1. Items of Personal Information to be Collected and Methods of Collection

1. A. Items of Personal Information to be Collected
   1. First, the Company collects the minimum amount of personal information at the time when a user joins the Company’s membership system for the first time in order to provide services and consultations, and the minimum amount of personal information refers to:
      1. [Membership Registration]
         1. Required Items: ID, password, name, date of birth, sex, a cellular phone number for identification and information on legal guardian, if the member is under 14 years of age (name, DI and cellular phone number of the legal guardian is collected, and the information is stored till the child reaches the age of majority.)
         2. Optional Item: E-mail address for emergency contact (optional items are not required to join the membership).
      2. [Organizational Membership Registration]
         1. Required Items: Organization ID, organization name, corporate name (name of the organization), name of the representative, place of business, phone number, administrator ID, cellular phone number of the administrator and affiliation/title of the administrator.
         2. Optional Item: Fax number (optional items are not required to join the membership).
   2. Second, the following information can be generated automatically and collected during the use of a service, or during a business process.
      1. IP address, cookie, date and time of visit, service use record, faulty use record and device information
   3. Third, the following information can be collected among users of additional service(s) and/or customized service(s) through ON CITY HOTEL ID.
      1. If a user has agreed to provide additional personal information.
   4. Fourth, the following information can be collected among users of certain services such as adult content(s), paid services and game(s) in order to observe the relevant laws.
      1. Name, date of birth, sex, duplication of information (DI), connecting information (CI), cellular phone number (optional), I-pin number (if using an I-pin) and domestic/foreign user information
   5. Fifth, the following billing information can be collecting among users of paid service(s).
      1. Credit card payment: credit card company name, credit card number and etc.
      2. Cellular phone payment: cellular phone number, service provider name, payment approval number and etc.
      3. Wire transfer payment: bank name, account number and etc.
      4. Certificate payment: certificate number
2. B. Methods of Collecting Personal Information

   The Company collects personal information through the following methods:

   1. Website, written format, fax, phone, consultation board, e-mail, event submission and delivery request
   2. Provided by a cooperating company
   3. Collection via generated information collection tool(s)

2. Collection and Use of Personal Information

1. A. Fulfillment of a contractual duty to provide a service and payment(s) followed by a provision of a service

   Provision of content(s), provision of certain customized service(s), delivery of good(s) and/or bill(s), identification, purchase and payment and collection of payment

2. B. Management of Memebers

   Provision of membership service, restriction on members those who have violated the Terms & Conditions of ON CITY HOTEL, restriction on behaviors that cause normal operation of services, restriction on dishonest use of services, confirmation of intention to join, restriction on joining of a member or number of times of joining, confirmation of agreement of a legal guardian when collecting personal information of a child under the age of 14, identification of the legal guardian, preservation of record for dispute mediation, handling of customer inquiries such as adjustments of complaints, delivery of notifications and confirmation of intention to cancel a membership

3. C. Use for Development of a New Service and Marketing/Advertisement

   Development of a new service and provision of a customized service, provision of a service and advertisement according to statistical characteristics, confirmation of effectiveness of a service, provision of even information and participation opportunities, provision of advertising information, learning of frequency of access and statistics on service use of members

3. Sharing and Provision of Personal Information

The Company shall use the personal information of its members within the range specified under “2. Collection and Use of Personal Information,” and shall not extend the range or disclose the personal information of its members to a third party without a prior consent of users. However, the following cases are exceptions:

1. A. Prior consent of users has been obtained.
2. B. The Company was asked to disclose the personal information of its users according to the law, or a formal request was made by an investigative authority for investigative purposes according to the means and procedures of the law.

4. Consignment of Personal Information

The Company consigns personal information processing as the following in order to improve its services, and has established a set of regulations on consignment of personal information according to the law in order to protect the personal information.

The consignment organization and the range of consignment are as the following:

5. Retention and Use period of Personal Information

The Company will immediately destroy the personal information collected once the personal information retention period expires or else the purpose of processing thereof has been achieved. However, the following information will be retained for the following reasons for a specified period of time:

1. A. Reasons to Retain Information due to the Internal Policy of the Company
   1. Records of dishonest use (records of abnormal service use such as dishonest membership submission and disciplinary records)
      1. Retained Items: cellular phone number identified at the time of membership submission, and DI of legal guardian if the member is under the age of 14
      2. Retention Reason: Prevention of dishonest membership submission and/or use
      3. Retention Period: 1 year
      4. ※ ‘Records of dishonest use’ refers to the records of restrictions made by the Company due to dishonest membership submission, posting of contents that violate the operation principles and etc.
2. B. Reasons to Retain Information according to the Law

   If it is necessary to retain personal information collected in accordance with the law such as the Commercial Law and the Consumer Protection in the Electronic Commerce Transactions Act, the Company will retain the personal information collected during certain periods specified by the each law. In such cases, the Company shall use the retained personal information for the purpose of the retention only, and the retention periods are as the following:

   1. Records on Withdrawal from a Contract or a Subscription
      1. Retention Reason: Consumer Protection in the Electronic Commerce Transactions Act
      2. Retention Period: 5 years
   2. Records on Payment and Provision of Goods
      1. Retention Reason: Consumer Protection in the Electronic Commerce Transactions Act
      2. Retention Period: 5 years
   3. Records on Electronic Financial Transaction
      1. Retention Reason: Electronic Financial Transaction Act
      2. Retention Period: 5 years
   4. Records on Consumer Complaint and Dispute Mediation
      1. Retention Reason: Consumer Protection in the Electronic Commerce Transactions Act
      2. Retention Period: 3 years
   5. Records on Access to Website
      1. Retention Reason: Protection of Communications Secrets Act
      2. Retention Period: 3 months

6. Procedures and Methods of Destroying Personal Information

The Company will immediately destroy personal information when the purpose of collection and use of personal information is achieved.

1. A. Procedures of Destroying
   1. The information entered by the user for the purpose of membership submission and etc. will be moved to a separate DB (a separate filing cabinet for paper) after the purposes are achieved, and destroyed after it is stored for a certain period of time according to information protection clauses pursuant to internal policies and other related laws (see the retention and use period).
   2. The personal information moved to a separate DB will not be used for any purpose other than retention unless necessitated by law.
2. B. Methods of Destroying
   1. Personal information printed on paper must be shredded in a paper shredder or incinerated.
   2. Personal information stored in the form of electronic files must be deleted using a technical method ensuring that the records cannot be reproduced.

7. Rights of Users and Their Legal Guardians, and How to Exercise the Rights

1. Users and their legal guardians may view or modify their own registered personal information or the personal information of children under 14 years of age at any time. If a user or a legal guardian does not agree to the processing of personal information by the Company, he/she can demand to withdraw his/her consent, or request to cancel the membership. However, in such cases, a user might not be able to use the entire or partial service(s).
2. Users and their legal guardians can click on ‘Modify Personal Information’ (or ‘Modify Member Information’) to view and/or modify their own registered personal information or the personal information of children under 14 years of age after going through the identification procedure. Users and their legal guardians can click on “Cancel Membership” to cancel their memberships (to withdraw consent) after going through the identification procedure.
3. Or, contact the Chief Privacy Officer via mail, phone or e-mail, and the Company will process the request without delay.
4. If errors in personal information are requested to be corrected, the Company will not use or provide the personal information until the requested correction has been completed. Also, if the wrong personal information has already been provided to a third party, the Company will immediately notify the results of any corrections to a third party so that the corrections can be made properly.
5. The Company will process the personal information cancelled or deleted at the request of users or their legal guardians as stipulated in "5. Retention and Use Period of Personal Information," and make sure that it cannot be viewed or used for any other purposes beyond the permitted scope defined.

8. Matters concerning the Installation/Operation of an Automatic Personal Information Collection Device and the Rejection Thereof

1. A. What is a Cookie?
   1. The Company uses ‘cookies’ that frequently save and retrieve user’s information in order to provide personalized and customized services.
   2. A cookie is a very small text file that the server, used to operate the Company’s website, sends to a user’s browser. It is saved in the hard disk of the user’s computer. After it is saved, the website server reads the cookie saved on the user’s hard disk when the user visit the website in order to maintain the configurations of the user and provide customized services.
   3. A cookie does not automatically collect information that can identify users, and users can refuse to save cookies or delete the saved cookies at all times.
2. B. Purpose of the Company in Use of Cookies

   The Company uses cookies in order to provide its users with customized and personalized services including advertisements by learning forms of access and use of services of ON CITY HOTEL and websites, popular search keywords, secured connection, news edit, scale of users and etc.

3. C. Installation/Operation and Refusal of Cookies
   1. Users reserve the right to choose whether to install cookies. Thus, users can allow cookies, check a cookie each time it is saved, or refuse to save cookies all together by selecting an option on the web browser.
   2. However, if a user refuse to save cookies, he/she might experience difficulties in use of certain services provided by ON CITY HOTEL.
   3. Users can allow cookies (on Internet Explorer) as the following:
      1. ① Click the [Tools] button and select [Internet Option].
      2. ② Click the [Privacy Tab].
      3. ③ Adjust your settings.

9. Technical/Administrative Measures to Protect Personal Information

To prevent personal information from being lost, stolen, leaked, altered or damaged and ensure safety when handling the personal information of information principals, the Company takes the following technical/administrative measures:

1. A. Encryption of Password

   Password of each member of ON CITY HOTEL are encrypted before they are saved and managed. Only the member knows his/her password, and viewing/modification of personal information is available only to the person who knows the password.

2. B. Security Precautions against Hacking and etc.

   The Company is providing its utmost effort to prevent leakage of and/or damage on personal information of its members by hacking, computer viruses and etc. The Company frequently makes back-ups on data in order to prevent damages on personal information. The Company prevents leakage of and damage on personal information by using the latest vaccine programs. The Company uses encryption communications and etc. to safely transmit personal information on the network. Moreover, the Company is operating an intrusion prevention system to restrict unauthorized external intrusion, and providing efforts to adapt all possible technological measures to obtain systematical security.

3. C. Minimum Number of Employees with Access to Personal Information and Their Training

   The Company strictly limits employees handing personal information to those who manage personal information. A separate password is issued to such employees, and the password is renewed regularly. The Company also emphasizes the importance of compliance with the Privacy Policy of ON CITY HOTEL by providing regular education for employees with access to personal information.

4. D. Operation of an Exclusive Organization for Protection of Personal Information

   Moreover, an exclusive internal organization for protection of personal information is operated to monitor compliance with the Privacy Policy of ON CITY HOTEL, and if related problems are detected, the Company provides efforts to immediately take corrective measures. However, the Company will not be responsible for any damages occurred due to user’s negligence.

10. Contact Information of Chief Privacy Officer and Administrators

You may report all complaints related to personal information protection in using the Company’s service to the Chief Privacy Officer or department in charge. The Company will provide prompt and sufficient answers to your reports.

11. Duty of Notification

In the event of the addition, deletion and modification of the contents of the current privacy policy, it will be notified through 'Notice' on our homepage at least 7 days prior to execution. However, in the event the changes in critical user rights(e.g. collection and utilization of personal information, providing personal information to any third parties, etc.), notice will be made at least 30 days prior to execution.

1. Notification Date: Mar 31, 2015
2. Effective Date: Apr 7, 2015