Privacy Policy

This is the policy on the collection, use, and security of personal information implemented by NeoCremar Co., Ltd. to protect the personal information of customers using the NeoCremar website (https://www.cremar.co.kr).

This notice is intended to ensure that customers using the NeoCremar website can protect information related to their private life and exercise their rights, including compensation for damages caused by illegal information leaks.

This policy may be changed in accordance with laws and guidelines.

NeoCremar Co., Ltd. (hereinafter, the Company) values customers' personal information and complies with relevant laws and regulations, including the Personal Information Protection Act.

The Company establishes and complies with a personal information processing policy to protect customers' valuable personal information, and its contents are as follows.

1.     General Provisions                              7. Processing of Collected Personal Information by Third Parties

2.     Items and methods of collected personal information   8. Rights and obligations of the data subject and how to exercise them

3.     Purposes of collecting and using personal information           9. Matters concerning the installation, operation, and refusal of automatic personal information collection devices

4.     Retention and use period of personal information          10. Security measures to protect personal information

5.     Destruction procedures and methods for personal information          11. Complaint services regarding personal information

6.     Provision of personal information to third parties                  12. Notice of changes to the privacy policy

Article 1 General Provisions

• “Personal information” means information about a living individual that can identify that person by name, resident registration number, and other identifiers.

It refers to information that can identify a specific individual, including cases where the information alone cannot identify the person but can be easily combined with other information to do so.

2) The Company publishes its privacy policy on the first screen of its website so that customers can access it easily at any time.

first screen.

• If the Company revises the privacy policy, it will notify customers of the revised changes on its website by assigning the revision effective date and other details.

so that customers can easily identify them on the Company website.

Article 2 Items of Personal Information Collected and Used, and Collection Methods

1) The Company collects and uses the following personal information for membership registration, job applications, and related purposes.

a. Membership registration

– Required items: name, address, phone number (home and mobile), email, email subscription status, user ID,

password, password hint, IP address, access log, and visit date and time

b. Job application

– Required items: name (Korean/English), resident registration number (foreigner registration number), password, current address

email, phone number (home and mobile), education history, military service, veteran status, self-introduction,

login ID, access log

– Optional items: work experience, activity experience, language skills, qualifications, hobbies/special skills, areas of interest,

awards

• The Company collects customers' personal information through channels such as job applications.

Article 3 Purposes of Collecting and Using Personal Information

• Transaction contracts

– Contract preparation based on transactional relationships with the Company

2) Job applications

– Job applications and selection screening (identity verification, determination of job suitability, and notification of screening results)

Article 4 Retention and Use Period of Personal Information

In principle, the Company promptly destroys personal information after the purpose of collection and use has been achieved.

destroyed.

However, if retention is required under applicable laws and regulations, such as the Commercial Act or the Act on Consumer Protection in Electronic Commerce, etc.,

the Company retains member information for a specified period prescribed by the relevant laws and regulations. In such cases, the Company uses the retained information only for the purpose of retention, and the retention periods are as follows.

– Records of website visits: 3 months (Protection of Communications Secrets Act)

– Records of consumer complaints or dispute resolution: 3 years

(Act on Consumer Protection in Electronic Commerce, etc.)

– Records of identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)

– Records of contracts or withdrawal of subscriptions, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

– Records of payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

Article 5 Destruction Procedures and Methods for Personal Information

The procedures and methods for destroying customers' personal information established by the Company are as follows.

a. Destruction procedures

– Information entered by customers for membership registration, etc. is transferred to a separate database after the purpose has been achieved,

(for paper records, a separate filing cabinet)

and is stored for a specified period in accordance with internal policies and other relevant laws and regulations before being destroyed.

b. Destruction methods

– Personal information stored in electronic file form is permanently deleted in a way that makes recovery impossible.

– Personal information stored in printed materials, written documents, or other recording media is destroyed by shredding or incineration.

through incineration.

Article 6 Provision of Personal Information to Third Parties

In principle, the Company does not provide customers' personal information to third parties. However, the following cases are exceptions.

– When the customer has given consent

– When there is a special provision in other laws, or when it is unavoidable to comply with legal obligations

Article 7 Processing of Collected Personal Information by Third Parties

The Company outsources personal information processing operations to external specialized vendors as follows in order to carry out its services.

Article 8 Rights of the Data Subject · Obligations and How to Exercise Them

Customers and their legal representatives may at any time view, correct, or delete their own or, in the case of children under 14,

the child's personal information, and may request termination of membership.

If a customer requests correction of an error in personal information, the relevant information will not be used or provided until the correction is completed.

used or provided.

If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay

so that the correction can be made.

Personal information terminated or deleted at the request of the customer or legal representative is handled in accordance with the retention and use period of personal information collected by the Company, and access to or use of it for any other purpose is restricted. However, in the case of job applications, access, modification, and deletion may be restricted after the application deadline to ensure fairness in recruitment and smooth progress of the screening process.

Article 9 Matters Concerning the Installation · Operation and Refusal of Automatic Personal Information Collection Devices

The Company uses cookies that store and retrieve customer information as needed. A cookie is a small amount of information sent by the server used to operate the Company's website to the customer's browser, and it is stored on the customer's PC hard drive.

The Company uses cookies for the following purposes.

a. Purpose of using cookies

– The Company uses cookies to provide customers with personalized services and convenience by analyzing session management, access frequency, and visit time.

b. How to refuse cookie settings

– Customers may choose browser options to allow all cookies, require confirmation each time a cookie is saved, or refuse the storage of all cookies.

– For Internet Explorer: Tools > Internet Options > Privacy > Advanced > select settings in the web browser menu

    – For Chrome

Select the menu icon in the upper right corner of the web browser > Settings > Show advanced settings at the bottom of the screen > Personal
Information section > Content settings button > configure directly in the Cookies section

– However, if you refuse to store cookies, some services may be difficult to use.

Article 10 Security Measures to Protect Personal Information

In handling customers' personal information, the Company has established administrative, technical, and physical measures to ensure security so that personal information is not lost, stolen, leaked, altered, or damaged.

a. Administrative measures

– The Company has established and implemented an internal management plan for the safe handling of personal information.

– The Company restricts access rights to personal information for those who perform sales and marketing activities directly targeting data subjects, those who perform personal information management tasks,

– and others who inevitably handle personal information in the course of their duties.

– The Company provides regular training on personal information protection to employees who handle personal information,

and thoroughly trains them to comply with personal information protection laws even after they leave the Company.

b. Technical measures

– The Company complies with the standards prescribed by law to ensure the safe storage and transmission of personal information.

– The Company takes measures to prevent damage caused by computer viruses by using antivirus programs. Antivirus programs are updated regularly, and if a sudden virus appears, the Company provides the protection immediately as soon as it becomes available, thereby preventing personal information from being infringed.

– To prepare for hacking and other external intrusions, the Company uses intrusion prevention systems and vulnerability analysis systems for each server to ensure robust security.

c. Physical measures

– To securely store personal information and personal information processing systems, the Company has adopted physical access prevention measures such as locking devices.

– Access to storage rooms and computer rooms is restricted to personnel in charge only.

Article 11 Complaint Services Regarding Personal Information

The Company designates the personal information handling department and the privacy officer as follows to protect customers' personal information and handle complaints related to personal information.

Personal information handling department: Management Headquarters

Phone number: 070-4860-0867

– Personal Information Protection Officer: Park Jeong-hyun, Management Headquarters

– Email: support@cremar.co.kr

You may report any complaints related to personal information protection arising during your use of the Company's services to the Personal Information Protection Officer or the responsible department. The Company will respond promptly and sufficiently to user reports.

If you need to report or consult on other personal information infringements, please contact the following organizations.

1. Personal Information Infringement Report Center (privacykisa.or.kr / 118 without area code)

2 Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

3. Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code, privacy@spo.go.kr)

4 National Police Agency Cyber Bureau (ecm.police.go.kr / 182 without area code)

Article 12 Notice of Changes to the Privacy Policy

This privacy policy was revised on October 4, 2022, and if content is added, deleted, or modified due to enactment or revision of laws, changes in government policy, changes in internal Company policies, or changes in security technology, we will announce the reason for the change and the details on the Company website.

Effective date: January 1, 2023