1. Purpose of collection and use of personal information

The Company collects personal information to provide a variety of convenient internet services to its customers.

• 1. For customer inquiries (idea proposal)

  • - Name, phone number, e-mail

• 2. For customer feedback (complaints)

  • - Required: Name, phone number, e-mail

  • - Optional: Address

• 3. For reporting violations

  • - Required: Name, phone number, e-mail

  • - Optional: Affiliation, department, position, address

• 4. For applications to Dr. Xylitol Bus

  • - Name, address, phone number

2. Purpose of collection and use of personal information

The Company collects personal information in the following ways :

- Voluntary information provided by the user through Dr. Xylitol Bus applications, written forms, phone conversations, faxes, and consultation boards

3. Period of retention and use of personal information

In principle, personal information shall be destroyed without delay upon achieving the purpose of collection or provision of personal information or expiration of the retention period. However, if necessary by the relevant laws, it will be retained for a certain period of time, in which case the Company will only use the retained information for the specific purpose.

• - Records for providing customer consultations and services, such as inquiries (idea proposals, reporting violations)

  • ㆍ Reasons for retention: answering inquiries, managing feedback for products and other comments

  • ㆍ Retention period: 1 year

• - Records of consumer complaints or dispute processing

  • ㆍ Reasons for retention: Act on the Consumer Protection in Electronic Commerce

  • ㆍ Retention period: 3 years

• - Records of Dr. Xylitol Bus applications

  • ㆍ Reasons for retention: Verification, statistics, and management of Dr. Xylitol Bus applicants

  • ㆍ Retention period: 1 year

4. Disposal of Personal information

Customers' personal information is destroyed without delay upon achieving the purpose of processing or expiration of the retention period. Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in an electronic file format is permanently deleted in a way that cannot be restored. Here, "a way cannot be restored" refers to a method that costs an adequate amount at the current level of technology. If the processing of such personal information is entrusted to a third party, the consignee will no longer process respective personal information.

Here, "a way cannot be restored" refers to a method that costs an adequate amount at the current level of technology.

If the processing of such personal information is entrusted to a third party, the consignee will no longer process respective personal information.

5. Provision of personal information to third parties

The Company uses customers' personal information within the scope notified in the "Purpose of collection and use of personal information" and does not use it beyond the said scope without the customers' prior consent or provide their personal information to any third party. However, the following cases are exceptions.

• 1. If the customer has agreed to disclosure or provision to a third party;
• 2. If there is a request from the investigative and supervisory authorities in accordance with the relevant laws and regulations for the purpose of investigation and survey, following the procedures and methods set forth in the law;
• 3. If they are provided to partners, etc. for compiling statistics, academic research, or market research in a form that specific individuals cannot be identified;

6. Consignment of processing personal information

The Company entrusts the processing of personal information to a third party for customer convenience. We consign the following tasks regarding the processing (handling) of personal information and take the necessary measures to ensure that personal information is managed safely during the consignment agreement in accordance with the relevant laws and regulations. The cosigned information is limited to the minimum necessary to provide seamless services. The consignee and the purpose of consignment for customers' personal information are as follows:

7. Rights and obligations of information subjects and legal representatives and their exercise

A. Customers may always view, correct, or delete their personal information, and if they request it by e-mail or in writing to the Company's personal information management officer, the Company shall view, correct, or delete it after confirming the customer's identity. If corrections or deletions are prohibited or restricted under other laws, the request may not be processed. In addition, if customers request the correction of errors in their personal information, we will not use or provide such personal information until the correction is completed unless we are requested to do it in accordance with other laws. If we have already provided incorrect personal information, we will notify the third party of the correction results and complete the process.

B. Customers may request the Company to stop processing their personal information at any time. However, in the following cases, the request for processing suspension may be declined.

• - If there is a special provision in the law or it is inevitable to comply with statutory obligations;
• - If there is a risk of harming the life or body of another person, or if there is a risk of unjustly infringing the property and other interests of another person;
• - If the contract concluded with the information subject cannot be fulfilled, including the provision of services, unless the personal information is processed, because the information subject did not clearly indicate his/her intention to terminate the contract

C. Legal representatives may withdraw the consent to the collection, use, or provision of personal information of children under 14 years of age and also may request the viewing or correction of errors in the personal information the children submitted.

8. Installation, operation, and rejection of automatic data collection tools

A. Purpose of use of cookies The Company uses cookies to store and import information about customers from time to time. Cookies are small amounts of information that the website server sends to the customer's browser and are stored on the hard disk of the customer's computer.

B. Installation, operation, and rejection of cookies

• - Customers have the choice to install cookies. They can adjust options in their web browser to allow or reject all cookies or to choose to verify cookies each time they are saved.
• - How to manage cookie settings in Chrome
  • ① At the top right, click More. Select Settings.
  • ② Under "Privacy and security," click "Cookies and other site data."
  • ③ Select your desired cookie settings.
• - How to manage cookie settings in Safari
  • ① Select [Safari] →[Preferences] from the menu bar on the top left of Mac OS.
  • ② In the [Preferences] window, go to [Security] and select your desired cookie settings.

9. Measures to ensure the safety of personal information

In processing customers' personal information, the Company takes the following technical, administrative, and physical safeguards to ensure that customers' personal information is not lost, stolen, leaked, tampered with, or damaged.

A. Encryption of personal information Customers' passwords are stored and managed by one-way encryption, and confirmation and change of personal information can only be made by the person who knows the password. Our rules for creating passwords prohibit customers from using numbers that are easy for others to guess, such as the customer's birthday, phone number, etc.

B. Countermeasures against hacking

• To prevent the breach of customers' personal information through hacking and other means of attack, the Company operates a 24-hour security system protecting the Company's information and communication network. Sensitive data is safely transmitted on the network through encrypted communication.

C. Minimization and training of personal information handlers The Company recognizes the importance of protecting personal information through administrative measures such as restricting the number of personal information handlers to a minimum and their training.

D. Physical surveillance and restriction The Company's computing offices and data storage rooms that store personal information are restricted from outside access. Access to these spaces is physically monitored and restricted.

10. Data Protection Officer

The Company is committed to ensuring safe services for our customers. Customers may report any complaints about personal information protection during their use of the Company's services to the data protection officer, and the Company will respond quickly and in good faith to the customer's reports.

If you need to report or consult other privacy violations, please contact the following agencies.

• - Personal Information Infringement Report Center(http://privacy.kisa.or.kr / 118 without area code)
• - Personal Information Dispute Mediation Committee(http://www.kopico.go.kr / 1833-6972)
• - Cyber Investigation Department of the Supreme Prosecutor's Office(http://www.spo.go.kr / 1301 without national number)
• - Cyber Investigation Bureau of the National Police Agency(http://ecrm.cyber.go.kr / 182 without national number)

11. Duty of Disclosure

In case of an addition, deletion, or modification of the contents of the current Privacy Policy, the Company shall notify customers through the "Notice (News)" page on the website at least 7 days before the revision.

• - Date of implementation of the Privacy Policy : September 11, 2015
• - Last revision date of Privacy Policy : february 27, 2027 (v. 2.7)
• - View previous Privacy Policy : April 28, 2023 (v. 2.6)