition, deletion or amendment to the current privacy policy, the company will notify its users through an “Announcement” on the homepage at least 7 days before the amendment. However, if there is any significant change in user rights, such as the collection and use of personal information or its provision to third parties, the company will notify the users at least 30 days in advance.

1. 1. - Announcement date: August 1, 2020
   2. - Effective date: August 1, 2020