개인정보처리방침

할랄로드(Halalroad)(이하 "회사"라 함)는 회사가 운영하는 halalroadmarket.com(이하 "사이트"라 함)를 이용하는 이용자들의 개인정보보호를 매우 중요시하며, 이용자가 회사의 웹서비스(이하 "서비스"라 함)를 이용함과 동시에 온라인상에서 회사에 제공한 개인정보가 보호 받을 수 있도록 최선을 다하고 있습니다. 이에 회사는 통신비밀보호법, 전기통신사업법, 정보통신망이용촉진등에관한법률 등 정보통신서비스제공자가 준수하여야 할 관련 법규상의 개인정보보호 규정 및 정보통신부가 제정한 개인정보보호지침을 준수하고 있습니다. 회사는 개인정보 보호정책을 통하여 이용자들이 제공하는 개인정보가 어떠한 용도와 방식으로 이용되고 있으며 개인정보보호를 위해 어떠한 조치가 취해지고 있는지 알려드립니다.

회사는 개인정보 보호정책을 사이트 첫 화면에 공개함으로써 이용자들이 언제나 용이하게 보실 수 있도록 조치하고 있습니다.

회사의 개인정보 보호정책은 정부의 법률 및 지침 변경이나 회사의 내부 방침 변경 등으로 인하여 수시로 변경될 수 있고, 이에 따른 개인정보 보호정책의 지속적인 개선을 위하여 필요한 절차를 정하고 있습니다. 그리고 개인정보 보호정책을 개정하는 경우 회사는 그 변경사항에 대하여 즉시 사이트를 통하여 게시하고 버전번호 및 개정일자 등을 부여하여 개정된 사항을 이용자들이 쉽게 알아볼 수 있도록 하고 있습니다. 이용자들께서는 사이트 방문시 수시로 확인하시기 바랍니다.

회사의 개인정보 보호정책은 다음과 같은 내용을 담고 있습니다.

가. 개인정보 수집에 대한 동의
나. 개인정보의 수집목적 및 이용목적
다. 개인정보 항목 및 수집방법
라. 개인정보의 보유 및 이용기간
마. 이용자 자신의 개인정보 관리(열람,정정,삭제 등)에 관한 사항
바. 쿠키(cookie)의 운영에 관한 사항
사. 개인정보관련 기술적-관리적 대책


가. 개인정보 수집에 대한 동의
회사는 이용자들이 회사의 개인정보 보호정책 또는 이용약관의 내용에 대하여 「동의함」버튼 또는 「동의안함」버튼을 클릭할 수 있는 절차를 마련하여, 「동의함」버튼을 클릭하면 개인정보 수집에 대해 동의한 것으로 봅니다.


나. 개인정보의 수집목적 및 이용목적
"개인정보"라 함은 생존하는 개인에 관한 정보로서 당해 정보에 포함되어 있는 성명, 주민등록번호 등의 사항에 의하여 당해 개인을 식별할 수 있는 정보(당해 정보만으로는 특정 개인을 식별할 수 없더라도 다른 정보와 용이하게 결합하여 식별할 수 있는 것을 포함)를 말합니다.

대부분의 회사 서비스는 별도의 사용자 등록이 없이 언제든지 사용할 수 있습니다. 그러나 회사는 회원서비스를 통하여 이용자들에게 맞춤식 서비스를 비롯한 보다 더 향상된 양질의 서비스를 제공하기 위하여 이용자 개인의 정보를 수집하고 있습니다.


다. 개인정보 항목 및 수집방법
회사는 이용자들이 회원서비스를 이용하기 위해 회원으로 가입하실 때 서비스 제공을 위한 필수적인 정보들을 온라인상에서 입력 받고 있습니다. 회원 가입시에 받는 필수적인 정보는 성명, 주민등록번호, 주소, 전화번호 등입니다. 또한 양질의 서비스 제공을 위하여 이용자들이 선택적으로 입력할 수 있는 사항으로서 회사주소, 회사전화번호, 직업, 이메일주소 및 이메일 수신여부 항목을 입력 받고 있습니다.


라. 개인정보의 보유 및 이용기간
이용자가 회사의 회원으로서 회사에 제공하는 서비스를 이용하는 동안 회사는 이용자들의 개인정보를 계속적으로 보유하며 서비스 제공 등을 위해 이용합니다. 다만, 아래의 "마. 이용자 자신의 개인정보 관리(열람,정정,삭제 등)에 관한 사항" 에서 설명한 절차와 방법에 따라 회원 본인이 직접 삭제하거나 수정한 정보, 가입해지를 요청한 경우에는 재생할 수 없는 방법에 의하여 디스크에서 완전히 삭제하며 추후 열람이나 이용이 불가능한 상태로 처리됩니다.


마. 이용자 자신의 개인정보 관리(열람,정정,삭제 등)에 관한 사항
이용자는 언제든지 회사 홈페이지를 이용하여 회원등록되어 있는 자신의 개인정보를 조회하거나 수정할 수 있으며 회원등록 탈퇴를 요청할 수도 있습니다.

이용자들의 개인정보 조회 및 수정을 위해서는 사이트의 회원관리 메뉴에서 아이디와 비밀번호를 사용하여 로그인(LOG-IN)하면 되는데, 아이디(ID) 및 주민등록번호, 이름을 제외한 모든 입력사항을 수정할 수 있습니다. 또한, 비밀번호를 잊어버린 경우에는 회원 로그인 메뉴 하단에 있는 "패스워드찾기"를 클릭하여 본인 확인에 필요한 사항을 입력하시면, 본인여부 확인 후 email을 통하여 비밀번호를 알려 드립니다.

회원등록 탈퇴는 사이트에 있는 나의정보에서 "회원탈퇴"를 클릭하시면, 이용자 본인여부를 확인한 후 처리합니다.


바. 쿠키(cookie)의 운영에 관한 사항
이용자들에게 특화된 맞춤서비스를 제공하기 위해서 회사는 이용자들의 정보를 저장하고 수시로 불러오는 '쿠키(cookie)'를 사용합니다. 쿠키는 웹사이트를 운영하는데 이용되는 서버(HTTP)가 이용자의 컴퓨터 브라우저에게 보내는 소량의 정보이며 이용자들의 PC 컴퓨터내의 하드디스크에 저장되기도 합니다.

이용자들이 회사에 접속한 후 로그인(LOG-IN)하여 마이페이지(My Page) 등의 서비스를 이용하기 위해서는 쿠키를 허용하셔야 합니다. 회사는 이용자들에게 적합하고 보다 유용한 서비스를 제공하기 위해서 쿠키를 이용하여 ID에 대한 정보를 찾아냅니다. 쿠키는 이용자의 컴퓨터는 식별하지만 이용자를 개인적으로 식별하지는 않습니다.

쿠키를 이용하여 이용자들이 방문한 사이트의 각 서비스와 이용형태, 이용자 규모 등을 파악하여 더욱 더 편리한 서비스를 만들어 제공할 수 있고 이용자에게 최적화된 정보를 제공할 수 있습니다. 이용자들은 쿠키에 대하여 사용여부를 선택할 수 있습니다. 웹브라우저에서 옵션을 설정함으로써 모든 쿠키를 허용할 수도 있고, 쿠키가 저장될 때마다 확인을 거치거나, 모든 쿠키의 저장을 거부할 수도 있습니다. 다만, 쿠키의 저장을 거부할 경우에는 로그인이 필요한 일부 서비스는 이용할 수 없습니다.


사. 개인정보관련 기술적-관리적 대책
회사는 이용자들의 개인정보를 취급함에 있어 개인정보가 분실, 도난, 누출, 변조 또는 훼손되지 않도록 안전성 확보를 위하여 다음과 같은 기술적 대책을 강구하고 있습니다.

이용자들의 개인정보는 비밀번호에 의해 철저히 보호되고 있습니다. 회원 아이디(ID)의 비밀번호는 본인만이 알고 있으며, 개인정보의 확인 및 변경도 비밀번호를 알고 있는 본인에 의해서만 가능합니다. 따라서 이용자 여러분께서는 비밀번호를 누구에게도 알려주시면 안됩니다. 이를 위해 회사에서는 기본적으로 PC에서의 사용을 마치신 후 온라인상에서 로그아웃(LOG-OUT)하시고 웹브라우저를 종료하도록 권장합니다. 특히 다른 사람과 PC를 공유하여 사용하거나 공공장소(학교, 도서관, 인터넷 게임방 등)에서 이용한 경우에는 개인정보가 다른 사람에게 알려지는 것을 막기 위해 위와 같은 절차가 더욱 필요할 것입니다.

회사는 해킹이나 컴퓨터 바이러스 등에 의해 회원의 개인정보가 유출되거나 훼손되는 것을 막기 위해 최선을 다하고 있습니다. 개인정보의 훼손에 대비해서 자료를 수시로 백업하고 있고, 최신 백신프로그램을 이용하여 이용자들의 개인정보나 자료가 누출되거나 손상되지 않도록 방지하고 있으며, 암호알고리즘 등을 통하여 네트워크상에서 개인정보를 안전하게 전송할 수 있도록 하고 있습니다. 그리고 침입차단시스템을 이용하여 외부로부터의 무단 접근을 통제하고 있으며, 기타 시스템적으로 안정성을 확보하기 위한 가능한 모든 기술적 장치를 갖추려 노력하고 있습니다.

PRIVACY POLICY

Article 1 (Purpose)

The following Privacy Policy(hereinafter referred to as ‘this Policy’) is established to protect the information(hereinafter referred to as ‘Personal Information’) of individuals(hereinafter referred to as ‘Users’ or ‘Individuals’) who use the services(hereinafter referred to as ‘Company Services’) that Halalroad Inc.(hereinafter referred to as ‘the Company’) aims to provide by abiding by relevant legislations including the Personal Information Protection Act and the Act on Promotion of Utilization of Information and Communications Network , and to quickly and smoothly process concerns related to the protection of the personal information of service users.

Article 2 (Principles of Personal Information Handling)

The Company may collect the Personal Information of Users following legislations related to Personal Information and this Policy, and the collected Personal Information may be provided to 3rd parties only in the cases where there is consent from the Individual. However, in the case that the company is legally compelled due to the stipulations of legislation etc., the Company may provide the Personal Information of Users to a 3rd party without the prior consent of the Individual.

Article 3 (Disclosure of this Policy)

① The Company shall disclose this Policy in the initial screen of the Company homepage or on a linked screen from the initial screen, so that the User can examine this Policy easily at any time.

② When the Company discloses this Policy in accordance with Paragraph 1, it shall use font sizes and colors that allow Users to easily examine this Policy.

Article 4 (Changes to this Policy)

① This Policy may be amended following changes in legislation, guidelines, and notifications related to Personal Information, or changes in the policy or content of the government or Company service.

② In the event the Company amends this Policy in accordance with Paragraph 1, it shall be notified utilizing one of the following methods.

1. A method of notification through the notifications section on the initial screen of the internet homepage operated by the Company or through a separate window

2. A method of notification to the User through writing, facsimile, electronic mail or other similar methods

③ For the notification in Paragraph 2, the Company shall notify amendments to this Policy at least 7 days prior to the implementation date of the amendment. However, in the event there are important changes to User rights, notification must occur at least 30 days prior.

Article 5 (Scope of Personal Information Collection)

The Company shall collect the minimum amount of Personal Information that is required to provide Company Services to the User.

Article 6 (Information for Membership Registration)

The Company shall collect the following information for membership registration of the User to the Company Services.

1. Required information Customer: E-mail, password, surname, given name, mobile phone number Vendor: E-mail, password, surname, given name, store(store name, address, phone number, operating hours)

2. Optional information Customer: Gender, birthdate, address, nationality, SNS log-in information Vendor: Gender, birthdate, address, nationality, SNS log-in information

Article 7 (Information for Identity Verification)

The Company shall collect the following information for identity verification of the User.

1. Required information Mobile phone number, e-mail address, name, password

2. Optional information Birthdate, gender, identity verification information(CI, DI), mobile service provider, I-Pin information(When using I-Pin), whether the User is a Korean/foreigner

Article 8 (Information for Legal Representative Consent)

In the case the consent of a legal representative is required, the Company shall collect the following information for legal representative consent.

1. Required information Guardian name, guardian birthdate, guardian gender, guardian mobile phone number, country of residence

2. Optional information Whether the guardian is a Korean/foreigner, guardian mobile service provider information, guardian I-Pin information

Article 9 (Information for Payment Services)

The Company shall collect the following information from the User to provide payment services of the Company.

1. Required information Credit card number, credit card password, expiration date, CVC, 4DBC, e-mail, surname, given name

2. Optional information Birthdate

Article 10 (Information for the Provision of Company Services)

The Company shall collect the following information to provide Company Services to the User.

1. Required information E-mail, password, surname, given name, mobile phone number, country of residence

2. Optional information Profile picture, gender, birthdate, address, SNS log-in information (When providing tangible goods) Name, mobile phone number, address, birthdate (When providing mobile goods) Mobile phone number, birthdate (When processing tax and public utilities charges) Name, resident registration number, mobile phone number, address, e-mail address

※ Company Services : In addition to Company Services in accordance to the Company’s user agreement, there are also services including marketing or event management for the provision of Company Services, and service usage environment for the security and privacy of the User etc.

Article 11 (Information to check for service usage and unlawful usage)

The Company shall collect the following information to check for service usage and unlawful usage by the User.

1. Required information Service usage record, cookies, connection location information, device information, device browser information

※ Unlawful usage : Refers to illegal or cheating acts such as re-registration after membership withdrawal, acts of gaining economic benefit through illegal or cheating methods such as gaining discount coupons or event benefits provided by the company though repeated product purchase and purchase cancellation, acts restricted by the user agreement etc., identity theft etc. The collected information may be used for statistics or analysis on Company Service usage.

Article 12 (Personal Information Collection Method)

The Company shall collect the Personal Information of the User through the following methods.

1. The method where the User inputs their Personal Information on the Company homepage

2. The method where the User inputs their Personal Information through services other than the homepage provided by the Company such as applications etc.

3. The method where the User who has received an e-mail sent under the Company name responds to this e-mail

4. The method where the User inputs the information in the process of using Company Services including customer center consultation, activity on bulletin boards etc.

Article 13 (Usage of Personal Information)

The Company shall use Personal Information in each of the following cases.

1. The case it is required for the operation of the Company such as delivery of notifications etc.

2. The case it is used to improve services to the User including responses to usage queries, handling of complaints etc.

3. The case it is used to provide Company Services

4. The case it is used for development of new services

5. The case it is used for marketing such as the provision of event information

6. The case it is used for demographic analysis, service visit and usage information analysis

7. The case it is used for the formation of relationships between users based on Personal Information and interests

8. The case it is used for usage restriction of members who violate laws and Company agreements, the prevention and restrictions on acts that impair the smooth operation of services including unlawful usage

Article 14 (Restriction on provision of Personal Information to 3rd parties)

The Company shall use Personal Information within the scope notified through the collection/usage purpose of Personal Information and cannot use the information in a way which exceeds the scope of the collection/usage purpose of Personal Information or provide the information to a 3rd party without prior consent by the User.

Article 15 (Provision of Personal Information following prior consent etc.)

① Despite the restriction on provision of Personal Information to 3rd parties, the Company can provide Personal Information to a 3rd party in the case the User has disclosed it beforehand or in the case they have agreed to the following.

A. Provision of customer name, e-mail information to Company host for luggage storage and retrieval

B. Provision of host store address, location, store name, phone number to Company customer for luggage storage and retrieval

② In the case there is a change in the relationship for provision to a 3rd party in the previous paragraph, or in the case the relationship for provision to a 3rd party has ended, notification and consent shall be gained from the User through the same procedure.

Act 16 (Provision of Personal Information following legislation etc.)

The Company may collect/use the Personal Information of Users without the consent of the User in any of the following cases.

1. The case when it is clearly difficult to receive standard consent for Personal Information required for the execution of contracts related to the provision of information communications services due to economic/technical reasons

2. The case when bill settlement regarding the provision of information communications services is required

3. In the case there are special regulations regarding the provison of personal information in legislation

Article 17 (Entrustment of Personal Information Processing)

① The Company is entrusting Personal Information in the following manner for smooth service provision and efficient operations.

1. Entrusting Personal Information handling during the [Personal Information Usage Period] to [Inicis],[Eximbay][PayPal]for [global credit card payment, messenger payment, China/Japan/South East Asia specialized payment]

② The Company constantly supervises and monitors whether the entrusted companies are safely handing the entrusted Personal Information, and when the entrustment has been concluded it makes the entrusted companies immediately destroy the Personal information their have.

Article 18 (Storage and usage period of Personal Information)

① Regarding the Personal Information of Users, the Company stores and uses the Personal Information for the period to achieve the purpose of Personal Information collection/usage.

② Despite the previous paragraph, the Company shall store unlawful usage records for a maximum of 1 year from the time of membership withdrawal to prevent illegal registration and usage following internal company guidelines.

Article 19 (Storage and usage period of Personal Information in accordance with legislation)

In accordance with related legislation, the Company shall store and use Personal Information as followings.

1. Storage and usage period following the Act on the Consumer Protection in Electronic Commerce, etc.

- Records regarding execution of the agreement or withdrawal of subscriptions etc.: 5 years

- Records regarding payments and provision of goods etc.: 5 years

- Records regarding consumer complaints or dispute resolution : 3 years

- Records regarding display/advertisement : 6 months

2. Storage information and storage period following the Protection of Communications Secrets Act

- Website log record data : 3 months

3. Storage information and storage period following the Electronic Financial Transactions Act

- Records on electronic financial transactions : 5 years

4. Act on the Protection, Use, Etc, of Location Information

- Records on personal location information : 6 months

Article 20 (Principle on destruction of Personal Information)

In principle, in the case Personal Information is no longer required due to achieve of the purpose of Personal Information processing of the User, elapsing of storage/usage period etc., the Company shall destroy the relevant information without delay.

Article 21 (Handling of Personal Information of service non-users)

① In principle, for the Personal Information of Users who have not used the Company Services for 1 year, the Company shall provide prior notice and destroy or separately store the Personal Information. ② The Personal Information of long-term non-use Users shall be separated and stored safety, and notification to the relevant Users shall be delivered to the electronic mail address at least 30 days prior to the date of separate storage processing by the Company.

③ In the case that long-term non-use Users wish to continue using services before being separated into the separate non-user DB, they can log-in to the Website(hereinafter this term shall include the ‘mobile app’).

④ When long-term non-use Users log-in to the Website, they can restore their account following the consent of the User.

⑤ The Company shall destroy the separately stored Personal Information without delay after storage for 4 years.

Article 22 (Personal Information destruction procedure)

① The information the User has inputted for membership registration, after it has achieved the Personal Information handling purpose, shall be moved to a separate DB(separate filing cabinet in the case of paper) and stored for a certain period following the reason for information protection in accordance with internal policy and other related legislation (refer to storage and usage period) before being destroyed.

② The Company shall destroy Personal information of which a cause for destruction has occurred following the approval procedure of the Personal Information Supervisor.

Article 23 (Personal Information destruction method)

The Company shall delete the Personal Information that is stored in electronic file format using a technical method that does not allow restoration, and Personal Information that is printed out into paper shall be destroyed through shredded using a shredder or incineration etc.

Article 24 (Advertising information transmission measures)

① In the case the Company transmits advertising information for commercial purposes using electronic medium, it must receive clear prior consent from the User. However, prior consent does not need to be received in any of the following cases below

1. In the case the Company has collected contact information directly from the recipient during transactional relationships for goods etc., the case where the Company aims to transmit advertising information for commercial purposes within 6 months from the date the transaction has been concluded regarding the same goods etc. that the Company has processed, and the recipient has transacted

2. The case when an authorized phone salesperson has informed the recipient on the collection source of Personal Information by voice and has cold-called in accordance with the 「Act on Door-to-door Sales etc.」

② Despite the previous paragraph, in the event the recipient has expressed their intent to refuse receipt or in the event they withdraw their prior consent, the Company shall not transmit advertising information for commercial purposes, and they shall inform the recipient of the results of receipt refusal and receipt consent withdrawal processing.

③ In the case the Company transmits advertising information for commercial purposes using electronic medium from the time after 9PM to 8AM the next day, it must receive separate prior consent from the recipient despite paragraph 1.

④ In the event the Company transmits advertising information for commercial purposes using electronic medium, it shall clearly state the following items in the advertising information. 1. Company name and contact information 2. Matters related to receipt refusal or withdrawal of receipt consent shall be shown

⑤ In the event the Company transmits advertising information for commercial purposes using electronic medium, it shall not conduct any of the following actions.

1. Actions to avoid/hinder the receipt refusal or withdrawal of receipt consent by the recipient

2. Actions to automatically create the contact information of recipients including phone numbers, e-mail addresses by combining numbers, symbol, or characters

3. Actions to automatically register phone numbers or e-mail addresses for the purpose of transmitting advertising information for commercial purposes

4. Various actions to hide the identity of the advertising information transmitter or to hide the source of transmission

5. Various actions to induce responses by deceiving the recipient for the purpose of transmitting advertising information for commercial purposes

Article 25 (Protection of Personal Information of children)

① For the protection of the Personal Information of children under the age of 14, the Company shall limit membership registration to Users over the age of 14.

② In the event the User is a child under the age of 14, despite paragraph 1, the Company shall receive consent on the collection, usage, provision etc. of the Personal Information of that child from the legal representative of the child.

③ In the case of paragraph 2, the Company shall additionally collect the name, date of birth, duplicate registration confirmation information(ID), mobile phone number etc. of the legal representative.

Article 26 (Withdrawal of Personal Information collection consent etc.)

① The User or a legal representative can view or modify their own registered Personal Information at any time, they can also request a withdrawal of their consent for the collection of Personal Information.

② In order for the User or a legal representative to withdraw their consent for the collection of their Personal Information, they can contact the Personal Information Protection Supervisor or person in charge through writing, telephone, or e-mail and the Company shall take action without delay.

Article 27 (Changes to Personal Information etc.)

① The User can make a request to the Company through the methods in the above article for the correction of errors in Personal Information.

② In the event of the previous Paragraph, the Company shall not use or provide Personal Information until the correction has been completed, and in the case the incorrect Personal Information has already been provided to a 3rd party, it will inform them without delay to allow the corrections to be made.

Article 28 (Obligations of Users)

① The User must ensure that their Personal Information is up to date, and the responsibility for any issues that occur due to inaccurate information inputted by the User shall remain with the User.

② In the case of membership registration using illegal usage of another person’s Personal Information, this can lead to loss of User status or punishments according to related Personal Information protection legislation.

③ The User has the obligation to maintain security of their e-mail address, password etc., and they may not lend or transfer this to a 3rd party.

Article 29 (Personal Information management by the Company)

Regarding the handling of Personal Information of the User, the Company is considering the following technical/managerial protection measures to ensure security to prevent the loss, theft, leakage, falsification, damage etc. of Personal Information.

Article 30 (Handling of deleted information) For the Personal Information canceled or deleted due to a request from the User or a legal representative, the Company shall handle it following the stipulations shown in the storage and usage period of the Personal Information collected by the Company, and it is handled in a manner that does not allow to be viewed or used for any other use.

Article 31 (Encryption of passwords) The User’s password is stored and managed using uni-directional encryption, and the viewing and changing of Personal Information is only possible by oneself who knows the password.

Article 32 (Provisions to prepare for hacking etc.)

① The Company is doing its utmost to prevent the leaking or damaging of the Personal Information of Users through intrusions in to the information communications network such as hacking, computer viruses etc.

② The Company is preventing the leaking or damaging of the Personal Information or data of Users by using the latest vaccine programs.

③ The Company is ensuring that in the case of sensitive Personal Information (is collected or stored), that the Personal Information is able to be transmitted safely through the network using encrypted communication etc.

Article 33 (Minimization of Personal Information handling, and training)

The Company limits the personnel related to the handling of Personal Information to a minimum, and it is emphasizing adherence to legislation and internal policies through managerial actions such as training of people handling Personal Information etc.

Article 34 (Operation of a department exclusively for Personal Information Protection)

The Company operates a department exclusively for Personal Information protection, and it checks whether items in the Privacy Policy and the person in charge are being adhered to, in the case a problem is discovered it endeavors to do its best to immediately solve and rectify the issue.

Article 35 (Measures regarding Personal Information leakage etc.)

① When the Company discovers the fact that Personal Information has been lost/stolen/leaked(hereinafter referred to as ‘leak etc.’), it must inform the User of all the item below without delay and report to the Korean Communications Commission or the Korea Internet & Security Agency.

1. The Personal Information items that have been leaked etc.

2. The timing of the leak etc.

3. Measures that the User can take

4. Response measures of the information communication service provider etc.

5. Department and contact information where the User can apply for consultation etc.

Article 36 (Exceptions to the measures regarding Personal Information leakage etc.)

Despite the previous article, in the case the Company has a justifiable reason, such as not being able to know the contact information of the User, the Company make take the action of replacing the notification of the above article through the method of display on the Company homepage for over 30 days

Article 37 (Right for the User to choose to install cookies)

① The User has the right to choose to install cookies. Therefore, the User can set the options on the web browser to allow all cookies, to confirm each time a cookie is saved, or to refuse the saving of all cookies.

② However, in the case the saving of cookies is refused, there may be difficulties in using some services of the Company which require log-in.

Article 38 (Method to set Cookie installation allowance)

The method to set whether to allow the installation of cookies(in the case of Internet Explorer) is as follows.

A. Select [Internet Options] from the [Tools] menu.

B. Click the [Personal Information tab].

C. Set the setting in [Advanced] settings.

Article 39 (Designation of a supervisor and person responsible for Personal Information protection by the Company)

The Company has designated the following related department and Personal Information protection supervisors to protect the Personal Information of Users and to handle complaints related to Personal Information.

A. Personal Information Protection Supervisor

- Name: Dongseong Kim

- Telephone: 070-8288-6836

- E-mail: dskim@halalroad.com

Article 40 (Handling of User Complaints)

The User can report all complaints related to Personal Information protection that occurs during the use of Company Services to the Personal Information protection supervisor. The Company will provide sufficient responses quickly to the reports by the User.

Article 41 (Consultation to institutions by Users)

Users who require reporting or consultation regarding other Personal Information infringements can consult the following institutions.

▶ Privacy Information Protection Portal (operated by the Ministry of Security and Public Administration)

- Responsibilities : Report cases of Personal Information infringement, consultation requests

- Homepage : privacy.kisa.or.kr

- Telephone : (without area code) 118

- Address : (58324) 3rd Floor, 9 Jinheung-gil, Naju city, Jeonnam(301-2 Bitgaram-dong)

▶ Personal Information Dispute Mediation Committee

- Responsibilities : Receive application of Personal Information dispute mediation, collective dispute mediation

- Homepage : www.kopico.go.kr

- Telephone : 1833-6972 - Address : (03171) 4th Floor, Government Complex Seoul, 209 Sejong Daero, Jongno-gu, Seoul

▶ Cyber Division, the Ministry of Scientific Investigation at the Supreme Prosecutors’ Office: 02-3480-2000 (www.spo.go.kr)

▶ Cyber Bureau at the National Policy Agency: (without area code) 182 (cyberbureau.police.go.kr) Supplementary Provisions This Policy shall be effective as of October 10, 2019.

User Consent The following person has understood the contents of this Policy and shall substitute consent regarding the collection and provision to 3rd parties of their Personal Information through the action of making a check mark in the consent section of this Policy.