Dunamu (hereinafter referred to as "the Company") has created and disclosed its privacy policy as described below (“Privacy Policy”) to protect the privacy of the User and address relevant issues in a prompt and seamless manner in accordance with Article 30 of the Personal Information Protection Act (PIPA).

The Company allows the User to access this Privacy Policy easily at any time by publishing it on the first landing page of the website.

This Privacy Policy is subject to change in accordance with relevant laws and the Company’s internal policy. In case of an amendment, the Company implements version control to ensure that amended provisions are easily distinguished.

1. Purposes of Collection and Use of Personal Information

2. Period of Managing and Retaining Personal Information

3. Provision of Personal Information to Third Parties and its Transfer Overseas

4. Outsourcing of Personal Information Management

5. Rights of Users and Legal Representatives and How to Exercise the Right

6. Personal Information Items Managed

7. Procedures and Methods for the Destruction of Records Containing Personal Information

8. Measures to Ensure the Security of Personal Information

9. Cookies And Other Tracking Technologies

10. Information on the Person in Charge of Personal Information Protection and the Customer Service Department

11. Request to Access Own Personal Information

12. Methods of Redressing Rights Violation

13. Responsibility of Links to Other Websites

1. Purposes of Collection and Use of Personal Information

The Company manages personal information collected for the following purposes:

Category	Purposes
Management of UDC participants	- Operate UDC seamlessly - Manage conference reservations - Send event information and newsletters
UDC events and promotions	- Send information on UDC and advertisements
UDC online events	- Select winners of events and send out prizes

2. Period of Managing and Retaining Personal Information

The company uses the collected personal information within the period of retention in accordance with laws and regulations or within the period of retention agreed when collecting personal information from users.

Each period of use and retention of personal information is as follows.

(1) Period of Use and Retention of Personal Information for operating UDC(Upbit Developer Conference)

Type	Reasons for retention	Retention Period
Management of UDC participants	Operate UDC and manage reservations	To be disposed of safely after the conference
UDC events and promotions	Send information on UDC and advertisements	3 years after the conference
UDC online events	Select winners of events and send out prizes	To be disposed of safely after the conference

(2) Preservation by law in accordance with the provision of goods or services

Type	Legal Ground	Retention Period
Records related to withdrawal of contract or subscription	The Act on Consumer Protection in Electronic Commerce, ETC.	5 years
Record of payment and goods supply		5 years
Records of consumer complaints or disputes		3 years
User's Internet log record and other communication confirmation data	The Communication Confidentiality Protection Act	More than 3 months
Record of paying taxes and the public utilities' charge	Framework Act on National Taxes	5 years

3. Provision of Personal Information to Third Parties and its Transfer Overseas

(1) Provision of Personal Information to Third Parties

In principle, the Company does not provide the User’s personal information to third parties. It only does so if it obtains consent from the User or there are special provisions in other laws.

(2) Transfer Overseas of Personal Information

The Company uses overseas cloud services, etc., to offer seamless services and enhance User convenience. In connection with this practice, the Company may transfer personal information overseas as described below:

External Professional Contractor

Purpose

Items

Country, Contact

Date, Method

Retention & Utilization Period

Twilio Inc.

Send information email

Name, affiliation, mobile phone number, email address

USA,

privacy@twilio.com

Time of sending the email, transfer through the network during the use of services

30 days after sending an email

4. Outsourcing of Personal Information Management

For the seamless management of personal information, the Company has outsourced the management of personal information as follows:

External Professional Contractor	Task
INTERCOM Convention Services, Inc.	Pre-event and on-site operation of the UDC
Infobank Inc.	Message service on event information of the UDC
CJ OliveNetworks Co., Ltd	Send notification talk(Kakao)
KT corp., LG Uplus corp.	Send SMS
PREM Company, Inc.	Send out online event prizes

5. Rights of Users and Legal Representatives and How to Exercise the Right

① The User can always exercise the right to request that the Company allow them access to their personal information retained, correct or delete it, or suspend its management, provided that the exercise of this right may be restricted in accordance with the provisions of relevant laws, including Article 35, Paragraph 4 and Article 37, Paragraph 2 of the PIPA.

② The User can exercise their rights through means such as paper document, email, and fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the PIPA, in which case the Company shall take prompt action.

③ The User may exercise the rights stipulated in Paragraph 1 through an agent such as a legal representative or a person who has been delegated to act on the User’s behalf, in which case a power of attorney shall be submitted in accordance with Form 11 of the Appendix of the Public Notice on the Management of Personal Information (No. 2020-7).

④ A request to correct or delete personal information shall not be accommodated if such personal information must be collected in accordance with other laws.

⑤ When there is a request to access, correct, delete, or suspend the management of personal information in accordance with the User’s rights, the Company shall verify if the requestor is the User or their authorized agent.

6. Personal Information Items Managed

In case of advance reservation for the Upbit Developer Conference (UDC), the Company shall collect personal information from the User as follows:

(1) Types of Personal Information Items

Type	Personal Information Items To Be Managed
Management of UDC participants	mandatory	Name, affiliation, mobile phone number, email address, password, previous UDC attendance, occupation, influx channel
UDC events and event notifications	voluntary	Name, mobile phone number, email address, previous UDC attendance
Items automatically generated during using service	mandatory	Device information (OS, model name, carrier, device identification number, language information), IP address, service records, cookies
UDC online events	mandatory	Name, mobile phone number, email address, address [For paying taxes and the public utilities' charge] Copy of identification, resident registration number

※ In principle, the company does not collect personal information if the user is under 14 years old.

(2) How to Collect Personal Information

- Collection through the website

※ The Company has established the procedures for the user to select "Agree" or "Disagree" for each of the contents of the Company's personal information collection and usage agreement.

7. Procedures and Methods for the Destruction of Records Containing Personal Information

① The company shall destroy the information immediately after the purpose of collecting and using personal information is achieved.

② If personal information must be retained even after the retention period as agreed upon by the User expires or the purpose of management has been achieved, such personal information shall be transferred to a separate database or stored in another location.

③ Personal information shall be destroyed as follows:

(1) The personal information stored in the form of electronic files shall be deleted using a technical method that prevents the data to be recovered.

(2) the personal information printed on paper shall be shredded by a paper shredder or destroyed by incineration.

8. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the PIPA, the Company shall take managerial, technical, and physical measures which are necessary to ensure the security of personal information as stipulated in the following subparagraphs:

(1) Managerial measures

- Creation of internal management plans: The Company shall develop and implement internal plans to manage the personal information retained in a secure manner.

- Minimum staff to manage personal information and their training: The Company shall keep the size of the staff responsible for managing personal information to a minimum required for the work and instill the importance of personal information in them by taking managerial measures including the training of the staff.

(2) Technical measures

- Control of access to the personal information management system: The Company shall take measures necessary to control access to personal information by granting, modifying, or revoking access to the database system and shall use the intrusion prevention system to block unauthorized access from outside.

- Encryption of personal information: The Company shall use safe algorithms to encrypt personal information before storing and managing such information.

- Technical measures against attacks such as hacking: The Company shall strive to prevent the User’s personal information from being leaked or compromised due to hacking or computer viruses. It shall back up data on a continued basis in response to the potential leakage or compromise of the User’s personal information and shall ensure personal information is transmitted securely on the network by leveraging encrypted communication etc.

(3) Physical measures

- The Company shall place its systems in a location which is not accessible by external entities to prevent the leakage or compromise of the User’s personal information and shall create and implement access control procedures.

9. Cookies And Other Tracking Technologies

We may also collect specific information through the use of "cookies" and other tracking technologies. Cookies refer to a small packet of information sent to the User’s computer browser by the server which is used to manage the website (http).

(1) Purpose of Using Cookies

Cookies support more rapid web environments for users by storing users' preferred settings and are used for the improvement of services to allow for the more convenient use of Services. By doing so, cookies allow Users to use services more easily.

(2) Installation, Operation and Rejection of Cookies

Applicants / Users have an option to either install cookies, refuse to accept/store cookies or delete them at any time.

(3) How to block the storage of Cookies

- Internet Explorer: Select Tool Menu > Select Internet Options > Click Personal Data Tab > Setting the Level of Handling Personal Data

- Chrome: Select Settings Menu > Privacy and security > Cookies and other site data > Set-Cookie Level

- Safari: Select Environmental Setting Menu > Click Personal Data Tab > Setting the Level of Cookie and Website Data

10. Information on the Person in Charge of Personal Information Protection and the Customer Service Department

① In order to protect the personal information of the user and to deal with complaints related to personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.

(1) Customer Service Department

ㆍ Customer Service Department: UDC Secretariat (INTERCOM Inc.)
ㆍ Secretariat Tel: +82 2-3453-2937
ㆍ Contact: udc_reg@upbit.com (Inquiry on UDC)

(2) Person in Charge of Personal information Protection

Position

Name

Team in Charge

Contact / Email

Person in Charge of Personal information Protection

SungBae Kim

Information Security Team(Dunamu Inc.)

1588-5682(Customer Service)

cs@upbit.com

Personal information Protection Manager

Taesung Park

② The User may notify all personal information protection complaints that occur while using company's services to the person in charge of personal information protection or the relevant department. The company shall respond promptly to the users' complaints promptly.

11. Request to Access Own Personal Information

The User can make a request for accessing their personal information retained in accordance with Article 35 of the PIPA to the following team:

▶ Team responsible for receiving and processing requests for accessing personal information retained

- Team in charge: Operation Support Team

- Contact: 1588-5682(Customer Service)

- email: cs@upbit.com

12. Methods of Redressing Rights Violation

If you need to report or consult about other personal information infringement, please contact the following organizations.

ㆍ Privacy Infringement Reporting Center (privacy.kisa.or.kr / 118 without area code)
ㆍ Supreme Prosecutor's Office (www.spo.go.kr / 1301 without area code)
ㆍ National Police Agency (cyberbureau.police.go.kr / 182 without area code)
ㆍ Personal Information Dispute Resolution Committee (www.kopico.go.kr / 1833-6972)

13. Responsibility of Links to Other Websites

The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and Affiliates. Please note that the Company has no control over the external websites, so the Company cannot guarantee or be held responsible for the usefulness, authenticity, and legality of the service or data provided to the User through the external sites. Also, the privacy policies of the linked external websites are not relevant to the Company, so please check their policies.

Enforcement Date of Personal Information Management Policy V1.7: July 28, 2021

You can find the previous version of Privacy Policy by clicking the link below.