CTK Co., Ltd (“Company”) regards personal information of the user (client or member, hereinafter collectively referred to as “Member”) to be important and makes every effort to protect the personal information of the Member. In compliance with Article 30 of the Personal Information Protection Act of Korea, the Company has established and implemented this privacy policy (“Policy”) as stated herein. This Policy is a basic guideline established to protect personal information and may be modified from time to time following the internal policy of the Company. In such case, the modified version may be posted on the Company’s Website (www.ctkclip.com).

1. Personal Information Items to be Collected

The Company collects following information related to an individual (“Personal Information”) in providing the Company’s goods and services.

1.1. Registration on the Website and Management

(1) Required Items: name, email address (ID), password, country, language, company or brand name, business type.

(2) Optional Items: contact number, homepage address, how to find the Website.

1.2. The Provisions of Goods or Services

(1) Required Items: address, name, company or brand name, contact number, email address, business registration number, payment information (For payment by remittance: name of bank, account holder’s name, remitter’s name / For payment by credit card: payment information including card company name, card number or etc.)

2. The Purpose of Processing Personal Information

The Company processes only the minimum extent of the Personal Information required for the following purposes. Except for the following cases, the Company will not use the Personal Information for other purposes. The Company will obtain consent from the Member if there is any change in the purpose of use.

2.1. Performance of contract in regard to provision of services

(1) Fee settlement

(2) Providing goods, purchase, and payment

(3) Delivery of goods or delivery of bill

(4) Individual identification for financial transactions

2.2. Membership management

(1) Identification by service use

(2) Provision of age-restricted services

(3) Customer service such as handling consumer complaint

(4) Securing communication channels such as delivering notifications

(5) Resetting lost or forgotten password

(6) Records for dispute resolution

(7) Prevention of illegal or unauthorized use of a bad member

(8) Verification of duplicated registration

2.3. New services and use of marketing

(1) Notifications of new services and events

(2) Provision of customized services

(3) Preparation of analysis data according to demographic characteristics, provision of services, and posting advertisement

3. Processing Personal Information and Retention Period

3.1. In principle, the Company destructs Personal Information of the Member without delay when the purposes of its collection and use have been achieved; provided that, the following information may be retained for a specified period for the reasons stated as follows:

(1) Retained Items: ID and password, name, date of birth, address, contact number, phone number, SMS receipt status, email address, newsletter receipt status, login date, PC specifications, records on use of services, a legally official representative, PC IP

(2) Retain basis: For the purposes of handling with consumer complaint and dispute resolution when the Member withdraws from the Website: 90 days

(3) Records on the Website visit: 3 years

(4) In case of obtaining consent by the Member, then until the consented date: 30 days after the withdrawal upon the consent of the Member

(5) Website Membership Sign-up and Management: Until the date of withdrawal

3.2. In one of the following cases, the Company may retain the Personal Information until the date when retain basis is completed:

(1) If an investigation is in progress due to a violation of the relevant laws and regulations, then until the relevant investigation is completed.

(2) If the bond/debt remains in relation to use of the Website, then until the settlement of the relevant bond/debt relationship is resolved.

(3) Provision of goods or services: Until the supply of goods and services is completed, and the payment and settlement of the fee is completed.

(4) Records on fair labeling and advertising: 6 months

(5) Telecommunication date and time, start/end time, membership number, frequency of use, tracking data of location: 1year

(6) Computer communications, Internet log record data, access destination tracking data: 3 months

3.3. After the purposes of collection are achieved, the Member’s Personal Information may be retained for a certain period of time as stated below if it is necessary to preserve it in compliance with the laws such as the Consumer Protection Act, the Personal Information Protection Act, the Commercial Act, and the Framework Act on National Taxes.

4. Entrusting Processing Work of Personal Information

The Company does not entrust any work in relation to processing Personal Information to the entrusted company and will regulate required matters in accordance with relevant laws and regulations if the Company enters an entrustment contact with them in order to safely manage the Personal Information.

5. Providing Personal Information to Third Party

5.1. Except for the following cases, the Company generally does not disclose the Personal Information of the Member to a third party:

(1) Upon prior consent by the Member

(2) Need for fee settlement in relation to providing services; or

(3) In compliance with the provisions of relevant laws and regulations, such as the Framework Act on Telecommunications and the Telecommunications Business Act, or in accordance with the procedures and methods prescribed by statutes for the purpose of investigation.

5.2. The Company provides at a minimum extent of the Personal Information to the third party upon approval by the Member as follows:

5.3. The Company may provide the Personal Information to related institutions without the Member’s approval subject in the event of emergency such as a disaster, an infectious disease, and urgent life or physical risk, or an urgent property loss.

6. Matters concerning the Installation, Operation, or Refusal of an Automatic Personal Information Collection Device.

6.1. In order to provide specialized and customized services to the Member, the Company operates a “cookie (access information file)” that stores and finds the Member’s information from time to time.

6.2. The Company identifies the Member’s computer with regard to cookie operation but does not identify the Member personally.

6.3. The Member has an option for cookie installation. So the Member may allow all cookies by checking [Tool] > [Internet Option] > [Security] > [Custom] in the web browser, make each cookie checked whenever it is saved, or refuses all cookies to be saved; Provided however, if the Member rejects to install cookies, it may be restricted from using a part of the services provided by the Company.

7. Matters concerning the Collection, Use, Refusal of Behavioral Information

7.1. In the process of using the service, the Company collects and uses behavioral information to provide customized services, benefits, and online customized advertisements to the Member.

7.2. The Company collects behavioral information as follows.

(1) Items of behavioral information to be collected: the member’s website/application service visit history, search history, purchase history.

(2) Behavioral information collection method: automatically collect when the Member visits/runs the Websites and application.

(3) Purpose of collecting behavioral information: to provide personalized product recommendation services (including advertisements) based on the Member' interests and tendencies.

(4) Period of retention/use and the method of processing information afterwards: destructs 00 days after collection

7.3. The company collects only the minimum behavioral information necessary for online customized advertisements and does not collect sensitive information, such as beliefs, family and relatives, educational/medical history, and other social activities, which may clearly infringe on the individual’s rights or privacy.

7.4. The Company does not collect behavioral information from the children under age 14 or from the online service in which major users are under age 14 for customized advertising purposes. The Company does not provide customized advertisements to the children under the age of 14.

7.5. The Company collects and uses advertisement identifiers for online customized advertisements in mobile applications. The Member can block and allow customized advertisements of the application by changing the settings in the mobile phone.

(1) (Android) Settings → Personal Information Protection → Advertising → Reset Advertising ID or Delete Advertising ID

(2) (iPhone) Settings → Personal Information Protection → Tracking → Turn off the allow button of tracking

※ The menu and method may vary slightly depending on the OS version.

7.6. The Member can block/allow customized online advertisements collectively by changing Cookie settings in their web browser. However, changing cookie settings may impact in using the part of services such as automatic website login.

Block/allow customized advertisements through a web browser.

(1) Internet Explorer (Internet Explorer 11 for Windows 10)

- In Internet Explorer, select the Tools button, and then select Internet Options

- Select the Privacy tab, select Advanced under Settings, and then select Block or Allow Cookies

(2) Microsoft Edge

- Top right '…' on edge…' Click Show, and then click Settings.

- Click 'Personal Information, Search and Services' on the left side of the settings page and select whether or not to 'Prevent Tracking' and the level in the 'Prevent Tracking' section.

- Select whether 'Always use 'Strict' Tracking Protection when searching for InPrivate'.

- In the "Personal Information" section below, select "Send No Tracking Request".

(3) Chrome browser

- In Chrome, click Show '⋮' in the upper right corner (Chrome Customization and Control), and then click Show Settings.

- Click "Show Advanced Settings" at the bottom of the Settings page and click Content Settings in the "Privacy" section.

- In the Cookies section, select the checkbox for Block third-party cookies and site data.

8. Measures to Ensure Stability of Personal Information

The Company takes all managerial, technical, and physical measures to secure safety in accordance with Article 29 of the Personal Information Protection Act.

8.1. Managerial measures: Establish and execute internal management plan, regular education of employees, establish and execute of the Company’s regulations or manual on the Personal Information protection.

8.2. Technical measures: Managing access rights to the Personal Information processing systems, installation of access control of Personal Information process system, installation of encryption of unique identification information, installation of security programs, etc.

8.3. Physical measures: Control of access to computer rooms or to data storage rooms, etc. Only a registered server administrator is allowed to access the computer room. General executives and employees are not allowed to access the room.

9. Chief Privacy Officer (CPO)

The Chief Privacy Officer (CPO) and a department responsible for privacy protection and handling complaints are as follows:

9.1. Chief Privacy Officer (CPO)

9.2. Personal Information Protection Department

10. Infringement on Rights and Remedies

10.1. Member’s Personal Information Management on its Own

(1) The Member has a right to withdraw its consent to collect Personal Information by clicking [My Profile > Delete Account] on the Website or in writing, or by phone call or email to the Chief Privacy Officer. In such case, the Company makes sure of the Member’s identity and then takes measures to destruct the Personal Information unless the relevant laws are regulated differently; however, if Personal Information is destructed due to the withdrawal, any relevant information generated and accumulated while using the services on the Website may be destroyed all together.

(2) The Member has a right to access or correct Personal Information of its own by clicking an account information tab on the Website and the Company thereafter takes necessary measures.

(3) The Company may verify whether the Member’s representative and require presenting a certificate indicating relationship between the two if the representative requests to access or correct the information.

(4) If there is a legitimate reason to refuse to allow accessing or correcting all or part of the Personal Information of the Member, the Company must notify the Member without delay and explain the reason.

(5) Modification of required items provided by the Member at the time of signing up for membership, such as name, date of birth, email address, may cause errors in the Company’s services so in relation to such modification, the Company may request a separate procedure to the Member in order to provide a smooth and stable services.

10.2. The Member may inquire to the following institutions for damage relief and counseling for the Personal Information infringement.

(1) Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)

(2) Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

(3) Prosecution Service: 1301 (www.spo.go.kr)

(4) National Police Agency: 182 (ecrm.cyber.go.kr)

11. Processing Personal Information of Children Under Age 14

11.1. The Company provides B2B services and does not take membership applications from the children under age 14 due to the Personal Information Protection Act and contract issues.

11.2. Anyone who desires to register on the Website must provide a legal date of birth and check the field of “age 14 or over.” The Company shall not be legally responsible for any liabilities caused by incorrect or false information provided by the Member.

12. Procedure and Method of Destruction of Personal Information

12.1. The Company destructs the Personal Information of the Member immediately after the purpose of use is achieved or the Member requests to terminate the services; however, the information may be retained if the relevant laws and regulations require.

12.2. In accordance with the “Personal Information Validity System”, the Company converts the Member’s account which has not used for one (1) year to dormant account and its Personal Information is separately stored. The Company notifies the Member who is scheduled to be converted to a dormant account about a fact of separately stored information, planned date of implementation, and items by email, SMS, or any other means possible to notify the Member thirty (30) days before the conversion takes effect. However, if the stated means of notification are absent or incorrect, it will be replaced by this Policy, and it can be destructed when logging in or later notified as the information is separately stored. Separately stored information is destroyed without delay after four (4) years of storage.

12.3. If the Member does not want to switch its account to a dormant account, then the Member has to log in to the Website before such conversion. In addition, even if the account has been changed to a dormant account, then the Member may restore the account at the time of logging in upon the Member’s consent to use normal services.

12.4. In principle, the Company destroys the Member’s Personal Information in a way that cannot be restored when the retention period is elapsed, or the purpose of use is achieved. Electronic file types are safely deleted using technical methods that cannot be recovered and restored, and the Personal Information printed on paper is destroyed by shredding or incineration.

13. Rights and Obligations of the Member and Authorized Agent, and Methods of Exercise

13.1. The Member may exercise the following rights as a Data Subject; however, in such cases, use of all or a part of services may be restricted.

(1) Request to Cease Providing or Use Beyond the Purposes: If the Personal Information of the Member is provided or used beyond the scope of the agreed purposes, the Member may request for immediate cessation of use.

(2) Withdrawal of Consent in relation to Collection, Use, View, and Provision for Marketing Purposes: After the Member agrees to the marketing purposes, the Member may withdraw (reject marketing) or refuse to receive a marketing call. The Company will notify the Member of the results of the action against the withdrawal(reject marketing) or refusal to receive a call within ten (10) days.

(3) Denial of Receiving Commercial Information: The Member may refuse to receive commercial information such as text messages, emails etc.

(4) Right to View/Access and Correction/Deletion: The Member may anytime view and access to the own Personal Information retained by the Company. If there is incorrect information, the member may request for correction or deletion. After receiving the requests by the Member, the Company immediately processed the matters and in case the Personal Information has already been entrusted or provided, the results of the processing will be notified without delay so that the correction or destruction can be made.

(5) Right to Withdrawal from collection, access, use and provision of Personal Information and Personal Credit Information: The Member may withdraw its consent on collecting, viewing, using or providing the Personal Information and Personal Credit Information; however, the Member may not withdraw for the purpose of evaluating an individual’s creditworthiness by providing it to a credit inquiry company or a credit information center, and if the Member withdraws its consent to provide information due to contract maintenance, management, counseling, or other consignment, the Member must clarify that you will not receive the service.

(6) Right to Request Notification of Provision: In case where the Company provides the Member’s Personal Information to a third party, then you may request to be notified of the fact that the information is provided.

13.2. The Member may exercise the rights under paragraph 1 of this Article by writing, email, or facsimile in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act and the Company will take measures without delay.

13.3. Member’s rights under paragraph 1 of this Article may be exercised through the Member’s legal representative or delegates. In this case, you must submit a power of attorney in accordance with Form 11 of the “Notification of the method of processing Personal Information (No. 2020-7)”.

13.4. A request for correction or deletion of the Personal Information is not allowed if the other laws and regulations specify that the information is subject to collection.

13.5. The Company will verify the person who requests to access, correction/deletion, suspension of processing is the person himself or authorized agent.

14. Department which Collects and Handles Requests for Access to the Personal Information

The Member may request to the following department about accessing the Personal Information in accordance with Article 35 of the Personal Information Protection Act:

Department which collects and handles requests for access to the Personal Information

Department : Group IT Strategy Team

Name : Hyungi Park

Contact : +82-2-6283-7200

15. Amendment of the Privacy Policy

15.1. This Privacy Policy will be effective as of 01/31/2023.

16. Duty to Notify

This Policy may be modified from time to time in accordance with the amendment of the regulations or security technology and the Company will notify the Member of such changes and reasons on its website or by means of sending emails before the effective date of the latest version.

17. California Privacy Notice (CCPA)

If you are a resident of California, you have rights given under the relevant laws of the state of California. The Company takes preventive measures as much as it is able to do for protecting the Member’s Personal Information. The residents may have a right to access, correct, delete, opt-out for sale or any other rights; therefore, if you would like to exercise these rights, please contact Company’s contact information as stated hereabove.