PRIVACY POLICY

Personal Information Collected

The Company collects the following personal information to provide customer consultation, recruit employees, and offer various services efficiently.

• A. The Company collects the following personal information to provide customer consultation, recruit employees, and offer various services efficiently.
• B. Report of Unethical Acts: Name, email address
• C. Recruitment: Name, email, mobile phone number, birth date, nationality, address, eligibility for benefits for veterans or disabled people, educational background, school grades, military service, and career description. (Additional information may be collected through submitted documents.)
• * In the process of using the service, information such as visit records, employment application records, illegal use records, and terminal information (OS, screen size, unique device identification information) may be automatically generated and collected.

2. Personal Information Collection Method

The Company collects personal information through the user input and, in some cases, may collect some information through printed paper documents or e-mail.

1. Management of Job Applicants

• A. Verification of applicants, delivery of notices and guidance, response to inquiries, registration of candidates, efficient communication with applicants, and use as reference material for regular recruitment
• B. (For Successful Candidates) Used for determining employment conditions, verifying employee identity, personnel management (personnel appointment, provision of welfare benefits, education and training, salary contract, etc.), conclusion/implementation of employment contract, preparation of employee list and wage ledger, etc.

2. Customer Inquiry Management

• A. Response to customer inquiries, reception of consultation requests, and reply of results

3. Report of Unethical Behaviors

• A. Reception of reports on unethical behavior and reply of results

The Company uses the applicant’s personal information within the extent specified in Article 2 and does not use the applicant’s personal information beyond this extent, disclose the applicant’s personal information to outside parties, or provide it to a third party without the applicant’s prior consent. However, the applicant’s personal information may be provided to an investigative agency only when there is a request from an investigative agency in accordance with the provisions of the law or for investigative purposes in accordance with the procedures and methods prescribed by the law or affiliated companies for information the applicant consented for when applying for employment as in the following. Applicants may refuse to consent to the matters above related to the collection, provision, and consignment of personal information if they do not wish to do so. However, matters related to the collection and use of personal information, according to this guide, are essential items, and there maybe restrictions on the recruitment process if the applicant refuses to consent.

• Recipient (Contact Information of Information Manager): SM Culture & Contents Co., Ltd., SM Brand Marketing Co., Ltd., SM F&B Development Co., Ltd., DREAMMAKER Entertainment Ltd., MOA L&B International Co., Ltd. (privacy@smtowm.com)
• Receiving Country: Republic of Korea
• Recipient’s Purpose of Use: Provision of recruitment information, including the progress of the recruitment process and results for each stage of the process
• Transfer Date and Method: Real-time transfer through the search in the recruitment system
• Information Provided: All personal information collected under Article 1
• Personal Information Retention and Use Period: 3 years

1. To provide better services and ensure efficient business performance, including customer convenience, the Company entrusts the handling of personal information to a professional agency outside the company as follows. The trust retains the member’s personal information during the contract period. However, when the relevant laws specify a statutory retention period, the company retains the member’s personal information for that period.

2. The Company requires the trust to comply with laws and regulations related to personal information protection, maintain the confidentiality of personal information, refrain from providing the information to third parties, assume liability in case of accident, consignment period, and personal information protection after processing. We regulate and manage the obligation to return or destroy information.

3. Companies entrusted with personal information to provide this service
※ The trust may be changed depending on the change in service and contract period, and we will notify you in advance when the service is changed.

A. Overseas Trust

Amazon Web Service

• Entrusted Tasks and Purpose: System Management through AWS
• Contact Information of Trust: aws-korea-blog@amazon.com
• Country to Transfer Personal Information to: Japan (AWS Tokyo Region)
• Personal Information Transferred: All personal information collected in the course of providing services
• Personal Information Transfer Date and Time: Membership sign-up process
• Personal Information Transfer Method: Storing personal information in the AWS cloud computing environment

SENDGRID

• Entrusted Tasks and Purpose: Emailing for membership subscription and password reset
• Contact Information of Trust: datasubjectrequests@sendgrid.com
• Country to Transfer Personal Information to: USA
• Personal Information Transfer Date and Time: Membership sign-up process
• Personal Information Transfer Method: Transmitted through the network each time the service is used

In principle, users’ personal information is destroyed immediately once the purpose of collecting and using personal information is achieved. However, the following information will be kept for the specified period for the following reasons;

1. Personal information provided when applying for employment will be retained and handled for 3 years in accordance with relevant laws and regulations of the Republic of Korea. However, if you withdraw consent to the handling of personal information or request withdrawal, the personal information you provided will be destroyed immediately unless there are special reasons. Even for unsuccessful candidates, we may contact them separately if a suitable position becomes available in the future.

2. Reasons for Retaining Information According to the Internal Policy

• Reason for Preserving Records of Illegal Use: Prevention of illegal use
• Retention period: 1 year

3. Reasons for Retaining Information in Accordance with Relevant Laws and Regulations
If it is necessary to keep personal information in accordance with the provisions of related laws, such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, the Company stores membership information for a certain period specified in the relevant laws. In this case, the Company uses the stored information only for the purpose of storage, and the retention period is as follows;

• A. Records on display/Advertisement: 6 months (Act on the Consumer Protection in Electronic Commerce)
• B. Records on Contracts or Subscription Withdrawals, Etc.: 5 years (Act on the Consumer Protection in Electronic Commerce)
• C. Records on Consumer Complaints or Dispute Resolution: 3 years (Act on the Consumer Protection in Electronic Commerce)
• D. Records on Personal Verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection)
• E. Records of Visits (Communication Confirmation Data): 3 months (Protection of Communications Secrets Act)

1. Destruction Procedure

• A. The information entered by the user for membership registration, etc. is transferred to a separate database (hereinafter “DB”) after the purpose of collecting and using personal information is achieved (in the case of paper, a separate filing cabinet) and stored for a certain period of time depending on the reasons (refer to the Personal Information Retention and Use Period) specified under the Company’s internal policy and other related laws before they are destroyed.
• B. Personal information transferred to a separate DB will not be used for any purpose other than the purpose of retention unless required by relevant laws.

2. Destruction Methods

• A. Personal information stored in electronic file format is deleted using technical methods that render the records unrecoverable.
• B. Personal information printed on paper is destroyed by shredding or incineration.

The Company operates cookies (access information files) that frequently store and retrieve user information. Cookies are stored on the user’s computer hard disk as a text file by the server used to operate the Company’s website. The Company uses cookies for the following purposes:

1. Purpose of Using Cookies

A. Cookies provide users with a faster web environment by storing their preferences and are used to improve services for convenient use.

B. Users have choices regarding cookies. In other words, users can set options in their web browser to allow all cookies, confirm each time a cookie is saved, or refuse to save any cookie.

C. How to refuse cookies

• For Internet Explorer: [Tools] > [Internet Options] > [Privacy] > [Settings]
• For Chrome: [Settings] > [Privacy and Security] > [Site Settings] > [Cookies and Site Data]
• However, if the user refuses to save cookies, there may be difficulties in using the services provided by the Company.

1. Encryption of Member ID and Password: Member ID and password are stored and managed encrypted.

2. Encryption for Transmission and Reception of Personal and Authentication Information: When transmitting and receiving personal and authentication information of users through information and communications networks, the Company encrypts it through measures, such as building a safe security server.

3. Measures Against Hacking, Etc.: To ensure the security of the website or continuous service, the Company operates various programs to control network traffic and prevent attempts to change information illegally. We are continuously making administrative and technical efforts to secure our website, but please avoid posting sensitive information that could cause problems in the event of a breach. The Company is doing its best to protect members’ personal information against leakage and damage by hacking or computer viruses. In preparation for damage to personal information, we regularly back up data, use the latest anti-virus programs to prevent users’ personal information or data from leakage and damage and ensure that personal information can be transmitted safely over the network through encrypted communication, etc. Additionally, we use an intrusion prevention system to control unauthorized access from the outside, and we strive to equip all possible technical devices to secure security systematically.

4. Minimization and Training of Employees Who Can Handle the Company’s Personal Information: The Company’s employees who can handle the personal information are limited to the person in charge, and a separate password is given and updated regularly for this purpose. Through training of the person in charge, compliance with this privacy policy is emphasized.

5. Operation of an Organization Dedicated to Personal Information Protection: We check the implementation of the privacy policy and compliance by the person in charge through an organization dedicated to personal information protection within the Company and strive to correct any problems discovered immediately. However, the Company is not responsible for any problems caused by the leakage of personal information due to the user’s negligence or Internet problems.

6. Other matters shall follow the standards for technical and managerial protection measures for personal information of the Korea Communications Commission.

1. To protect customers’ personal information and handle complaints related to personal information, the Company designates the relevant departments and personal information protection manager as follows;

• Personal Information Protection Manager: Choi Byeong-beom
• Phone: 02-6240-9800
• Email: privacy@smtown.com

2. Users may report all personal information protection-related complaints that arise while using the Company’s services to the personal information protection manager or relevant departments. The Company will provide a prompt and sufficient response to user reports. If you need to report or consult about other personal information infringements, please contact the following organizations;

• Personal Information Dispute Mediation Committee (Phone: 1833-6972 without area code) http://www.kopico.go.kr/
• Personal Information Infringement Reporting Center (Phone: 118 without area code) http://privacy.kisa.or.kr
• Information Protection Mark Certification Committee (Phone: 02-550-9531~2) http://www.eprivacy.or.kr
• National Police Agency Cyber Safety Bureau (Phone: 02-3150-2659) http://www.ctrc.go.kr

3. A person whose rights or interests have been infringed upon due to a disposition made by or a nonfeasance of the head of a public institution in response to requests pursuant to the provisions of Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may request an administrative trial in accordance with the provisions of the Administrative Appeals Act.

• Central Administrative Appeals Commission (Phone: 110 without area code) http://www.simpan.go.kr

If you move to another site or web page by clicking on a link or banner included in a web page operated by the Company, the privacy policy posted by the site’s operating organization will be applied. Please check the privacy policy of the newly visited site.

1. In case of revisions such as additions, deletions, and modifications to this privacy policy in accordance with government or Company policies, they will be notified on the main page of the homepage at least 7 days in advance. However, if the terms and conditions are changed to the disadvantage of the user, a grace period of at least 30 days will be provided, and the user will be notified of the contents before and after revision so that the user can easily understand the contents.

2. This privacy policy is effective from October 18, 2023.

• Announcement Date: October 11, 2023
• Effective Date: October 18, 2023

3. You can check the previous privacy policy below.

• Applied from March 30, 2018 to April 25, 2019
• Applied from April 26, 2019 to October 17, 2023