PRIVACY POLICY

We at CIRCUS COMPANY Ltd. established and operate these Guidelines to protect the personal information of the subjects of information handled at our AR App and homepage and deal with customers’ complaints more efficiently in accordance with the Personal Information Protection Act, Article 30.

Article 1 (Purpose of Processing Personal Information)

We process personal information for the following purpose. We do not use personal information for purposes other than what is stated in the following. If there are any changes made to these purposes, we will take required steps including obtaining consent, pursuant to Article 18 of the Personal Information Protection Act.

1.Processing personal information for the purpose of recruiting and managing homepage members and checking proceedings for members, identification/certification of members concerning our service, maintenance/managment of members’ qualification, identity verification operated by limited verification of identity, prevention of dishonest use of our service, obtaining legal agent’s consent concerning the processing of personal information of a minor (under the age of 14), issuance of notices, handling complaints, etc.

2.Processing personal information for the purpose of provision of delivery for goods or services, service provisions, dispatch of contract documents or invoices, provision of content, provision of customized services, identity verification, age verification, fee payment, collection of what we are entitled to receive, etc.

3.Processing personal information for the purpose of verification of identity of those lodging their complaints, checking the content of their complaints, communication for fact-finding, notice of the result of handling their

Article 2 (Period for Processing and Keeping Personal Information)

Our processing and keeping of personal information is done within the period stipulated in relevant laws or consented by the subjects of information.

We process and keep personal information during each period stated in the following:

1.Homepage membership subscription and management: Until their membership withdrawal Or until the time stated in the following:

1)Completion of investigation about alleged violation of related laws

2)Completion of debtor-creditor relationship settlement concerning the use of our homepage

2.Provision of goods or services: Until completion of supply/provision and price payment Or until the time stated in the following:

1)Concerning records about transactions such as marking, advertisement, content of contracts signed, and their execution under the Act on the Consumer Protection in the Electronic Commerce, etc.
- Records about marking/advertisement: 6 months
- Records about contract/subscription cancellation, price payment, supply of goods, etc.: 5 years
- Records about disputes or consumers’ complaints: 3 years

2)Keeping of communications-related fact confirmation data stipulated in the Protection of Communications Secrets Act, Article 41
- Date/time of subscribers’ telecommunication start/finish, counterparty subscribers’ numbers, frequency of use, materials used to trace the locations of transmission base stations: 1 year
- Computer communications, Internet log-in records, materials used to trace places of connection: for 3 months

Article 3 (Provision of Personal Information to Third Parties)

We process personal information of the subjects of information only within the extent stated in Article 1 (Purpose of Processing Personal Information) hereof. Our provision of personal information shall be done only with the consent of the information subject and in compliance with the Personal Information Protection Act, Article 17.

Article 4 (Rights and Obligations of the Information Subjects; How to Exercise Them)

The subjects of information may ask us for the following management regarding personal information protection at any time.

1.Access to their personal information kept by us

2.Correction of errors in their personal information kept by us

3.Deletion of their personal information kept by us

4.Stopping the processing their personal information kept by us

The requests stated in the foregoing ① may be made in writing or by phone, email, or fax and we will comply with them without delay.

Where the information subject asks us for the correction of errors in or deletion of their personal information, we will not use or provide it to a third party until the completion of the correction or deletion.

The requests stated in the foregoing ① may be made through the information subject’s agent or trustee. In such a case, a power of attorney shall be submitted to us, using the accompanying form in Schedule 11, Enforcement Decree of the Personal Information Protection Act.

We shall not intrude upon the privacy of the information subjects or others in violation of acts including or relevant to the Personal Information Protection Act.

Article 5 (Processed Personal Information Items)

Personal Information items processed by us include the following:

1.Homepage membership subscription and management
-Required items: name, DOB, ID, password, address, phone number, gender, email, I-PIN number
-Optional items: marital status, interests

2.AR App
-Required items: smartphone device ID
-Optional items: name, phone number, email, address, gender, interests

3.Provision of goods or services
-Required items: name, DOB, ID, password, address, phone number, email, I-PIN number, credit card number,
bank account number, and other payment-related information
-Optional items: interests, past purchase records

4.The following personal information items may be automatically created and collected in the course of customers’
using our Internet-based services.
-IP address, cookies, MAC address, service use records, visit history records, bad site use records

Article 6 (Destruction of Personal Information)

Upon termination of the designated period for keeping personal information or attainment of the purpose of
processing them, we will destroy relevant personal information without delay.

Where we are required to continue to keep personal information under the law notwithstanding what is stated in the foregoing ①, we will move them to a separate database or place of storage with acceptance from the information subject.

We destroy personal information as follows.

1.Destruction procedure
We choose the personal information items to be destructed, obtain the approval of the personal information
manager concerning their destruction, and then destroy the information.

2.Methods used
Personal information recorded or saved in the form of an electronic file is destroyed using an irrecoverable
method like Low Level Format. Personal information kept in the form of a paper document is shredded or incinerated

Article 7 (Securing Safety of Personal Information)

We take the following steps to secure the safety of our held personal information.

1.Administrative steps: establishment/operation of an internal management plan; periodic employee education

2.Technical steps: management of the rights to access the personal information processing system, installation of the
access control system, encoding of unique identification information; installation of security programs

3.Physical steps: control of access to computer rooms and data storage facilities

Article 8 (Matters pertaining to Installation and Operation of Personal Information Automatic Collection Devices and Refusal)

We use cookies to save and retrieve information from time to time to provide customized service to customers.

Cookies are small amounts of information sent by the server (http) used to operate websites to customers’ computer browsers. They are also stored in hard discs of customers’ PCs.

a.Purpose of using cookies: Cookies are used to check records of customers’ visits to our service sites and websites,
their types of use, frequently searched keywords, status of secured connections, etc. They are also used to provide
optimized information to customers.

b.Customers’ refusal to accept operation of cookies: Customers may express their refusal to use cookies as follows: Tools at the top of a web browser page > Internet Option / Personal Information menu.

c.Customers’ refusal to accept cookies may result in difficulties while using our customized service.

Article 9 (Personal Information Manager)

We have designated personal information managers as shown below to handle complaints of information subjects about our processing personal information and help compensate them for losses concerning our processing of personal information.
▶ Personal Information Manager
Name: Han Ju-hui
Position: Business Support Team Manager
Contact: 02-6261-2330, like@circuscompany.com, 0303-0011-9878
※ Your call will be directed to the Personal Information Protection Department.
▶ Personal Information Protection Department
Department: Business Support Team
Manager: Han Ju-hui
Contact: 02-6261-2330, like@circuscompany.com, 0303-0011-987

We will be immediately respond to and handle any inquiries sent to the personal information protection manager or department made by the information subjects regarding our protection of their personal information, our handling of their complaints, our handling of matters concerning compensation for their loss concerning our processing of personal information, etc during the use of our service or company.

Article 10 (Request for Accessing Personal Information)

Our personnel stated in the following will promptly deal with requests from the information subjects for accessing their personal information kept by us under the Personal Information Protection Act, Article 35.

▶ Department: Business Support Team
Manager: Han Ju-hui
Contact: 02-6261-2330, like@circuscompany.com, 0303-0011-987

Article 11 (Relief for Rights Infringement)

The information subjects may get relief, consulting concerning an infringement of rights related to their personal information from the following agencies.
‹The following agencies are operating independently of us. You may contact them if you have complaints about our processing of your personal information or you are not satisfied with the way your loss related to your personal information is handled by us.›

▶ Korea Computer Emergency Response Team Coordination Center (KrCERT/CC) [run by the Korea Internet & Security Agency (KISA)]
- Business handled: reports on infringement of personal information-related rights; relevant consulting
- Homepage: privacy.kisa.or.kr
- ☎: 118 (no national code needed)
- Address: KrCERT/CC, 3rd Fl., 9 Jinheung-gil (301-2, Bitgaram-dong), Naju-si, Jeollanam-do 58324
▶ Personal Information Dispute Mediation Committee (“PIDMC” or “Pico")
- Business handled: application for arbitration of personal information-related disputes; mediation of collective disputes
- Homepage: www.kopico.go.kr
- ☎: 1833-6972 (no national code needed)
- Address: 4th Fl., Government Complex 209 Sejong-daero, Jongno-gu, Seoul 03171
▶ Internet Crime Investigation Center of the Supreme Prosecutors' Office: ☎02-3480-3573 (www.spo.go.kr)
▶ Korean National Police Agency Cyber Bureau: ☎182 (http://cyberbureau.police.go.kr)

Article 12 (Effectuation)

These revised Guidelines shall be enforced starting June 1, 2018.