Privacy & Security

• 1.Collection and Use of Personal Information
• 2.Disposal of Personal Information
• 3.Provision of Personal Information
• 4.Outsourcing of Collected Personal Information
• 5.Rights of Users and Legal Representatives and How to Exercise Them
• 6.Installation, Operation, and Refusal of Personal Information Automatic Collection Devices
• 7.Personal Information Complaints Service
• 8.Ensuring the Security of Personal Information
• 9.Other

1. Collection and Use of Personal Information

A. Members/Non-Members

While receiving the services provided by the Company, personal information will be retained and used by the Company to provide its services. The minimum personal information below is collected through the website, and additional personal information is collected for consultations and inquiries (phone calls, fax, official website), participation in surveys and events, use of paid services, provision by affiliates, and sending newsletters.

Collection and Use of Personal Information - Members/Non-Members

Service	Purposes of Collection	Retention Reriod	Collected Information	Legal Basis0
AhnLab.com Global	• Identity verification for membership service • User identification, notification delivery, content provision, securing communication channels for complaint handling, new product/service development and specialization	The Company will destroy this information without delay upon membership withdrawal or consent withdrawal.	[Items of personal information collected without consent of the data subject] ID (email address), mobile phone number, name, password, company name, country	Personal Information Protection Act Article 15, Paragraph 1, Sub-Paragraph 4 (Performance of contract) <Items of personal information without consent of the data subject>
	Partner application	Until the partner application is evaluated	[Items of personal information collected with the consent of the data subject] Department name, company phone number	Personal Information Protection Act Article 15, Paragraph 1, Sub-Paragraph 1 (Consent of the data subject)
			[Items of personal information collected without consent of the data subject] Name, job title, email address, phone number	Personal Information Protection Act Article 15, Paragraph 1, Sub-Paragraph 4 (Performance of contract)

B. Service Use and Business Processing

2. Disposal of Personal Information

In principle, the Company will destroy personal information without delay once the purpose of its collection and use has been achieved. However, even if the collection or provision purposes have been fulfilled, the Company may retain the personal information of members if there is a need to preserve it according to relevant laws and regulations.

A. Retention According to Relevant Laws

If there is a need to preserve information as stipulated by relevant laws, such as the Act on the Consumer Protection in Electronic Commerce, the Company will retain personal information for a certain period as defined by the relevant laws.

• Act on the Consumer Protection in Electronic Commerce
  • - Records on contracts or withdrawal of subscriptions: 5 years
  • - Records on payment and supply of goods: 5 years
  • - Records on consumer complaints or dispute resolution: 3 years
• Electronic Financial Transactions Act
  • - Records on electronic financial transactions: 5 years
• Income Tax Act
  • - Information for payment of taxes: 5 years
• Protection of Communications Secrets Act
  • - Login records: 3 months

B. Disposal Procedure

When a member requests to cancel their membership or loses their membership status, unique information that can identify the individual is immediately deleted and processed so that it cannot be reproduced or used by any means.

• For paid members, automatic cancellation may cause issues with customer support services related to product use, so they can receive guidance on the relevant cancellation procedures through the Company's customer support center and handle it individually.
• In addition, even when the purpose of collecting personal information or the purpose for which it was provided is achieved, the Company will promptly dispose of the member's personal information.

C. Disposal Methods

Personal information stored in electronic file format is completely deleted using technical or physical methods that make record recovery impossible.

3. Provision of Personal Information

The Company uses users' personal information within the scope of "Collection and Use of Personal Information," and does not provide the information to third parties in principle. However, exceptions may apply in the following cases:

• When users have given prior consent
• When required by law or requested by investigative agencies according to procedures and methods prescribed by law for investigation purposes
• The Company may provide personal information to the following entities only with prior consent from users.

Overseas Partners

Depending on the country and type of company, personal information may be provided to overseas partners for purchase consultations.

4. Outsourcing of Collected Personal Information

• The Company outsources the processing of personal information to others for smooth and enhanced services. Additionally, the Company manages and supervises the entrusted companies to ensure they comply with relevant laws and regulations.
• Retention and use period of personal information: Until membership withdrawal or expiration of the retention period, such as the termination of the outsourcing contract

Outsourcing of Collected Personal Information

Contractor	Outsourced Tasks	Contact Information
AhnLab Japan	Product sales, technical support, purchase consultation	+81-3-6453-8315
AhnLab China	Product sales, technical support, purchase consultation	+86-21-6095-6780

Transfer of Personal Information Overseas

• Company Name : Salesforce.com, Inc.
• Contact for Data Protection Manager : Salesforce Data Protection Officer / privacy@salesforce.com
• Country to be Transferred : Japan
• Transfer Date and Method : Transferred via network upon event participation
• Personal Information Items to be Transferred : Name, company name, email address, phone number, department, position, rank, responsibilities
• Purpose of Transfer : Providing the latest security trend content / Seminar and new product information
• Period of Personal Information Use :
  • - Seminar and New Product Introduction: Until the withdrawal of consent to receive notifications
• Method, Procedure, and Effect of Refusing the Transfer of Personal Information: You can refuse the overseas transfer of personal information by not participating in events. However, in case of refusal, you will not be able to receive the latest security trend content, seminar, and new product information.

• Company Name: ZENDESK
• Contact for Data Protection Manager: Zendesk, Inc. / privacy@zendesk.com
• Countries to be Transferred: Japan, USA
• Transfer Date and Method: Transferred via network when using customer inquiry services
• Personal Information Items to be Transferred: Name, email address, phone number, mobile phone number
• Purpose of Transfer: Data transmission for technical support inquiries and customer consultation processing
• Personal of Personal Information Use: Retained for 3 years from the date of inquiry
• Method, Procedure, and Effect of Refusing the Transfer of Personal Information: The ZENDESK service is used for inquiry consultations. Refusal of the overseas transfer can be done by not submitting an inquiry request. If refused, you will not be able to use the inquiry consultation services.

5. Rights of Users and Legal Representatives and How to Exercise Them

Viewing, Modifying, and Withdrawing Membership through the Website

Members can view, modify, and withdraw their personal information at any time. Viewing and modifying personal information can be done through the "Edit Member Information" or "Reset Password" services in "My Page" once the member's identity is confirmed. Additionally, if a member no longer wishes to use the Company's services, they can apply for service termination through "Withdraw Membership" in "My Page."

However, the Company may refuse requests for viewing, modification, or withdrawal if there are legitimate public interest reasons for doing so. If a request is refused, the reason for refusal and the method of appeal will be notified to the data subject verbally or in writing within 10 days.

• When viewing is prohibited or restricted by law
• When there is a concern that it may harm the life or body of another person or unfairly infringe on the property or other interests of another person

The methods for verifying members or their representatives are as follows, and the person in charge verifies the identity of the member or representative through necessary questions.

1) For Members (self): An identification certificate that can prove identity (resident registration ID, driver's license, etc., which are officially recognized by administrative agencies and cannot be easily forged or misused)
2) For Representatives: A power of attorney and identification certificates of both the delegating person and the representative (e.g., resident registration IDs)

The Company requires the legal representative's identity verification to obtain the consent of the legal representative, and in this case, the personal information of the legal representative is not collected.

Complete Deletion Upon Application for Membership Withdrawal and Personal Information Deletion

Once the termination of service and request for deletion of personal information is completed, the member's personal information will be immediately deleted, and the member may not be able to use certain services. However, information that needs to be retained under relevant laws will be stored for a certain period and then completely deleted thereafter. (see "3. Personal Information Retention and Usage Period")

6. Installation, Operation, and Refusal of Personal Information Automatic Collection Devices

The Company uses cookies during the authentication process when members log in to provide members with more appropriate and useful services. Cookies refer to text files automatically sent to the member's computer when accessing the Company's site. These cookies are automatically deleted when the member logs out or closes the browser in use, without being stored on the PC. Members can choose whether to allow the use of cookies.

Methods for Refusing Cookies

You can choose to allow or deny all cookies by selecting options in your web browser. You may also choose to confirm each time a cookie is saved or refuse to save all cookies. However, please note that refusing to save cookies may restrict access to some services that require login, and you are solely responsible for this decision.

* Example of changing cookie settings

1. Internet Explorer: Click on Tools at the top of the web browser → Internet Options → Privacy → Advanced
2. Chrome: Click on the settings menu at the top right of the web browser → Show advanced settings at the bottom of the screen → Content settings button under Privacy → Cookies

7. Personal Information Complaints Service

The Company has designated the below personal information protection personnel to protect customer's personal information and address complaints related to personal information.

If you encounter any privacy-related issues during the use of the Company's services, you can report them to the contact information provided. The Company will promptly provide sufficient responses to users' complaints.

For other needs such as remedies for personal information breaches or consultations, contact the entities below.

• Personal Information Infringement Report Center: http://privacy.kisa.or.kr/ +82-118
• Personal Information Dispute Mediation Committee: http://www.kopico.go.kr/ +82-1833-6972
• Supreme Prosecutor's Office: http://www.spo.go.kr/ +82-1301
• National Police Agency: https://ecrm.cyber.go.kr/ +82-182

8. Ensuring the Security of Personal Information

The Company implements administrative, technical, and physical measures to ensure the security of personal information.

• Management of Personal Information Handlers
  • AhnLab minimally manages employees who handle personal information and conducts regular education sessions.
• Access Control to Personal Information
  • Access to databases handling personal information is controlled through authorization, changes, and revocation of access rights. Intrusion prevention and detection systems are employed to control unauthorized access from external sources.
• Installation and Operation of Anti-malware Programs
  • To counter external security threats, AhnLab installs anti-malware programs on information devices used by personnel handling personal information to prevent breaches caused by computer viruses, spyware, and other malicious programs.
• Encryption of Personal Information
  • AhnLab securely transmits and receives personal information over networks through encryption protocols.
• Access Control for Unauthorized Personnel
  • Physical locations where personal information processing systems are stored are separately maintained with access control procedures established and enforced.
• Management System Certification
  • AhnLab operates key systems and facilities certified with ISMS accreditation from external specialized institutions to ensure the secure protection of personal information.

9. Other

This Privacy Policy only applies to AhnLab.com Global.