Privacy Policy

Smile Farm Co., Ltd. (hereinafter referred to as "Company") establishes and discloses the following processing policy to protect users' personal information in accordance with the Personal Information Protection Act and related statutes, and to promptly and smoothly handle related grievances.

1. Purpose of Collection and Items of Personal Information

The Company collects and uses personal information for the following purposes. The processed personal information is not used for any purpose other than the following:

1) Purpose of Collection

Provision of services and member management

Customer inquiries and complaint handling

Compliance with laws and contract fulfillment

2) Items of Collection

Mandatory items: Name, Email, Contact information

Automatically collected items: Connection IP information, Cookies, Visit records

2. Retention and Use Period of Personal Information

The Company will destroy personal information immediately after the collection and use objectives are achieved. However, personal information will be retained for the period prescribed by law.

• Membership registration and management: 5 years after membership withdrawal

• Contract and withdrawal of subscription: 5 years after contract or subscription withdrawal

• Legal obligations: Compliance with the retention period according to related laws

3. Rights of Information Subjects and Exercise Methods

Users can request to view, correct, or delete their personal information at any time. Requests can be made in writing, via email, or by phone.

Upon request for correction or deletion, the respective personal information will not be used until the processing is complete.

4. Destruction of Personal Information

Personal information is destroyed immediately after the processing purpose is achieved. The procedures and methods of destruction are as follows:

• Electronic files: Deleted using technical methods making recovery impossible

• Paper documents: Shredded or incinerated

5. Measures for the Protection of Personal Information

The Company takes the following measures to protect personal information:

• Minimization and training of personnel handling personal information

• Establishment and implementation of internal management plans

• Operation of security systems to prevent hacking and other external intrusions

• Retention and inspection of access records to the personal information processing system for at least 6 months

6. Delegation of Personal Information Processing

The Company may delegate personal information processing tasks externally to provide smooth services. Delegation involves prior notification and consent regarding the delegate and content of the delegation.

7. Report and Consultation on Personal Information Infringement

If you need to report or consult regarding personal information infringement, please contact the following institutions:

• Personal Information Dispute Mediation Committee: www.kopico.go.kr 1833-6972

• Personal Information Infringement Report Center: privacy.kisa.or.kr 118

• Cyber Investigation Department of the Supreme Prosecutors' Office: www.spo.go.kr 1301

• Cyber Safety Bureau of the National Police Agency: cyberbureau.police.go.kr 182

8. Changes to the Personal Information Processing Policy

If the Company changes the personal information processing policy, it will notify the changes and reasons at least 7 days in advance.

9. Personal Information Protection Manager

The Company oversees personal information processing tasks and strives for complaint resolution and damage remedy.

• Personal Information Protection Manager: Lee Jong-heon

This policy is effective from November 20, 2025.