AIrway Express

Airway Express Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy to protect users’ personal information and to promptly and smoothly handle related complaints.

Article 1 (Purpose of processing personal information)

The company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent. 1. Website membership registration and management Confirmation of intention to become a member, identification/authentication of identity through provision of membership services, maintenance/management of membership, identity verification through implementation of limited identity verification system, prevention of illegal use of services, personal information of children under 14 years of age Personal information is processed for the purpose of confirming consent of the legal representative, various notices/notifications, and handling grievances. 2. Provision of goods or services Personal information is processed for the purposes of delivery of goods, provision of services, sending of contracts/invoices, provision of content, provision of customized services, identity verification, age verification, bill payment/settlement, debt collection, etc. 3. Personal information is processed for the purposes of verifying the identity of the complainant, confirming the complaint, contacting/notifying for factual investigation, and notifying the result of the complaint.

Article 2 (Personal information items to be processed)

The company processes the following personal information items. 1. Website membership registration and management Required items: name, date of birth, ID, password, address, phone number, email address Optional items: marital status, areas of interest 2. Required items for provision of goods or services: Name, date of birth, ID, password, address, phone number, email address, credit card number Optional items: Area of interest, past purchase history

Article 3 (Personal Information Collection Method)

1. If the user agrees to the collection of personal information and enters the information directly during membership registration and service use, the personal information is collected. 2. During the consultation process through the customer center, the user's personal information may be collected through web pages, e-mail, fax, phone, etc. 3. Personal information may be collected in writing at offline events, etc. 4. Personal information may be provided from an external company or organization affiliated with the company. In this case, the affiliate must obtain consent from the user to provide personal information. 5. Members under the age of 14 must obtain consent from their legal representative to use the service.

Article 4 (Processing and retention period of personal information)

① The company processes and retains personal information within the personal information retention and use period in accordance with the law or within the personal information retention and use period agreed to by users when collecting personal information. ② The processing and retention period for each personal information is as follows. 1. Website membership registration and management: Until withdrawal of business/group website. However, in the case of the following reasons, until the relevant reason ends. 1) If an investigation/investigation, etc. is in progress for violation of relevant laws and regulations, until the end of the investigation/investigation, 2) If a bond/debt relationship remains due to use of the website, it will be held until the relevant bond/debt relationship is settled. 2. Provision of goods or services: Until completion of supply of goods or services and completion of fee payment/settlement. However, in the following cases, until the end of the relevant period. 1) Records of transactions, such as labeling, advertising, contract details and performance, in accordance with the Act on Consumer Protection in Electronic Commerce, etc. - Records of labeling and advertising: June - Records of contract or subscription withdrawal, payment, supply of goods, etc.: 5 years - Records of consumer complaints or dispute resolution: 3 years

2) Storage of communication confirmation data in accordance with Article 41 of the 「Communication Secrets Protection Act」 - Subscriber telecommunication date and time, start/end time, other party subscriber number, frequency of use: 1 year - Computer communication, internet log records, access point tracking data: 3 months

Article 5 (Rights, obligations and exercise methods of users and legal representatives)

① Users may exercise the following rights related to personal information protection against the Company at any time. 1. Request to view personal information 2. Request for correction if there is an error, etc. 3. Request for deletion 4. Request to suspend processing ② The exercise of rights under Paragraph 1 may be made to the Company in writing, by phone, e-mail, facsimile (FAX), etc., and the Company will take action without delay. ③ If a user requests correction or deletion of errors in personal information, the company will not use or provide the personal information until correction or deletion is completed. ④ In the case of children under the age of 14, the exercise of rights under Paragraph 1 may be done through an agent such as the user's legal representative or a person authorized to do so. In this case, the legal representative has all the rights of the user. ⑤ Users must not violate the personal information and privacy of the user or others processed by the company in violation of related laws such as the Information and Communications Network Act and the Personal Information Protection Act.

Article 6 (Installation, operation and refusal of automatic personal information collection devices)

The company uses 'cookies' to store and frequently retrieve user information in order to provide personalized and customized services to each user. 1. Purpose of using cookies To provide target marketing and personalized services through analysis of access frequency and visit time of members and non-members, identification of user tastes and interests, tracking traces, and identification of participation level in various events and number of visits, etc. 2. How to refuse cookie settings Users can refuse cookie installation. However, if you refuse to install cookies, it may be difficult to use some services that require login. (Setting method, based on IE) Tools at the top of the web browser > Internet Options > Personal Information > Site Blocking

Article 7 (Destruction of Personal Information)

① When personal information becomes unnecessary, such as when the personal information retention period has passed or the purpose of processing has been achieved, the company destroys the personal information within 5 days. ② In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period agreed upon by the user or the purpose of processing has been achieved, the personal information may be transferred to a separate database (DB) or stored in a different storage location. and preserve it. ③ The procedures and methods for destroying personal information are as follows. 1. Destruction Procedure The company selects the personal information that is subject to destruction and destroys the personal information with the approval of the company’s personal information protection manager. 2. Destruction method The company destroys personal information recorded/saved in electronic file format using methods such as low level format so that the records cannot be reproduced, and personal information recorded/saved in paper documents is shredded with a shredder. or destroy by incineration.

Article 8 (Measures to ensure the safety of personal information)

The company is taking the following measures to ensure the safety of personal information. 1. Management measures: Establishment/implementation of internal management plan, regular employee training, etc. 2. Technical measures: Management of access rights to personal information processing system, installation of access control system, encryption of unique identification information, etc., installation of security program. 3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Personal Information Protection Manager)

① The company is responsible for overall handling of personal information, and designates and operates a personal information protection manager and department in charge as follows to handle user complaints and provide relief for damages related to personal information processing. ▶ Name of personal information protection officer: 000 ▶ Personal information protection department Department name: 000 Person in charge: 000 ② Users may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the company's services (or business) to the personal information protection manager and responsible department. The company will respond and process user inquiries.

Article 10 (Request to view personal information)

Users may request to view personal information to the department below. The company will strive to promptly process users' requests to view personal information. ▶ Personal information access request reception/processing department Department name: 00 Contact person: 000

Article 11 (Methods for relief from infringement of rights)

Users may inquire about relief for damage or consultation regarding infringement of personal information to the organizations below. <The organizations below are separate from the company. If you are dissatisfied with the company's own personal information complaint handling or damage relief results or need further assistance, please contact us> ▶ Personal Information Infringement Reporting Center (operated by Korea Internet & Security Agency) - Responsibilities: Reporting personal information infringement, requesting consultation - Website: privacy.kisa.or.kr -Phone: (without area code) 118 - Address: Personal Information Infringement Report Center, 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2, Bitgaram-dong) (58324) ▶ Personal Information Dispute Mediation Committee - Responsibilities: Request for personal information dispute mediation, group dispute mediation (civil resolution) - Website: www.kopico.go.kr - Phone: (without area code) 1833-6972 - Address: (03171) 4th floor, Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul ▶ Supreme Prosecutors' Office Cyber Crime Investigation Team: 02-3480-3573 ▶ National Police Agency Cyber Terror Response Center: 1566-0112

Article 12 (Changes to personal information processing policy)

① This personal information processing policy is effective from August 23, 2023. ② Please contact us regarding the previous personal information processing policy.