JUSTCO GROUP’S PRIVACY POLICY

1. Introduction

At JustCo we respect the privacy and confidentiality of the personal data of our members and others whom we interact with in the course of providing our services as well as of applicants who apply for positions with us. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us.

We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession. We will comply with all applicable laws with regards to data privacy, and where local laws are more stringent than this policy, then such laws shall prevail and JustCo shall comply with such laws.

This Data Protection Notice will apply to the collection and processing of the personal data of our members and others whom we interact with in the course of providing our services.

2. How We Collect Your Personal Data

Personal data refers to any information that can uniquely identify an individual person (a) on its own, or (b) when combined with other information.

In order to achieve the purposes as set forth in section 4, we collect your personal data when you:

• Subscribe or purchase our services
• Use our services
• Enquire / respond to our range of services via our marketing, promotional campaigns including electronic direct mails (EDMs)
• Are referred to us by one of our members, users, account holders and/or business partners
• Provide feedback to us on our quality of service
• Visit our websites and leave behind your contact information
• Communicate with us via emails or written correspondences

The scope of the personal data collection will be kept to the minimum and necessary extent to achieve the specified purposes set forth in section 4.

3. Types of Personal Data We Collect About You

The types of personal data we may collect about you include:

• Contact information (Name, Phone No., Email Address)
• Biometric information (Pictures, Video from security cameras, voice recordings)
• Payment information (Credit/Debit Card Information)
• Account information (account balance, valid subscriptions)
• Location Data
• Information on the use of our services (frequency of use of our services, location of use etc)
• Information from other organisations (your employer or other entities we believe you have authorized to provide your personal details on your behalf)

4. How We Use Your Personal Data

We use the personal data set out in Section 3 for one or more of the following purposes hereunder, and solely for such purposes.

• Verify your identity
• Inform you of any updates or improvements
• Manage, analyse and improve our services, business and operations to serve you better or enhance customer experience
• Respond to opinions, comments or feedback about our products or services
• Process and manage our services
• Process billing, payment and other credit-related activities
• Conduct market research, direct marketing and lead generation activities
• Conduct joint marketing with other companies and service providers
• Communicate with customers, guests, members and website visitors
• Comply with or fulfil legal obligations and regulatory requirements
• Ensure the security and safety of our users

In the event of any changes in the processing purpose, we will take necessary measures such as obtaining your separate consent. Further, we will use and store your personal data from the date of consent until the purpose of collection and usage is achieved, other than the exceptions listed below. Thereafter, Personal Data will be destroyed in accordance with our data retention policy or applicable laws.

5. Sharing of Personal Data to Third Parties & Entrustment

We disclose some of the personal data you provide us, as a way of provision or entrustment, to third-party entities or organisations outside JustCo in order to fulfil our services to you. Your personal data will only be shared with the specified recipients outlined if:

• Entrustment of particular personal data identified in section 3 is required for the proper use of our services regarding your use of specific Reinvent feature
• You grant us permission to provide your personal data, e.g. by selecting the appropriate setting in the Reinvent service or authorizing us through a presented consent mechanism.
• Disclosure is required by the relevant authorities or law enforcement agencies under applicable laws and regulations.

Third-party Entrustment

6. Entrustment, Transfer to Other Countries

We may entrust, store, or provide (including making relevant inquiries) your personal data to third parties overseas in order fulfil our services to you. Your personal data, therefore, may be subject to privacy laws that are different from those in your country. In such instances we shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place to protect your data.

In the event we provide your personal data to the third parties overseas, your separate consent will always be requested.

Overseas Entrustment

Overseas Provision

7. How We Manage the Collection, Use and Disclosure of Your Personal Data

7.1 Obtaining Consent

Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.

Under certain circumstances, we may assume deemed consent from you when you voluntarily provide your personal data for the stated purpose, e.g. when you apply for a job with us using our job application forms.

We may rely on exceptions to the need for consent under applicable for the collection, use or disclosure of your personal data under the following circumstances. for example:

• The personal data is publicly available
• The personal data is disclosed by a public agency or disclosed to a public agency
• The personal data is necessary for any investigation or proceedings
• The personal data is necessary for evaluative purposes (e.g. determining the creditworthiness of a customer)
• The personal data is necessary to recover a debt owed by an individual to JustCo, or for JustCo to pay a debt owed to the individual
• The personal data is necessary for a business asset transaction

7.2 Withdrawal of Consent

If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of future services offered by us.

Your request for withdrawal of consent can take the form of an email or letter to us, or through the “UNSUBSCRIBE” feature in an online service.

7.3 Use of Cookies

We use “cookies” to collect information about your online activity on our website. A cookie is a small text file created by the website that is stored in your computer to provide a way for the website to recognise how you interact with online content and ads, to assess the performance of our website and to personalise the content and ads that you see to keep track of your preferences. The cookie makes it convenient for you such that you do not have to retype the same information again when you revisit the website or in filling electronic forms.

Most cookies we use are “session cookies”, which will be deleted automatically from the hard disk of your computer at the end of the session.

You may choose not to accept cookies by turning off this feature in your web browser. Note that by doing so, you may not be able to use some of the features and functions in our web applications.

8. How We Ensure the Accuracy of Your Personal Data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date.

From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).

9. How We Protect Your Personal Data

We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.

We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.

When we engage third-party data processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees to us to have implemented the necessary organisational and technical security measures, and have taken reasonable steps to comply with these measures.

10. How We Retain and Delete Your Personal Data

We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.

We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached (i.e. period of retention), or once the purpose of the personal data has been achieved and is no longer necessary.

The process and method of destruction are as follows:

• Destruction process: Once the purpose is achieved, user’s personal data is moved to a separate database and is destroyed after storage for a certain period depending on data protection reasons under our internal policy and other applicable laws and regulations.
• Destruction method: We delete personal data stored in the form of electronic file by using the technical means which makes it impossible to restore the data. We destroy your personal data through replacing the data that needs to be destroyed with unrecoverable data in the database.

11. How You Can Access and Make Correction to Your Personal Data

You or your legal representative may request at any time to view, correct/delete, suspend the processing of, and withdraw consent to your personal data. Additionally, you may write in to us to find out how we have been using or disclosing (by means of provision or entrustment to the third parties) your personal data. Before we accede to your request, we may need to verify your identity. We will respond to your request as soon as possible, and, where possible we will let you know and give you an estimate of how much time we require. We may also charge you a reasonable fee to the extent permitted by the applicable law for the cost involved in processing your access request.

If you find that the personal data we hold about you is inaccurate, incomplete, misleading or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 10 days from the date we receive your request.

12. Contacting Us

If you have any query or feedback regarding this Policy, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: [email protected]

Any query or complaint should include, at least, the following details:

• Your full name and contact information
• Brief description of your query or complaint

We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.

You may make queries to the following organizations to make reports or consultations on other privacy infringements. The following organizations are independent organizations from JustCo, which you may utilize if you are not satisfied with the way we have handled your personal data related complaints or need further assistance:

• Privacy Infringement Report Center (privacy.kisa.or.kr/ Phone no. 118)
• Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr/ Phone no. 1301)
• Cyber Bureau of Investigation, National Police Agency (police.go.kr/ Phone no. 182)

13. Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.

Changes to this Notice take effect when they are posted on our website, and the effective date will be written on the updated version of this Notice.

You can also access the previous Notice via a link below:

• No previous Notice

14. Link

We may display advertisements from third parties and other content that links to third-party websites and/or applications. We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that any personal data you provide or is collected will not be covered by this Notice. Please read their privacy policies to find out how they collect and process your personal data.

15. Children

Our service is not directed to those under the age of 19 years, including children under the age of 14 years. Our service is also not offered to children whose age makes it illegal to process their personal data or requires parental consent for the processing of their personal data under applicable local law.

We do not knowingly collect personal data from children under 14 years or under the applicable age limit (the “Age Limit”). If you are under the Age Limit, please do not use our service, and do not provide any personal data to us.

If you are a parent of a child under the Age Limit and become aware that your child has provided personal data to us, please contact our DPO, and you may request exercise of your applicable rights to view, correct/delete, suspend the processing of, and withdraw consent to your personal data.

In the event that we find out that we have collected personal data from children under 14 years, we will take appropriate measures to delete such personal data.

Updated 27 July 2021