Financial News (hereinafter referred to as “Company”) values ​​customers’ personal information and collects the minimum amount of personal information required to use the service when registering as a member. Please read the contents carefully and decide whether to agree or not.

1. Personal information processing and collection items

The company collects personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Membership signup and management
   • To provide membership service, to confirm identity, to restrict the member who violates the terms of service from using the service, to sanction against acts that interfere with smooth operation of service or illegal use of the service, to confirm the intention to join, to verify the age, to confirm the consent of legal representative when collecting personal information of children age under 14, and to verify the legal representative himself/herself
   • To process the personal information, to confirm identity when requested for access, modification, deletion, suspension of information by the person of information, to identify a person, to preserve record for handling dispute, to handle complaints, to deliver notifications, to withdraw membership
2. Utilize for developing new services and marketing advertisement

   To develop new services, to provide personalized service based on personal preferences, to provide services based on the statistical characteristics and to publish advertisement, to provide event and advertisement information (In this case, only the general information on the type of interest is provided, and no specific information of a person is provided.)

3. Newsletter service

   Only the services that the member requested to receive shall be sent, and a member may choose to discontinue the newsletter service at any time. However, due to the nature of the newsletter sent by email, you may receive it 1 or 2 days later depending on the time mail service provider receives it or if there is a failure in network.

4. Others

   To implement a contract regarding the provision of service, to settle payment for the provided service, to provide contents, to purchase and make payment.

   The same information may be automatically collected during the service use process.

   • Collection types: IP information, cookies, access login, visit date and time, service use record, favorite record, device information (unique device identifier and OS version)
   • Purpose of collection: Service use, confirmation and prevention of handle use, analysis and statistics
   • Retention and use period: Personal information retention period in accordance with relevant laws and regulations

When collecting personal information that protects personal information, consent is obtained from refusal.

2. Information to be collected and method of collection

The company uses personal information provided by users for the following purposes for the purpose of providing basic services such as membership registration and various services. All information provided by users will not be used for purposes other than those listed below. Personal information items to be collected

1. Method of Collection

   The company collects the personal information in a way of the following.

   • When users agree to the collection of personal information and enter the information themselves in the course of joining membership and using the service
   • When users agree to the collection of personal information and enter the information themselves in the course of applying for event or giveaway
   • The company may be provided with personal information from the external companies or organizations that partner with the company. In such cases, the information shall be provided after obtaining consent to provision of personal information from the users of the partnering companies and organizations in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. of the Republic of Korea.
   • Generated information such as device information is automatically generated and collected in the course of using PC web, mobile web, or mobile app.

3. Period for retention and use of personal information

The company destructs personal information of users without delay when a user withdraws membership or the consent to the collection and use of the personal information, when the purpose of collection and use of personal information has been achieved, and when the period of possession and use expires. However, the following information shall be retained for specified period for the following reasons.

1. Personal information to be retained and the period of retention when withdrawing membership
   • Information to be retained: Name, ID, email address, name of company, title etc. provided by the user
   • Ground of retention: Prevention of re-registration of bad users, cooperation in investigation on dispute over rights infringement
   • Period of retention: 3 months
2. Reasons for information retention under the relevant laws and regulation
   • Record on site use and visit, log record of users connection, IP information on connection: 3 months (Protection of Communications Secrets Act)
   • Record on sign/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, Etc.)
   • Record regarding contract or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, Etc.)
   • Record on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, Etc.)
   • Record on consumer complaint or dispute treatment: 3 years (Act on Consumer Protection in Electronic Commerce, Etc.)
   • Record on personal location information: 1 year (Act on the Protection, Use, Etc. of Location Information)
3. Preservation of user information who has not logged in for a long time

   If there is no record of use (e.g. Log-in) by a member for one year in a row, the Company saves and manages it for 1 year separately before destroying it as well as the Company notifies the member in advance. However, if required to preserve the personal information by the relative laws and regulations, it shall be preserved for a specified period. (Article 39-6 of the Personal Information Protection Act and Article 48-5 of the Enforcement Decree of the Personal Information Protection Act of the Republic of Korea)

4. Procedure and method of destruction of personal information

In principle, the Company destructs the information immediately a fter the purpose of its collection and use have been achieved without delay.

The procedure and method of destruction is as follows

1. Procedure of destruction
   • Information entered by users for purpose such as joining membership shall be moved to a separate database (in case of paper, a separate document container) after achieving the purpose of collection and use, and shall be destroyed after being saved for a certain period of time in accordance with the internal policy and other reasons for preserving information according to the relevant laws and regulations (See ‘Reasons for information retention under the relevant laws and regulation’.) The personal information shall not be used for purpose other than retention unless specified by law.
2. Method of destruction
   • Personal information stored in the form of electric file such as database: by using technological method making that information not restored
   • Personal information written and printed on paper: by shredding it or incinerating it

5. Sharing and provision of personal information

The Company uses personal information of users within the scope announced in ‘1. Purpose of collecting and using personal information’, and do not use it beyond the scope without users’ prior consent or disclose it to others in principle.

However, the following cases are exceptions.

1. Exceptions to sharing personal information
   • In case it falls under Articles 17 and 18 of the Personal Information Protection Act of the Republic of Korea
   • In case the users agree to disclose in advance
   • In case the investigation agency requests it in accordance with relevant laws and regulations or in accordance with the procedure and method prescribed in the rules and regulations for the purpose of investigation
   • In case it is impossible to obtain prior consent because the user or his/her legal representative is in state where they can’t express their intention or because the address is unknown, and it is clearly deemed necessary for the benefit of urgent life, body, or property of the user or a third party
   • In case it is deemed necessary for the purpose of statistics and academic research and the personal information is provided in the form that specific individual cannot be identified
2. Third party provider of personal information in case the user has agreed to the sharing and provision of personal information in advance Separate consent shall be obtained from the users of the service. The company partners with a content provider in order to provide better service to users, and safely delivers personal information as little as possible to a third party and manages it.

6. Right of users and their legal representative and the method of exercise

Users and legal representatives may access and modify their registered personal information and the personal information of children under the age of 14 legally represented by them at any time, and may refuse to agree to or withdraw the membership if they do not agree with the privacy policy of the Company. In the case, however, it may be difficult to use all or part of the service.

To access and modify the information of users or the children under the age of 14, it is possible for themselves to access and modify the information after confirming identification on “Mypage” of the service.

To withdraw the membership of users or the children under the age of 14, it is possible to withdraw the membership by contacting the customer center by telephone or email.

Or it will be immediately taken care of after confirming identity if requested to the personal information manager in writing, by telephone, or by e-mail.

If a user requests correcting error of personal information, the personal information shall not be used or provided until the correction is complete. In addition, if the wrong personal information has been already provided to a third party, the correction result shall be notified to a third party without delay so that the correction can be made.

The company takes care of personal information cancelled or deleted by the request of users or their legal representatives in accordance with statement in ‘3. Period for retention and use of personal information’ and makes it impossible to read or use it for other purposes.

Matters concerning the installation, operation, and rejection of device that automatically collects personal information

The company uses a ‘cookie’ which saves the members’ information and retrieves it at any time in order to provide personalized and customized service.

Cookies are very small text files to be sent to the browser of the users by the server used for operation of the websites of the Company and will be stored in hard-disks of the members' device (PC, smartphone, Tablet PC, etc.) A cookie is used to maintain the members’ setting and to provide customized information by reading a cookie that is saved in the hard-disk of the members’ device when they visit the website.

The purpose of company’s use of cookies is to provide marketing service or personalized service for members by analyzing Company’s each service visited by the member, frequency of visits, time of visits, and the number of visits and by understanding their usage behaviors and event participation information. The cookie expires when the member closes browser or log out from the service.

A member may refuse to install a cookie or delete it anytime. Therefore, a member may allow all cookies, go through confirmation every time the cookie is saved, or refuse to save all cookies by setting up options on the web browser. However, it may be difficult to use some of the Company’s service that require login if a member refuse to save cookie.

How to set up whether to allow installation of cookies (in Internet Explorer) is as follows.

1. Click [Tools] > [Internet Options] on the top of web browser,
2. Click [Personal Information]
3. Set up [Privacy Level]

8. Technical, managerial and physical measures for protection of personal information

1. Technical measures

   Personal information is protected by password, and important data are protected by separate security functions by encrypting files and transmitted data or using file locking function. The Company installs anti-virous software to take measures to prevent damages incurred by computer viruses. The anti-virous software is updated regularly, and in the event of a sudden outbreak of a virus, the it is applied as soon as it is released to prevent personal information from being infringed.

   The Company adopts a security device (SSL) which uses encryption algorithms to safely transmit personal information on network. In order to prevent users’ information from being disclosed by hacking, device is used to block outside intrusion, and intrusion detection system is installed to each major server to monitor intrusion for 24 hours.

2. Managerial measures

   The company strictly restricts staff who process personal information to those who perform management tasks of personal information and who processes the personal information inevitably due to the nature of the tasks, and emphasizes the compliance of the policy through frequent training for staffs in charge. Corrective actions take place immediately if any problem is found from the security inspection to check implementation of this policy and compliance of the staff.

3. Physical measures

   Necessary measures are taken to control access to personal information by granting, changing, and revoking access to database system that processes personal information, and unauthorized access from outside is controlled by intrusion prevention system. The document and backing storage containing personal information is stored in safe place with a lock.

   physical storages are placed separately to preserve personal information, and access control procedures are established and operated.

4. Management of personal ID and Password

   TIn addition to the above efforts, users themselves should be careful not to expose their information such as password to a third party. In particular, users should always be careful not to disclose information through PCs installed in public places. It is recommended that user ID and password must be used only by himself or herself and he or she change his or her password frequently.

9. Guide to staff responsible for personal information protection, personal information officer by service, and access request

Team

Digital Headquarters

Name

Seo, Sang-ryeol

Contact

82-2-2003-7457

Email

webmaster@fnnews.com

If you need to request access to other personal information, report, or consult, you may contact the following organization.

Korea Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

• Responsibility: Reporting personal information infringement and request counseling
• Website: privacy.kisa.or.kr
• Telephone: 118
• Address: (58324) Personal Information Infringement Report Center, 2F, 9 Jinheung-gil (301-2 bitgaram-dong), Naju-si, Jeollanam-do

Personal Information Dispute Mediation Committee

• Responsibility: Requesting personal information dispute mediation, settling collective dispute mediation (civil settlement)
• Website: www.kopico.go.kr
• Telephone: 1833-6972
• Address: (03171) 4F, Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul

Cyber Crime Investigation Division at Supreme Prosecutors’ Office of the Republic of Korea

• Website: www.spo.go.kr
• Telephone: 02-3480-3573

Website: cyberbureau.police.go.kr

• Website: cyberbureau.police.go.kr
• Telephone: 182

6. Notification obligation

Details on protection of personal information including this Privacy Policy are disclosed at the bottom of the website main page operated by the Company so that members can easily read it at any time. The contents of this Privacy Policy may change frequently, so you may check it when visiting the website.