In accordance with Article 30 of the 「Personal Information Protection Act」to protect private information of the data subject, and to handle relevant grievances in a prompt and efficient manner, Mobile Internet Business Association (hereinafter “MOIBA”) establishes and discloses its Privacy Policy as follows.

Paragraph 1. Purpose and Period of Processing and Retaining Personal Information

① For the details such as the purpose, items, and period of retaining personal information files that “MOIBA” processes and retains, please click on each item below.

1. List of Website Membership

Purpose of Processing	For self-authentication; maintenance and management of membership qualification; prevention of unlawful use of service; notifying and handling grievances due to the provision of membership service.
Evidence of Retainment	Consent of Data Subject
Items of Personal Information	[Professional Members] Required: name, e-mail, mobile phone number, company name, department/position, office phone number [Corporate Members] Required: company name, business registration number, representative, address, main phone number, name, mobile phone number, e-mail, department and position, office phone number Optional: fax number
Period of Retainment	Semi-permanent storage

2.List of Consulting and Online Applications

Purpose of Processing	Requests for processing personal information, management of online application, etc.
Evidence of Retainment	Consent of Data Subject
Items of Personal Information	[Damage Reports for Business in China & Consulting for Entering into Overseas Market] Required: company name, name, mobile phone number, e-mail Optional: position, phone number [Application for Event & Market Participation] Required: company name, business registration number, representative, address, main phone number, name, mobile phone number, e-mail, department and position, office phone number Optional: fax number
Period of Retainment	Semi-permanent storage

② MOIBA processes and retains personal information files only for the operational purposes published on “Personal Data Protection Laws in Korea”(www.privacy.go.kr), and does not use the files for any other purposes. When and if changes occur in the operational purposes, MOIBA takes necessary measures such as asking for additional consent according to Article 18 of the 「Personal Information Protection Act」.

③ Cookies that save and fetch the User’s data can be automatically created and collected while using internet services.

1. Purpose of Using Cookies

   - To provide optimized service by identifying the user’s site visit history, use pattern, size, etc.

2. Denial of Cookie Auto-Collection – User can make choices on the collection of cookies and simply deny by setting web browser options.

   - Cookie Collection Settings

   • 1). Go to [Tools] menu and select [Internet Option].
   • 2). Click on [Privacy Tab].
   • 3). Set the [Level of Privacy].

Paragraph 2. Provision of Personal Information to a Third Party (when and if applicable)

① MOIBA does not provide the personal information it collected and/or retained to a third party without the consent of the data subject. However, in inevitable cases as stipulated in Paragraph 1 of Article 17 and Paragraph 2 of Article 18, MOIBA may provide private information to a third party without the consent of the data subject.

Paragraph 3. Consignment of Personal Information Processors (when and if applicable)

① For efficient processing of personal information, MOIBA consigns private information processing matters to another party as follows.

Responsible Department	Overseas Business Promotion Team
Consignee	UTSOFT Co., Ltd.
Scope of Consigned Work	Information computer processing, maintenance, website operation
Period of Retention and Use	Until termination of consignment contract

② When signing the consignment contract, MOIBA clearly stated, in written form, the prohibition of processing personal information for purposes other than implementing the consigned work, measures of technical and/or managerial protection, limitations on re-consignment, management and/or supervision of the consignee, and compensation for damages. MOIBA is supervising whether the consignee is safely processing personal information.

③ When and if changes occur in the details of the consigned work or the consignee, MOIBA will disclose the details via this Privacy Policy with no delay.

Paragraph 4. Rights and Obligation of Data Subjects and How to Exercise the Rights

① Data subjects, at all times, can exercise the privacy protection rights listed in the sub-paragraphs below.

1. Requests for Access to Personal Information
2. Requests for Corrections in Cases of Wrong Information
3. Requests for Deletion
4. Requests for Suspension of Processing

② One can exercise his/her rights stipulated in Paragraph 1 to MOIBA via written form, phone call, e-mail, or fax, and MOIBA will take action with no delay.

[Form no. 8, Personal Information Protection Act Enforcement Rule] Personal Information Access Request Form

③ When and if the data subject requests for corrections or to delete wrong personal information, MOIBA does not use or provide the personal information of concern until the correction or deletion has been completed.

④ The rights stipulated in Paragraph 1 may be exercised via a legal representative or a delegated person of the data subject. In this case, one must submit a letter of attorney using form no. 11 of the Personal Information Protection Act Enforcement Rule.

[Form no. 11, Personal Information Protection Act Enforcement Rule] Letter of Attorney

⑤ Data subjects shall not violate relevant legislations such as the 「Personal Information Protection Act」 and infringe personal information and/or privacy of oneself and/or others of which MOIBA processes.

Paragraph 5. Destruction of Personal Information

① When MOIBA no longer needs certain personal information due to the termination of personal information retention period and/or achievement of processing purposes, MOIBA shall destruct the information of concern with no delay.

② When and if MOIBA needs to continue its storage of personal information even after its retention period and/or achieving the processing purposes consented by the data subject due to other legislations, the relevant personal information (or the personal information file) should be moved to a separate database or should be stored in another location.

③ The procedure and method of destructing private information is as follows.

1. Destruction Procedure
   Information entered by the data subject shall be moved to a separate database (if printed on paper, in a different document) and shall be destructed immediately after being saved for a certain period according to internal policies and/or other relevant legislation. The private information which is moved to another database shall not be used for purposes other than according to legislation.
2. Destruction Term
   The personal information of the data subject shall be destructed within five(5) days since the termination of the retention period if the retention period of the information has been terminated. In cases where MOIBA no longer needs the personal information due to achievement of processing purposes of the information, abolition of the service, or termination of business, the personal information shall be destructed within five(5) days since the acknowledgement of no longer needing the information.
3. Destruction Method
   All printouts with personal information shall be shredded or incinerated. Personal information saved as an electronic file format shall use technical methods to disable records from being reproduced.

Paragraph 6. Ensuring the Safety of Personal Information

① To secure the safety of personal information, MOIBA takes the following measures.

1. 1. Minimizing the number of staff who handle personal information. : MOIBA implements measures to manage personal information by assigning an officer and minimizing and limiting the number of staff who handles personal information.
2. Conducting regular internal audits. : MOIBA conducts regular(twice a year) internal audits to secure safety in terms of handling personal information.
3. Establishing and implementing internal management plans. : MOIBA establishes and implements internal management plans to safely process personal information.
4. Encrypting personal information. : Only the data subject of the personal information knows the personal information and passwords since the information is saved and managed as encrypted data. For significant data, MOIBA uses additional security functions such as file lock function or encryption for the relevant files and data to be transmitted.
5. Taking technical measures in case of hacks, etc. : To prevent leaks and damages of personal information caused by hacks and/or computer viruses, MOIBA has installed security programs, conducts regular updates and/or inspects the programs. MOIBA also technically/physically observes and/or blocks any hacking and/or computer viruses by installing systems in areas subject to access control from the outside.
6. Controlling access to personal information. : MOIBA is taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information. MOIBA also uses intrusion prevention systems to control illegal access.
7. Using locking devices for document security. : Documents and supplementary storage devices including personal information are stored in a safe location with locking devices.
8. Controlling access of unauthorized persons. : MOIBA has a separate physical storage location where personal information is stored, and establishes and operates access control procedures.

Paragraph 7. Remedial Procedures for Violation of Rights and Interests

Data subjects can make inquiries on damage remedies and consulting regarding personal information breaches to the following institutions.

(The institutions below are distinct institutions from MOIBA. If you are not satisfied with MOIBA’s internal handling of complaints or the results of damage remedies, or need further assistance, please contact the following institutions.)

▶ Personal Information Dispute Mediation Committee: 1388-6972 (www.kopico.go.kr)

▶ Personal Information Breach Report Center: 118 (privacy.kisa.or.kr)

▶ Cyber Investigation Division, Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)

▶ National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

Paragraph 8. Privacy Officers

① To generalize duties related to the processing of personal information, take responsibility, and handle complaints and remedy damages of the data subject regarding personal information processing, MOIBA assigns privacy officers and persons in charge as follows.

Category	Affiliation	Name	Contact Information
Privacy Officer
Personal Information Protection Website Manager
Personal Information Protection Website Manager

② Data subjects may contact the privacy officer and/or the relevant department regarding all inquiries related to personal information protection, complaints handling, damage remedy, etc. whist using the services (or businesses) of MOIBA. MOIBA will reply to and process all inquiries made by the data subject with no delay.

Paragraph 9. Changes in Privacy Policies

① This privacy policy has been announced on February 5, 2018. The policy is a notice on the department responsible for private information protection services, the responsible department, phone number, personal information handlers, and privacy officers by field. The policy is a notice on the responsible department for personal information processing consignments, consignee, details of consigned work, period for retention and use of personal information. The policy is a notice on the purpose and period of retaining personal information, evidence of retaining such information, personal information, and period of retaining the information.