This Privacy Policy is intended to inform you of our policies and practices regarding the collection, use, and disclosure of any personal information you submit to us through our Sites.

Tomato System Co., Ltd. (hereinafter referred to as "the Company") is subject to the provisions of the Privacy Act, the Telecommunications Business Act, the Act on the Promotion of Information and Communication Network Utilization and Information Protection.

We comply with the personal information protection regulations of related laws and regulations that the information communication service provider must comply with the Personal Information Protection Act and the Enforcement Decree of this Act. We are committed to protecting your interests by establishing a personal information processing policy in accordance with relevant laws and regulations.

This policy explains your rights with regards to your personal information and will inform you of the purpose and use of the personal information you provide and what measures are being taken to protect your personal information. It also explains how to access and update your information, and how you can object to its use. If the Company is revising its Privacy Policy, we will notify you via announcement (or individual announcement).

The personal information processing policy of Tomato System Co., Ltd. contains the following contents:

1. Consent To Collect Personal Information:

The Company shall notify the Customer of the contents of the Personal Information Processing Policy or Terms of Use before clicking the "I Agree" or "I Disagree" button.
If the Customer clicks the "I agree" button, this gives the Company permission to collect personal information.

2. Personal Information Items And Collection Methods

1) Personal information items to be collected

• A. The Company collects personal information such as the following for service, membership, payment management, etc.
  • Business name, company name, address, representative director, name, phone number, ID, e-mail, information of legal representative for children under 14 years old
• B. During the course of using the service, the following information can be automatically generated and collected.
  • IP Address, cookie, date and time of visit.
• C. The following payment information may be collected during the use of paid services
  • When quotation/order form is requested: company name, contact person, telephone number, e-mail address, etc.
  • When applying for electronic tax invoice: Information required for payment such as company name and business registration number

2) How to collect personal information

• The Company collects personal information in the following ways:
  • Homepage membership, service usage (download, quotation/order form), written form, fax, telephone, consultation board, e-mail, event application etc.

3. Collection and Use of Personal Information

The Company uses personal information collected for the following purposes.
All information provided by the user will not be used for purposes other than those required for the following purposes and will be subject to prior agreement if the purpose of use is changed.

• 1) Fulfillment of contracts related to service provision and settlement of fees according to service provision - Service provision, purchase, and payment, etc.
• 2) Membership Management
  - Identification, personal identification, fraudulent use of fraudulent members, and unauthorized use of membership service and restricted identification system.
  - Prevention of use, Confirmation of subscription, Limitation on the number of subscriptions, preservation of records for dispute settlement, complaint handling, etc.
  - Confirmation of the consent of the legal representative when collecting personal information of children under the age of 14 and confirmation of legal representative.
• 3) Use in Marketing and Advertising
  - Provide information and customized services through the development of new services and events.
  - Statistics on how to provide services and advertising, how to access the site, or how to use the service.

4. Matters Concerning The Provision Of Personal Information To Third Parties

The Company shall use the personal information of the users within the scope of the notice stated in "3. Purpose of collection and use of personal information" The user's personal information will not be disclosed or provided outside of the scope of use without prior consent of the user or in principle.
However, the following cases are excluded:

• 1) Users agree to release in advance
• 2) In accordance with the provisions of laws and regulations, or for the purpose of investigation, there is a request from the investigating authority in accordance with procedures and methods prescribed in the law.

5. Commitment to Handling Personal Information

The Company does not entrust the user's privacy to third parties without the user's consent. Such needs will arise in the future. In this case, we will notify the user of the entrusted person and the contents of the entrusted business and will obtain prior consent if necessary.

6. Period Of Retention And Use Of Personal Information.

In principle, after the purpose of collecting and using personal information is achieved, we will destroy the information without delay. However, if it is necessary to preserve it in accordance with the relevant laws and regulations, the Company keeps the member information for a certain period as stipulated by related laws and regulations as follows.

1) Reason for holding information by "Company" internal policy Reason for preserving fraudulent use:

• Reason for preserving fraudulent use: Prevention of fraudulent use
• Prevention of illegal use Retention period: 1 year

2) Reason for holding information by relevant laws and regulations

- If it is necessary to preserve the information, in accordance with the provisions of relevant laws such as the Commercial Act, the Act on the Consumer Protection in Electronic Commerce etc., the "Company" keeps your membership information for a certain period of time as stipulated by relevant laws and regulations.
- In this case, the "Company" will only store the information it keeps. The preservation period is as follows:

• History of website visits
  • Reason for Preservation: Communication Confidentiality Protection Act
  • Retention period: 3 months
• Records of consumer complaints or disputes
  • Reason for Preservation: Act on the Consumer Protection in Electronic Commerce etc.
  • Retention period: 3 months
• Records relating to contract or withdrawal of subscription
  • Reason for Preservation: Act on Consumer Protection in Electronic Commerce etc.
  • Retention period: 5 years
• Records on the payment of goods and supplies.
  • Reason for Preservation: Act on Consumer Protection in Electronic Commerce etc.
  • Retention period: 5 years

7. Procedures And Methods For The Destruction Of Personal Information

In principle, after the purpose of collecting and using personal information is accomplished, the Company will destroy the information without delay. The procedure and method of destruction are as follows:

Destruction procedure

• The information you entered for your use of the service is transferred to a separate DB after the purpose is accomplished (in the case of paper, a separate document box)
  It is stored for a certain period of time according to the internal policy and other relevant laws and regulations (see the period of possession and use).
  Personal information transferred to a separate DB is not used for any purpose other than those held by the stand, if not the law.

Method of Destruction

• Personal information printed on paper is crushed or incinerated by a crusher or treated with chemicals to dissolve and destroy. Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.

8. Rights Of Users And Legal Representatives And How To Exercise Them

• 1) Users and legal representatives can view or modify their registered personal information at any time, and may ask to be terminated.
• 2) In order to view/modify the user's personal information, it is possible to change the personal information (or modify the member's information), and in order to cancel the membership (withdraw the consent) you can view, correct or withdraw directly afterwards.
• 3) Or, contact the person in charge of personal information management by phone, email or phone, and we will take action without delay.
• 4) If a user requests the correction of an error in personal information, it will not be used or provided until the correction is completed. Also, if wrong personal information is already provided to a third party, we will notify the third party without delay and correct the result of the correction.
• 5) The Company will process personal information that has been terminated or deleted at the request of the user or legal representative as described in "6. Period of Retention and Use of Personal Information" and is prohibited from being viewed or accessed for any other purpose.

9. Matters Concerning The Installation/Operation And Rejection Of Cookies

In order to provide personalized and customized services, the company uses 'cookies' to store and retrieve information from users. Cookies are small text files that are sent to your browser by the server used to run the website and are stored on your computer's hard disk.

(1) Purpose of Cookie

• It is used to provide targeted marketing and personalized service by analyzing the frequency of visitors and non-members' access frequency and time, identifying user's taste and interests, tracking trace, participating in various events and checking the number of visits.

(2) How to reject cookies settings

• To deny cookies, you can either allow all cookies, check each time you save cookies, or refuse to save all cookies by selecting the option for your web browser. However, if the user refuses to install cookies, there may be difficulties in providing the service.

10. Technological / Administrative Protection Measures Of Personal Information

In handling personal information of users, the Company takes the following technical and administrative protection measures to ensure safety in order to prevent personal information from being lost, stolen, leaked, altered or damaged.

1) Password encryption

• The password of the member ID (ID) is encrypted and stored and managed. Only the user knows it, and the confirmation and change of personal information is possible only by the person who knows the password.

2) Technical measures against hacking

• In order to protect personal information from damage, we are backing up the data from time to time. We use the latest vaccine program to prevent personal information or data from being leaked or damaged. We can securely transmit personal information on the network through encrypted communication.
  We use intrusion prevention systems to control unauthorized access from referrals and other systematic efforts to ensure that all possible technical equipment is available to ensure security.

3) Operation and education of personal information manager

• We minimize the number of persons in charge of personal information, emphasize compliance with personal information processing policy through periodic education about personal information, confirm the compliance of personal information policy and compliance with a person in charge. Even though the Company has fulfilled its obligation to protect personal information and are working hard to make it right, the Company shall not be held responsible for damages that are not attributable to the Company including incidents such as carelessness of users or accidents in areas not controlled by the Company.

11. Personal Information Manager

In order to protect customer's personal information and to deal with complaints related to personal information, the company appoints the related department and personal information manager as follows:

• Personal Information Manager
  • Name: Chonghwa Yoon
  • Affiliation: Management Support Team
  • Position: Representative
  • Phone: 02-3445-2194 (ext. 210)
  • Email: chyoon@tomatosystem.co.kr
• Personal Information Management Officer
  • Name: SungJun Park
  • Affiliation: Strategic Business Division
  • Position: Executive Director
  • Phone number: 02-3445-2194 (238)
  • Email : sjunpark@tomatosystem.co.kr
• If you need to report or consult about other personal information infringement, please contact the following organizations
  • Personal Information Infringement Notification Center(https://privacy.kisa.or.kr/ / 118)
  • Supreme Prosecutors' Office, Advanced Crime Investigation Department (https://www.spo.go.kr / 1301)
  • Cyber Terror Response Center (https://cyberbureau.police.go.kr/ / 182)

12. Matters Concerning The Change Of Personal Information Processing Policy

If there is any addition, deletion or modification of the contents due to the change of government policy or security technology, notice of general contents should be notified at least 7 days before revision.

• Addendum
• This privacy policy will be effective on February 1, 2012.