Privacy Policy

Sorijava Co., Ltd. (hereinafter referred to as "the Company") complies with the provisions of the "Personal Information Protection Act" and other relevant laws and regulations in processing personal information of members (hereinafter referred to as "members") to provide the Soribaro service (hereinafter referred to as "Soribaro" or "the Service").

Article 1 General Provisions

1. The Company highly values the protection of members' personal information and strives to ensure that the personal information provided by members on the Company's online platform is protected.
2. Through this Privacy Policy, the Company informs members of the purposes and methods of using the personal information provided by members and the measures taken by the Company to protect personal information. The Company makes this Privacy Policy easily accessible to members by disclosing it at the bottom of the service page.
3. The Company's Privacy Policy may be subject to changes due to changes in government laws and guidelines or the Company's internal policies. The Company has established necessary procedures for continuous improvement of the Privacy Policy. In the event of changes to this Privacy Policy, the Company will provide prior notice of the modifications through the service notice board or a separate window.
4. This Privacy Policy applies to the use of the services provided by the Company, including web, mobile web, and applications.

Article 2 Collection of Personal Information and Collection Methods

1. Personal Information Collected and Purposes of Use ① The Company collects and uses the following personal information for membership registration and service provision. However, when collecting customers' personal information, the Company collects only the minimum necessary information for the intended purpose. Mandatory/Optional Collection Items Purposes of Collection Retention Period Mandatory Name, email address, password, mobile phone number, address User identification and verification Until membership withdrawal or retention period according to legal requirements Retention for 30 days after membership withdrawal to prevent misuse (email, mobile phone number) followed by destruction. Retention within 5 days after membership withdrawal or retention period according to legal requirements. Service provision based on location Communication for contract fulfillment, notification of terms and conditions changes, handling customer complaints Prevention of misuse, prevention of unauthorized use, service provision, and contract fulfillment Service visit and usage record analysis, record management for prevention of misuse Immediate destruction after membership withdrawal or immediately after the purpose of use is achieved or according to legal retention period Optional Gender, date of birth Customized member services Immediate destruction after membership withdrawal or according to legal retention period

② However, sensitive personal information that may pose a risk to customers' basic rights (race and ethnicity, ideology and beliefs, political inclinations and criminal records, health conditions and sexual life, etc.) is not collected unless separate consent is obtained from the customer or there is no legal basis. ③ If the Company indirectly collects customer information from affiliates through customer consent given to the Company, the Company will inform the customer of such information. ④ When the Company seeks customer consent for the processing of personal information for promoting or selling goods or services, customer consent is obtained after clearly informing the customer, allowing them to understand the purpose of the processing.

2. Collection Methods of Personal Information The Company collects personal information through the following methods: ① Website registration, written forms, fax, telephone, consultation boards, email, event participation, service requests ② Information provided by partner companies ③ Information generated through log analysis programs
3. Protection of Personal Information for Individuals Under 18 The Company does not accept membership registration from individuals under 18 years of age.

Article 3 Sharing and Provision of Collected Personal Information The Company uses members' personal information within the scope notified in the "Purpose of Collection and Use of Personal Information" and does not use or provide the information beyond this scope without prior consent from the member or to third parties or other companies or organizations. However, exceptions apply in the following cases: ① When members have given prior consent to disclosure or provision of information to third parties ② When necessary for settlement related to service provision or events ③ When the immediate consent of the member or third party is difficult to obtain due to urgent need to protect the life, body, or property interests of the member or third party ④ When there is a request from a related agency for investigation purposes according to relevant laws ⑤ When there is a request according to the procedures specified in other relevant laws However, even in exceptional cases, the Company follows the principle of notifying the affected party when providing information based on legal grounds or requests from investigative agencies. In some cases, it may not be possible to provide prior notice due to legal reasons. The Company makes utmost efforts to ensure that information is not provided excessively beyond the original purposes of collection and use.

Article 4 Outsourcing of Collected Personal Information The Company may outsource the collection, processing, and management of members' personal information to external parties, provided that the necessary consent and legal requirements are met, for the purpose of improving the service and may also provide it to third parties. The Company entrusts the following tasks related to the processing of personal information and specifies the necessary matters to ensure the safe management of personal information in accordance with relevant laws and regulations. Additionally, the shared information is limited to the minimum necessary information required for the respective purposes. The provision of personal information to the following subcontractors does not apply to all of them but is selectively provided to the relevant companies based on the customer's service request.

Subcontractor: TeamBell, Yoon Jong-hu Range of Subcontracted Tasks

• Transmission of payment information such as credit card and cash payment for product purchase
• Transmission of text messages
• Real-name verification, identity verification, provision of i-PIN
• KakaoTalk-related services
• Information necessary for sending surveys, emails, contact information, and other notifications (such as Alim Talk, text messages)
• Delivery of ordered products (notarized originals)

Article 5 Retention and Use Period of Personal Information

1. The Company retains and utilizes members' personal information only during the period in which the Company provides services to the applicant. However, in cases where there are specific provisions in other laws or regulations, the information is retained in accordance with the relevant laws and regulations. Personal Information Destruction Point Membership registration information When the membership registration is withdrawn or the member is dismissed Payment information When the payment is completed or the statute of limitations for debt enforcement expires Delivery information When the goods or services are delivered or provided Information collected for temporary purposes such as surveys and events When the surveys, events, etc., are completed
2. Even if the principle of immediate destruction after achieving the purpose of collecting personal information is applied, if it is necessary to retain it for a certain period due to the confirmation of rights and obligations in relation to transactions or other reasons, based on the Act on Consumer Protection in Electronic Commerce, etc., it is retained for a certain period.

① Information retention grounds according to relevant laws Relevant Law Collected Items Retention Period Act on Consumer Protection in Electronic Commerce, etc. Records of contracts or withdrawals 5 years Records of payment and supply of goods 5 years Records of consumer complaints or dispute resolution 3 years Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (Retention of Communication Fact Confirmation Data under Article 41 of the Enforcement Decree) Computer communication, internet log records, access point tracking records 3 months ② In the case of information collected for temporary purposes such as surveys and events: At the end of the relevant surveys, events, etc.

3. Except for cases where other laws have a separate period or at the request of the member, the Company separates and stores personal information of customers who have no activity records (such as login, order, consultation, etc.) for 12 months according to Article 29(2) of the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company destroys the separated personal information according to the procedures for the disposal of personal information in Article 6. As a result, the member may lose their membership status. Furthermore, the Company notifies the member of the fact that personal information has been separated and stored, the expiration date, and the items of the respective personal information by email, written notice, facsimile transmission, telephone, or similar means of communication, before 30 days of storing/managing personal information separately.

Article 6 Procedures for the Disposal of Personal Information The Company generally destroys the personal information without delay once the purpose of collection and use of the information is achieved. The procedures and methods for disposal are as follows:

1. Disposal Procedures ① The information provided by members for membership registration is stored for a certain period according to internal policies and other relevant laws and regulations (refer to Article 5 Retention and Use Period of Personal Information) and then destroyed. ② The personal information is not used for any purpose other than the one agreed upon by the member unless permitted by law.
2. Disposal Methods ① Personal information printed on paper is shredded or incinerated. ② Personal information stored in electronic file format is deleted using a method that cannot reproduce the records.

Article 7 Technical and Administrative Measures for Personal Information Protection

1. Technical Measures The Company implements the following technical measures to ensure the security of personal information and prevent its loss, theft, leakage, alteration, or damage during the processing of personal information: ① The Company has implemented firewalls, SSL (Secure Socket Layer) encryption system, and other security measures to ensure the protection of personal information. ② Members' personal information is protected by passwords, and important data is further secured through encryption of files and transmission data or by using file locking functions. ③ The Company employs antivirus programs to prevent damage caused by computer viruses. The antivirus programs are regularly updated, and in the event of the sudden appearance of a new virus, the Company provides immediate protection by offering the necessary antivirus solutions to prevent infringement of personal information.
2. Administrative Measures ① The Company limits access to members' personal information to the minimum number of personnel necessary and conducts regular in-house and external training on security technology acquisition, personal information protection obligations, and other related subjects for employees who handle personal information. ② Through security oaths signed by all employees upon employment, the Company prevents human-induced information leaks and establishes internal procedures to audit compliance with the implementation status of the personal information handling policy and employees' compliance. ③ The transfer of responsibilities between personnel responsible for personal information-related tasks is carried out strictly under secure conditions, and the responsibilities for personal information incidents are clearly defined before and after employment. ④ Special protection zones are designated for computer rooms and data storage rooms to control access. ⑤ The Company is not responsible for any errors or risks that may occur due to members' own mistakes or the inherent risks of the internet. Each individual member is responsible for properly managing their own ID and password for the protection of personal information. ⑥ In the event of personal information loss, leakage, alteration, or damage caused by human errors or technical management accidents, the Company will immediately notify the member, take appropriate measures, and seek compensation.

Article 8 Linked Sites

1. The Company may provide links to other companies' websites or materials to members. In such cases, the Company has no control over external sites or materials and therefore cannot be held responsible for the usefulness or guarantee the quality of services or materials received from them.
2. When a member clicks on a link contained on the Company's website and is transferred to another site's page, the privacy policy of that site is independent of the Company and Soribaro. Therefore, please review the policy of that site.

Article 9 Installation, Operation, and Rejection of Personal Information Automatic Collection Devices

1. What is a cookie? The Company uses cookies, which are small pieces of information sent by the Company's server to your web browser (Internet Explorer, Chrome, Safari, Firefox, etc.), to store and periodically retrieve information about you. When you access the website, the Company's server temporarily stores additional information in your browser, allowing the Company to provide its services without requiring additional input such as your name.
2. The Company uses the personal information collected through cookies for the following purposes: ① Providing differentiated information based on individual interests ② Providing information on requested items and shopping cart services ③ Analyzing the frequency of visits and length of stay of members and non-members for service improvement and marketing purposes
3. Installation and rejection of cookies ① You have the option to allow or refuse the installation of cookies. Therefore, you can choose to accept all cookies, receive a notification each time a cookie is stored, or refuse the storage of all cookies by adjusting the options in your web browser. ② However, if you refuse to store cookies, you may experience difficulties in using certain services that require login. ③ How to specify cookie installation permissions

• For Internet Explorer: Select "Internet Options" from the "Tools" menu → Click on "Privacy" → Choose cookie acceptance settings in the "Advanced" section.
• For Safari: Select "Preferences" from the Safari menu in the top left corner of the MacOS menu bar → Go to "Security" in the Preferences window → Choose cookie acceptance settings.
• For Chrome: Select "Settings" from the menu in the upper-right corner of the web browser → Select "Advanced" → Go to "Content Settings" under "Privacy and security" → Adjust cookie settings in the Cookies section.

Article 13 Collection of Opinions and Complaint Handling Regarding Personal Information The Company collects members' opinions and has established all necessary procedures and methods to handle complaints related to personal information protection. Members can report complaints by phone or email using the information provided in Section 14 "Personal Information Protection Manager and Officer," and the Company will respond promptly and thoroughly to the reported issues.

Article 10 Personal Information Protection Manager and Officer The Company strives to ensure that users can safely utilize valuable information. In the event of an incident that contradicts the information provided to users regarding the protection of personal information, the personal information protection manager is responsible. However, the Company shall not be held liable for any damage caused by unforeseen incidents resulting from the inherent risks of basic network security, such as information damage caused by hacking, or disputes arising from posts made by visitors. Furthermore, users themselves are responsible for maintaining the security of their ID (username) and password related to personal information. The Company will not directly ask users about their passwords through any means, so please be especially cautious not to disclose your password to others. This is particularly important when accessing online services in public places. The Company has designated a personal information protection manager and officer responsible for collecting opinions and handling complaints related to personal information, and their contact information is as follows:

[Personal Information Protection Manager] Name: Cha Jeong-hun Affiliation: Soribaro Position: Manager Email: nocarrot83@sorizava.co.kr Phone: 070-5086-7306 Fax: 070-8255-8510

Article 11 Transmission of Advertising Information

1. The Company does not transmit advertising information for commercial purposes through electronic communication channels against the explicit refusal of recipients.
2. When the Company sends advertising information via electronic communication channels for purposes such as product information guidance and online marketing, the Company takes measures to ensure that the advertising information is easily recognizable by members in accordance with the provisions of the Act on Promotion of Information and Communications Network Utilization and Information Protection. As an example of an email method: ① Subject line: Includes the phrase "(Advertisement)" at the beginning. ② Body of the email: Clearly indicates the sender's name, email address, telephone number, and address, as well as a method for the recipient to express their refusal to receive further emails.

Article 12 Duty of Notification This privacy policy is effective from June 20, 2022. In the event of any additions, deletions, or modifications to the content, we will notify you through the notice section on our website at least 7 days prior to the changes. Furthermore, we assign a version number and revision date to the privacy policy to easily identify any updates.

(Example of notation)

• Privacy Policy Version: v20111104 View previous version
• Privacy Policy Version: v20120821 View previous version
• Privacy Policy Version: v20140806 View previous version
• Privacy Policy Version: v20150724 View previous version
• Privacy Policy Version: v20160912 View previous version
• Privacy Policy Version: v20171001 View previous version
• Privacy Policy Version: v20171207 View previous version
• Privacy Policy Version: v20191008 View previous version
• Privacy Policy Version: v20200309 View previous version
• Privacy Policy Version: v20200615 View previous version
• Privacy Policy Version: v20210216
• Date of Privacy Policy Change Announcement: February 9, 2021
• Effective Date of Privacy Policy: February 16, 2021