SM Entertainment

A. Items of Personal Information Collected

The Company collects the following personal information to facilitate various services including customer consultation, recruitment, and others.

• Contact Us : Last Name, First Name, Nationality, Contact, E-mail, Organization
• Opportunities : Name, Contact, E-mail, Resume, Self-introduction Letter

B. Method of Collecting Personal Information

The Company collects personal information as follows

• - Online collection (homepage)

C. Obtaining User Consent

The Company informs the user of the following information to obtain consent when collecting and using the personal information of the user

• - Purpose of collection and use
• - Personal information items to collect
• - Retention and usage period of personal information

In following cases, however, the Company does not obtain separate consent when collecting the user's personal information

• - In the event that it is extremely difficult to obtain consent for economic or technical reasons regarding personal information necessary for the implementation of the contract for the provision of services
• - In the event that it is necessary for the settlement of charges for the provision of information and communication services
• - In the event that there are special regulations under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. or other laws

D. Obtaining Consent of Legal Representative of Children under 14

In the event that the Company collects personal information from children under the age of 14, it must obtain consent of the child and the legal representative of the child, and the Company may ask for the name, resident registration number, and mobile number of the legal representative.

A. To respond to personal identification and service inquiries, fulfill contract duties related to the dispatch of technical data and provision of services and settle charges for the services provided, dispatch of invoices and so forth, personal verification, purchase, and payment of charges, collection of charges, etc.

B. Developing and Marketing New Services: To develop new services and provide customized services, provide services according to statistical characteristics and display advertisements, confirm validity of services, provide events and advertisement information, identify access frequency, and provide statistics on member’s use of services.

The Company shall use personal information of users within the scope notified under "2. Purpose of Collecting and Using Personal Information" and shall not exceed this scope without obtaining prior consent of the user or disclose the user's personal information or provide it to a third party, however, except in the following cases.

• - In the event that it is required by law or requested by an investigating agency in due procedures and methods prescribed by law for the purpose of investigation.

If the Company entrusts a third party with the handling of the personal information of the user, the user shall be notified of the entrusted party and the details of the entrusted tasks and shall obtain prior consent if necessary.

In the event that the purpose of collecting and using personal information is accomplished, the Company shall immediately destroy the personal information. However, the following information is kept for the following reasons for a specified period.

A. Reason for Retaining Information due to Company’s Policy

Record of Unauthorized Use, Reason for Retention : Prevention of unauthorized use

Retaining Period : 1 year

B. Reason for Retaining Information due to Relevant Laws and Regulations

It the event that it is necessary to retain personal information in accordance with the provisions under related laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, Etc., the Company shall retain the member’s information for a certain period of time as set forth in the relevant laws. In this case, the Company shall use the information it retains only for the purpose of retaining the information for the following retaining period.

• - Record of presentation and advertisement
  • Reason for Retention: Act on the Consumer Protection in Electronic Commerce, Etc., Retaining Period : 6 months
• - Record of contract or subscription cancellation
  • Reason for Retention: Act on the Consumer Protection in Electronic Commerce, Etc., Retaining Period : 5 years
• - Record of contract or subscription cancellation
  • Reason for Retention: Act on the Consumer Protection in Electronic Commerce, Etc., Retaining Period : 5 years
• - Record of handling consumer complaints and disputes
  • Reason for Retention: Act on the Consumer Protection in Electronic Commerce, Etc., Retaining Period : 3 years
• - Record of personal identification
  • Reason for Retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., Retaining Period : 6 months
• - Record of visit (materials proving communication)
  • Reason for Retention: Protection of Communications Secret Act, Retaining Period : 3 months

In principle, the Company shall destroy the user’s personal information without delay after the purpose of collecting and using the personal information is fulfilled. Destruction procedures and methods are as follows.

A. Destruction Procedure

• - The Company shall transfer the information provided by the user to apply for membership and so forth to a separate storage space from the existing storage space after the purpose is fulfilled to store the information for a fixed period of time before destruction in accordance with internal policies (refer to Period for Processing and Retaining Personal Information) and related laws and regulations.
• - This personal information will never be used for other purposes unless required by law.

Destruction Method

• - Personal information saved in electronic file form shall be deleted using a technical method which disables the reproduction of records.
• - Personal information printed on paper shall be shredded with shredder or destroyed by incineration.

• - The user and legal representative of the user under 14 years old may inquire or modify the registered personal information of himself or herself or the child under the age of 14 at any time and may also request for the cancellation of membership.
• - The Company shall take actions such as perusal or correction of personal information or withdrawal from membership when you contact us in writing or by telephone or email.
• - If the user and legal representative of the user under 14 years old ask for the correction of errors in the personal information, the Company shall not use or provide the personal information until the correction is completed. Also, in the event that the personal information with errors has already been provided to a third party, the Company shall immediately notify the third party to correct the information.
• - The Company shall handle the personal information that has been terminated or deleted upon the request of the user or legal representative as set forth in the "Period for Retaining and Using Personal Information Collected by the Company" and prohibit its perusal or use for any other purpose.

• - The Company uses cookies (access information file) that store and find user’s information frequently in order to provide the user with specialized and customized services. In relation to the use of cookies, the Company identifies the user’s computer, however, does not identify the user personally.
• - The user has the rights to enable or disable cookies. The user may accept all cookies, check every time a cookie is saved, or to refuse to save all cookies by choosing [Tools] > [Internet Options] > [Privacy] > [Settings] in the web browser (internet explorer). However, if the user chooses not to save all cookies, the user will no longer be entitled to the service provided by the Company through cookies.

A. Encryption of Member ID and Password

ID and password of the member are stored and managed in an encrypted form.

B. Encryption of Personal Information and Verification Information during Transmission and Reception

The Company encrypts the user’s personal information and verification information through a safe security server and so forth for the transmission and reception of such information.

C. Measures Against Hacking, Etc.

The Company operates a variety of programs to control network traffic and prevent attempts to change information illegally in order to ensure the security of the homepage and its continuous service. While the Company is constantly making administrative and technical efforts for homepage security, please avoid entering any sensitive information that may cause a problem when infringed upon. The Company is doing its best to prevent leakage or damage of personal information of members through hacking attempts or computer virus. The Company is frequently backing up the data in order to cope with the damage of personal information and uses the latest vaccine software to prevent leakage or damage of personal information or data. The Company ensures secure transmission of personal information on the network through encrypted communication and so forth. Also, the Company controls unauthorized access from the outside by using a firewall system and makes efforts to secure all possible technological systems to ensure security.

D. Minimization and Training of Staff Members Handling Personal Information

The Company limits the duty of handling personal information to the persons in charge and has given a separate password for this purpose, which is periodically changed while the persons in charge are continuously reminded of the compliance with this privacy policy through training.

E. Operation of Organization Exclusively in Charge of Personal Information Protection

The Company checks whether the privacy policy has been implemented and the person in charge has complied with the policy through the personal information protection organization within the Company and makes efforts to immediately correct and rectify any problem found in the process. However, the Company will not be held responsible for any problems caused by the leakage of personal information due to user negligence or internet problems.

F. Miscellaneous

For other matters, refer to the notice of "Standard for Technical/Administrative Protection Measures of Personal Information" of the Korea Communications Commission.

The Company has appointed a related department and officer in charge of personal information management as follows in order to protect customers’ personal information and to handle complaints related to personal information.

Officer in Charge of Personal Information Management

• Name : Choi Byung-Byum
• Telephone : 02-6240-9800
• Email : privacy@smtowm.com

If you need to report other privacy infringements or need counseling, please contact the following organizations.

• - KISA Privacy Center (Call 118 without exchange number) http://www.boho.or.kr
• - Supreme Prosecutors’ Office Cybercrime Investigation Division (Call 02-3480-2000) http://www.spo.go.kr
• - National Police Agency Cyber Terror Response Center (Call 1566-0112) http://cyberbureau.police.go.kr

In the event that you click on a link or banner included in the web page operated by the Company and move to another site or web page, the privacy policy of the organization operating the corresponding site will be applied; check the privacy policy of the site you visit.

The Company shall notify you of any revisions including addition, deletion, and modification to this Privacy Policy at least seven days prior to the revision. However, if the contents of the terms and conditions are to be changed unfavorably to the user, the Company shall notify the user of the contents before the revision and the contents after the revision in an easy-to-understand manner by giving a preliminary grace period of at least 30 days.

Addendum

(Enforcement Date) These provisions will come into effect from April 26, 2019.

A. Items of Personal Information Collected

The Company collects and processes only the minimum amount of personal information in the course of recruitment.

• Items Collected : Name, date of birth, nationality, address, veteran and disability status, telephone number, mobile number, education, grades, military service status, career experience, overseas experience and training, social activities, linguistic abilities and other qualifications, awards, hobby, specialty, self-introduction, etc.

Notifications such as guide to the recruitment screening process and each step of screening and pool of talented people

In the event that the purpose of collecting and using personal information is accomplished or that the applicant withdraws consent to provide personal information, the Company shall immediately destroy the applicant's personal information.

However, the information is stored and destroyed separately in the following cases.

1). Personal information of the applicant employed
• - Retaining Period : Retained from collection
• - Reason for Retention : Personnel management during incumbency, benefits after retirement, issue of career certificate, etc.
2). Personal information of the applicant not employed
• - Retaining Period : Retained from collection
     a. Retain from the time of collection until the applicant requests for the deletion of his or her account or information or;
     b. Retain for the period set forth in related laws if no such request is made
• - Management of future employment resources
3). Personal information without history of application for employment after registration of applicant
• - Retaining Period : Retained from collection
     a. Retain from the time of collection until the applicant requests for the deletion of his or her account or information or;
     b. Retain for the period set forth in related laws if no such request is made
• - Management of future employment resources

In principle, the Company shall destroy personal information without delay after the purpose of collecting and using the personal information is fulfilled. For information provided by the applicant to apply for employment and so forth, however, the Company transfers the information to a separate storage space from the existing storage space after the purpose is fulfilled to store the information for a fixed period of time before destruction in accordance with internal policies (refer to 3. Period for Processing and Retaining Personal Information) and related laws and regulations. In this case, the separately stored personal information will never be used for other purposes unless required by law. The procedures and methods of destruction are as follows.

- Destruction Method
• 1). Personal information saved in electronic file form shall be deleted by using a technical method that disables the reproduction of records.
• 2). Personal information printed on paper shall be shredded with shredder or destroyed by incineration.

In relation to the processing of personal information, the Company is entrusted with the following tasks with the consent of the applicant and stipulates the matters necessary for the personal information to be managed safely when signing the entrustment contract in accordance with relevant laws and regulations.

• - Company Entrusted : SM Entertainment Co., Ltd.
• - Tasks Entrusted : Operation of system for providing services
• - Personal Information Provided : All of the personal information collected
• - Period for Retaining and Using Personal Information : Until the purpose of using the provided personal information is fulfilled or until the entrustment contract is terminated

Applicants may request for the deletion of personal information at any time. In this case, contact the person in charge of personal information protection in writing or by telephone or email, then the request will be handled immediately after confirmation.

The Company uses 'cookies' to store and find applicant’s information frequently. A cookie is a small text file sent to the applicant's browser by the server that is used to run the website and it is stored in the applicant's computer hard disk. The company uses cookies for the following purposes.

1). Purpose of Using Cookies
• - Cookies are used to save the preferences of the applicant to provide a faster web environment for the applicant. It is used to improve service for convenient use. Applicants have options for cookies. Applicants may set options in their web browser to accept all cookies, to check every time a cookie is saved, or to refuse to save all cookies.

2). Disabling Cookie Settings
• - For Internet Explorer: [Tools] > [Internet Options] > [Privacy] > [Settings]
• - For Chrome: [Settings] > [Show advanced settings] > [Contents Settings under Privacy] > [Cookie]

The Company makes the following efforts to secure the applicant's personal information.

• - Encrypting the applicant's personal information.
• - Making efforts to prevent infections with malicious codes or virus by using a vaccine program.
• - Using secure sockets layer (SSL) that can securely transmit personal information on the network using encryption algorithms.
• - Differentiating access rights to access personal information and limiting the number of people who process personal information to a minimum to perform security training continuously.

The Company has appointed a related department and an officer in charge of personal information management as follows in order to protect the personal information of applicants and to handle complaints related to personal information.

Officer in Charge of Personal Information Management

• Name : Choi Byung-Byum
• Telephone : 02-6240-9800
• Email : privacy@smtowm.com

Person in Charge of Personal Information Management

• - SM Entertainment Co., Ltd. 02-6240-9608 insa@smtown.com
• - SM Culture and Contents Co., Ltd. 02-6240-9351 hejang@smtown.com
• - SM Mobile Communications Co., Ltd. 02-6240-9333 smmc@smtown.com
• - SM Brand Marketing Co., Ltd. 02-6240-9658 ley3301@smtown.com
• - SM F&B Development Co., Ltd. 02-6240-9675 eykim@smtown.com
• - DREAMMAKER Entertainment Ltd. 02-515-8643 nazizibe808@smtown.com
• - MOA L&B International Co., Ltd. 02-6240-9647 jykim2@smtown.com

Applicants may report any complaint related to privacy protection that arises while using the Company's services to the officer in charge of personal information management or the department in charge. The Company shall make efforts to respond to applicants' reports fully and as soon as possible.

If you need to report other privacy infringements or need counseling, please contact the following organizations.

• - KISA Privacy Center (Call 118 without exchange number) http://www.118.or.kr
• - Supreme Prosecutors’ Office Cybercrime Investigation Division (Call 02-3480-2000) http://www.spo.go.kr
• - National Police Agency Cyber Terror Response Center (Call 1566-0112) http://www.ctrc.go.kr