Article 1 [Purpose of collecting and processing personal information]

The company collects and processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, a separate consent will be sought in accordance with Article 18 of the Personal Information Protection Act.

1. Membership registration and managementPersonal information is processed for the purpose of confirming customer subscription intention, identification by providing paid services, personal identification, prevention of illegal use and unauthorized use of defective customers, identification of legal representatives, record storage for dispute settlement, handling civil complaints such as customer complaints, and delivery of notices.
2. Payment settlement based on performance of information use contract and service provisionIt processes personal information for the purpose of personal authentication and payment of financial transactions, delivery of goods or bills, provision of services and contents, age authentication, rate collection, and settlement.
3. handling civil complaintsWe process personal information for the purpose of identification, confirmation of civil complaints, contact for fact-finding, notification, and notification of processing results.
4. Developing new services and using them for marketing/advertisingProcess personal information for the purpose of developing new services and providing customized services, providing services based on demographic characteristics and publishing advertisements, confirming the validity of services, identifying access frequency, or statistics on customer service use.
5. Performance report managementPersonal information is processed for the purpose of reporting the customer’s cargo transport performance data in accordance with the mandatory reporting items under Article 2 of the guidelines for implementing the cargo transport performance reporting system to the FPIS system.
6. How to collect personal information“Company” collects personal information in the following ways.
   • A. Home page, written form, fax, phone, consultation bulletin board, e-mail, event application, delivery request
   • B. Provision from partner companies
   • C. Collection through generative information collection tools

Article 2 [Retention and Use Period of Personal Information]

1. processing of personal informationWe process personal information either based on the data subject’s consent or as permitted by applicable laws and regulations. When signing up for the first time, the following information is collected for personal identification and service provision.
   • A. Mandatory items for carrier members: Name, resident registration number, address, contact information, e-mail address, vehicle information, business number, account number, etc. For foreigners, including alien registration number, passport number, driver’s license, legal representative information
   • B. Mandatory items for shipper member: corporate name, representative name, business registration number, business place, representative phone number, representative e-mail address, password, name of person in charge/telephone number/position/department/email/fax number
   • C. The following information may be automatically generated and collected during service use or business processing. IP Address, Cookie, Date and Time of Visit, Service Use Record, Access Log, Payment Record, Transportation Performance Information, Bad Use Record (Record of Restriction of Use, etc.)
   • D. The following information may be collected only from users of additional services or personalized services, or during participation in events, and only if consent has been obtained for additional collection of personal information.
   • E. During the use of paid services, the following payment information may be collected
     – When paying by credit card : card company name, card number, etc.
     – When paying by mobile phone : mobile phone number, mobile carrier, payment approval number, etc.
     – When transferring funds via bank account : bank name, account number, etc.
2. Period of retention and use of personal informationIn principle, the customer’s personal information shall be destroyed without delay after the purpose of collecting and using personal information has been achieved: Provided, That the following information shall be preserved for the period specified for the following reasons for preservation.
   • 1) Reasons for holding information according to the company’s internal policy
     • A. Records of illegal use– Retention items : Abnormal service usage records
       – Reasons for preservation : Prevention of fraudulent subscription and use
       – Preservation period : 5 years

       ※ The term “unauthorized use record” means a record of being restricted by the company due to the fact that it violates the terms and conditions of fraudulent subscription and use, as well as transaction records that violate the rights or interests of others.

   • 2) If it is necessary to preserve it in accordance with the provisions of the relevant laws, such as the Commercial Act and the Consumer Protection Act in Electronic Commerce, etc., the company keeps customer information for a certain period of time as prescribed by the relevant laws and regulations. In this case, the company uses the information it keeps for the purpose of storage only, and the retention period is as follows.
     • A. Records on contract or withdrawal of subscription, etc– Items to be preserved : Subscription, registration, and contract documents (including consent form)
       – Basis for Preservation : Act on Consumer Protection in Electronic Commerce, etc
       – Preservation period : 5 years
     • B. Record of consumer complaints and dispute settlement– Retention items : Electronic documents related to customer complaints and disputes
       – Basis for Preservation : Act on Promotion of Information and Communication Network Utilization and Information Protection, etc
       – Preservation period : 3 years
     • C. Conservation personal information related to commerce– Items to be preserved : Transaction performance, transaction record for all funds, and other electronic document data
       – Basis for preservation : Consumer protection in the Commercial Act, Electronic Commerce, Electronic Financial Transactions Act, and the Framework Act on National Taxes
       – Preservation period : 5 years
     • D. Survey statistics– Items to be preserved : Data including personal information after preparing statistical data for the survey
       – Preservation basis : Data collection for customer satisfaction activities and system improvement
       – Preservation period : 5 years
     • E. Website visit records– Retention items : Website visit records
       – Basis for Preservation : Communication Secret Protection Act
       – Preservation period : 3 months

Article 3 [Provision of Personal Information to Third Parties]

The Company, in principle, processes the personal information of data subjects within the scope specified for the purpose of collection and use. Except in the following cases, the Company shall not process the information beyond the original scope or provide it to any third party without the prior consent of the data subject

1. Where prior consent has been obtained or separate consent is received from the data subject
2. Where special provisions are provided by law
3. Where it is impossible to obtain prior consent due to the inability of the data subject or their legal representative to express intent, or due to unknown address, and it is clearly deemed necessary for the urgent benefit of the life, body, or property of the data subject or a third party
4. Where it is necessary for the purpose of compiling statistics or conducting academic research, and the information is provided in a form that does not allow identification of a specific individual
5. Where it is impossible to perform the duties prescribed by other laws without using the personal information for purposes other than the intended use or providing it to a third party, and such use or provision has been reviewed and resolved by the Protection Commission
6. Where it is necessary to provide information to a foreign government or international organization for the implementation of a treaty or other international agreement
7. Where it is necessary for criminal investigations, prosecution, or the maintenance of charges
8. Where it is necessary for judicial proceedings by the court
9. Where it is necessary for the execution of sentences, protective custody, or protective disposition

Article 4 [Entrustment of Personal Information Processing]

The “Company” does not entrust the processing of personal information.
In cases where such entrustment becomes necessary, the Company shall process personal information in accordance with a written document that includes the following matters,
and any changes thereto shall be promptly disclosed through this Privacy Policy.

1. Matters concerning the prohibition of processing personal information beyond the purpose of performing the entrusted tasks
2. Matters concerning administrative and technical protective measures for personal information
3. Matters concerning the safe management of personal informationThis includes the purpose and scope of the entrusted tasks, matters concerning restrictions on sub-entrustment, measures to ensure the security of personal information,
   matters concerning supervision such as inspection of the management status of personal information related to the entrusted tasks, and matters concerning liability for damages in the event the trustee violates their obligations.
   Furthermore, the Company discloses the contents of the entrusted tasks and the trustee(s) who are entrusted with the processing of personal information on its website.

Article 5 [Rights and Obligations of the Data Subject and How to Exercise Them]

The data subject may exercise the following rights. A legal representative may, upon submission of a power of attorney, request to access, correct, delete, or suspend the processing of the customer’s personal information.

1. Request for Access to Personal InformationThe data subject may request access to personal information files retained by the Company in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act.
   However, requests for access to personal information may be restricted pursuant to Paragraph 5 of Article 35 of the Act, in the following cases
   • A. Where access is prohibited or restricted by law
   • B. Where there is a concern that access may cause harm to another person’s life or body, or unjustly infringe upon another person’s property or other interests
   • C. Where it may cause serious disruption to the performance of any of the following tasks by a public institution

     ① Tasks related to the imposition, collection, or refund of taxes
     ② Tasks related to academic achievements, skills, or recruitment examinations, or qualification reviews
     ③ Tasks related to ongoing evaluations or judgments regarding the calculation of compensation
     ④ Tasks related to ongoing audits or investigations conducted in accordance with other laws

2. Request for Correction or Deletion of Personal InformationThe data subject may request the correction or deletion of personal information files retained by the Company in accordance with Article 36 (Correction or Deletion of Personal Information) of the Personal Information Protection Act.
   However, if the personal information is specified by other laws or by Paragraph 2 of Article 2 of the Company’s Privacy Policy as subject to collection and retention, deletion may not be requested.
3. Request to Suspend Processing of Personal InformationThe data subject may request the suspension of processing of personal information files retained by the Company in accordance with Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act, and appropriate action shall be taken without delay upon receipt of such request.
   However, requests for suspension of processing may be rejected pursuant to Paragraph 2 of Article 37 of the Act in the following cases
   • A. Where processing is unavoidable in order to comply with legal obligations or provisions of law
   • B. Where there is a concern that suspension may cause harm to another person’s life or body, or unjustly infringe upon another person’s property or other interests
   • C. Where a public institution is unable to perform its statutory duties without processing the personal information
   • D. Where suspension of processing would make it difficult to fulfill a contract with the data subject, such as in the case of service provision agreed with the data subject, and the data subject has not clearly expressed their intention to terminate the contract

Article 6 [Destruction of Personal (Location) Information]

The Company shall, in principle, destroy personal information without delay once the purpose of processing such personal information has been fulfilled. The procedures, timelines, and methods of destruction are as follows

1. Destruction ProcedureInformation entered by the user for purposes such as membership registration is transferred to a separate database (or, in the case of paper documents, to a separate filing cabinet) after the purpose is achieved. It is stored for a certain period in accordance with internal policies and other applicable laws and regulations for information protection purposes (refer to retention and usage period), and is then destroyed.
   Such personal information shall not be used for any purpose other than retention unless required by law.
2. Time and Method of DestructionWhen the retention period has expired, or the purpose of processing the personal information has been achieved, or the relevant task has been terminated, and thus the personal information is no longer necessary, it shall be destroyed without delay.
   Information in electronic file format is destroyed using technical methods that make the records irrecoverable.
   Printed documents containing personal information are destroyed by shredding or incineration.

Article 7 [Measures to Ensure the Security of Personal Information]

The Company has established the following technical and administrative measures to protect personal information.

1. Minimization of Personal Information Handling Personnel and TrainingEmployees who handle personal information are designated and managed as a minimum number of necessary personnel, and training is provided to such personnel for safe management.
2. Restriction of Access to Personal InformationThe Company takes necessary measures to control access to personal information by granting, changing, or revoking access rights to the database system that processes personal information, and uses intrusion prevention systems to block unauthorized external access. Documents and storage media containing personal information are stored in places equipped with locking devices.
3. Retention and Prevention of Falsification of Access RecordsRecords of access to the personal information processing system (such as web logs, summary information, etc.) are retained and managed for at least six (6) months, and security functions are used to prevent the alteration or loss of such records.
4. Encryption of Personal InformationAmong personal information, resident registration numbers and passwords are safely stored and managed through encryption and other means. Important data is encrypted for both storage and transmission, and separate security functions are used. Customers themselves must also be careful not to expose their passwords and IDs to third parties.
5. Installation of Security Programs and Periodic Inspection and UpdateTo prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed and periodically updated and inspected.
6. Control of Entry by Unauthorized PersonsThe physical storage location of the personal information system where personal information is stored is separated and the system is installed in an area controlled from external access, and procedures for entry control are established and operated. To prevent damage to personal information, data is backed up regularly, and up-to-date antivirus programs are used to prevent leakage or damage of users’ personal information or data. Encrypted communication is used to ensure the secure transmission of personal information over the network. Intrusion prevention systems are used to block unauthorized external access, and all possible technical devices are equipped to secure the system.
7. Regular Self-InspectionTo ensure the security of personal information handling, the Company conducts regular self-inspections and audits of personal information protection management, including external servers. However, even if the Company has fulfilled its personal information protection obligations, it shall not be liable for any damages not attributable to the Company, such as negligence by the user or accidents occurring in areas not under the Company’s management.
8. Establishment and Implementation of Internal Management PlanThe Company establishes and implements an internal management plan to ensure the secure processing of personal information. Article 8 [Installation, Operation, and Rejection of Devices That Automatically Collect Personal Information, Such as Internet Access Files]
   The Company and the services provided through its website do not allow customer registration via the Internet, and only customers who have registered offline may receive services through login. Accordingly, no information is collected via login from non-customers.
   However, in order to provide customized services tailored to customers who have registered offline, the Company operates cookies that occasionally store and retrieve information from such customers’ mobile phones or computers.
   A cookie is a very small text file that the server used to operate the website sends to the customer’s browser, and which may be stored on the customer’s computer hard disk.
   The Company uses cookies for the following purposes
   • Purpose of Using CookiesNon-customers cannot log in. Customers are required to enter their ID and password when logging in via the website, and their phone number and radio number when using mobile devices.
     Cookies are stored on the customer’s computer or mobile phone by identifying the browser of the registered customer upon their first visit.
     Cookies enable logged-in customers to maintain environment settings and use the “Service” or the Internet website in a more personalized manner with customized services.
     Customers have the option to allow or refuse the installation of cookies. By configuring browser settings, customers can allow all cookies, receive a prompt each time a cookie is stored, or refuse the storage of all cookies.
   • Cookie Settings / Operation and Rejection MethodFor example, to reject cookie settings, customers can select options in the web browser they use to allow all cookies, be prompted each time a cookie is saved, or block all cookies.
     Example of setting method (in the case of Internet Explorer)

     – Select the [Tools] menu and click [Internet Options].
     – Click the [Privacy] tab.
     – Set the level of personal information handling.

     However, if the customer’s cookies are not functioning or have been deleted, the customer may not be able to use the services provided by the Company and its website.

Article 8 [Contact Information of the Personal Information Protection Officer]

In accordance with Article 31, Paragraph 1 of the Personal Information Protection Act, the Company designates the following individual as the Personal Information Protection Officer to handle complaints and provide remedies related to the processing of personal information.

1. Personal Information Protection Officer : Seungmin Chae, Director, Logispot Co., Ltd.
   – Contact Number : 010-7229-7467
   – Email : smchae@logi-spot.com

   For reporting or consultation regarding personal information infringement, you may also contact the following organizations

   – Personal Information Infringement Report Center (privacy.kisa.or.kr / dial 118 without area code)
   – Supreme Prosecutors’ Office Cyber Crime Investigation Division (www.spo.go.kr / 02-3480-3571)
   – Cyber Bureau of the National Police Agency (www.ctrc.go.kr / dial 182 without area code)

Article 9 [Others]

Please note that this Privacy Policy does not apply to the collection of personal information by websites that are linked through the “Service” (web or app).

Article 10 [Duty of Notification]

This Privacy Policy may be amended due to changes in operational policy or security technologies. In the event of such revision, the Company shall notify users at least 7 days in advance through a notice on the website (or app), or via individual notice.

* Initial Announcement Date of the Privacy Policy : November 2, 2016

* Initial Enforcement Date of the Privacy Policy : December 1, 2016