This standard Terms of Use is prepared in both Korean and English. In the event of any conflict in interpretation or translation between the Korean and English versions, the Korean version shall prevail.

Article 1 (Purpose)

Hoppers Co., Ltd. (hereinafter referred to as the “Company”) establishes this Privacy Policy (hereinafter referred to as the “Policy”) to protect the personal information (hereinafter referred to as “Personal Information”) of individuals (hereinafter referred to as “Users”) who utilize the services provided by the Company (hereinafter referred to as “Company Services”). This Policy ensures compliance with applicable laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the “Information Network Act”), and aims to address any privacy-related grievances promptly and effectively.

Article 2 (Principles for Handling Personal Information)

The Company collects Users’ Personal Information in accordance with relevant laws and this Policy. Collected Personal Information may only be provided to third parties with the User’s consent. However, in cases mandated by law, the Company may provide Personal Information to third parties without prior consent.

Article 3 (Public Access to This Policy)

The Company makes this Policy easily accessible to Users through its homepage or a linked page. The Policy is displayed using text size, colors, and formatting that ensure easy readability.

Article 4 (Changes to This Policy)

This Policy may be revised due to changes in relevant laws, guidelines, notifications, or policies of the government or the Company’s services. When revisions occur, the Company notifies Users using one or more of the following methods:

• Announcement on the homepage or through a pop-up window.
• Notice via email, fax, or other similar means.
• The notice will be made at least seven days before the implementation date of the changes. For significant changes affecting User rights, notice will be provided at least 30 days in advance.

Article 5 (Information for Membership Registration)

To facilitate User membership for Company Services, the Company collects the following information:

• Required Information: Email address, password, name, nickname, date of birth, and mobile phone number.
• Optional Information: Profile picture, occupation.

Article 6 (Information for Identity Verification)

For User identity verification, the Company collects the following:

• Required Information: Mobile phone number, email address, name, date of birth, gender, identity verification values (CI, DI), telecom carrier, I-PIN information (for I-PIN verification), and nationality.

Article 7 (Information for Payment Services)

To provide payment services, the Company collects the following:

• Required Information: Card number, card password, expiration date, date of birth (YY/MM/DD), bank name, and account number.

Article 8 (Information for Issuing Cash Receipts)

For issuing cash receipts, the Company collects the following:

• Required Information: Name, date of birth, address, mobile phone number, and cash receipt card number.
• Optional Information: Business registration number.

Article 9 (Information for Service Provision)

To provide Company Services, the Company collects the following:

• Required Information: ID, email address, name, date of birth, and contact information.
• Optional Information: For physical goods, name, phone number, and address. For mobile goods, phone number. For tax-related matters, name, resident registration number, phone number, address, and email address.

Article 10 (Information for Service Use and Misuse Monitoring)

To analyze service usage and prevent misuse, the Company collects:

• Required Information: Service usage records, cookies, access logs, and device information.

Misuse includes activities like repeated membership withdrawals and re-registrations, exploitative actions for economic benefits (e.g., abuse of discounts or event perks), and any acts prohibited under the terms of service.

Article 11 (Methods of Collecting Personal Information)

The Company collects Personal Information through the following methods:

1. Direct input on the Company’s website.
2. Input via applications or other non-website services provided by the Company.
3. Information provided by Users via email.
4. Data input during customer support inquiries or forum activities.

Article 12 (Use of Personal Information)

The Company uses Personal Information for the following purposes:

• Communicating notices essential for Company operations.
• Responding to User inquiries and improving services.
• Providing Company Services.
• Restricting service usage in cases of policy violations, preventing misuse, and ensuring smooth service operations.
• Developing new services.
• Marketing activities such as event announcements.
• Demographic analysis and service usage analytics.
• Facilitating interactions between Users based on Personal Information and interests.

Article 13 (Retention and Usage Period)

The Company retains and uses Personal Information for the duration required to achieve its collection purposes. Notwithstanding this period, records related to misuse are stored for up to one year after membership withdrawal to prevent re-registration and misuse.

Article 14 (Retention Period According to Laws)

The Company retains Personal Information in compliance with applicable laws:

1. Records of contracts or cancellations: 5 years.
2. Records of payments or supply of goods: 5 years.
3. Records of consumer complaints or disputes: 3 years.
4. Advertising records: 6 months.
5. Website log data: 3 months.
6. Records of electronic financial transactions: 5 years.
7. Personal location data: 6 months.

Article 15 (Principles of Data Destruction)

The Company promptly destroys Personal Information that is no longer needed due to the fulfillment of its processing purposes or the expiration of retention periods.

Article 16 (Destruction Procedure)

Collected Personal Information is moved to a separate database (or file storage for physical documents) and stored for a retention period as per relevant laws before being destroyed.

Article 17 (Destruction Methods)

• Electronic data: Irretrievable deletion using technical methods.
• Physical documents: Shredding or incineration.

Article 18 (Transmission of Promotional Information)

The Company sends promotional information only with explicit prior consent from Users. Exceptions include promotional activities within six months of a direct transaction. Promotional materials sent outside of permitted hours (9 PM to 8 AM) require additional consent.

Article 19 (Protection of Children’s Personal Information)

Membership is limited to individuals aged 14 and above. For those under 14, consent from a legal representative is required, and additional information about the representative is collected.

Article 20 (User Obligations)

Users must keep their Personal Information accurate and are responsible for issues arising from inaccurate submissions. Users are prohibited from transferring or lending their credentials to third parties.

Article 21 (Management of Personal Information)

The Company employs technical and administrative measures to safeguard Personal Information against loss, theft, leakage, or alteration.

Article 22 (Deleted Information Management)

Deleted Personal Information is handled per the retention periods outlined in this Policy and cannot be accessed or used for other purposes.

Article 23 (Password Encryption)

Passwords are encrypted using a one-way hashing method, and access is restricted to the individual User.

Article 24 (Measures Against Hacking)

The Company uses the latest security measures to protect Personal Information from unauthorized access, including antivirus software and intrusion prevention systems.

Article 25 (Minimization and Training)

Personal Information handlers are limited to a minimum number of staff and are trained on compliance with laws and internal policies.

Article 26 (Response to Breaches)

In case of a breach, the Company promptly notifies affected Users and relevant authorities, disclosing necessary details.

Article 27 (Exceptions for Notification)

If Users cannot be contacted, the Company may post notifications on its homepage for at least 30 days.

Article 28 (Transfer of Personal Information Overseas)

The Company ensures compliance with relevant laws for any international transfer of Personal Information. Required disclosures include data items transferred, destination, recipients, and usage purposes.

Article 29 (Use of Cookies)

Cookies are used to improve service quality and offer personalized experiences. Users can manage cookie settings through their browser options.

Article 30 (Cookie Management Settings)

• Edge: Settings > Cookies and site permissions.
• Chrome: Settings > Privacy and security > Cookies.
• Whale: Settings > Privacy > Cookies.

Article 31 (Data Protection Officer)

• Name: Jeong Hyun Cho
• Title: CEO
• Phone: +82-10-4768-6154
• Email: jeong@hoppers.kr

Article 32 (Relief Measures for Rights Infringement)

Users may seek mediation or file complaints with the following organizations:

• Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutor’s Office: 1301 (spo.go.kr)
• National Police Agency: