Privacy Policy

The Company processes personal information for the following purposes. Personal information being processed shall not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 1. Website Membership Registration and Management Personal information is processed for the purposes of confirming membership registration intent, identity verification and authentication for membership services, maintaining and managing membership status, identity verification under the limited identity verification system, preventing unauthorized use of services, confirming consent of legal guardians when processing personal information of children under 14 years of age, various notifications, and grievance handling. 2. Provision of Goods or Services Personal information is processed for the purposes of product delivery, service provision, sending contracts and invoices, content provision, customized service provision, identity verification, age verification, payment processing and settlement, and debt collection. 3. Grievance Handling Personal information is processed for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding investigations, and notifying of processing results.

1. The Company processes and retains personal information within the period of personal information retention and use agreed upon when collecting personal information from the data subject, or within the period of personal information retention and use prescribed by law. 2. The processing and retention periods for each category of personal information are as follows: a. Website Membership Registration and Management: Until withdrawal from the website However, in the following cases, until the end of the relevant reason: i) If an investigation or inquiry due to a violation of applicable laws is in progress, until the conclusion of such investigation or inquiry ii) If outstanding claims and obligations remain from the use of the website, until the settlement of such claims and obligations b. Provision of Goods or Services: Until the completion of goods/service supply and payment/settlement However, in the following cases, until the end of the specified period: i) Records related to display/advertising, contract details, and performance under the Act on Consumer Protection in Electronic Commerce, Etc. - Records related to display/advertising: 6 months - Records of contract or withdrawal of offer, payment, supply of goods, etc.: 5 years - Records of consumer complaints or dispute resolution: 3 years ii) Retention of communication fact confirmation data under Article 41 of the Protection of Communications Secrets Act - Subscriber telecommunications date, start/end time, counterpart subscriber number, frequency of use, base station location tracking data: 1 year - Computer communications, internet log records, access point tracking data: 3 months

1. Data subjects may exercise the following rights related to personal information protection against the Company at any time: a. Request for access to personal information b. Request for correction in case of errors c. Request for deletion d. Request to suspend processing 2. The exercise of rights under Paragraph 1 may be made to the Company in writing, by phone, email, or fax, and the Company shall take action without delay. 3. If a data subject requests the correction or deletion of errors in personal information, the Company shall not use or provide such personal information until the correction or deletion is completed. 4. The exercise of rights under Paragraph 1 may be made through a legal representative or an authorized agent of the data subject. In this case, a power of attorney in the form prescribed by Attached Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted. 5. Data subjects shall not infringe upon the personal information or privacy of themselves or others being processed by the Company in violation of the Personal Information Protection Act and other applicable laws.

The Company processes the following categories of personal information: 1. Website Membership Registration and Management Required items: User ID, password, name, email address, mobile phone number Optional items: None 2. Provision of Goods or Services Required items: Name, address, phone number, email address Optional items: Past purchase history

1. The Company shall destroy the relevant personal information without delay when personal information becomes unnecessary due to the expiration of the retention period, achievement of the processing purpose, etc. 2. If personal information must continue to be retained under other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the relevant personal information shall be moved to a separate database (DB) or stored in a different location. 3. The procedures and methods for destroying personal information are as follows: a. Destruction Procedure The Company selects the personal information for which a reason for destruction has arisen and destroys it with the approval of the Company's Personal Information Protection Officer. b. Destruction Method Personal information recorded and stored in electronic file format shall be destroyed so that the records cannot be reproduced. Personal information recorded and stored in paper documents shall be destroyed by shredding or incineration.

The Company takes the following measures to ensure the security of personal information: 1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc. 2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs 3. Physical measures: Access control for server rooms, document storage facilities, etc.

1. The Company uses 'cookies' to store and retrieve usage information in order to provide individually customized services to users. 2. Cookies are small pieces of information sent by the server (HTTP) used to operate the website to the user's computer browser and are stored on the user's PC or mobile device. 3. Data subjects may allow or block cookies through web browser option settings. However, refusing to store cookies may cause difficulties in using customized services. Allowing/blocking cookies in web browsers: - Chrome: Browser Settings > Privacy and Security > Clear browsing data - Edge: Browser Settings > Cookies and site permissions > Manage and delete cookies and site data Allowing/blocking cookies in mobile browsers: - Chrome: Mobile browser Settings > Privacy and Security > Clear browsing data - Safari: Mobile device Settings > Safari > Advanced > Block All Cookies - Samsung Internet: Mobile browser Settings > Browsing history > Delete browsing data 4. The Company collects and uses information about visits and usage patterns, popular search terms, secure access status, etc. of each service and website visited by users during service use in order to provide optimized information to users.

1. The Company has designated the following Personal Information Protection Officer to be responsible for overseeing personal information processing and to handle complaints and damage relief related to personal information processing by data subjects. Personal Information Protection Officer Name: Junho Ha Title: CEO Contact: 010-9904-9694, worldfeast@naver.com * Connects to the Personal Information Protection Department. Personal Information Protection Department Department: Site Management Team Contact: 010-7369-4787, worldfeast@naver.com 2. Data subjects may direct all inquiries, complaints, and requests for damage relief related to personal information protection arising from the use of the Company's services (or business) to the Personal Information Protection Officer and the responsible department. The Company shall respond to and process inquiries from data subjects without delay.

Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act at the department below. The Company shall make every effort to process requests for access to personal information promptly. Department for Receiving and Processing Personal Information Access Requests Department: Site Management Team Contact: 010-7369-4787, worldfeast@naver.com

Data subjects may contact the following organizations for consultation, damage relief, or other inquiries regarding personal information infringement: 1. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr) 2. Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr) 3. Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr) 4. National Police Agency: (No area code) 182 (ecrm.police.go.kr/minwon/main)

This Privacy Policy shall take effect from January 1, 2026.