SYNKEY GROUP Co., Ltd. (hereinafter "the Company") establishes and discloses the following Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related grievances promptly and smoothly.

Article 1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than those listed below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1.    Website Inquiry and Consultation — Personal information is processed for the purpose of responding to product and service inquiries, providing consultations, and managing follow-up support.

2.    Complaint Handling — Personal information is processed for the purpose of verifying the identity of the complainant, confirming the details of the complaint, conducting contact and notification for fact-finding, and notifying the outcome.

The Company does not use collected personal information for marketing or advertising purposes.

Article 2. Retention and Use Period of Personal Information

① The Company processes and retains personal information within the period stipulated by applicable laws or the retention period agreed upon at the time of collection.

② The retention period for personal information collected through inquiries is as follows:

1.    Website inquiry submission and management: Retained for one (1) year after the inquiry is resolved, then destroyed without delay. However, if an investigation related to a violation of applicable law is ongoing, the information will be retained until the investigation is concluded.

Article 3. Provision of Personal Information to Third Parties

① The Company processes personal information only within the scope specified in Article 1 and provides personal information to third parties only with the consent of the data subject or when required under Articles 17 and 18 of the Personal Information Protection Act, such as special statutory provisions. In all other cases, personal information is not provided to third parties.

Article 4. Consignment of Personal Information Processing

① To ensure smooth website operation and inquiry system services, the Company consigns personal information processing as follows:

    - Consignee: I'mweb Co., Ltd.

    - Scope of consigned work: Website hosting and inquiry form system operation

② When entering into consignment agreements, the Company specifies in writing matters such as prohibition of processing personal information beyond the consigned purpose, technical and administrative protective measures, restrictions on re-consignment, supervision of the consignee, and liability for damages, in accordance with Article 25 of the Personal Information Protection Act. The Company also supervises whether the consignee handles personal information securely.

③ If the content of the consigned work or the consignee changes, such changes will be disclosed through this Privacy Policy without delay.

Article 5. Rights of Data Subjects and How to Exercise Them

① Data subjects may exercise the following rights with respect to their personal information at any time:

1.    Right to access personal information

2.    Right to request correction of errors

3.    Right to request deletion

4.    Right to request suspension of processing

② Rights under Paragraph ① may be exercised in writing, by phone, or by email. The Company will respond and take action without delay.

③ If a data subject requests correction or deletion of personal information due to errors, the Company will not use or provide such information until the correction or deletion is completed.

Article 6. Categories of Personal Information Processed

The Company processes the following categories of personal information:

1.    Website inquiry submission

    - Required: Name, company email, phone number, country, affiliated organization/institution, inquiry content

    - Optional: Job title, inquiry type

Article 7. Destruction of Personal Information

① When personal information is no longer necessary — such as when the retention period has expired or the processing purpose has been achieved — the Company destroys the relevant personal information without delay.

② If personal information must be retained in accordance with other applicable laws, it is transferred to a separate database or stored in a separate location.

③ The destruction procedure and method are as follows:

1.    Destruction procedure: Personal information subject to destruction is identified and destroyed upon approval by the Company's Privacy Officer.

2.    Destruction method: Electronic files are permanently deleted using technical methods that prevent recovery. Personal information recorded on paper documents is shredded or incinerated.

Article 8. Measures to Ensure the Security of Personal Information

The Company takes the following measures to ensure the security of personal information:

1.    Administrative measures: Establishment and implementation of internal management plans, employee training, etc.

2.    Technical measures: Access control for personal information processing systems, installation of security programs.

3.    Physical measures: Access control for data storage facilities.

Article 9. Installation and Operation of Automatic Data Collection Devices and Right to Refuse

① The Company may use cookies to operate the website.

② Data subjects may allow or refuse the storage of cookies through their web browser settings.

③ Refusing to store cookies may result in difficulty using certain services.

Article 10. Privacy Officer

① The Company designates a Privacy Officer responsible for overseeing all matters related to personal information processing and for handling complaints and remedies from data subjects:

▶ Privacy Officer

    - Name: Choi Won Kyu0

    - Title: Director

    - Phone: +82 10 5422 3539

    - Email: domain@synkey.com

② Data subjects may contact the Privacy Officer regarding inquiries, complaints, or remedies related to personal information protection. The Company will respond and take action without delay.

Article 11. Collection, Use, and Opt-Out of Behavioral Information

1.    The Company may collect and use behavioral information to provide optimized services to users during the use of its services.

2.    The Company uses Google Analytics, a web analysis service provided by Google, to collect behavioral information of website users. Only non-personally identifiable information is collected and used for this purpose.

3.    Users who wish to opt out of behavioral information collection may do so through the following method:

▶ How to opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

Article 12. Remedies for Infringement of Rights

Data subjects who require relief or consultation due to personal information infringement may contact the following authorities:

1.    Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

2.    Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

3.    Supreme Prosecutors' Office: 1301 (www.spo.go.kr)

4.    National Police Agency: 182 (ecrm.police.go.kr)

Article 13. Enforcement and Amendment of This Privacy Policy

This Privacy Policy is effective as of May 1, 2026.