Personal Information Processing Policy

Bside Inc. (hereinafter referred to as the 'Company') processes and safely manages personal information in compliance with the 「Personal Information Protection Act」 and related laws and regulations to protect the freedom and rights of data subjects. Accordingly, in accordance with Article 30 of the 「Personal Information Protection Act」, the Company establishes and publishes the following Personal Information Processing Policy to inform data subjects of the procedures and standards regarding the processing and protection of personal information and to handle related grievances quickly and smoothly.

Article 1 (Purpose, Items, and Retention Period of Personal Information Processing)

The Company collects and uses personal information within the minimum necessary scope for service provision.

1. Items processed without consent (Legal basis)
2. Purpose: Member registration and user identification, Member management:
   • Items: ID, Name, Mobile phone number, Address, Password
   • Retention period: 90 days from the date of member withdrawal
   • Basis: Article 15 (1) 4 of the 「Personal Information Protection Act」 (Conclusion/Performance of a contract)
3. Purpose: Personalized service:
   • Items: Age, Date of birth, Gender, etc.
   • Retention period: 90 days from the date of member withdrawal
   • Basis: Article 15 (1) 4 of the 「Personal Information Protection Act」 (Conclusion/Performance of a contract)
4. Purpose: Prevention of fraudulent activities
   • Items: Age, Date of birth, Gender, etc.
   • Retention period: 12 months from the date of member withdrawal
   • Basis: Article 15 (1) 4 of the 「Personal Information Protection Act」 (Conclusion/Performance of a contract) / Article 15 (1) 6 (Achieving legitimate interests)
5. Items processed with consent
6. Purpose: Marketing and customized service provision, Promotion utilization, Statistics, Service advancement
   • Items: Name, Phone number, Email, Favorite author's name
   • Retention period: Upon withdrawal of consent or 3 years, etc.
   • Basis: Article 15 (1) 1 of the 「Personal Information Protection Act」 (Consent of the data subject)

Article 2 (Procedure and Method of Personal Information Destruction)

The Company destroys the information without delay when the personal information retention period expires or the purpose of processing is achieved. If the Company is required to continue to retain personal information according to other laws and regulations despite the expiration of the retention period agreed upon by the member or the achievement of the processing purpose, the personal information is separately stored and managed.

• Electronic files: Deleted using a technical method that prevents reproduction of the record
• Paper documents: Shredded with a shredder or incinerated

Article 3 (Provision of Personal Information to Third Parties)

In principle, the Company does not provide the data subject's personal information to external parties, but only provides it in cases where there are special provisions in the law or with consent.

• Not applicable

Unauthorized Use and Provision Without User's Consent

The Company may additionally use or provide personal information without the user's consent in accordance with Article 15 (3) or Article 17 (4) of the 「Personal Information Protection Act」.

• Recipient, Purpose of provision, Information provided, Retention and use period

Article 4 (Outsourcing of Personal Information Processing)

The Company outsources personal information processing to the following parties for smooth business processing.

Article 5 (Measures to Secure the Safety of Personal Information)

The Company takes the following measures to protect the personal information of customers.

• Administrative measures: Establishment of internal management plan, regular employee training
• Technical measures: Password setting, installation of vaccine programs, file encryption
• Physical measures: Storage of documents in cabinets with locking devices, use of shredders

Article 6 (Collection and Use of Behavioral Information)

The Company may utilize online user activity information to increase the exposure of informational advertisements reflecting the member's products of interest, etc. However, behavioral information categorized as sensitive categories such as race, religion, sexual orientation, or medical history is not used for personalized advertising.

Personalized advertising based on online behavioral information uses 'Cookies' or 'Advertising Identifiers (ADID/IDFA)' to identify and analyze behavioral information such as website visit history, app usage history, purchase and search history, and the user's interests, hobbies, preferences, and tendencies (hereinafter referred to as Behavioral Information) to provide personalized advertising.

The user has the right to choose whether to install cookies. However, refusing to install cookies may cause inconvenience in web usage and difficulties in using some services that require login.

The methods to refuse personalized advertising and cookie collection are as follows: * Android: Home > Settings > Google > Ads > Opt out of Ads Personalization (ON)
* iPhone: Home > Settings > Privacy > Tracking > Allow Apps to Request to Track (OFF)

Article 7 (Rights and Obligations of Data Subjects and the Method of Exercise)

Data subjects may request access, correction, deletion, or suspension of processing of their personal information at any time. If requested by visiting the Company, by phone, or by email, the Company will take action within 10 days. However, a legal representative or an authorized representative must submit a power of attorney, family relationship certificate, etc., to prove their status as a legitimate representative.

However, withdrawal of consent, deletion, or suspension of processing may be difficult in the following cases:

• Where there are special provisions in the law or it is unavoidable to fulfill legal obligations
• Where there is a risk of harming the body or life of another person or unfairly infringing on the property and other interests of another person
• Where the service promised to the user cannot be provided without processing the personal information, and the user has not clearly expressed their intention to terminate the contract

Article 8 (Chief Privacy Officer)

The Company designates a Chief Privacy Officer who is responsible for overseeing personal information processing matters as follows:

• Name: Dae-wook Kim
• Position: CEO (Representative)
• Contact: 070-4912-0068
• Email: [admin@bside.art]

Article 9 (Remedies for Infringement of Rights)

If you are not satisfied with the Company's own processing results, you may inquire with the following organizations:

• Personal Information Dispute Mediation Committee: 1833-6972 (without area code) (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (without area code) (privacy.kisa.or.kr)
• Identity Verification Support Center: 1433-25 (without area code) (identity.kisa.or.kr)
• Supreme Prosecutors’ Office: 1301 (without area code) (www.spo.go.kr)
• Korean National Police Agency: 182 (without area code) (ecrm.police.go.kr)

This Personal Information Processing Policy will be effective from April 1, 2026.