MAKESTAR

Hello, this is MAKESTAR. In accordance with Article 30 of the Personal Information Protection Act, the following privacy policy is disclosed to safely protect your personal information and to quickly and accurately deal with related difficulties. This privacy policy will be posted within the MAKETAR service so that it can be accessed anytime while using the service, and should any changes occur, we promise to apply the changes only after getting your consent. Thank you for using the MAKESTAR service.

This privacy policy will take effect from June 2, 2022.

Notification date: June 2, 2022
Enforcement date: June 2, 2022

Article 1 (Consent to handling personal information)

MAKESTAR Co., Ltd. (hereinafter referred to as ‘Company’) goes through the process of receiving consent to the privacy policy when a user is signing up to the service and it is deemed that the user has read and agreed to the privacy policy by authenticating the email or pressing the "Agree" button.

Article 2 (Purpose of processing personal information)

The company processes the member's personal information for the following purposes and does not use it for any other purpose:

(1) Member management: Member identification and verification, delivering notifications and precautions to the members

(2) Member consultation processing: Member consultation•Reception of complaints, notification of the results

(3) Offer service : Providing service and quality improvement, prevention of fraudulent use within the service, development of new services/technologies, and provision of personalized services

(4) Payment and settlement of product, etc.: Payment, settlement, and refund measures for product, etc

(5) Delivery of reward or product

(6) Marketing and PR: Providing advertising information

Article 3 (Items and methods of collecting personal information)

The company will collect the minimum amount of personal information necessary for the operation of the service, and if additional personal information is needed to use the service, the company will collect personal information after obtaining separate consent from the members.

Criteria	Collected information	Purpose
When
signing up	E-mail address, name,
nickname, date of birth, gender, country of residence	Member identification and
verification, delivering notifications and precautions to the members, member
consultation•Reception of complaints, notification of the results
When
using service	Service usage history, access
log, IP information, device information	Providing service and quality
improvement, prevention of fraudulent use within the service, development of
new services/technologies, and provision of personalized services
When
ordering funding items or products	Name, e-mail address, country
of residence, address, phone number, date of birth, social media information
(ID)	Member identification and
verification, delivery of reward or product
When
paying for the funding items or products	When paying
with credit card: name of card company, card number	Payment,
settlement, and refund measures for product, etc
	When paying with mobile phone:
phone number, network carrier, e-mail address	Payment, settlement, and
refund measures for product, etc
	When paying with gift
certificate: gift certificate serial number	Payment, settlement, and
refund measures for product, etc
When
issuing a refund	Bank company, account number,
account holder	Refund measures
When
issuing a refund	Bank company, account number,
account holder	Refund measures

Article 4 (Period of retention and use of personal information)

The company processes and holds personal information in accordance with laws and regulations of the period of holding and using personal information or within the period in which the company agrees to collect personal information from members.
If a member joins the service after giving consent to the terms and conditions of use and privacy policy, the company retains the member's personal information until the member terminates the service use contract or withdraws from the membership. Provided, that in the following cases, the company may retain personal information until the end of the relevant reason: (1) Where an investigation, etc. is in progress due to a violation of relevant statutes, until the relevant investigation is completed; (2) Where a bond/debt relationship remains due to the use of a site, etc., until the relevant bond/debt relationship is settled
Notwithstanding the main context of paragraph (2), the company may retain the member's personal information for one year from the time of withdrawal to prevent rejoining the membership and to prevent its illegal use.

The company may retain personal information in accordance with the relevant laws and regulations as follows.

| Archived

information	Retention period
Records
of payment and supply of goods, etc	5 years
Records
concerning withdrawal of contracts or subscriptions, etc	5 years
Records
of consumer complaints or disputes	3 years
Records
of advertisement	6 months
Records
of Electronic Financial Transactions	5 years
Records
of website/app usage	3 months
Records
on the collection, processing, use, etc. of credit information	3 years

Article 5 (Provision of personal information to third parties)

The company may provide personal information to a third party or use it for other purposes only if the consent of the members is obtained pursuant to Articles 17 and 18 of the Personal Information Protection Act and if it is allowed to provide it to a third party under relevant laws.
If the company partners with a third party, such as a business partner or a business organization, and needs to provide (including sharing) the personal information of a member to a limited extent, or uses the collected personal information beyond its original purpose, the company will provide the following notice to the members: (1) Name of third party to receive personal information (2) Purpose of providing personal information (3) Personal information items provided to the third party (4) Period of retention and use of personal information by a third party who receives personal information (5) If there is a right to refuse to provide information to a third party and if there is a disadvantage due to refusal of consent, the details of the disadvantage shall be notified on the web page and individually notified to the members 30 days before the enforcement date, and shall be implemented after obtaining consent from the members.
In the following cases, it is possible to use personal information for purposes other than the original purpose or to provide it to a third party without the consent of the members according to the relevant laws and regulations: (1) Where necessary for settlement of the price of goods, etc; (2) Where personal information is provided in a form that is not recognizable to a specific individual as necessary for the purpose of academic research, statistics, etc.; (3) Where necessary for the investigation and the filing and maintenance of a crime; (4) Where necessary for the performance of the court's judicial affairs; (5) Where there are special provisions in laws such as the Personal Information Protection Act, the Financial Real Name Transactions and Secrets Act, the Framework Act on Credit Information, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, and the Criminal Procedure Act

Article 6 (Entrustment of personal information processing)

For smooth processing of personal information, the company entrusts personal information as follows:

Trustee	Entrusted duties
Toss Payments Co., Ltd	Electronic payment service
Eximbay Co., Ltd	Electronic payment service
Alipay	Electronic payment service
ICB	Electronic payment service
Nice Pay	Electronic payment service
PayPal Pte Ltd	Electronic payment service
CJ Logistics Co., Ltd	Delivery of reward or product
Hanjin Co., Ltd	Delivery of reward or product
Logen Co., Ltd	Delivery of reward or product
Korea Post Information Center (EMS)	Delivery of reward or product
DHL International GmbH	Delivery of reward or product
SF Express	Delivery of reward or product
Google LLC	In app purchase
Apple Inc	In app purchase

When signing an entrustment contract, the company stipulates the following items in documents such as contracts in accordance with Article 25 of the Personal Information Protection Act and oversees whether the trustee safely manages and processes personal information.

(1) Prohibition of processing personal information other than the purpose of performing entrusted duties

(2) Technical and administrative protection measures

(3) Restriction on re-entrustment

(4) Management and supervision of the trustee

(5) Matters concerning liability for damages, etc.

Article 7 (Rights, obligations and methods of exercise of information object)

Members may exercise the following personal information protection rights to the company at any time: (1) Request access to personal information (2) Request correction if there is an error in personal information, etc (3) Request to delete personal information (4) Request to stop processing personal information
The exercise of the rights under paragraph (1) of the member may be made to the company in writing, by phone, e-mail, fax, etc., and the company shall take action without delay.
If a member requests correction or deletion of an error in personal information, the company shall not use or provide the personal information until the correction or deletion is completed.
A member shall not infringe on the personal information and privacy of the information object or others handled by the company in violation of related laws, such as the Personal Information Protection Act.

Article 8 (Destruction, etc. of non-users’ personal information)

Users who have not used the service for one year will switch to a dormant account, and their personal information will be kept separately. Personal information stored separately is destroyed without delay after being stored for one year.
30 days before the switch to a dormant account, the company informs users of the fact that the personal information will be kept separately, the scheduled date of the switch to a dormant account, the items that will be kept separately by email or text.
If you do not want to be switched to a dormant account, you can log in to the service before the scheduled date of the switch. In addition, even if it has been converted to a dormant account, if you log in, you can restore the dormant account with the consent of the user to reuse the normal service.

Article 9 (Destruction of personal information)

The company destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period and the settlement of the personal information usage.
If personal information is to be preserved in accordance with other laws and regulations despite the expiration of the period of personal information retention agreed by the member or the settlement of the personal information usage has been reached, the personal information is transferred to a separate database (DB) or stored elsewhere.
The procedure and method of destroying a member's personal information are as follows: (1) Destruction procedure: The company selects the personal information that needs to be destroyed and destroys the personal information with the approval of the company's personal information protection manager. (2) Destruction method: The company destroys personal information recorded and stored in electronic file form using a technical method so that the information cannot be reproduced. Personal information recorded and stored in paper documents shall be destroyed by crushing or incinerating with a shredder.

Article 10 (Measures to ensure the safety of personal information)

The company does its best to safely manage the members' personal information and protects personal information beyond the level required by the Information and Communication Network Act and the Personal Information Protection Act in accordance with the methods prescribed in this Article.
We keep the personal information handler to a minimum. We manage employees who process personal information to a minimum and continue to emphasize that the protection of members' personal information is the most important value through regular and occasional training for personal information handlers.
In order to prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed, regularly updated and inspected. Systems are installed in areas where access is restricted from the outside and are technically and physically monitored and blocked.
Documents containing personal information, auxiliary storage media, etc. are stored in a safe place with a lock.
There is a separate physical storage location where personal information is stored and access is restricted.

Article 11 (Changes in the privacy policy)

If there is any addition, deletion, or modification of the contents of the privacy policy, the company announces the revision through the site or app at least 7 days before the revised privacy policy takes effect.
If there is a significant change in the rights of members, such as provision of personal information to a third party, the company shall announce the revision through the site or app at least 30 days before the revised privacy policy takes effect and obtain the consent of the members.

Article 12 (Transfer of personal information due to business transfer, etc.)

When the company transfers personal information to another person due to the transfer or merger of all or part of its business, it shall notify the relevant members of the following matters in advance through a notice:

(1) The fact of transferring personal information

(2) Name of the person who receives the transfer of personal information (in the case of a corporation, the name of the corporation), address, phone number, and other contact information

(3) Methods and procedures that can be taken if the information object does not wish to transfer personal information

Article 13 (Installation, operation, and rejection of the automatic personal information collection device)

The company uses 'cookie' to store usage information and recall it from time to time to provide individual customized services to users..
Cookies are a small amount of information that the server (http), which is used to operate the site, sends to the user's computer browser and are sometimes stored on the user's hard disk of the user's PC computer. (1) Purpose of use of cookies: It is used to provide optimized information to users by identifying the type of visit and use of each service and site visited by users, popular search terms, and security access. (2) If the user refuses to save the cookie, some of the services provided by the company may be restricted.

Article 14 (Person in charge of personal information protection)

The company is responsible for overall duties related to processing personal information and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of information objects related to personal information processing. (1) Personal information handler Person in charge of protection : Younghyun Chun E-MAIL: [yhchun@makestar.com]
Users can contact the person or department in charge of personal information protection in regards to handling complaints, and relief of damage caused by using the company's service (or business). The company responds and processes user inquiries without delay.

Article 15 (How to resolve infringement of rights and interests)

In order to receive relief from personal information infringement, the information object may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Report Center. In addition, please contact the institutions below for reports and counseling of other personal information violations.

Personal Information Dispute Mediation Committee : (without a national number) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center : (without a national number) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office : (without a national number) 1301 (www.spo.go.kr)
National Police Agency : (without a national number) 182 (ecrm.cyber.go.kr)

A person who has been infringed on rights or interests due to disposition or omission by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act for requests under Articles 35 (View of Personal Information), 36 (Correction/Delete of Personal Information, etc.).

※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).