Article 1 (Items of Personal Data to be Processed and Purposes of Processing)

The items of personal data to be processed by Yijung Customs Corp. (“YJ”) and the purposes of such processing are as follows.
YJ undertakes that it will only use personal data for the purposes specified below and that it will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act (“PIPA”) and take other necessary measures should it decide to process personal data for any other purpose.

Article 2 (Processing/Retention Periods for Personal Data)

YJ will process and retain personal data in accordance with applicable periods under Korean laws and regulations or periods consented to by data subjects. In principal, YJ will promptly destroy personal data collected from data subjects after the purposes of its processing have been achieved or after data subjects have withdrawn their consent for its processing.

Article 3 (Provision of Personal Data to Third Parties)

as of the date indicated above.

Article 4 (Outsourcing of the Processing of Personal Data)

YJ outsources the processing of personal data as follows.

When entering into an outsourcing agreement for the processing of personal data, YJ, as stipulated under Article 26 of the PIPA, ensures that such agreement includes matters related to (i) restrictions on the processing of personal data beyond the purposes of the outsourced tasks, (ii) technical and managerial security measures for the protection of personal data, (iii) restrictions on the subcontracting of the outsourced tasks, (iv) supervision and management of the outsourced processor, and (v) liability for damages that may arise due to violations committed by the outsourced processor, and monitors the outsourced processor to check whether personal data is processed securely.
> YJ will promptly disclose through this policy any changes affecting the outsourced tasks or the outsourced processor.

Article 5 (Rights and Obligations of Data Subjects, and Methods of Exercising Rights)

Data subjects are entitled to exercise the following rights (pertaining to the protection of their personal data) against YJ.

1. Right to request access

2. Right to request rectification

3. Right to request deletion

4. Right to request suspension of processing

② Data subjects may exercise their rights under Paragraph 1 through postal mail, email, or fax in accordance with the format specified in Appendix 8 of the Enforcement Rule of the PIPA and YJ will promptly respond to any requests for the exercise of such rights.

③ In the event a data subject has requested the rectification or deletion of his/her personal data, YJ will cease using or providing such personal data until its rectification or deletion has been completed.

④ Data subjects may exercise their rights under Paragraph 1 through their legal representatives or other authorized third parties in which case such legal representatives or other authorized third parties will be required to submit a power of attorney in accordance with the format specified in Appendix 11 of the Enforcement Rule of the PIPA.

Article 6 (Destruction of Personal Data)

① YJ will promptly destroy personal data once its retention period has expired, the purposes for its processing have been achieved, or when its retention is no longer necessary.

② Notwithstanding the preceding Paragraph 1, if YJ is required to preserve personal data for longer periods in accordance with applicable laws and regulations, YJ will transfer such personal data to a separate database or storage location.

③ YJ will destroy personal data in accordance with the following process and methods.

1. Destruction process
YJ will select personal data for destruction and proceed to destroy such personal data with the approval of its Chief Privacy Officer.

2. Destruction methods
Personal data contained in electronic files will be destroyed using methods which prevent subsequent recovery and personal data contained in documents will be destroyed through shredding or incineration.

Article 7 (Security Measures for the Protection of Personal Data)

YJ is implementing the following security measures to protect personal data.

1. Managerial security measures : establishment and implementation of internal control plan, regular training of personnel

2. Technical security measures : restriction of access authority to the personal data processing system, installation of access control system, application of encryption measures and installation of security programs

3. Physical security measures : restriction of access to computer/server rooms and document storage rooms.

Article 8 (Chief Privacy Officer)

① YJ has appointed the following Chief Privacy Officer to oversee and manage tasks related to the processing of personal data and to respond to complaints and inquiries submitted by data subjects pertaining to their personal data.

• Chief Privacy Officer

- Name : Yong Hyun Kwon

- Job Title : Chief Privacy Officer

- Telephone : (02) 511 1326

- Email : cjcustoms@yijung.co.kr

② Data subjects may submit requests to access their personal data (pursuant to Article 35 of the PIPA) to the above department. YJ will endeavor to promptly respond to any such requests made by data subjects.

Article 9 (Amendment of Privacy Policy)

When amending this policy pursuant to applicable laws or internal regulations, YJ will continuously disclose details of the amendments and their effective date on YJ’s website for a certain period of time.

Article 10 (Remedies for Infringement of Rights and Interests)

Data subjects may contact the following agencies and institutions to seek redress for damages or consultation related to personal data infringement.

• Personal Data Infringement Call Center (operated by the Korea Internet and Security Agency)

- Tasks: receive reports and requests for consultation related to personal data infringement

- Homepage : privacy.kisa.or.kr

- Telephone : : (without preceding number) 118

- Address : Personal Data Infringement Call Center, Korea Internet and Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul, Korea 05717

• Personal Data Dispute Mediation Committee (operated by the Korea Internet and Security Agency)

- Tasks : receive requests for mediation of personal data disputes and class action personal data disputes (civil resolution)

- Homepage : privacy.kisa.or.kr

- Telephone : (without preceding number) 118

- Address : Personal Data Dispute Mediation Committee, Korea Internet and Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul, Korea 05717

• Cyber Crime Investigation Division of Supreme Prosecutors’ Office: 02-3480-3573(www.spo.go.kr)

• National Police Agency Cyber Terror Response Center: 1566-0112 (www.netan.go.kr)