Socra Class Personal Data Processing Policy

Weall Partners Co., Ltd. (hereinafter referred to as the "Company") shall comply with the relevant laws and regulations of the Republic of Korea that the information and communication service provider must comply with, and shall do its best to protect the rights and interests of users by establishing the personal information processing policy in accordance with the relevant laws and regulations.

The personal information processing policy of the socraClass service includes the following.

1. Items and methods of collecting personal information

A. Items of personal information collected

The company collects the following personal information for membership registration, smooth customer consultation, and various services.

• • A school administrator
  • When applying for a school manager: school name, password, name, mobile phone number, email address, public certificate DN value
  • When changing the manager's account through supporting documents: information on the person in charge (name, mobile phone number, email address to be issued with a temporary password), and school supporting documents (business registration number or school-specific number certificate)
• • A teacher's member
  • Upon membership registration: e-mail address, password, name, mobile phone number, and employment information (re-service school, class information in charge, and discourse work/subject (optional))
  • When modifying My Page: public certificate DN value
  • When registering an electronic signature: signature image
• • School administrator and teacher members in common
  • When applying for interlocking service: bulletin board ID and password of interlocking website
  • When subscribing to text service: Information on the person in charge (name, mobile phone number, e-mail address), outgoing number, and certificate of use of communication service
  • When registering a refund account: Bank name, account information, and bank account copy (deposit name)
  • School evidence documents (documents that can verify business registration numbers or institutional unique numbers)

The following information can be generated and collected during the service use process.

- IP Address, cookie, date and time of visit, service usage record, fraudulent usage record, terminal information (terminal identification unique information, terminal environment information, advertisement ID, basic statistics on service usage), payment/purchase record, application installation and usage history

B. Methods of collecting personal information

The company collects personal information in the following ways.

• Home page, mobile device, written form, fax, phone, consultation bulletin board, e-mail, event application, delivery request
• Provision from a partner company
• Collection through generative information collection tools

2. Purpose of collection and use of personal information

The Company utilizes the collected personal information for the following purposes.

• Personal information is used for membership registration, smooth customer consultation, service provision promised with users, self-authentication according to service provision, educational content provision, and delivery of goods and services.
• Personal information is used for membership management, such as confirmation of membership intention, age confirmation, user identification and identification, confirmation of membership intention to leave, and handling inquiries or complaints.
• Check the user protection and service use environment, including restrictions on the use of members who violate laws and terms and conditions, prevention and sanctions against acts that interfere with the smooth operation of services, prevention of account theft and illegal transactions, delivery of notices, and record storage for dispute mediation, and use personal information for stable operation.
• Personal information is used to provide new services (including personalized product recommendation services, etc.) that reflect users' propensity to purchase products and use services, interests, and usage records based on demographic characteristics, access frequency analysis, function improvement, service usage statistics, and statistics.
• Personal information can be used for events and promotional purposes, such as providing event information and advertising information.

3. Sharing and providing personal information

A. The company shall use users' personal information within the scope of "2. Purpose of collecting and using personal information" and shall not use it beyond the scope of the user's prior consent or provide the user's personal information in principle: Provided, That the following cases shall be excluded.

• If the user agrees in advance
  Purpose of provision of items provided by the recipient The period of possession and use of the recipient
  School name, mobile phone number, e-mail address, employment information (re-employment school, class information in charge, work/subject (optional)), school approval process, faculty management employment information, or until withdrawal of membership or termination of the school's use contract
• Where it is necessary for the settlement of charges according to the provision of services
• Where there is a request from an investigative agency in accordance with the provisions of the statute or in accordance with the procedures and methods prescribed in the statute for the purpose of investigation

4. Consignment of the processing of personal information

The company entrusts personal information to improve the service as follows, and in accordance with the relevant laws and regulations, matters necessary to ensure that personal information can be safely managed during the consignment contract. The company's personal information consignment processing agency and contents of the consignment are as follows. (*The labeling company is a re-consignment company.)

Details of business consignment by consignee
Firebase

5. Period of retention and use of personal information

In principle, the company retains the user's personal information until the withdrawal of membership. However, the company preserves personal information for 7 days after requesting withdrawal of membership in order to prepare for unwanted withdrawal due to theft of personal information. In addition, the following information will be preserved for the period specified for the following reasons even after the withdrawal of membership.

A. Reasons for preservation of information based on the company's internal policy

• Record of illegal use
  Reasons for preservation: Prevention of illegal use and response to customer consultation, etc
  Retention period: 1 year from the date of collection

B. Reasons for preservation of information under relevant laws and regulations

If it is necessary to preserve it in accordance with the provisions of related laws, such as the Commercial Act and the Consumer Protection Act in Electronic Commerce, the company shall preserve member information for a certain period prescribed by the relevant laws. In this case, the company uses the information to be preserved only for the purpose of preservation, and the retention period is as follows.

• Logs about service use
  Reason for Preservation: Communication Secret Protection Act
  Preservation period: 3 months
• Record of consumer complaints or dispute handling
  Reasons for preservation: Act on Consumer Protection in Electronic Commerce, etc
  Preservation period: 3 years
• Record of contract or withdrawal of subscription, etc
  Reasons for preservation: Act on Consumer Protection in Electronic Commerce, etc
  Preservation period: 5 years
• Record of payment and supply of goods, etc
  Reasons for preservation: Act on Consumer Protection in Electronic Commerce, etc
  Preservation period: 5 years
• Display, advertising records
  Reasons for preservation: Act on Consumer Protection in Electronic Commerce, etc
  Preservation period: 6 months

6. Procedures and methods for destroying personal information

In principle, the user's personal information is destroyed without delay when the purpose of collecting and using personal information is achieved.

The procedures and methods for destroying personal information are as follows.

A. Procedures for destruction

Information entered by users for membership registration, etc., is transferred to a separate DB after the purpose is achieved (in the case of paper, a separate document box) and stored for a certain period of time (refer to the retention and usage period) according to the internal policy and other relevant laws and regulations.

This personal information is not used for any purpose other than to be retained unless it is by law.

I. Method of destruction

• Personal information printed on paper is shredded with a grinder or destroyed through incineration.
• Personal information stored in the form of an electronic file is deleted using a technical method that does not allow the record to be played.

7. User's rights and methods of exercising them

Users can inquire or modify their registered personal information at any time, and if they do not agree to the processing of the company's personal information, they can refuse consent or request cancellation of membership (membership withdrawal). However, in that case, we would like to inform you that it may be difficult to use some or all of the services.

Users can directly read, correct, or leave after going through the identity verification process through "membership withdrawal" for personal information inquiry and modification, or "change personal information" (or "modification of member information").

Or, if you contact the person in charge of personal information protection in writing, by phone, or e-mail, we will take action without delay.

If a user requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In addition, if the wrong personal information has already been provided to a third party, we will notify the third party of the correction process without delay so that the correction can be made.

The company processes personal information that has been terminated or deleted at the request of users or legal representatives as specified in "5. Retention and Use Period of Personal Information" and prevents it from being viewed or used for other purposes.

8. Matters concerning the installation/operation and rejection of automatic personal information collection devices

A. What is a cookie

In order to provide personalized and customized services, the company uses "cookies" that store users' information and call them up from time to time. A cookie is a tiny text file sent to a user's browser by a server used to run a website and is stored on the user's computer's hard disk.

B. Purpose of use of cookies

Cookies are used to provide customized information optimized for users by analyzing each service and usage type of the company used by users.

C. Installation/operation and denial of cookies

Users have the option to install cookies, so they can either allow all cookies by setting options in their web browser, go through a check each time they are saved, or deny all cookies to be saved.

However, if you refuse to save cookies, some services from companies that require login may be difficult to use.

How to specify whether to allow cookie installation

• ① Chrome Web Browser: Settings > Privacy and Security > Cookies and Other Site Data Settings
• ② Microsoft Edge Web Browser: Set More > Settings > Cookie and Site Permissions in the upper right corner

D. Matters concerning the installation/operation of cookies in mobile services

Companies can also use "cookie" on their mobile devices (e.g., smartphones, tablet PCs) to provide the same and similar Internet environment to your PC environment on their mobile services. However, the company does not arbitrarily collect third-party cookies containing personal information without the user's explicit consent. Even on mobile devices, you can choose whether to allow cookies in the Web browser settings function. Although it may vary slightly depending on the operating system and the type of web browser on your mobile device, in most cases, you can decide whether to allow cookies or delete all existing cookies through your mobile web browser's environment settings. However, if you refuse to save cookies, you may be uncomfortable with using some services that require you to log in.

How to specify whether to allow cookie installation

• ① Chrome Web Browser: Top Right Menu Settings > Advanced > Site Settings > Cookie Settings
• ② Safari Web Browser: [Settings] > [Safari] > [Block All Cookies] > Settings

9. Technical/administrative protection measures for personal information

The company is taking the following technical and administrative measures to ensure the safety of users' personal information so that it is not lost, stolen, leaked, tampered with or damaged.

A. Encryption of personal information

The company encrypts personal information such as passwords and payment methods according to the standards required by law, and protects users' personal information by taking separate security measures such as encrypting files and transmission data.

B. Countermeasures against hacking, etc

The company does its best to prevent leakage or damage of members' personal information by hacking or computer viruses. We back up data from time to time in preparation for damage to personal information, use the latest vaccine program to prevent leakage or damage of users' personal information, and safely transmit personal information on the network through encrypted communication. In addition, we are using an intrusion prevention system to control unauthorized access from the outside and are trying to equip all possible technical devices to ensure systematic security.

C. Minimization and training of processing staff

The company's personal information processing staff is limited to the person in charge, and we always emphasize compliance with the company's personal information processing policy by conducting occasional training for the person in charge.

D. Operation of an organization dedicated to personal information protection

The company is striving to correct and correct any problems if they are found by checking the implementation of the company's personal information processing policy and compliance with the person in charge through an in-house personal information protection organization. However, the company is not responsible for any problems caused by the leakage of personal information such as IDs and passwords due to the user's own carelessness or Internet problems.

10. Personal Data Protection Officer's contact information

The company designates a personal information protection officer in charge of collecting opinions and handling complaints about personal information. You can report all personal information protection-related complaints that occur while using the company's service to the contact information of the person in charge of personal information protection. The company will quickly and sufficiently respond to users' reports.

A person in charge of personal information protection

• Name: Kang Cheol-joon
• Affiliated/Position: Chairman of the Personal Information Protection TF
• Email: prokang1@gmail.com
• Phone number: 1800-

If you need to report or consult other personal information infringement, please contact the agency below.

• Personal Information Dispute Mediation Committee (www.kopico.go.kr, 1833-6972 without country number)
• Personal Information Infringement Reporting Center (http://privacy.kisa.or.kr, 118 without country number)
• Cyber Investigation Division of Supreme Prosecutors' Office (http://www.spo.go.kr, 1301 without national number)
• Cyber Investigation Bureau of the National Police Agency (https://ecrm.cyber.go.kr, 182, without country number)

11. Other

We would like to inform you that this "socraClass Privacy Policy" does not apply to the collection of personal information by web pages linked to the services provided by the company.

12. Duty of notification

If there is any addition, deletion, or amendment of the current personal information processing policy, it will be notified through the "public notice" on the website at least seven days before the revision.