Privacy Policy

stan (the “Company”) complies with the data privacy regulations under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Protection of Communications Secrets Act, Telecommunications Business Act, and relevant laws and regulations that apply to information and communications service providers. The Company is committed to protecting the interests of its users by establishing this Privacy Policy in accordance with relevant laws and regulations. This Privacy Policy applies to the services provided by the Company according to the terms below.

Article 1 Items of Personal Information Collected and Methods of Collection

Section 1 (Items of Personal Information Collected)

1. The Company collects the following minimal information necessary for the purposes of membership registration, subscriptions, efficient user consultation, and the provision of various other services.
   1. Membership registration – Name, email
   2. Payment – Credit card number and expiration date
2. The following information may be automatically generated or collected during your use of the services or the provision of the services to you. – IP Address, Cookies, access log, date and time of visits, service use records and service use materials (program code, etc.), misuse records, and payment records

Section 2 (Methods of Collection)

The Company collects user personal information according to the following methods.

1. Collection through the homepage
2. Collection through generated information collection tools
3. Use of cookies and web beacons

Article 2 Purpose of Collection and Use of Personal Information

Section 3 (Performance of Contracts to Provide Services and Settlement of Payment for Services)

The Company collects user personal information for the purpose of providing contents; providing customized services; identification and authentication; settlement of purchases and payments; collection of payments; and other services.

Section 4 (Member Management)

The Company also collects user personal information for the purposes of membership management, including identification and authentication of users for the use of membership services and its authentication system, prevention of misuse by bad members and unauthorized persons, confirmation of membership, identification and authentication of legal representative, retention of records for dispute resolution, processing of complaints, and delivery of notices.

Section 5 (Compliance with Legal Obligations)

Notwithstanding Sections 3 and 4, the Company may collect personal information without the user’s consent if permitted under special provisions of law or if unavoidable to comply with legal obligations.

Article 3 Personal Information Provision and Entrustment of Processing

Section 6 (Processing of Anonymized Data)

The Company processes anonymized data to improve service quality, which includes website usage records, IP addresses, website access times, and pages accessed. The anonymized data is retained until the purpose of use is achieved. If information that can be used to identify a specific individual is generated in the process of processing anonymized data, we immediately stop processing the information and take measures to collect or destroy it without delay.

Section 7 (Entrustment of Anonymized Data)

• To improve its services, the Company entrusts the processing of anonymized data according to Section 6 as follows and the contract for such entrustment includes the necessary terms for the secure management of personal information.

Entrusted Entities	Entrusted Work	Use and Retention Period
Amazon Web Services, IncGoogle LLC	Website use analytics	Until termination of membership or the termination of the entrustment agreement

Article 4 Personal Information Retention and Use Period

Section 8 (Laws Requiring Information Retention)

In principle, personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. However, Member information is retained if required to be retained under the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, etc., or other relevant laws. The following are examples where relevant laws require the retention of information.

nformation Retained	Relevant Laws	Retention Period
Records regarding contracts or subscription withdrawal	Act on the Consumer Protection in Electronic Commerce, Etc.	5 years
Records regarding payment and supply of goods and services	Act on the Consumer Protection in Electronic Commerce, Etc.	5 years
Records regarding consumer complaints or dispute resolution	Act on the Consumer Protection in Electronic Commerce, Etc.	3 years
Records regarding labeling and advertising	Act on the Consumer Protection in Electronic Commerce, Etc.	6 months
Books and records for transactions as required by tax laws	Framework Act on National Taxes, Corporate Tax Act	5 years
Records regarding electronic financial transactions	Electronic Financial Transactions Act	5 years
Log-in records	Protection of Communications Secrets Act	3 months

Article 5 Destruction of Personal Information

In principle, personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. The destruction procedure are methods are as follows.

Section 9 (Destruction Procedure)

1. Once the purpose of retaining the user’s information is achieved, the information is transferred to a separate database (if on paper, then a separate filing cabinet) and will be retained for the period of time pursuant to Company policy and applicable law (see Article 4 Personal Information Retention and Use Period) and afterwards will be deleted.
2. Unless otherwise required by applicable law, the personal information will not be used for any purpose other than the purpose such information is retained.

Section 10 (Destruction Method)

1. Personal information recorded and stored on paper will be destroyed by shredding.
2. Personal information stored in electronic file format will be destroyed by using technical methods so that such information cannot be restored.

Article 6 Rights of Users and Legal Representatives

Section 11 (Rights and Exercising of Rights)

1. A user and its legal representative may exercise the right to view, correct, delete, and suspend processing of personal information at any time.
2. The exercise of the rights under paragraph 1 is possible after undergoing the verification process for the person or agent.
3. Requests for viewing and processing of personal information may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act.
4. Request for correction and deletion of personal information may not be complied with if such personal information is specified as a collection target under other laws.

Article 7 Installation/Operation and Refusal of Operation of Automatic Personal Information Collection Tools

Section 12 (Cookies)

1. The Company uses cookies in order to provide customized services to its users.
2. Cookies are small text files utilized by the website server which are sent to a user’s web browser when using the mobile Service, which is stored on a user’s computer hard drive. Afterwards, when a user visits the website, the server reads the cookies stored on his/her hard drive to maintain the user’s settings and are utilized to provide customized services to the user.
3. Cookies are not personally identifiable information that is automatically/actively stored, and the user may at any time refuse the installation of cookies or delete such cookies.

Section 13 (Purpose of Cookies)

Cookies are used to determine visits and uses of the services and the website, popular search words, and the scale of users to provide users with optimized and customized information, including advertisements.

Section 14 (Installation/Operation of Cookies and Refusing Cookies)

1. Users have the option to accept or reject the installation of cookies. Users can access the settings in their browser regarding the installation of cookies to accept all cookies, to obtain user confirmation each time a cookie is saved, or reject all cookies.
2. However, the Company’s provision of services requiring the user to login may be limited if the user opts to reject cookies.

Article 8 Technical and Managerial Measures to Protect Personal Information

Section 15 (Technical, Managerial, and Physical Personal Information Protection Measures)

The Company takes strong technical and managerial measures to secure user personal information and prevent such information from being lost, stolen, leaked, falsified, or damaged, as follows.

1. Management measures
   • Establishment of internal management plans, regular employee training
2. Technical measures
   • Management of access rights of personal information processing systems, etc., installation of access control system, encryption of personally identifiable information, installation of security program
3. Physical measures
   • Restricting access to data processing rooms, data storage rooms, etc.

Article 9 Miscellaneous

Section 16 (Personal Information Manager)

You can refer any questions, complaints, or requests for relief regarding personal information to the Chief Privacy Officer or Personal Information Protection Department. Personal Information Manager Name: Bella Kim Department: Administration Phone: +82 2 5497826 Email: contact@stan.win

Section 17 (Remedies for Infringement of Rights)

Users may apply for dispute resolution or consultation to the following organizations to obtain relief for personal information infringement.

1. Personal Information Dispute Mediation Committee: www.kopico.go.kr
2. Personal Information Infringement Report Center: privacy.kisa.or.kr
3. Prosecution Service: www.spo.go.kr
4. Korean National Police Agency Cyber Bureau: cyberbureau.police.go.kr

Section 18 (Request to Access Personal Information)

Users can request access to personal information to the following departments. Department: Administration Contact Person: Bella Kim Phone: +82 2 5497826 Addendum This Privacy Policy will be effective as of December 1st, 2021.