The GoldenBlue Website shall process personal data for the following purposes. Processed personal data will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

1. 1.Use in marketing and advertisement

   Personal data is processed by providing for event and advertising information and participation opportunities, identifying access frequency, or providing statistics on members’ use of service.

1. 1.GoldenBlue shall process and retain personal data within the personal data retention and use period under the law or the personal data retention and use period agreed to when collecting personal data from data subjects.

2. 2.The respective period of retention and use of personal data is as follows.

   < Period of retention and use > One (1) year from the date of consent to the collection of cookies or when there is a request for deletion of collected items.

3. 3.GoldenBlue shall process the following personal data.

   • Use in marketing and advertisement
   • Maintenance of website quality
   • Required Items: Access IP information, cookies, access log

1. 1.GoldenBlue shall process personal data only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provide personal data to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act as mentioned in the Consent of the Data Subject and special provisions of the law.

2. 2.GoldenBlue provides personal data to third parties as follows.

   < Thewebstyle >

   1. • Recipient of personal data: Thewebstyle
      • Provided items: Access IP data, cookies, access log
      • Purpose of use: to consider existing users’ preference when they revisit the GoldenBlue Website
      • Retention and use period: One (1) year from the date of consent to the collection of cookies or when there is a request for deletion of collected items

1. 1.GoldenBlue shall destroy personal data without delay when said personal data becomes no longer necessary to retain, such as the expiration of the personal data retention period or achieving the purpose of processing the personal data.

2. 2.If the retention period for personal data consented to by the data subject has expired, or if the personal data has to be kept in compliance with other laws despite achieving the purpose of processing said personal data, it may be transferred to a separate database (DB) or stored by a different means of storage for safe-keeping.

3. 3.The procedures and methods of destroying and discarding personal data shall be as follows.

   • Destruction procedures : GoldenBlue selects personal data for which the cause for destruction occurs, and destroys personal data with the approval of the privacy officer.
   • Destruction methods : Personal data stored in the form of electronic files shall be destroyed using technical means that render said data unrecoverable.

1. 1.The data subject can exercise the the right to view, correct, delete, and suspend the processing of its personal data held by GoldenBlue at any time.

2. 2.Rights under Paragraph (1) can be exercised against GoldenBlue in writing, via e-mail, facsimile, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and GoldenBlue shall take the required action without delay in the event of such request.

3. 3. Rights under Paragraph (1) can be exercised through an agent such as the legal representative of the data subject or a person who has been delegated to act on behalf of the data subject. In such cases, the data subject shall submit a power of attorney using the form provided as Attachment No. 11 of the “Announcement on the Handling Method for Personal Information (No. 2020-7).”

4. 4.The data subject’s rights to request, view, or suspend processing of personal data may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

5. 5.Correction and deletion of personal data cannot be requested if the personal data is specified as required data in other laws.

6. 6.GoldenBlue shall confirm whether the person who makes a request according to the data subject’s legal rights pertaining to personal data, such as a request for viewing, correcting/deleting, or suspending the processing of personal data, is the data subject of said data or a legitimate agent thereof.

1. 1.Storage of access log and forgery prevention

   Records relating to access to the personal data processing system are kept and managed for at least one (1) year. However, such records are kept and managed for at least two (2) years in the event where GoldenBlue adds the personal data of at least 50,000 data subjects or processes personally identifiable information or sensitive information. GoldenBlue employs a security function to prevent forgery, falsification, theft, or loss of access records.

2. 2.Personal data encryption

   The user’s password is encrypted for storage and management so that only the user knows it, and for important data, separate security features are used, such as encrypting files and transmission data or utilizing a file locking feature.

3. 3.Technical response to data breach, etc.

   In order to prevent the leakage and damage of personal data due to data breaches or computer viruses, GoldenBlue (GoldenBlue Website) has installed security programs, renews and inspects on a regular basis, installed the system in an access-controlled secure zone, and technically and physically monitors and blocks the system.

1. 1.GoldenBlue uses “cookies” that frequently store and retrieve usage data in order to provide users with tailored services.

2. 2.Cookies are small text files that the server (HTTP) uses to operate a website and sends to the user's computer browser and can be stored on the hard drive of the user’s computer.

   • A. Purpose of cookies: Cookies are used to provide users with optimized information by identifying the forms of visits and use of each service and websites visited by the user, popular search keywords, and security access status.
   • B. Installation, operation and refusal of cookies: You can disable cookie storage by selecting the option from the “Tool > Internet Option > Privacy” menu at the top of the web browser.
   • C. If you decline to store cookies, you may experience difficulties in using personalized services.

1. 1.GoldenBlue designates a privacy officer in charge of personal data protection who shall be responsible for the overall handling of personal data and handling complaints and providing relief for data subjects against damages relating to the processing of personal data as follows.

   • Privacy Officer
     Name: Jeong Byung-seon / Title : Director of Operations Management, CSO (Chief Security Officer) / Position : Managing Director
     ※ You will be redirected to the Personal Data Protection Department.
   • Personal Data Protection Department
     Department name : Data Technology Team / Person-in-charge : Kim Bong-su / Contact : +82-51-745-7447, bskim@goldenblue.co.kr

2. 2.The data subject may contact the Privacy Officer and the personal data protection department with respect to all inquiries relating to personal data protection, handling of complaints, remedy, etc. that have occurred while using GoldenBlue’s services (or business). GoldenBlue will answer and handle a data subject’s inquiries without delay.

The data subject may make a request for access to personal data to the following department under Article 35 of the Personal Information Protection Act.

GoldenBlue will endeavor to swiftly handle data subjects’ requests for access to personal data.

• Department in charge of receiving and processing requests for access to personal data
  Department name : Information Technology Team / Person-in-charge : Kim Bong-su / Contact : +82-51-745-7447, bskim@goldenblue.co.kr

The data subject may contact the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center under the Korea Internet Security Agency, etc. to inquire about relief for damage, etc. in relation to personal data infringement. For any other reports and consultations on personal data infringement, please contact the following organizations.

1. 1.Personal Information Dispute Mediation Committee (+82-1833-6972, www.kopico.go.kr)

2. 2.Personal Information Infringement Report Center (+82-118, privacy.kisa.or.kr)

3. 3.Supreme Prosecutors’ Office (+82-1301, www.spo.go.kr)

4. 4.National Police Agency (+82-182, ecrm.cyber.go.kr)

A person whose rights or interests have been violated by a decision or omission made by a head of a public agency in response to a request under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information) and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act. ※ Please visit the Online Administrative Appeals website (www.simpan.go.kr) for more information about administrative appeals.

1. 1.This Privacy Policy is effective from July 31, 2023.