Private information handling policy
Cosmax Corporation ("the Company") discloses the following privacy policy statement

The Company complies with related laws of the personal information protection regulations such as the Personal Information Protection Act, the Promotion of Information and Communication Network Utilization and Information Protection Act (herein referred to as “Information and Communication Network Act”). In accordance with the Personal Information Protection Law, we are committed to protect rights and interests of Company’s customers, employees, users of the website, etc, by delivering such privacy policy statement. In accordance with the Information and Communications Network Act, Company now discloses privacy policy statement to inform how the personal information provided by the information subject is being processed, and what measures are having taken to protect those information.

Company discloses privacy policy statement on the first show up screen of its website (www.cosmax.com) so that it can be easily found and discovered at any time. In case of the privacy policy statement being revised, there will be an announcement on the website (or by sending out individual notice) to remind of the change.
Article 1 (Definitions)

Definitions of terms used in our privacy policy statement are as follows

- "Personal information" means information about a living individual, including information that can be used to identify that individual’s name, personal identification number, and image (In case individual cannot be recognized with those information, it includes information that can be recognized by easily combining with other information).
- An "information subject" is a person who can be recognized by processing the information and become the subject of that information.
- "Processing of personal information" means collecting, creating, recording, storing, holding, processing, editing, searching, outputting, correcting, restoring, using, providing, disclosing, destroying or otherwise similar means of treating personal information. That is, all acts that constitute management of personal information.

Article 2 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes only

1. Customer related

- Service analysis: Provide better service to users through service utilization analysis and improve the quality level of the website (service analysis and service level enhancement), etc
- Handling complaints: verify complaints; contact and notify users for factual inquiries, and notify the result of processing those complaints.

2. Recruitment

- Recruitment selection / decision: identity verification and real name confirmation, recruitment process and contact information of the applicants, National Meriton Act, Employment Promotion Act for the Disabled and other references to recruitment-related matters. (Veteran status, Disability related information, etc).
- Length of time personal information can be stored / termination of employment: Provide benefits (including related taxes) and welfare benefits, support for various tasks, personnel management (including education and training), and issue of employment certificate.

Article 3 (Processing personal information and length of time that information can be stored)

In principle, when the purpose of collection and use of personal information is achieved, company will destroy that information without delay. However, information listed under the table will be retained for the stated period for the specified purposes stated below, and if necessary, with the consent of the information subject.

1. General information
Purpose Category Information contents Period of use
Customer inquiry Required information Inquiry 3 years
Name
Contact information
E-mail address
Password
Inquiry contents
Optional Information Information attached which are not listed above.
Business discussions Required information Name (person in charge of Development) 3 years
Contact information (person in charge of Development)
E-mail address (person in charge of Development)
Password (person in charge of Development)
Optional Information Company Name(Company)
Company registration Number(Company)
Annual Sales(Company)
Address(Company)
Launching Items
Launching Quantities
Launching Schedules
Launching Countries
Distribution Price/Ticket Prices
Request for development
Special note
Other contents
Service analysis and Improve service levels Automatic collection Service history, access logs, cookies, access IP information 3 years
2. Recruitment process and decision

- Information to hold: Name (Korean / Chinese / English), photo, password, home phone number, home address, mobile phone number, e-mail address, education background, military service (term of service, qualifications), language ability, computer skills, licenses, family relationship, veteran status, career experience, social experience, award, overseas experience, research experience, and disability status.
- Period of use: electronic data for non-recruited applicants are kept for 5 years with consent count from the end date of recruitment procedure (for the purpose of managing the future applicants who have already registered under the recruitment site “Talent Data Base”) and section 3 below applies to the recruited applicants.

3. Period of use / termination of employment

- Information to be hold: position appointment, career experiences, disciplinary action, training history, warranty insurance, personnel management, information related to compensation such as salary and incentive pay, information related to personnel evaluation and including the list in the Section 2 above.
- Use of period: until the purpose of use is achieved with consent.

Article 4 (rights and duties of the information subject and legal representative)
1. The information subject (or its legal representative) may exercise the following rights

a. Request to disclose personal information
b. Request to correct/delete personal information
c. Request to stop processing personal information

2. Procedure for such rights and duties.

- The right to exercise above rights can be submitted to the relevant department in writing, e-mail, fax, etc. in accordance with the Form 8 of the Enforcement Regulations of the Personal Information Protection Act. Company shall comply accordingly within 10 days unless there is a justifiable reason for not doing so. In case of refusal or restriction, Company will inform the user within 5 days about the reasons for refusal and restriction and it will guide user how to raise objection. If the information subject has requested for correction or deletion of the personal information, Company will not use or provide that personal information until the correction or deletion is completed and processed.
- Information subject’s request to stop access and processing personal information may be subject to restriction under Article 35(5) and Article 37(2) of the Personal Information Protection Act. Part of the personal information cannot be corrected or deleted upon request if it is specifically stated in other legal statute to be disclosed. Company confirms as to whether the person who made the request to disclose, correct, delete, or to stop processing personal information is the person himself or herself or his/her legal representative.

Article 5 (list of personal information to be processed)
The personal information processing and use of period of this privacy policy statement will be subject to the usage items stated in this privacy policy statement.
Article 6 (Matters concerning the destruction of personal information)
Electronically stored information is deleted by using technical method which it cannot reproduce the information once it is deleted. Personal information in a written form is destroyed by paper shredder or by incineration.
Article 7 (Matters concerning modification of the terms in the privacy policy statement)
If company wants to add, delete or modify the contents of the current privacy policy statement, Company will make notification through 'Announcement' on its website at least 10 days before the modification take place.
Article 8 (Matters regarding measures to ensure the safety of personal Information)
1. Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered or damaged.
2. Technical measures

Company complies with the standards set by laws and regulations for the safe storage and transmission of personal information. The company uses vaccine programs to prevent harms from the computer viruses. Vaccine programs are updated periodically, and if the virus suddenly emerges company provides those vaccine as soon as it is available to prevent personal information from being leaked. In order to prevent external intrusion such as hacking, company uses the security systems such as intrusion prevention system and conduct vulnerability analysis system for each server to ensure security.

3. Administrative measures

The Company limits access right to personal information to anyone who conducts sales and marketing activities, who are responsible for personal information management task, and other persons who are inevitably required to handle personal information for other purposes. Company conducts periodic in-house training and outsourcing training about personal information protection for the employees who are responsible for handling personal information, and thoroughly manage and supervise compliance with laws and regulations relating to the personal information protection.

4. Physical measures

In order to secure the personal information and personal information processing system, company takes protective measures such as using locking devices to prevent physical access. The computer room and the data storage room are set as special protection zones for access limit.

Article 9 (Matters on the installation and operation of automatic collection of personal information and user’s option to reject)

The company operates 'cookies' which it stores and finds information of users from time to time. ‘Cookies’ is in a form of very small text file that is being sent to users’ browser from the server of which it is used to run company's website, and it is being stored in the users’ computer hard disk.

1. Purpose for using Cookies

Analyze user's access frequency and visit time, identify user's preference and areas of interest, target marketing through number of visit and traceability.

2. How to decline cookie settings

Users have the option of installing cookies. Users can allow all cookies by choosing their options in the web browser, users can block all cookies or they can set it as having option to allow or block whenever cookies is to be saved in users’ web browser. However, if the user refuses to install cookies, there may be difficulties in providing services available to the users in the website.

Article 10 (Regarding information about staff responsible for handling personal information protection)

Company has designated person in charge and relevant department to manage and solve complaints related to the personal information protection.

1. Department in charge of Personal Information Protection

- Department: Support Team
- Phone: 031-359-0300
- Fax number: 031-359-5559
- Email Address: HR@cosmax.com
- Business hours: (Monday to Friday) 09:00 to 18:00, Closed on Saturdays and Sundays
- If user would like to report or consult other infringement issue about personal information, please contact the following organizations.
- Korea Internet Promotion Agency (http://privacy.kisa.or.kr Phone: 118)
- Ministry of Government Administration and Home Affairs (http://www.privacy.go.kr Phone: 02-2100-1737)

2. Staff in charge of handling personal information protection

- Name : Joel
- Phone : 031-789-3085
- Fax number : 031-789-3499
- Email Address : joar@cosmax.com