The purposes of processing personal information files, < BLUEDOT > registers and discloses
pursuant to the Personal Information Protection Act Article 32, are as follows.

1. Personal Information File Name: BLUEDOT Privacy Policy
The Purpose of Processing Personal Information: Collection of basic information for service delivery and response to inquiries and suggestions
Means of Collection: homepage
Basis of Storage: Prevention of duplicate accounts and Act on the Consumer Protection in Electronic Commerce Act
Storage Period: 3 years
Related Laws: Recording of credit information collection/process and usage, etc.: 3 years, Recording of processing consumers' complaints and disputes: 3 years, Recording of payment and provision of commodities, etc.: 5 years, Recording of contract or withdrawal, etc.: 5 years, Recording of display/advertisement: 6 months

① < BLUEDOT > processes the following personal information categories.
1. < BLUEDOT Privacy Policy >
Required: Email, mobile number, office telephone number, company name, service usage history,
access log, cookie, connecting IP information, payment history

① < BLUEDOT > destroys the personal information without hesitation in case personal information
becomes unnecessary due to elapsed storage period, accomplishment of purpose, etc.
② In case personal information is required to be retained pursuant to other laws despite the elapse of storage period and accomplishment of the purpose of personal information approved by the information controller, the information is moved to a separate database (DB) or stored in a different storage location.
③ The process of destroying personal information is as follows.
1. Destruction Process
< BLUEDOT > selects personal information for which the reason for destruction occurred, and
destroys it with the approval of < BLUEDOT >'s privacy protection manager.
2. Destruction Method
Information in form of electronic file format is destroyed by the technical method whose records
cannot be restored.

① Information controllers may exercise their rights to browse, correct, delete, request suspension of the process, etc. to BLUEDOT at any time.
② The rights in alignment with Clause 1 may be exercised via letter, phone call, email, FAX, etc. and the company shall take measures immediately.
③ The rights in alignment with Clause 1 may be exercised via an agent such as a legal representative of the information controller or a delegated person. In this case, the power of attorney must be submitted in the format prescribed by “Notification Concerning Method of Processing Personal Information (2020-7)” Annexation 11.
④ The rights of information controllers to request to browse or suspend personal information may be limited in pursuance of 「Personal Information Protection Act」 Article 35-7 and Article 37-2.
⑤ Regarding the request to correct or delete personal information, it shall not be eligible for deletion request in case the information is stipulated as the subject of storage in other laws.
⑥ In case of a request to browse, or request to correct or delete in pursuance of the information controller's rights, BLUEDOT verifies whether the person making the request is the information controller or their authorized representative.

< BLUEDOT > is taking measures to secure safety of personal information as follow.
1. Conduction of regular internal audits
We conduct internal audits (quarterly) to secure the safety of personal information processing.
2. Minimizing and training employees dealing with personal information We implement measures to manage personal information by designating employees responsible to deal with personal information and minimizing the number of them.
3. Establishment and Implementation of the internal management plan We establish and implement an internal management plan to safely process personal information
4. Technical countermeasures to prepare for hacking, etc.
<BLUEDOT>('BLUEDOT') installs security programs, regularly renews and inspects them, builds the system in the restricted area from the outside and technically/physically surveils and blocks the threats to prevent leak and damage to personal information by hacking or virus.
5. Restriction of access to personal information
We take necessary measures to restrict access to personal information through authorization, change, and termination of access to personal information database system, and control unauthorized access from the outside by using a firewall system.

① BLUEDOT utilizes 'cookie', which stores and from time to time retrieves usage information to provide users with customized services.
② Cookie is a small portion of information the server (http) used to operate the website sends to the user's computer, and it may be saved on the hard disk of user's PC.
A. The purpose of cookie: Cookies are used to provide users with optimized information by identifying the services the user visited, the pattern of website visits and usage, secure access, etc.
B. Install•Operation and Rejection of cookie: You may reject the storage of cookies through Tools at the top of your web browser>Internet Option >the settings in the Privacy menu.
C. In case you reject cookie storage, difficulties in using customized services may occur.

① BLUEDOT designated the privacy protection manager as follows to take full responsibility for the tasks concerning personal information, deal with complaints of information controller, compensate their damages, etc.
      ▶ Privacy Protection Manager
Name: Hyeong-Seok Han
Position: CMO
Rank: Director
Contact: 02-6205-0812, philip.han@blue-dot.io
※ The contact is connected to Privacy Protection Division.

▶ Division in Charge of Privacy Protection
Division Name: Marketing
Manager: Hyeong-Seok Han
Contact: 02-6205-0812, philip.han@blue-dot.io

② Information controller may consult with the Privacy Protection Manager or Privacy Protection Division over the matters concerning inquiries, complaints, and compensations that occurred during using BLUEDOT's services (or business). BLUEDOT shall respond to and process the information controllers' inquiries promptly.

The information controller may make a request to inspect personal information pursuant to ｢Personal Information Protection Act｣ Article 35 to the following division.

      < BLUEDOT > shall do our best to speedily process the information controller's request to inspect
personal information.

▶ Division in Charge of Receiving · Processing Personal Information Inspection Request
Division Name: Marketing
Manager: Ga-Eun Park
Contact: 02-6205-0812, gwen.park@blue-dot.io

Information controller may apply for dispute mediation, consultation, etc. to Personal Information Dispute Mediation Committee, KISA Personal Information Infringement Report Center, etc. to receive remedies for infringement of their personal information. Please consult with the following institutions over the report and consultation over other personal information infringement.
      1. Personal Information Dispute Mediation Committee: (without exchange number) 1833-6972 (www.kopico.go.kr)
      2. Personal Information Infringement Report Center: (without exchange number) 118 (privacy.kisa.or.kr)
      3. Supreme Prosecutor's Office: (without exchange number) 1301 (www.spo.go.kr)
      4. National Police Agency: (without exchange number) 182 (ecrm.cyber.go.kr)

The person whose rights and benefits are infringed due to a disposition or omission of the head of the government office regarding the request under 「Personal Information Protection Act」 Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) may file an administrative appeal in pursuance of Administrative Appeals Act.

※ Please refer to the web page of Online Administrative Appeals (www.simpan.go.kr) for further information on administrative appeals.

① The privacy policy above is active starting from September 07, 2022.