The purpose of processing personal information files registered and disclosed pursuant to Article 32 of the Personal Information Protection Act is as follows.

1. Personal information file name: Member information

- Purpose of processing personal information: Member management, service provision and improvement

- Collection method: Home page

- Grounds for possession: Consent of the data subject

- Retention period: 3 years

2. Personal information file name: Member learning history information

- Purpose of processing personal information: The need for learning history management and certificate notification

- Collection method: Home page

- Grounds for possession: Consent of the data subject

- Retention period: semi-permanent

Netmaru processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only if they fall under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the Act.

① The data subject may exercise the right to access, correct, delete, and suspend processing of personal information at any time.

② The exercise of rights under paragraph (1) can be done to netmaru through written, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and netmaru will take action without delay.

③ The exercise of rights under paragraph (1) may be done through a legal representative of the data subject or a person delegated by a person, etc. In such cases, you shall submit a power of attorney under attached Form 11 of the Notice on How to Process Personal Information (No. 2020-7).

④ Requests for suspension of access and processing of personal information may restrict the rights of the data subject under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.

⑥ Netmaru checks whether it is the person who requested access according to the data subject's rights, correction or deletion, and access upon request for suspension of processing.

① netmaru is processing the following privacy items.

1. Member information

- Required items: email, mobile phone number, password, login ID, name

2. Member learning history information

- Required items: Service usage history, access log, cookies, access IP information

① Netmaru destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the processing purpose.

② If personal information needs to be preserved in accordance with other laws and regulations despite the expiration of the personal information retention period agreed by the data subject or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored in a different storage location.

1. Personal information items to be preserved: account information, transaction date

③ The procedures and methods for destroying personal information are as follows.

1. Abandonment procedure

- Netmaru selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of Netmaru's personal information protection officer.

2. Method of destruction

- Information in the form of electronic files uses a technical method in which records cannot be played.

To ensure the safety of personal information, netmaru is taking the following steps.

1. Conduct regular self-audit

- In order to secure stability related to handling personal information, we conduct self-audit regularly (once a quarter).

2. Minimize and train personal information handling staff

- We are implementing measures to manage personal information by designating employees who handle personal information and minimizing it by limiting it to the person in charge.

3. Establishment and implementation of internal management plan

- An internal management plan is established and implemented for the safe processing of personal information.

4. Technical countermeasures against hacking, etc

- In order to prevent leakage and damage of personal information by hacking or computer viruses, netmaru installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from outside, and monitors and blocks them technically and physically.

5. Encryption of personal information

- As for the user's personal information, the password is encrypted, stored, and managed, so only you can know, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.

6. Preventing storage and forgery of access records

- Records of access to the accredited information processing system are stored and managed for at least one year; however, personal information is added to more than 50,000 information subjects or unique identification or sensitive information is stored and managed for more than two years. In addition, security functions are used to prevent forgery, theft, or loss of access records.

7. Restricting access to personal information

- We take necessary measures to control access to personal information through granting, changing, and cancellation of access to the database system that processes personal information, and use an intrusion prevention system to control unauthorized access from outside.

① To provide individual customized services to users, netmaru uses "cookies" that store usage information and call it up from time to time.

② Cookies are small amounts of information that the server (http) used to run the website sends to the user's computer browser, and are sometimes stored on hard disks in users' PC computers.

1. Purpose of Cookies: It is used to provide optimized information to users by identifying the types of visits and use of each service and website visited by users, popular search terms, security access, etc.

2. Installation, operation, and denial of cookies: You can deny saving cookies by setting options on Tools > Internet Options > Privacy menu at the top of your web browser.

3. Refusing to save cookies can cause difficulties in using customized services.

Netmaru is in charge of handling personal information, and designates a person responsible for personal information protection as follows for the handling of complaints and damage relief of data subjects related to personal information processing.

▶ Personal Information Protection Officer

- Name: Ha Young Middle School

- Department: Development Research Institute

- Position: Major General

- Contact: 02-597-2342, elfno20@nate.com

▶ Department in charge of personal information protection

- Department name: Development Institute

- Person in charge: Ha Young Joong

- Contact: 02-597-2342, elfno20@nate.com

The data subject can contact the person responsible for personal information protection and the department in charge for all personal information protection inquiries, complaint handling, damage relief, etc. that occurred while using netmaru's service (or business). netmaru will respond and process the information subject's inquiries without delay.

The data subject may request the following departments to view personal information under Article 35 of the Personal Information Protection Act.

Netmaru will try to expedite the request for personal information access by the data subject.

▶ Department of receipt and processing of requests for access to personal information

- Department name: Development Institute

- Person in charge: Ha Young Joong

- Contact: 02-597-2342, elfno20@nate.com

The data subject may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet Promotion Agency, etc. in order to receive relief for personal information infringement. In addition, please contact the following institutions for reports and consultations on other personal information infringement.

1. Personal Information Dispute Mediation Committee: (without national code) 1833-6972 (www.kopico.go.kr )

2. Personal Information Infringement Reporting Center: (without national code) 118 (privacy.kisa.or.kr )

3. Supreme Prosecutors' Office: (without national code) 1301 (www.spo.go.kr )

4. Police Department: (without a national code) 182 (ecrm.cyber.go.kr )

A person who has been infringed on his/her rights or interests due to a disposition or omission made by the head of a public institution in response to a request under Article 35 (view of personal information), Article 36 (correction and deletion of personal information), and Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act may request an administrative trial as prescribed by the Administrative Trial Act.

※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr ).