Personal information processing policy

AG Optical Co., Ltd. (hereinafter referred to as "Company") In order to protect the personal information of the information subject and to handle complaints quickly and smoothly in accordance with the laws related to personal information protection, we establish and disclose the following personal information processing guidelines.

Article 1 (Purpose of processing personal information, processing items and collection methods, retention period)

① This site allows users to access content freely without a separate membership registration process. However, when using the customer service center, some personal information is collected. The collected personal information will not be used for any other purpose and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

▶ Collection method

1. Customer Service

- Purpose of handling: Customer consultation, complaint handling, notification of results, etc.
- Processing (collection) items: name, email address
- Retention period: when the objectives are achieved

② The company keeps and uses the user's personal information until the purpose of collecting or using personal

information is achieved. However, even if the purpose of collecting or using personal information is achieved, the user's personal information may be retained if it is necessary to preserve it in accordance with the relevant laws and regulations.

Article 2 (Procedures and methods for destroying personal information)

① When personal information becomes unnecessary, such as the elapse of the period of personal information retention and the achievement of the purpose of processing, the company destroys the personal information without delay.

② If the personal information period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored differently.

③ The procedure and method of destroying personal information are as follows.

1. Procedures for Destruction

The company selects personal information that has caused the reason for destruction and destroys the personal information with the approval of the company's personal information protection manager.

2. How to destroy it

The company destroys personal information recorded and stored in the form of an electronic file by using a method such as Low Level Format so that records cannot be reproduced, and destroys personal information recorded and stored in paper documents by crushing or incinerating them with a shredder.

Article 3 (Providing personal information to a third party)

① The company processes the personal information of the information subject only within the scope specified in Article 1, and provides personal information to third parties only if it falls under Article 17 of the Personal Information Protection Act, such as consent of the information subject and special provisions of the law.

② The company provides personal information to third parties as follows.

▶ Customer service

Classification contents Recipient: AG Optics Co.,Ltd Name of information provided, email address Purpose of information provided, reporting of issues and receiving responses on inquiries Retention period: until the purpose is achieved. Article 4 (Outsourcing of Personal Information Processing)

① In order to smoothly process personal information, the Company outsources the following personal information processing tasks:

1. Operation of website system

- Subcontractor: Age Optical Co., Ltd.
- Contents of entrusted tasks: Operation of website system
- Contact information of responsible person: Youngsam Choi, choi.youngsam@agoptics.co.kr

② When the Company enters into an outsourcing contract, it specifies matters related to the prohibition of

processing personal information beyond the purpose of entrusted tasks under Article 26 of the Personal Information Protection Act, technical and administrative safeguards, restrictions on re-outsourcing, management and supervision of the subcontractor, liability for damages, etc. in the contract document, and monitors whether the subcontractor is processing personal information safely..

③ If the contents of the entrusted tasks or the subcontractor are changed, we will promptly disclose such changes through this privacy policy.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and Method of Exercise)

① The information subject or legal representative of a child under the age of 14 may exercise the following personal information protection-related rights against the company at any time.

1. Request for personal information access
2. Request correction if there is an error, etc
3. The right to request deletion of personal information
4. The right to request a suspension of processing of personal information

② The right to access and other requests under paragraph 1 can be made to the following department. The Company will make every effort to ensure that requests for access to personal information by data subjects or their legal representatives are processed promptly.

▶ Department for Receiving and Processing Requests for Access to Personal Information Department name: Operation Team

In charge of: Gyeong hyeyeon E-mail : gyeong.hyeyeon@agoptics.co.kr

③ According to paragraph 1, the right to exercise the rights under this Article may be delegated through a representative such as a person delegated by the information subject. In this case, an authorization form according to Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

④ The data subject must not violate the relevant laws, including the Personal Information Protection Act, and infringe upon the personal information and privacy of oneself or others that the company is processing. Article 6 (Measures to Ensure Security of Personal Information) The Company takes the following measures to ensure the security of personal information

1. Administrative measures: Internal control measures, such as establishing and implementing an internal management plan, and providing regular employee training.
2. Technical measures: Access control of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
3. Physical measures: access control to computer rooms and data storage rooms

Article 7 (Personal Information Protection Manager)

① The Company takes overall responsibility for personal information processing and has designated a personal information protection manager and department in order to handle complaints and remedy related grievances from information subjects in connection with personal information processing..

▶ Personal Information Protection Manager

Nmae: Gyeong hyeyeon E-mail: gyeong.hyeyeon@agoptics.co.kr

※ It is connected to the department in charge of personal information protection.

▶ The department in charge of personal information protection. Department name: Marketing team

② You can contact the company's Personal Information Protection Officer and department in charge for any inquiries, complaints, or damages related to personal information protection that have arisen while using the company's services (or business). The company will respond and handle the inquiries of the information subject promptly.

Article 8 (Remedies for Infringement of Rights)

The data subject may contact the following organizations for remedies, consultations, etc. related to personal information infringement.

The following organizations are separate from the company, and if you are not satisfied with the company's internal personal information complaint handling and damage relief results or need more detailed assistance, please contact them.

▶ operated by Korea Internet & Security Agency
- Related tasks: Report of personal information breach and request for counseling.
- Website: privacy.kisa.or.kr
- Phone: (Dialing without area code) 118

▶ Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Related tasks: Request for personal information dispute resolution, group dispute resolution (civil resolution).
- Website: privacy.kisa.or.kr
- Phone: (Dialing without area code) 118

▶ Supreme Prosecutors' Office Cyber Crime Investigation Department: 02-3480-3571 (www.spo.go.kr)

▶ National Police Agency Cyber Terror Response Center: (Dialing without area code) 182 (www.netan.go.kr)

Article 9 (Installation, Operation, and Rejection of Automatic Collection of Personal Information)
The Company operates cookies to support the use of the website and provide related services. Cookies are small text files sent by the server operating the website to the user's browser, and stored on the user's computer. The information subject may refuse to store cookies, but in this case, the use of the website may be inconvenient or some services may be difficult to use.

▶ How to set up cookies

1. In case of Internet Explorer: Web browser tools > Internet option > Personal information > Setting

2. In case of Chrome: Web browser setting > Advanced settings at the bottom of the screen > Personal information setting > Cookie

Article 10 (Changes to the Privacy Policy)

① This privacy policy applies from March 14, 2023.