INFLUDEO Inc. (hereinafter referred to as the “Company”) holds the personal data of its POCA MARKET service (hereinafter referred to as the “Service”) users (hereinafter referred to as the “Members”) to the upmost importance. Therefore, the Company has a strict privacy policy. Through this privacy policy (hereinafter referred to as the “Privacy Policy”), we inform our Members of the purpose and manner for which their personal data is being used and security measures the Company implements to safeguard the personal data. This Privacy Policy may be amended pursuant to changes in the applicable laws, regulations, and/or the Company’s policy, so please check the Privacy Policy from time to time for possible changes when using the Service. Privacy Policy will take effect for POCA.

Article 1 Purpose of collecting and using personal information

① The following personal data is collected by the Company from the Members when they sign up for or use the Service.

[Required data collection]

Product purchase

• Purpose of collecting and using personal data : Upon purchasing products
• Types of personal information : Customer information (Name, email. and mobile phone number)
• Duration of keeping and usage personal information : Period of keeping personal information according to the relevant laws or 3 months after deleting the account
• Purpose of collecting and using personal data : Entering shipping address for purchasing products
• Types of personal information : Recipient information (Name, mobile phone number, and address)
• Duration of keeping and usage personal information : Period of keeping personal information according to the relevant laws or 3 months after deleting the account
• Purpose of collecting and using personal data : fraudulent purchase/usage or duplicate purchase/usage when purchasing/using the products
• Types of personal information : Name, address, mobile phone number, and gender (optional)
• Duration of keeping and usage personal information : Period of keeping personal information according to the relevant laws or 3 months after deleting the account

Auto-generated information

• Purpose of collecting and using personal data : Service usage, customer service, confirmation and prevention of fraudulent usage, and analysis and statistics
• Types of personal information : Cookies, service usage history (date of log-in, IP address, fraudulent usage, etc), device information (unique device identifiers and OS version)
• Duration of keeping and usage personal information : Period of keeping personal information according to the relevant laws or 3 months after deleting the account

Event

• Purpose of collecting and using personal data : Confirmation of raffle entries and shipping of event prizes for the event operation
• Types of personal information :
  • (event prize shipping) Name, date of birth, mobile phone number, and address
  • (Operation) Name, date of birth, mobile phone number, and social media account
• Duration of keeping and usage personal information : Retain the data for a year after the event ends. Data of participants who did not win the event are disposed within 7 days of the winner announcement

[Optional data collection]

Promotional information

• Purpose of collecting and using personal data : Sending promotional information regarding the service
• Types of personal information : Email and push notifications
• Duration of keeping and usage personal information : Period of keeping personal information according to the relevant laws or 3 months after deleting the account

② The Company collects personal data of the Members as above, but it does not collect sensitive personal data (e.g., race and ethnicity, ideology and beliefs, birthplace and domicile, political views and criminal record, health status and sex life) that may infringe upon the basic human rights of the Members and particular identification data.

③ The Company asks for permission to access the stored data or functions within a Member’s mobile device when the Members use the Service through a mobile application. When required, the Company asks for such permission in the form of either access that is necessary no matter what to provide the Service and access that is not, which can later be changed by the Member through the “Settings” option on their mobile device.

④ The Service is not intended for children (i.e., under 14 years old for Koreans and under 16 years old for foreigners). If the Company becomes aware that the collected personal data is from a child, we will delete the personal data and close the subject user’s account. If you believe that the Company has collected personal data from a child, please contact help@infludeo.com

⑤ Homepage membership and management Personal information is processed for the purpose of confirming the intention to join, identifying and certifying oneself by providing membership services, maintaining and managing membership, preventing fraudulent use of services, handling complaints, and preserving records.

⑥ The personal information is processed for the purpose of identifying the identity of the civil petitioner, confirming the civil petition, contacting and notifying the facts, and notifying the results of the processing.

⑦ Personal information is processed for the purpose of providing goods or services, providing content, providing customized services, authenticating oneself, and paying and settling charges.

⑧ Use in marketing and advertising Personal information is processed for the purpose of developing and customizing new services (product) and providing event and advertising information and participation opportunities, providing services and advertising according to demographic characteristics, validating services, identifying access frequency, or statistics on members' service use.

Article 2 Processing and retention period of personal information

① The company holds and holds personal information during the period of personal information retention and use under the Act or the period of personal information agreed to collect personal information from the data subject, and processes and holds personal information within the period of use.

② Each personal information processing and retention period is as follows.

1. Collection of personal information related to homepage membership and management [Website membership and management Held for the above purpose of use from the date of consent for use to [5 years]. It's used.

• Grounds for retention: in accordance with relevant laws and regulations
• Related Acts and subordinate statutes: Records on payment and supply of goods, etc.: 5 years
• Exception reason: None

Article 3 Use of personal data for purposes not consented to by members and provision of personal data to third parties

① The Company does not provide the Members’ personal information to third parties without the agreement of the relevant agreement with the Members.

② However, the company may provide personal information to a third party only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the law.

Article 4 The rights of the data subject

① Members can login to the Service and view/change their personal data through the MY > Profile section; provided, however, their ID (i.e., email) cannot be changed. ② In accordance with the restrictions and requirements under the relevant laws and regulations, the Members may exercise their rights relating to their personal data against the Company. For example, in Korea, a Member may request the Company to suspend its processing of his/her personal data, delete his/her personal data, and/or revoke consent to the Company’s collection/use of his/her personal data. ③ Should there are errors with the information entered, the members can request to correct their information. However, if the information before and after the correction shows that no errors were present at the time of request and if the members committed fraud by making the corrections, the Company will revoke the corrections and notify the reasons immediately. ④ Data subjects may exercise their rights set forth in this Article by contacting help@infludeo.com

Article 5 Disposal of Personal Information

① The company safely disposes of collected personal information without delay, after achieving the purpose, or after the person unsubscribes (when the person apply for withdrawal,  or when the person is forcefully withdrawn). In accordance with the relevant law and to achieve the aim of collecting personal information, the company retains the information for a certain period of time as stipulated below, and then disposes of it safely. - Keep the submitted personal information when subscribing to the service for three months after the service withdrawal to prevent fraudulent activities  - The company retains certain information to adhere to the relevant law.

Keeping of personal information in accordance with relevant laws

② Personal information stored in the form of electronic files are deleted in a way that cannot be restored, while personal information stored in the form of prints and physical records are disposed of by shredding or by burning up.

③ The company separately stores personal information of inactive accounts (inactive longer than a year after signing up) in accordance with the POCAMARKET user’s agreement. The personal information stored separately is disposed of after retaining it for five years. The company shall notify the inactive subscriber at least 30 days prior to the end of validation date.

Notification contents are as follows:

• The fact that personal information is disposed of, or the fact that personal information is separately stored and managed
• Date of the disposal
• Content of personal information disposed of

Article 6 Operation, management, and refusal of the installation and operation of the automatic collection of personal information

The Company doesn't use cookies to save and occasionally search through data related to Members.

Article 7 Technical/administrative measures for protecting personal data

(1) In processing personal data, the Company may take reasonable safety measures to ensure that personal data is not lost, stolen, leaked, altered, or damaged. The Company may use the following technical measures for such purpose.

① A Member’s personal data is protected by password and encrypted information. Even with these safety measures, there is still a high possibility that a Member’s password or personal data may be leaked to others if a Member accesses the Internet in a public area or through other means. As such, what is most important is to thoroughly protect the personal data of the Members as much as possible. Therefore, all Members should also be careful not to leak or provide their personal data to others, and take responsibility in managing their personal data. The Company is not responsible for problems that may arise from the Member’s own negligence or the inherent dangers of using the internet.

② Fundamentally, the Members’ personal data is protected by password and encrypted information. Files and transferred data are encrypted and important data is protected by separate security features.

③ The Company uses anti-virus software to prevent damages that arise from computer viruses and regularly updates the software.

④ To prevent leakage or damage of Members’ personal data from hackings, computer viruses, and other sources of intrusion, the Company maintains a 24-hour intrusion detection and intrusion prevention system that monitors possible threats from outside sources.

(2) The Company recognizes the importance of protecting personal data, so we limit the number of employees who process personal data to only those that are necessary. The Chief Privacy Officer (CPO) regularly educates/trains these employees to ensure the protection of the Members’ personal data. Also, the Company regularly reviews the relevant employees’ compliance with the provisions of this Privacy Policy, and where a violation is found, the Company orders the employees to correct/improve the violation and take any other necessary measures.

Article 8 Feedback and complaints

The Company operates a customer service center in order to facilitate communications with Members regarding any feedback or complaints they may have regarding the protection of their personal data.

In Korea, if a dispute arises between the Member and the Company with respect to personal data-related matters, the Member may contact any one of the following agencies and seek consultation regarding a possible privacy violation.

• Korea Internet & Security Agency (http://privacy.kisa.or.kr)
• Personal Information Dispute Mediation Committee (http://www.kopico.go.kr)
• Cyber Criminal Investigation, Supreme Prosecutor’s Office (http://www.spo.go.kr)
• Cyber Terror Response Center of the National Police Agency (http://cyber.go.kr)

Article 9 Chief Privacy Officer

① The Company has designated a Chief Privacy Officer as below, and the Company’s internal department responsible for managing matters related to the processing of personal data always puts forth its best efforts to protect your valued personal data.

② Any Member who has any questions, comments, or complaints relating to his/her personal data, please reach out to one of the contacts listed below through email or by phone. The Company will make every effort to respond promptly and with sincerity.

③ The company is in charge of handling personal information and designating a person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to personal information processing.

[Person in charge of personal information protection]

• Name: Park Sangyeob

• Position: Chief Privacy Officer

• Contact E-mail: help@infludeo.com

④ The data subject can contact the person in charge of personal information protection and the department in charge of personal information protection, complaint handling, damage relief, etc. that occurred while using the company's service. The company will respond and handle inquiries from the information subject without delay.

Article 10 Notification obligation

This Privacy Policy was promulgated on May 1, 2022. Any changes (e.g., addition, deletion or revision) to this Privacy Policy pursuant to amendments in the Company’s or Korean government’s policy will be notified in advance to the Members on the Company’s website. For material changes that may significantly impact the Members’ rights, notice will be given 30 days prior to the scheduled effective date of such changes. Privacy Policy version number: V1 Effective date: 2022.05.01

Previous Privacy Policy v1 (Effective date 2022.05.01)