METAL LAKA (hereinafter referred to as “the Company”) complies with the relevant personal data protection regulations under laws such as the Act on the Protection of Communications Secrets, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection. We have established a Privacy Policy under related laws to fully protect the rights and interests of users.
This Privacy Policy may be amended in accordance with changes in laws or guidelines related to personal data protection or changes in Company policy, so users are advised to check it regularly when visiting our site.

The Company's Privacy Policy is as follows.

1. “Personal Information” refers to information about an identifiable individual, such as codes/characters/voice/sounds/images, that can identify a specific person through name, resident registration number, etc. (Even if the information alone cannot identify a person, if it can be easily combined with other information to identify an individual, it is included.)
2. “User” refers to a person who accesses METAL LAKA’s website (https://raonboard.web12.kr) and receives services provided by the Company in accordance with these terms.

The Company has provided a procedure where users can click “Agree” or “Disagree” on the Company’s Privacy Policy or Terms of Use.
If a user expresses consent, it is deemed that the user has agreed to the collection of personal information.

1. The items of personal information collected for smooth customer inquiries and provision of various services are as follows. [Online Inquiry, Newsletter Collection Items]
   1. Online inquiries, responses, customer consultation: Name, email, mobile phone number
   2. Newsletter subscription and delivery: Name, email
   3. IP address: Cookies, visit date/time, service usage records
2. Methods of collecting personal information:
   The Company collects personal information through the following methods:
   1. Website inquiry board, telephone, email

1. If the Company collects personal information from children under the age of 14, it obtains consent from their legal guardians.
2. The legal guardians of children under 14 may request access to, correction of, or withdrawal of consent for the child's personal information. The Company will take necessary action without delay upon such request.

1. Service provision
   1. Provision of content and consultation inquiries to users
   2. Handling complaints and delivering notices
2. Use for service development and marketing/advertising
   1. Delivery of promotional information such as events, and shipping of prizes upon winning
   2. Development and specialization of new services, provision of services and advertising based on demographic characteristics
   3. Analysis of access frequency or statistics on users’ service usage

The Company retains and uses personal information only for the duration that the user receives the service.
If the user withdraws consent for collection/use, the purpose is fulfilled, the retention/use period expires, or the business is discontinued, the personal information will be destroyed without delay.
However, the following information will be retained for the specified periods for the reasons stated:

1. Under the Act on Consumer Protection in Electronic Commerce, etc.
   1. Personal information and consultation content entered during inquiries: retained for 3 years
   2. Records of consumer complaints or disputes: retained for 3 years

The Company, in principle, destroys personal information without delay once the purpose of collection has been achieved, in accordance with the retention and use period.
The procedures and methods are as follows:

1. Destruction Procedure
   1. Information entered for site use is deleted or destroyed after being stored for a certain period according to internal policy and relevant laws once the purpose is achieved.
2. Destruction Method
   1. Electronic files are deleted using technical methods to make reconstruction impossible.
      Printed documents are shredded or incinerated.

The Company uses personal information only within the scope notified in Article 4, and does not provide it externally without prior consent from the user.

To provide better service, we may provide or share user personal information with third parties. In such cases, we will notify and obtain consent in advance—via email or written notice—detailing the recipient, items provided, purpose, duration, and protection measures, or through terms at inquiry submission. If the user does not consent, no information will be shared. If the third-party relationship changes or ends, we will notify or seek consent again.

However, exceptions include:

1. When the user has consented to the disclosure in advance
2. When required by law or for investigation and upon request by investigative authorities in accordance with legal procedures

To improve services, the Company delegates personal data processing as follows, and under related laws ensures safe handling through delegation agreements.

When signing delegation contracts, in accordance with Article 26 of the Personal Information Protection Act, the contract specifies prohibition of processing beyond the task purpose, technical/managerial protection measures, prohibition of re-delegation, supervision, liability for compensation, etc. The Company supervises the contractor’s secure handling of personal information.

If the details or contractors change, we will disclose this promptly via the Privacy Policy.

1. Users can view or modify their registered personal information at any time, and request deletion.
2. To view or modify personal information, click “Edit Information”; for cancellation (withdrawal of consent), contact the personal information manager via written notice, phone, or email.
3. If a user requests correction of incorrect personal information, it will be corrected promptly.
   If incorrect information has already been provided to third parties, the correction result will be notified to them without delay.
4. Upon user’s request for termination or deletion, personal information is processed according to the provisions in “5. Retention and Use Period,” and will not be accessed or used for other purposes.

Cookies are small pieces of information sent from the web server to the user's computer, containing site usage data and necessary personal information. Users can refuse receipt of cookies or set their browser to warn when cookies are received. The Company may send cookies when deemed necessary as follows:

1. Purpose of using cookies: to provide differentiated information based on interests, analyze access frequency and usage time, understand preferences for targeted marketing, track viewed content for personalized services, analyze usage patterns to optimize services, and collect data from message boards.
2. Cookie management and refusal:
   1. Users can choose to accept all cookies, confirm each time, or refuse all cookies via browser settings.
   2. Refusing cookies may cause difficulties in using some services.
   3. How to configure:
      Firefox: https://support.mozilla.com/en/kb/disable-third-party-cookies
      Chrome: https://support.google.com/chrome/answer/95647?hl=ko&topic=14666&ctx=topic
      Internet Explorer: https://support.microsoft.com/en-kr/help/17442
      Safari: https://support.apple.com/ko-kr/guide/safari/sfri11471/mac

The Company takes the following technical and administrative measures to ensure personal data is not lost, stolen, leaked, altered, or damaged.

1. Technical Measures
   1. User personal information is strictly protected. Users are advised not to share their personal data with anyone.
      For this, we recommend closing your browser after use, especially on shared or public PCs (company, school, libraries, internet cafes).
   2. The Company uses antivirus programs to prevent leakage or damage due to hacking or viruses.
      We regularly back up data, use up-to-date antivirus, encrypt network communications, and implement intrusion prevention systems to block unauthorized access, striving to maintain all possible technical security measures.
2. Administrative Measures
   1. Only authorized personnel with assigned credentials and regularly updated passwords handle personal data. Staff receive ongoing training on new security technologies and personal data protection obligations, ensuring adherence to our Privacy Policy.
   2. However, the Company is not responsible for any issues arising from user negligence or internet-related matters.

Users may report any complaints related to personal data protection issues arising from the use of Company services to the Personal Information Manager or responsible department.
They will respond promptly and sincerely to inquiries regarding personal data.

Name: Administrator
Affiliation: Security Business Division
Position: Division Head
Contact: privacy@abc.com

For complaints or consultations regarding personal data infringement, please contact the Personal Data Infringement Report Center of the Korea Internet & Security Agency (KISA). If you have suffered monetary or mental damage due to personal data infringement, you may apply for relief to the Personal Data Dispute Mediation Committee of KISA.

Personal Data Infringement Report Center (http://www.cyberprivacy.or.kr, phone 1336)
Personal Data Dispute Mediation Committee (http://www.kopico.or.kr, phone 1336)
Privacy Mark Certification Committee (http://www.privacymark.or.kr, phone 02-580-0533)
Supreme Prosecutors’ Office Internet Crime Investigation Center (http://www.spo.go.kr, phone 02-3480-3600)
National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr, phone 02-392-0330)
National Police Agency (http://www.police.go.kr)

If there are additions, deletions, or revisions to this Privacy Policy, we will provide notice at least 7 days before the change via “Notices.” However, for significant changes affecting data collection items or usage purposes, we will notify at least 30 days in advance and may obtain renewed consent if necessary.

Announcement Date: July 1, 2021
Effective Date: July 1, 2021