Privacy Policy

• 'EXEM Co., Ltd.' (hereinafter referred to as the 'Company') values customers' personal information and complies with the 'Personal Information Protection Act' and the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'.
• Through the privacy policy, the Company informs you of the purpose and method of using the personal information provided by customers and the measures taken to protect personal information.
• When the Company revises the privacy policy, it will be notified through a website notice (or individual notice).

Article 1. Items of Personal Information Collected

The Company collects the following personal information for service application, consultation, and inquiry.

1. Items to be collected

   • Name, company name, phone number or mobile phone number, e-mail address, department name, position, field of business

2. How personal information is collected

   • Limited to service application and consultation through the website

Article 2. Purpose of Collection and Use of Personal Information

The Company uses the collected personal information for the following purposes.

1. Service inquiry

   • Identify and confirm the exact contents of inquiries, respond to inquiries, send answers, and communicate smoothly with customers

2. Use for marketing and advertising

   • Delivery of advertising information such as services, products, seminars, events, etc., provision of services and advertisements according to demographic characteristics, and webzine mailing

Article 3. Retention and Use Period of Personal Information

After the purpose of collection and use of personal information is achieved, the Company destroys the information without delay. However, the following information is retained for the specified period for the reasons stated below.

• [Reason for information retention according to relevant laws and regulations]
• If it is necessary to preserve personal information in accordance with laws such as the Act on Consumer Protection in Electronic Commerce and the Commercial Act, the Company keeps personal information for a certain period as stipulated by the relevant laws and regulations. In this case, the information is used only for the purpose of retention, and the retention period is as follows.
• [Records on responding to consumer inquiries]
• • Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.
  • Retention period: 3 years

Article 4. Personal Information Destruction Procedure and Method

In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows.

1. Destruction procedure

   • After the purpose is achieved, the entered information is moved to a separate DB (or stored in a separate filing cabinet for paper) and stored for a certain period according to internal policies and legal retention reasons (see retention and use period), then destroyed. Personal information transferred to a separate DB is not used for any purpose other than retention unless required by law.

2. Destruction method

   • Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.

Article 5. Provision of Personal Information

1. The personal information collected by the Company is limited to the minimum required to provide the service, but if necessary, more detailed information may be requested.
2. The Company may provide personal information to a third party with the user's consent. Even in this case, provision to a third party is made only with the user's consent. If you do not want personal information to be provided, you may refrain from using specific services or participating in certain promotions or events (in such cases, separate notice will be given).

Article 6. Consignment of Collected Personal Information

• If the company entrusts the provision of the above specific services to an external company (hereinafter referred to as the 'consigned company'), the member's personal information necessary for service provision may be provided to the consigned company with the consent of the member. In this case, Indicate the fact of service entrustment. The consigned company does not use or provide it to a third party for purposes other than the consigned purpose in collecting, handling, and managing the personal information of the members provided.
• The list of consigned tasks and their details are as follows.

• Items of personal information transferred: Email address (ID), name
• Country of transfer: United States
• Transfer schedule and method: Transferred from time to time via the information and communication network at the time of service use
• Purpose of use of personal information by the recipient: Cloud server operation and management, customer support and marketing
• Retention and use period of the recipient: Destroyed immediately after the end of the consignment contract or upon member withdrawal or loss of user qualification

Article 7. Installation and Operation of Automatic Personal Information Collection Devices and Refusal (New)

The behavioral information and tools collected by third parties from the web are as follows.

• To provide personalized services to data subjects, EXEM uses cookies, which are personal information automatic collection devices that store and retrieve usage information. If desired, users may block cookies by following the guidance below.
• Cookies are small pieces of information sent by the server (HTTP) operating the website to the user's browser and stored on the data subject's PC or mobile device.
• Data subjects can choose whether to install cookies. Therefore, in the web browser, options can be set to allow or block cookies. If cookie storage is refused, some functions that use cookies may not work properly.

Article 8. Rights of Users and Legal Representatives and How to Exercise Them

1. To protect customers' personal information and handle complaints related to personal information, the Company designates the relevant department and the personal information manager as in Article 10.
1. Users may request to view, modify, or delete personal information by contacting the Company's personal information manager in writing, by phone, or via e-mail.
2. If a user requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. If incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that correction can be made.
3. The Company handles personal information terminated or deleted at the user's request in accordance with Article 3 and prevents it from being viewed or used for any other purpose.
2. Users must enter their personal information accurately and keep it up-to-date. Users are responsible for accidents caused by inaccurate information, and membership may be revoked if false information is entered, such as stealing others' information.
3. Users have the right to have their personal information protected and the duty to protect themselves and not infringe others' information. Users must take care not to leak their personal information and must not damage others' personal information, including in posts. Failure to fulfill these responsibilities may result in punishment under the Act on Promotion of Information and Communications Network Utilization and Information Protection.

Article 9. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company does not operate cookies that store and retrieve user information.

Article 10. Other Personal Information Handling Policies

1. Technical and administrative measures for personal information protection

   In handling personal information, the Company takes the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.

   1. Users' personal information is protected by a password, and important data is protected through a separate security function by encrypting files and transmission data or by using a file lock function.
   2. The Company uses antivirus programs to take measures to prevent damage caused by computer viruses. Vaccine programs are regularly updated, and in the event of a sudden virus outbreak, vaccines are provided as soon as available to prevent invasion of personal information.
   3. In preparation for external intrusions such as hacking, each server uses an intrusion prevention system and a vulnerability analysis system to ensure security.
   4. The Company restricts access to personal information to those who perform marketing tasks directly targeting users, personal information protection officers and staff, and those who unavoidably need to handle personal information for business purposes.
   5. The Company provides in-house training to employees who handle personal information on new security technologies and obligations for personal information protection.
   6. The transfer of duties of personal information handlers is carried out thoroughly while maintaining security, and responsibilities for personal information incidents after joining or leaving the Company are clarified.
   7. The Company is not responsible for incidents arising from users' mistakes or basic risks inherent to the Internet.
   8. If personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or an accident in technical management, the Company will immediately inform the user and take appropriate measures and provide compensation.

2. Link site provision policy

   The Company may provide users with links to other companies' websites or materials. In this case, the Company has no control over external sites and materials and is not responsible for the usefulness of the services or materials provided therefrom. If you move to another site's page by clicking a link included by the Company, please review the policy of the newly visited site, as that site's privacy policy is unrelated to the Company.

3. Post operation policy

   The Company values users' posts and strives to protect them from tampering, damage, or deletion. However, the following cases are exceptions.

   1. Spam-like posts (e.g., chain letters, mass mails, advertisements for specific sites, etc.)
   2. Posts that defame others by spreading false information for the purpose of slander
   3. Posts that disclose others' personal information without consent
   4. Posts that infringe the intellectual property rights of the Company or third parties
   5. Posts with content different from the bulletin board topic
   6. To promote a desirable bulletin board culture, the Company may delete certain parts or modify them with symbols when disclosing others' identities without consent, and if the content can be moved to another bulletin board, the route of movement will be indicated to avoid misunderstandings.
   7. In other cases, deletion may be effected after an explicit or individual warning.
   8. Fundamentally, all rights and responsibilities related to postings belong to the individual author. Also, information voluntarily disclosed through postings is difficult to protect, so please consider carefully before disclosure.
4. The Company refuses unauthorized collection of posted e-mail addresses using e-mail collection programs or other technical devices. Violations may be punished under the Act on Promotion of Information and Communications Network Utilization and Information Protection.

5. Transmission of advertising information

   The Company does not transmit advertising information for commercial purposes against the user's explicit intention to refuse receiving. If the user consents to receiving e-mails such as product information and newsletters, the Company takes measures to ensure that the user can easily recognize the following items in the subject line and body of the e-mail.

   1. Subject line of the e-mail

      • The word 'Advertisement' may be omitted from the subject line and displayed in the body of the e-mail.

   2. Body of the e-mail

      • Specify the sender's name and e-mail address to which the user can express the intention to unsubscribe.
      • Specify how users can easily express their intention to unsubscribe.

Article 11. Complaints Service Related to Personal Information

To protect customers' personal information and handle related complaints, the Company designates the relevant department and personal information manager as follows. All personal information protection-related complaints arising while using the Company's services can be reported to the personal information protection officer or the department in charge. The Company will promptly respond to users' reports.

• Personal information protection officer: Minseong Kim
• Phone number: 02-6203-6300
• Email: privacy@ex-em.com

Article 12. Duty of Notice

If there is any addition, deletion, or modification of the contents of the privacy policy, it will be notified through the website at least 7 days before the revision. If there is a significant change in user rights, such as the collection and use of personal information or provision to third parties, it will be notified at least 30 days in advance.

• Date of announcement: September 1, 2025
• Effective date: September 15, 2025

Article 13. Matters Concerning the Revision of the Privacy Policy (New)

This privacy policy comes into effect on September 1, 2025. The following contents have been changed from the previous privacy policy.