the policy of handling personal information

We comply with the personal information protection regulations under the relevant laws and regulations that information and communication service providers must comply with, such as the Communication Secret Protection Act, the Telecommunications Business Act, the Promotion of Information and Communication Network Utilization and Information Protection Act of the Service provided by the mobile application (hereinafter referred to as the "Company") operated by Root 37 Labs Co., Ltd. (hereinafter referred to as the "Company"), and do our best to protect the rights and interests of users by setting the personal information handling policy under the relevant laws and regulations. This is designed to ensure the basic privacy and freedom of users and communication secrets, and to prevent human rights damage caused by illegal eavesdropping information leakage.

1. Items for collecting personal information and purpose of use

① The purpose of the 'company' collecting personal information is to provide optimized 'service' by confirming the 'user's personal identification and intention to use the 'service'.

② The company may utilize the collected personal information for the following purposes. In principle, the company does not collect or use the resident registration number of the member and uses the alternative means (i.e. IPIN) of the resident registration number provided by the credit rating agency to authenticate the person's real name.

Collection items and purpose of use

Personal Information Collection Items	purpose of collection	Retention period
-Mandatory items: ID, email	- Personal Identification - Information on the game score participated by the members themselves - A guide to becoming a game ranker - Password Change Notice - Prevention of illegal use when registering as a member	Deleted upon withdrawal of membership
- IP, dress, cookie, date and time of visit, service usage record, bad usage record	- Announcement Notice - Inquiries about membership - If a member wins a prize, a prize will be given - Resolve disputes over seamless and continuous service delivery	Deleted after 3 months from the date of withdrawal of membership

Personal Information Collection Items

purpose of collection

Retention period

-Mandatory items: ID, email

- Personal Identification

- Information on the game score participated by the members themselves

- A guide to becoming a game ranker

- Password Change Notice

- Prevention of illegal use when registering as a member

Deleted upon withdrawal of membership

- IP, dress, cookie, date and time of visit, service usage record, bad usage record

- Announcement Notice

- Inquiries about membership

- If a member wins a prize, a prize will be given

- Resolve disputes over seamless and continuous service delivery

Deleted after 3 months from the date of withdrawal of membership

'Members' have the right to refuse to consent to the purpose of collecting and using personal information. Refusing to consent limits some functions to the use of 'services'.

Restricted functions: Membership registration (personal identification), event winning guide, password change guide, mobile phone address book function not available

③ All information provided by 'Members' shall not be used for any purpose other than the above, and prior consent shall be sought from 'Members' when the scope, purpose of use, or use of the collected information is changed.

④ 'Company' collects personal information in the form of mobile applications, written documents, and phone calls.

⑤ "DIV" will collect contact information (third party's phone number, name, ID), password, and date of birth, gender, photo (including meta information) stored in the terminal address book such as phone number, smartphone through the homepage or application and program in the service when "members" first sign up for "service" or use the service. In addition, terminal information, IP address, and cookie information can be automatically generated and collected during service use or business processing.

2. Provision and Purpose of Personal Information to a Third Party

In principle, the "Company" shall use users' personal information within the scope notified by the "Collection Item and Purpose of Use of Personal Information", and shall not use it beyond the scope or disclose the personal information of the "user" to the outside without the prior consent of the "user": Provided, That the following cases shall be excluded.

① If the 'member' agrees to disclose it in advance

② Where it is deemed necessary to disclose personal information to take legal action against a person who violates the terms and conditions of use of "DIV" or uses "DIV" to damage others or harms the customs and customs of others

③ Where there is a request from an investigative agency in accordance with the provisions of the statute or in accordance with the procedures and methods prescribed by the statute for investigative purposes

3. Period of retention and use of personal information

① While the "Member" uses the "DIV" service, the personal information of the "Member" registered at the time of membership registration will continue to be held by the "DIV" and will not be used for any other purpose.

② In principle, the personal information of a "member" shall be destroyed without delay if the purpose of collection or provision is achieved, or if the qualification of a "member" is restricted or suspended due to the reasons for withdrawal or expressed loss of membership. However, the following information shall be preserved for the period specified for the following reasons.

A. Reasons for holding information based on the internal policy of the "company"

- records of illegal use

Reason for preservation: Prevention of illegal use

Preservation period: 5 years

- records necessary to prevent fraud

Reason for Preservation: Prevention of Fraud

Preservation period: 3 years

- Product sales and payment records

Reasons for preservation: Act on Consumer Protection in Electronic Commerce, etc

Preservation period: 5 years

B. Reasons for holding information under relevant laws and regulations

The 'Company' keeps member information for a certain period of time as prescribed by the relevant laws and regulations. In this case, the 'Company' uses the information it keeps for the purpose of its storage only, and the retention period is as follows.

- a record of a visit

Reason for Preservation: Communication Secret Protection Act

Preservation period: 3 months

4. Procedures and methods for destruction of personal information

① procedure for destruction

- Information entered by "members" for membership registration, etc., is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document box) and stored for a certain period of time (see retention and usage period) according to the internal policy and other relevant laws and regulations.

- This personal information shall not be used for any purpose other than to be retained unless it is by law.

② Method of destruction

- Personal information printed on paper is shredded with a grinder or destroyed through incineration.

- Personal information stored in the form of electronic files is deleted using a technical method that cannot be played back.

5. Technical/administrative protection measures for personal information

The 'Company' is taking the following technical and administrative measures to ensure safety in handling personal information of 'users' so that personal information is not lost, stolen, leaked, tampered with or damaged.

Password encryption

The password of the "DIV" member ID is encrypted, stored, and managed, so you are the only one who knows it, and you can check and change your personal information only by yourself who knows the password.① countermeasures against hacking, etc

The company is committed to preventing 'members' personal information from being leaked or damaged by hacking or computer viruses. We back up data from time to time in preparation for personal information damage, use the latest vaccine program to prevent leakage or damage to 'users' personal information, and securely transmit personal information on the network through encrypted communication. We also use an intrusion prevention system to control unauthorized access from the outside and are trying to equip all possible technical devices to ensure systematic security.

② Minimize and train handling staff

The company's personal information handling staff is limited to the person in charge, and a separate password is given to update it regularly, and compliance with the 'DIV' personal information handling policy is always emphasized through frequent training for the person in charge.

③ Operation of a dedicated organization for personal information protection

Through the company's in-house personal information protection organization, etc., we are trying to check the implementation of the DIV personal information handling policy and compliance with the person in charge to correct and correct any problems immediately. However, the company is not responsible for any problems caused by the leakage of personal information due to the user's own carelessness or online problems.

6. user's rights

"Members" can view and correct their personal information at any time. You are responsible for accidents caused by inaccurate information entered by "members," and entering false information such as theft of other people's information may result in loss of your membership.

7. the obligations of the user

Members are also obliged to protect their personal information and not to infringe on others' information. Care must be taken to prevent personal information, including passwords, from being leaked and to avoid damaging other people's personal information, including posts. If such responsibility is not fulfilled and the information of others is damaged, it may be punished under the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.

8. Responsibility for the link site

The 'Company' may provide the 'User' with links to other websites. In this case, the 'Company' has no control over external sites and materials, so the 'Company' shall not take any responsibility for the truthfulness, usefulness, etc. of services or materials provided therefrom, and shall not provide any guarantees. In addition, this 'Personal Information Handling Policy' does not apply to the collection of personal information by the linked websites, so please consider the policies of the newly visited sites.

9. duty of notification

The current personal information handling policy may be changed according to the government's policy or the needs of the company, and if there is any additional deletion or modification of the contents, it will be notified through mobile or individual notices seven days before the revision. If it is difficult to notify in advance, it will be notified without delay, and this policy will take effect from the date of the announcement.

- Date of announcement of personal information handling policy: March 20th, 2025

- Date of enforcement of the personal information handling policy: March 20th, 2025

- Effective date of the first personal information handling policy: March 20, 2025

- Date of change of the latest personal information handling policy: March 20, 2025

10. Personal Information Management Officer

The 'Company' designates the person in charge of management in accordance with the personal information guidelines designated by the Ministry of Information and Communication as follows.

① Personal Information Management Officer

- Name: Yang Heesung

- Phone: 02-6381-1234

- email: Partner@root37.net

② If you need to report or consult other personal information infringement, please contact the agency below.

- Personal Information Infringement Reporting Center (www.118.or.kr / 118)

- Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533–4)

- Supreme Prosecutors' Office Advanced Criminal Investigation Division (http://www.spo.go.kr / 02-3480-2000)

- Cyber Terror Response Center, National Police Agency (www.ctrc.go.kr / 02-392-0330