\ (hereinafter referred to as 'PuzzBox') establishes and discloses this Privacy Policy as follows, in accordance with Article 30 of the Personal Information Protection Act, in order to protect the personal information of data subjects and to promptly and smoothly handle related grievances. This Privacy Policy applies from June 10, 2024. Article 1 (Purpose of Processing Personal Information) \ (hereinafter referred to as 'PuzzBox') processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 1. Provision of goods or services Personal information is processed for the purpose of providing services, providing content, and providing customized services. 2. Use for marketing and advertising Personal information is processed for the purposes of developing new services (products), providing customized services, providing event and promotional information and opportunities to participate, identifying access frequency, or generating statistics on members' service usage. Article 2 (Processing and Retention Period of Personal Information) 1) \ processes and retains personal information within the personal information retention/use period prescribed by law or within the retention/use period consented to by the data subject at the time of collection. 2) The processing and retention periods for each type of personal information are as follows. 1. \ Personal information related to \ is retained and used for the above purpose from the date of consent for collection/use until \. Basis for retention: Article 15 of the Personal Information Protection Act Related law: Records on labeling/advertising: 6 months Exceptions: Article 3 (Provision of Personal Information to Third Parties) 1) \ processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the data subject's consent or special provisions of law. 2) \ provides personal information to third parties as follows. 1. <> Recipient of personal information: Purpose of use of personal information by recipient: Retention/use period by recipient: Article 4 (Rights and Duties of Data Subjects and Legal Representatives, and Method of Exercise) 1) Data subjects may exercise rights regarding personal information at any time with PuzzBox, including requests for access, correction, deletion, and suspension of processing. 2) Rights under paragraph 1 may be exercised against PuzzBox in writing, by email, by fax, etc. in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and PuzzBox will take action without delay. 3) Rights under paragraph 1 may be exercised through a legal representative of the data subject or an authorized agent. In this case, a power of attorney in the form of Appendix Form No. 11 of the Notice on Methods of Processing Personal Information (No. 2020-7) must be submitted. 4) Requests for access and suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act. 5) Requests for correction and deletion of personal information cannot be made if that personal information is specified as a collection target under other laws. 6) PuzzBox verifies whether the requester is the data subject or a legitimate representative when requests for access, correction/deletion, or suspension of processing are made pursuant to data subject rights. Article 5 (Items of Personal Information Processed) 1) \ processes the following personal information items. 1 \< Provision of goods or services \> Required items: Service usage records, access logs, cookies, access IP information, search history Optional items: Article 6 (Destruction of Personal Information) 1) \ destroys the relevant personal information without delay when personal information becomes unnecessary, such as when the retention period has expired or the processing purpose has been achieved. 2) If personal information must continue to be preserved under other laws even after the retention period consented to by the data subject has expired or the processing purpose has been achieved, that personal information will be preserved by transferring it to a separate database (DB) or storing it in a different location. 1. Legal basis: 2. Personal information items to be preserved: Account information, transaction date 3) The procedures and methods for destruction of personal information are as follows. 1. Destruction procedure \ selects personal information for which grounds for destruction have occurred and destroys personal information with approval from the personal information protection officer of \. 2. Destruction method Information in electronic file format is destroyed using technical methods that prevent record recovery. Personal information printed on paper is destroyed by shredding with a shredder or by incineration. Article 7 (Measures to Ensure Safety of Personal Information) \ takes the following measures to ensure the safety of personal information. 1. Restriction of access to personal information Necessary measures are taken to control access to personal information by granting, changing, and revoking access rights to database systems processing personal information, and unauthorized external access is controlled through an intrusion prevention system. Article 8 (Matters Regarding Installation, Operation, and Refusal of Automatic Personal Information Collection Devices) PuzzBox does not use cookies to store and periodically retrieve usage information of data subjects. Article 9 (Chief Privacy Officer) 1) PuzzBox is responsible for overall personal information processing and has designated the following chief privacy officer to handle complaints and remedy damages related to personal information processing. Chief Privacy Officer Name: PuzzBox Position: None Rank: None Contact: 01029387630, rlawjddyd300@gmail.com, None This connects to the department in charge of personal information protection. Department in charge of personal information protection Department name: Person in charge: Contact: , , 2) Data subjects may inquire with the chief privacy officer and responsible department about all matters related to personal information protection, including inquiries, complaint handling, and damage relief arising while using PuzzBox's service (or business). PuzzBox will respond and process inquiries without delay. Article 10 (Processing of Pseudonymized Information) \ processes pseudonymized information for the following purposes. Purpose of processing pseudonymized information - Can be written directly. Processing and retention period of pseudonymized information - Can be written directly. Matters regarding provision of pseudonymized information to third parties (fill in only if applicable) - Can be written directly. Matters regarding entrustment of processing pseudonymized information (fill in only if applicable) - Can be written directly. Items of personal information being pseudonymized - Can be written directly. Matters regarding measures to secure the safety of pseudonymized information under Article 28-4 of the Act (Obligation to Take Safety Measures for Pseudonymized Information, etc.) - Can be written directly. Article 11 (Request for Access to Personal Information) Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act to the department below. \ will endeavor to ensure prompt processing of requests for access to personal information. Department in charge of receiving/processing requests for access to personal information Department name: Person in charge: Contact: , , Article 12 (Remedies for Infringement of Rights and Interests) To obtain remedies for personal information infringement, data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. For other reports and consultations regarding personal information infringement, please contact the institutions below. 1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr) 2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr) 3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr) 4. National Police Agency: (without area code) 182 (cyberbureau.police.go.kr) A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to requests under Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), or Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act. For details on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr). Article 13 (Changes to the Privacy Policy) 1) This Privacy Policy applies from June 10, 2024.