Purpose

This Privacy Policy is for Oscar Futurera Inc. (the "Company"). OFOTD (hereinafter referred to as the "Site") is owned by the Company, based in Seoul, South Korea. Where the present terms of service ("Terms of Service" or "Agreement") refers to the Site it may refer to the Company or both, depending on the context. These Terms of Service constitute a legally binding agreement between you and the Site ("we", "us," "OFOTD", the "Company"), governing your use of the Site and social media platforms, regardless of the means of access. The Site and social media platforms together are hereinafter collectively referred to as the Site. If you do not agree to be bound by the Terms of Service, promptly exit the Site or social media platform, as applicable, and refrain from any future use of the Service. The Site, operated by Oscar Futurera Inc., values customer information and complies with relevant laws such as the "Personal Information Protection Act." In order to adhere to this, we have established this [Privacy Policy]. The [Privacy Policy] may change due to government guidelines, policy modifications, or other reasons. We kindly ask our customers to check it regularly when visiting the Site.

※ "This Agreement shall also apply to electronic commerce utilizing PC communication, wireless communication, and other methods, as long as they do not contradict the nature of this agreement.”

[1] Collection Items and Collection Methods of Personal Information

1. The Company values your personal information and complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection."
2. The Company may select a natural person or a legal entity as a data controller to process user personal information in accordance with requests, and such entity may act as its representative (hereinafter referred to as the "Controller"). The Company promises to select Controllers that provide sufficient guarantees for technical and organizational security measures for personal information processing.
3. Collected personal information items: The Company collects the following personal information for purposes such as membership registration, consultation, and service application.

   Data Collection	Source Data Collected
   when registering for membership	Name/Date of Birth/Gender/Login ID/Password/Home Phone Number/Mobile Phone Number/Email/Information of legal representative for users under 14
   when applying for services	Address/Payment Information
   when using service	Service Usage Records/Access Logs/Cookies/Access IP/Payment Records

4. Collection Methods: Information can be collected through the website, written forms, bulletin boards, email, event participation, delivery requests, phone calls, faxes, and data collection tools.

[2] Purpose of Collecting and Using Personal Information

1. The Company utilizes the collected personal information for the following purposes:

   Personal Information	Purpose of Use
   Identity and Profile Information	Used to create the user's service account.
   Contact and Transaction Information	Used to process user's orders and purchases.
   Device, Usage, and Technical Information	Utilized to enhance the functionality of the service on various devices using user's device information.
   Marketing and Communication Information	Employed to transmit marketing and communication related to various promotions and offerings.

2. This Privacy Policy serves to inform users of the methods through which the Company processes data and ensures that users are aware before accessing specific website pages and providing personal data. Users are required to familiarize themselves with this Privacy Policy before providing personal data through forms provided on each page of the website. Personal data is primarily processed through automated means, and this process is aligned with the purposes outlined in section 3.
3. The Company takes precautions to ensure the secure processing and confidentiality of users' personal information, implementing all necessary measures to prevent the loss, misuse, damage, or deletion of personal data.
4. Additionally, the Company collects specific personal information to identify users and provide optimized, personalized user experiences. This collection aims to rectify potential errors within the website. The collected data pertains to user connections (IP address, geographical location, access date and time, viewed and/or used pages, etc.) and the devices associated with those connections.

[3] Retention and Use Period of Personal Information

1. Grounds for Retaining Information Pursuant to Company Policy

   Even in cases where a member withdraws, the Company retains member information to ensure the smooth provision of services and to prevent the improper use of services, as outlined below:

   Information Type	Retention Reason	Retention Period
   Records of improper/malicious use (including personal information of improper/malicious users)	Prevention of improper and malicious service usage, prevention of re-registration of improper/malicious users	1 year

2. Information Retention Based on Applicable Laws

   The Company complies with the provisions of relevant laws, including the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc. It retains member information for a certain period as stipulated by relevant laws.

   Information Record and Type Based on Applicable Laws	Retention Reason	Retention Period
   Payment and supply records of goods, etc.	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	5 years
   Record of payment settlement and supply of goods, etc.	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	5 years
   Record of consumer complaints or disputes	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	3 years
   Service visit records	Article 15-2 of the Protection of Communications Secrets Act	3 months

[4] Outsourcing of Personal Information Processing

1. The Company outsources personal information processing tasks as follows for efficient management of personal information-related tasks.

   Service Provider (Processor)	Outsourced Task
   Eximbay	Payment processing service (Worldwide)
   PAYPAL	Simple payment service (Worldwide)
   Toss Payments	Payment processing service
   EMS	Delivery of ordered products (Worldwide)
   FEDEX	Delivery of ordered products (Worldwide)
   DHL	Delivery of ordered products (Worldwide)
   UPS	Delivery of ordered products (Worldwide)

   1. When entering into an outsourcing contract, the Company specifies matters such as the prohibition of personal information processing beyond the purpose of performing the entrusted task according to Article 26 of the "Personal Information Protection Act," technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the trustee, liability for damages, etc., in documents such as contracts. The Company also oversees whether the trustee processes personal information securely.
   2. In the event of changes in the content of the entrusted task or the trustee, the Company will promptly disclose such changes through this Privacy Policy.

[5] Transfer of Personal Information

1. When customers make purchases or provide consent to receive marketing notifications on the Site, the Company entrusts the Site (ofotd.com) with tasks such as product delivery, marketing, and providing information about new products/events. The entrusted entities are required to handle personal information securely in accordance with relevant privacy laws. The necessary matters are specified, managed, and supervised by the entrusted entities.

   Recipient of Transfer	Transferred Items	Date and Method of Transfer	Purpose and Processing Period	Information Management Responsible and Contact
   OFOTD	Name, Address, Contact Information (Safe Number), Name, ID, Email, Mobile Information, Gender, Personal Customs Clearance Number	Immediately after placing an order, transferred through database integration with our systems	- Product delivery to ofotd.com members	oscar@ofotd.com

   *Up to 1 year after membership withdrawal or withdrawal of consent mail to oscar@ofotd.com.

[6] Procedure and Method of Personal Information Disposal

The Company generally disposes of personal information without delay after the purpose of collection and use has been achieved. The procedure and method of disposal are as follows:

1. Disposal and Separation Storage Procedure: Information provided by members for membership registration, etc., is transferred to a separate database or table after the purpose is achieved (in the case of paper, a separate filing cabinet). This information is stored for a certain period according to internal policies and other relevant laws (refer to retention and use period) and is then disposed of. Personal information transferred to a separate database or table will not be used for other purposes except as required by law.
2. Disposal Method: Personal information printed on paper is shredded by a shredder or incinerated for disposal. Personal information stored in electronic file format is deleted using technical methods that prevent data recovery.
3. Disposal of Personal Information of Non-Using Customers, etc.: Based on the exception of Article 39-6 of the Personal Information Protection Act, the Company protects user privacy by disposing of personal information of members who have not used the service for one year after prior notice or by storing it separately. However, if a separate period is specified by other laws, the user's personal information is stored during that period.
4. Exceptional Situations: While personal information is not generally provided to external parties, exceptions apply in the following cases:
   • When the user has given prior consent
   • When required by law or when a law enforcement agency requests according to the procedures and methods specified by law

[7] Installation, Operation, and Rejection of Personal Information Automatic Collection Devices

The Company may use ‘Cookies’ to provide personalized services. Cookies are small data packets sent by an HTTP server to the user's browser and stored on the user's computer hard drive. Cookies identify your computer but do not personally identify you.

[8] Purpose and Authority of Cookie Usage

The Company uses cookies for the following purposes:

1. Based on cookies set when members and non-members connect, providing convenient internet services by maintaining the service usage environment.
2. Analyzing the visit and usage behavior of members and non-members to provide optimized services.
3. Cookies identify the user's computer but do not personally identify the user. Cookies are expired when the browser is closed or when the user logs out.

[9] Methods to Reject Cookie Settings

Customers have the option to choose cookies installation. Therefore, customers can allow or reject all cookies through the settings of the web browser or set it to ask for confirmation every time cookies are saved.

[Example of Setting Method]

1. For Microsoft Edge: Settings menu on the right side of the web browser > Cookies and site permissions > Manage and delete cookies and site data
2. For Chrome: Settings menu on the right side of the web browser > Privacy and security > Site settings > Cookies and site data

[10] Complaints Services Regarding Personal Information

Members' personal information is primarily protected by the member's ID and password. The Company has established technical and managerial measures to ensure the safety of processing members' personal information and prevent its leakage, alteration, or damage.

• Inspection of personal information
• Correction in case of errors
• Request for suspension of personal information processing and refusal
• Filing objections against personal information processing

1. Technical Measures
   1. Member account passwords are encrypted and stored, ensuring that only the account holder can know them. Therefore, confirming and modifying personal information requiring account login can only be done by the account holder who knows the ID and password.
   2. Data is regularly backed up to prevent data loss and the latest antivirus programs are used to prevent leakage or damage of members' personal information or data due to computer viruses, etc.
   3. For payments and other transactions, security devices are adopted to securely transmit personal information over the network.
   4. To prevent information leakage due to hacking, intrusion prevention systems (firewalls) are used to control unauthorized external access, and all possible technological devices are employed to secure system-level security.
2. Managerial Measures
   1. When handling personal information by request from the member's password, etc., the Company makes the best effort to verify the individual's identity in the most secure manner and ensure safe processing of information.
   2. Access to personal information is limited to those in charge of personal information management tasks such as the personal information protection manager and other individuals who inevitably need to handle personal information for work purposes. Ongoing education for employees processing personal information emphasizes compliance with the personal information processing policy.
3. Membership Termination
   1. When a user withdraws consent (cancels membership), the Company follows the principle of promptly disposing of personal information. However, if required by related laws to retain the information, the Company processes it in accordance with the processing and retention period specified in this personal information processing policy and ensures that access or usage is only allowed in necessary cases.

[11] Personal Information Protection Manager / Request for Access to Personal Information

1. The Company is committed to providing customers with a safe way to use valuable information. In the event of an incident that contradicts the matters notified to customers regarding personal information protection, the personal information protection manager assumes full responsibility. For the protection of personal information and the handling of complaints related to the processing of personal information, the Company designates a personal information protection manager as follows:
   • Personal Information Protection Officer: Hyung Wook Kim
   • Affiliation: Oscar Futurera Inc.
   • Service Team: +82-70-4647-0821
   • Email: oscar@ofotd.com
2. While using the Company, customers can report all personal information protection-related complaints to the personal information management officer or the relevant department. The Site will promptly provide sufficient responses to user-reported issues.

Despite implementing technical security measures, the Company is not responsible for accidents caused by basic network risks such as hacking, unforeseen damage to information, or disputes arising from visitor-posted content.

[12] Methods of Remedying Infringement of Rights

If you are dissatisfied with the Company’s internal resolution or need additional assistance, you can apply for dispute resolution or consultation through organizations such as the Korea Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center. For other reports or consultations regarding personal information infringement, please contact the organizations below:

• Korea Personal Information Dispute Mediation Committee: 1833-6971 (www.kopico.go.kr)
• Korea Internet & Security Agency Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Cyber Investigation Division of the Prosecutor's Office: 1201 (www.spo.go.kr)
• Cyber Crime Investigation Unit, Korean National Police Agency: 182 (ecrm.cyber.go.kr)
• Cyber Crime Investigation Unit, Korean National Police Agency: 182 (https://ecrm.cyber.go.kr/minwon/main)

[13] Notice of Changes to Personal Information Processing Policy

1. This personal information processing policy may be changed due to government policies, laws, or the requirements of the Company. In the event of additions, deletions, or corrections to the content, the Company will provide prior notice through the homepage, email, etc., 7 days before the changes take effect. If prior notice is difficult, the Company will announce the changes as soon as possible.
2. However, if important matters such as the purpose of collecting and using personal information or the recipients of third-party disclosures are added, deleted, or corrected, the Company will provide prior notice 30 days before the changes take effect.

Announcement Date: 2024.03.16

Effective Date: 2024.03.17