Human Consulting Group Inc. (hereinafter referred to as "HCG") establishes and discloses the following guidelines for personal information processing in order to protect the personal information of the data in accordance with Article 30 of the Personal Information Protection Act and to promptly and smoothly handle related grievances.

Article 1. Personal Information Processing Purpose

Process personal information for the following purposes: The personal information being processed shall not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented.

1. 1. Subscribe and manage website membership
   • Personal information is processed with the consent of the information subject for the purpose of responding to inquiries about services and products of HCG and providing related information.
2. 2. Services
   • Personal information is processed with the consent of the information subject to provide services such as HR system maintenance and payroll service.

Article 2. Procession and Retention Period of Personal Information

① HCG processes and retains personal information within the period of retention and use of personal information under the Act or the period of personal information received consent when collecting personal information from the information subject.

② Each person's personal information processing and retention period is as follows.

1. 1. Subscription and management of website membership: Until withdrawal of HCG homepage
2. 2. Service Delivery: Until the termination of the service supply and payment and settlement of charges discussed with the customer.
   However, if the following reasons apply, until the end of the relevant reason:
   • 1) If an investigation or investigation in violation of related laws is in progress, until the termination of the relevant investigation or investigation
   • 2) Records of transactions, such as marking, advertising, contract details, and implementation under the 「Act on the Protection of Consumers in Electronic Commerce, etc. 」
     • - Records of indications and advertisements: 6 months
     • - Supply records of contracts or subscription withdrawal, payment, goods, etc.: 5 years
     • - Records of consumer complaints or dispute handling: 3 years
   • 3) Archive of communication fact verification data under Article 41 of the 「Communication Secret Protection Act」
     • - Subscriber telecommunication date and time, counterparty's subscriber number, frequency of use, and location tracking data of the sending base station: 1 year
     • - Computer communication, Internet log records, and location tracking data: 3months
   • 4) Archive of identification information under Article 29 of the Enforcement Decree of the 「The Act on the Promotion of Information and Communication Network Utilization and Information Protection」: 6 months after posting information on the bulletin board

Article 3. Rights of Data Subjects. Obligations, and methods for Exercise of Rights

① The information subject may exercise the following privacy rights to HCG at any time:

1. 1. Requirement for reading personal information
2. 2. Requirement for correction if there is an error, etc.
3. 3. Requirement for deletion
4. 4. Requirement for suspension of processing

② The exercise of rights under paragraph (1) may be conducted in writing, e-mailing, or FAX in accordance with attached Form 8 of the Enforcement Rules of the Personal Information Protection Act, and HCG will take action without delay.

③ If the information subject requests correction or deletion of personal information errors, etc., HCG does not use or provide such personal information until the correction or deletion is completed.

④ The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the information subject or a person delegated. In such cases, a warrant of attorney in attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.

Article 4. Items for processing personal information

HCG is processing the following personal information items:

1. 1. Subscribe and manage homepage membership
   • - Required: Name, Affiliated company name, Email, Contact number
2. 2. Delivering Services
   • - Required: Name, Affiliated company name, Email, Contact number
   • - Option: Mobile number, Main task, Position, Company address, Business registration number
3. 3The following personal information items can be automatically created and collected during the course of using the Internet service: IP address, cookie, MAC address, service usage record, visit record, etc.

Article 5. Destruction of Personal Information

① HCG destroys personal information without delay when it becomes unnecessary, such as the expiration of the period of personal information retention and the attainment of the processing purpose

② Even though the period of personal information held by the data subject has expired or the purpose of processing has been achieved; where the retention of such personal information is mandatory by other statutes, the relevant personal information and files shall be moved to a separate database (DB) or stored in a different location.

③ The Procedure and methods of destruction of personal information are as follows.

1. 1. Destruction Process
   • HCG verifies personal information where the reason for destruction has occurred and destroys personal information with the approval of HCG’s personal information controller
2. 2.The Methods to destroy
   • HCG destroys personal information recorded and stored in electronic file form so that it cannot be played back, and personal information recorded or stored in paper documents is destroyed by shredding or incinerating with a shredder.

Article 6. Measures to secure safety of Personal Information

HCG is taking the following measures to ensure the safety of personal information:

1. 1. Management Measures: Establishing an internal management plan. Implementation, regular staff training, etc.
2. 2. Technical Measures: Management of access rights such as personal information processing systems, installation of access control systems, encryption of unique identification information and Personal location information, installation of security programs, etc
3. 3. Physical Measures: Control access to computer rooms, data storage rooms, etc.

Article 7. The Personal Information Protection Officer

① HCG is responsible for the overall handling of personal information and designates a person in charge of personal information protection as follows to handle complaints from data subjects related to personal information processing and to remedy damages.

1. The Personal Information Protection Officer
2. - Name: Hur Wook
3. - Contact Number: 031-8023-9002
4. - Email : ukhur@e-hcg.com

② A data subject may contact to the personal information protection officer and the department, to inquiries, complaints, and to remedy the damage caused by using HCG's services. HCG will respond and handle it without delay to the inquiries of the data subject.

Article 8. Request for Personal information Access

A data subject may request the following departments to access personal information under Article 35 of the Personal Information Protection Act. HCG will make efforts to handle the request quickly for data subject’s access to personal information.

1. Department in charge of personal information protection
2. - Department Name: CS Team
3. - Manager Name: Kim Jung Hye
4. - Contact Number: 031-8023-9051
5. - Email : jhkim@e-hcg.com

Article 9. Rescue method for infringement of rights

A data subject can ask the following institutions about personal information infringement, such as to remedy damage, counseling, etc. The following institutions are separate from HCG, so please contact the institution if you are not satisfied with the results of handling complaints about personal information by HCG and remediation of damages; or if you need further assistance.

• 1. Personal Information Dispute Mediation Committee: 02-2100-2499 (www.kopico.go.kr)
• 2. Personal Information Infringement Reporting Center: (without a national number) 118 (privacy.kisa.or.kr)
• 3. Supreme Prosecutors' Office Cybercrime Investigation Team: 02-3480-3571 (www.spo.go.kr)
• 4. Cyber Security Agency of the National Police Agency: (without a national number) 182 (www.cyberbureau.police.go.kr)

Article 10. Installation and Operation of Visual Data Processing Devices

HCG install and operate visual data processing devices.
The Purpose of installation of visual data processing devices: Facility safety and fire prevention of HCG

1. 1. Number of installations, location of installation, and scope of filming: Two visual data processing devices are installed in the Pangyo office, and the scope of filming is to take pictures of the entrance and office space.
2. 2. Management manager, department in charge, and person with access to visual data: BSS Center P&C Team Lee Ji Hwan Manager in Pangyo Center office
3. 3. Visual data shooting time, storage period, storage location, processing method
   • - Filming time: 24 hours filming
   • - Storage period: 30 days from filming date
   • - Storage place and processing method: S1 (Secom) Computer Room, Deleted after storage period has expired
4. 4. Method and location for verification of visual data: Request from the person in charge of management of the relevant Center
5. 5. Measures for requests to access visual data by data subjects
   • A personal visual data access and existence confirmation claim shall be filed, and access is allowed only when the data subject himself/herself is photographed or clearly necessary for the life, body, and property interests of the data subject. The End

Article 11 (Processing of personal location information)

In accordance with the Act on the Protection and Use of Location Information (hereinafter referred to as the "Location Information Act"), HCG processes personal location information as follows.
① Purpose and retention period of personal location information

Service Name	Purpose of processing	Holding period
JaDE	Executives and employees of a corporation that has a service use contract provide a commuting certification function using location information when recording commuting	Until the person in charge of attendance and attendance of the corporation who has signed the use contract certifies commuting

② HCG automatically records and preserves data confirming the collection, use, and provision of personal location information in accordance with Article 16 (2) of the Act on the Protection and Use of Location Information, etc. and stores the data for six months.

③ If the purpose of processing personal location information is achieved, HCG will safely destroy it in accordance with Article 5 (3) of the Personal Information Processing Policy.

④ HCG does not provide personal location information to a third party without the consent of the customer who has signed the service use contract, and if it provides it to a third party, it notifies the recipient and the purpose of the provision in advance and obtains consent.

⑤ Rights and obligations of persons obligated to protect children, etc. under the age of 8 and the method of exercising them

1. 1. HCG does not collect personal location information for children under the age of 14.
2. 2. If a person falling under Article 26(2) of the Act on the Protection and Use of Location Information of a person falling under the following cases (hereinafter referred to as the "Protector"), etc. agrees to use or provide personal location information for the life or physical protection of a guardian, etc.
   • - an adult guardian
   • - Persons with mental disabilities under Article 2 (2) 2 of the Welfare of Persons with Disabilities Act who are severely disabled under Article 2 (2) 2 of the Employment Promotion and Vocational Rehabilitation Act (only persons registered for persons with disabilities under Article 32 of the Welfare of Persons with Disabilities Act)
3. 3. For the protection of the life or body of an adult guardian, a person obligated to protect the use or provision of personal location information must submit a written consent form to the client company.
4. 4. If the person obligated to protect agrees to use or provide personal location information of the guardian of the adult, etc., he/she shall have all the rights of the end user under Article 7 of this Agreement.

⑥ The person in charge of location information management of HCG is the person in charge of personal information protection.

Article 12 ( Personal Information processing method)

The current personal information process will be revised on December 19, 2022.

1. - announcement date: December 12, 2022
2. - Implementation date: December 19, 2022