STEG Inc. (“http://egene.io,” hereinafter referred to as “STEG”) establishes and discloses the following privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related complaints promptly and smoothly.

○ This Privacy Policy is effective as of October 25, 2021.

Article 1 (Purpose of Processing Personal Information)

STEG Inc. (“http://egene.io”) processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those specified below, and if the purpose of use changes, STEG will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Membership Registration and Management

Personal information is processed for purposes such as maintaining and managing membership qualifications, preventing fraudulent use of services, and providing various notices and notifications.

2. Provision of Goods or Services

Personal information is processed for purposes such as providing services and customized services.

Article 2 (Processing and Retention Period of Personal Information)

① STEG Inc. processes and retains personal information within the period agreed upon by the data subject at the time of collection or as required by law.

② The specific processing and retention periods are as follows:

1. Membership Registration and Management

Personal information related to membership registration and management is retained and used for 3 years from the date of consent for collection and use.

Retention Basis: Consent of the data subject

Relevant Law: Records on collection/processing and use of credit information – 3 years

2. Provision of Goods or Services

Personal information related to the provision of goods or services is retained and used for 3 years from the date of consent for collection and use.

Retention Basis: Consent of the data subject

Relevant Law: Records on collection/processing and use of credit information – 3 years

Article 3 (Provision of Personal Information to Third Parties)

① STEG Inc. processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and does not provide personal information to third parties without the consent of the data subject.

Article 4 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)

① Data subjects may exercise rights such as requesting access, correction, deletion, and suspension of processing of personal information at any time with STEG Inc.

② These rights can be exercised through written request, email, or fax in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and STEG will promptly take action.

③ Rights may also be exercised through a legal representative or an authorized agent, in which case a power of attorney must be submitted using the form specified in the “Notice on Personal Information Processing Methods (No. 2020-7).”

④ Requests for access or suspension of processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.

⑤ Requests for correction or deletion cannot be made if other laws specify that the personal information must be collected.

⑥ STEG Inc. verifies whether the person making the request for access, correction, deletion, or suspension is the data subject or a legitimate representative.

Article 5 (Items of Personal Information Processed)

① STEG Inc. processes the following personal information items:

1. Membership Registration and Management

Required: Login ID, Name, Department, Company Name

Optional: Email, Mobile Phone Number

Article 6 (Destruction of Personal Information)

① STEG Inc. destroys personal information without delay when the retention period has expired or the processing purpose has been achieved.

② If personal information must be retained under other laws even after the retention period has expired or the processing purpose has been achieved, the information will be stored in a separate database (DB) or kept in a different location.

1. Items retained: Login ID, Name, Department, Company Name

③ Procedures and methods for destruction:

1. Procedure

STEG Inc. selects personal information for destruction and obtains approval from the Privacy Officer before destruction.

2. Method

Electronic files are destroyed using technical methods that make recovery impossible.

Printed documents are shredded or incinerated.

Article 7 (Measures to Ensure the Security of Personal Information)

STEG Inc. takes the following measures to ensure the security of personal information:

1. Regular Internal Audits

Conducted quarterly to ensure security in handling personal information.

2. Minimization and Training of Personnel

Designate and limit staff handling personal information to minimize exposure.

3. Establishment and Implementation of Internal Management Plans

Plans are established and implemented for safe processing.

4. Encryption of Personal Information

Passwords are encrypted and stored securely; important data is encrypted or locked using additional security features.

5. Access Control

Access rights to databases are granted, modified, or revoked as needed, and intrusion prevention systems are used to block unauthorized external access.

Article 8 (Installation, Operation, and Rejection of Automatic Collection Devices)

① STEG Inc. uses cookies to store and retrieve usage information for personalized services.

② Cookies are small pieces of data sent by the server to the user’s browser and stored on the user’s hard drive.

A. Purpose: To analyze usage patterns, popular searches, and secure connections for optimized service.

B. Rejection: Users can refuse cookie storage by adjusting privacy settings in their browser (Tools > Internet Options > Privacy).

C. Impact: Refusing cookies may cause difficulties in using personalized services.

Article 9 (Privacy Officer)

① STEG Inc. designates the following Privacy Officer responsible for overseeing personal information processing and handling complaints and remedies:

▶  Privacy Officer

Name: STEG Inc.

Phone: 02-3473-3477

Fax: 02-811-3477

② Data subjects can contact the Privacy Officer for any inquiries, complaints, or remedies related to personal information protection. STEG Inc. will respond promptly.

Article 10 (Remedies for Rights Infringement)

Data subjects may seek dispute resolution or counseling from the following organizations:

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)

4. National Police Agency: 182 (ecrm.cyber.go.kr)

Individuals whose rights or interests are infringed by a public agency’s disposition or omission regarding requests under Articles 35–37 of the Personal Information Protection Act may file an administrative appeal under the Administrative Appeals Act.

※ For details, visit the Central Administrative Appeals Commission (www.simpan.go.kr).

Article 11 (Changes to Privacy Policy)

① This Privacy Policy is effective as of October 25, 2021.