SK keyfoundry Inc. (hereinafter referred to as “the Company”) protects users’ personal information and rights in compliance with data protection laws and regulations, and strives to help users address issues related to personal information in accordance with the following principles.

The Company processes personal information for the following purposes. Personal information processed shall not be used for any purpose other than the following purposes. If the purpose of use is changed, necessary measures will be taken such as obtaining separate consent, etc. in accordance with Article 18 of Personal Information Protection Act.

The Company processes the collected personal information to provide responses to users’ questions and secure smooth communication channels between users and the Company.

①The Company processes and retains personal information in accordance with the laws and regulations or within the period consented by data subjects at the time of collection of such personal information. ②The Company retains certain information that are required to be retained for a certain period of time, for the following reasons.

①The Company shall process personal information of users to the extent specified in Article 2 Periods for Processing and Retention of Personal Information, and shall provide personal information to a third party only when a case constitutes Article 17 and 18 of Personal Information Protection Act, such as the consent of users or a case permitted by applicable laws. 1.[Ethical Management Reporting] may provide personal information to a third party as follows.

①The Company may delegate processing of personal information to a third party service provider for smooth processing of personal information as shown below.

②With respect to Ethical Management Reporting, when an outsourcing contract is concluded, responsibilities including prevention of personal information processing for other purposes than the outsourced purpose, technical and managerial safeguards of personal information, limitation to re-outsourcing, management and supervision of outsourcing provider, compensation for damage, etc. are specified in the document, including the contract, in accordance with Article 26 of the Personal Information Protection Act. And the outsourcing provider is under supervision to see whether personal information is processed safely or not. ③Any change in the outsourced work or an outsourcing provider will be disclosed in accordance with the Privacy Policy without delay. 3.Other matters prescribed by Presidential Decree to ensure safe management of personal information

①Users may exercise their rights regarding protection of personal information at any with respect to the Company’s Website 1)Request access to personal information 2)Request correction 3)Request deletion 4)Request suspension of processing ②The rights in Paragraph 1 may be exercised towards the Company through a paper, e-mail, fax or others, pursuant to Article 41, Paragraph 1 of the applicable laws, and the Company will take actions without any delay. ③The rights in the Paragraph 1 may be exercised by an agent, such as a delegated person by users, etc. In this case, a Power of Attorney for the agent shall be submitted in compliance with the No. 11 format in the accompanying paper of the Enforcement Regulation of the Personal Information Protection. ④Regarding the request for access to personal information and suspension of processing of personal information, the rights of users may be limited by Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection. ⑤With respect to the request for correction and deletion of personal information, if the information is specified as a subject to be collected in the other laws and regulations, users may not request deletion. ⑥When a request for access, correction, deletion, or suspension of processing of personal information is based on the rights of users, the Company will check and confirm whether the person is a user or his/ her legitimate agent.

①Even if a user doesn’t sign up as a member of this Website, the user can use most services on this Website, including information inquiries and search function, etc. ②However, the Company collects the following personal information in the course of using below service. 1.When using a “Ethical Management Reporting Channel”, the Company selectively collects name and E-mail of users.

①The Company will destroy personal information without delay at the expiration of the retention period, the achievement of the purpose of processing or other cases where such personal information becomes unnecessary. ②If personal information is required to be retained pursuant to other laws even after the retention period consented by data subject is expired or the processing purpose is achieved, the Company will transfer such personal information to a separate database (DB) or retain at a different place. ③The procedures and methods for destruction of personal information will be as follows; 1.Destruction procedures : the Company will select personal information which has a cause for destruction, and destroy such personal information with approval of the Chief Privacy Officer of the Company. 2.Destruction methods : Regarding personal information stored in electronic form, the Company will destroy it by keeping the data from being recovered. And the Company will destroy personal information on paper by shredding it using paper shredders or incinerating it.

①The Company takes the following measures to secure safety of personal information. 1.Managerial measures : establishing and implementing internal management policies, providing educations for members regularly, etc. 2.Technical measures : managing the granted access right to website, installing security programs, encryption of personal information, etc. 3.Physical measures : controlling access to server rooms, document archives, etc.

The Company does not use a “cookie”, which saves information of users and retrieves it at any time.

The Company has designated a Chief Privacy Officer for general management of the processing of personal information, and for the handling of complaints by data subjects, and providing relief for damages with respect to the processing of personal information as below.

Name : Lee Soon-bum
Position : VP, Head of Corporate Culture
Contact Information : (Tel) 043-718-3032, (E-mail) boan@skkeyfoundry.com, (Fax) 043-718-2260
※ It will be connected to the Personal Information Protection Department.

Name of Department : IT and Security Part
Responsible Person : Goo Gun-woo (Part Leader)
Contact Information : (Tel) 043-718-3802, (E-mail) gunwoo.goo@skkeyfoundry.com, (Fax) 043-718-2260

Users can contact and ask any inquiries to the Chief Privacy Officer or the Personal Information Protection Department with respect to all privacy-related questions, complaints, recovery of damages that are related to the use of the Company’s services on the Company Website. The Company will endeavor to provide responses to the data subject’s inquiries without undue delay.

Users can make a request of access to their personal information to the following department in accordance with Article 35 of the Personal Information Protection Act. The Company will make best efforts to promptly handle data subjects’ access request.

Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency to seek remedy for their privacy infringement. In addition, users may contact or file an infringement report to the following institutions:
1. Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Reporting Center : 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office : 1301 (www.spo.go.kr)
4. National Police Agency : 182 (cyberbureau.police.go.kr)

With respect to the request made under the Article 35 of the PIPA (Right to Access), Article 36 (Right to Correct and Delete) or Article 37 (Right to Request Suspension of Processing), anyone whose rights or interests is infringed by any action or negligence of an administrative entity, has the right to request an administrative adjudication as set forth under the Administrative Adjudication Act.
※ For the details of administrative adjudication, see the webpage of Central Administrative Appeals Commission (www.simpan.go.kr).

This Privacy Policy shall be effective from January 1, 2024.