Privacy Policy (English Version)

Effective Date: January 1, 2025

Maxwave (hereinafter referred to as the “Company”) complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and all other relevant laws and regulations related to personal information.
The Company establishes and discloses this Privacy Policy to protect the rights and interests of its users by informing them how their personal information is collected, used, and what measures the Company takes to safeguard it.

If the Company revises this Privacy Policy, it will announce the changes through the website notice board or through individual notifications.

---

1. Items of Personal Information Collected and Methods of Collection

A. Items of Personal Information Collected

The Company collects the following personal information for purposes such as membership registration, guest purchase, consultation, and prevention of fraudulent use:

1) Members

• Membership Registration

• Required: Name, ID, Password, Email, Mobile Phone Number

• Optional: Date of Birth

• Social Sign-Up (Kakao)

• Required: Profile information (nickname/profile photo), Name, Email, Date of Birth, Mobile Phone Number

• Optional: Kakao account phone number

• Social Sign-Up (Naver)

• Required: Unique User Identifier, Name, Email, Mobile Phone Number

• Optional: Nickname, Profile Photo, Gender, Age Group, Date of Birth

• Social Sign-Up (Facebook)

• Required: Name, Profile Photo, Email, Date of Birth, Mobile Phone Number

• Purchases

• Required:

  • Orderer information (Name, Mobile Phone Number, Email)

  • Recipient information (Name, Mobile Phone Number, Address)

---

B. Methods of Collection

The Company collects personal information through the following methods:

• When users voluntarily enter required information during membership registration (e.g., name, email, phone number, address).

• When participating in surveys, events, or promotional activities.

• Sensitive information (race, ethnicity, ideology, origin, political tendencies, criminal records, health information, sexual life, etc.) is not collected. If unavoidable, separate consent will be obtained.

• Collected information will not be used for purposes other than those disclosed or shared externally without prior notice and user consent.

---

2. Purpose of Collection and Use of Personal Information

The Company uses collected personal information for the following purposes:

A. Fulfillment of Service Contracts and Delivery of Services

• Content provision, purchase and payment processing

• Product shipping and billing

• Financial authentication and related services

B. Member Management

• Identity verification and authentication

• Prevention of unauthorized use or fraudulent membership

• Confirmation of membership intent

• Handling complaints and inquiries

• Delivery of important notices

C. Marketing and Advertising

• Providing event and promotional information

• Analysis of access frequency and service usage statistics

• Offering personalized services and recommendations

---

3. Retention and Use Period of Personal Information

In principle, personal information is destroyed immediately once its purpose has been fulfilled. However, information may be retained for a certain period as required by applicable laws:

• Records of contract or withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)

• Records of payment and supply of goods: 5 years

• Records of consumer complaints or dispute resolution: 3 years

• Information collected for temporary purposes (surveys, events): Until the activity ends

• Log records: 3 months (Protection of Communications Secrets Act)

---

4. Procedures and Methods for Destroying Personal Information

A. Destruction Procedure

• Information provided by users is transferred to a separate database once the intended purpose is met.

• Records stored in separate databases are retained only for the required period and are not used for any other purpose unless mandated by law.

B. Destruction Method

• Printed documents: Shredded or incinerated

• Electronic files: Permanently deleted using technical methods preventing recovery

---

5. Provision of Personal Information to Third Parties

The Company does not use personal information outside the stated purposes or disclose it to third parties without user consent, except in the following cases:

• When the user has given prior consent

• When required by law or upon legitimate request from investigative authorities following due process

---

6. Outsourcing of Personal Information Processing

If the Company outsources personal information processing tasks, it will notify users in advance of the outsourced party (“Data Processor”) and the scope of outsourced tasks.
(Information on current Data Processors will be listed here.)

Retention and Use Period: Until membership withdrawal or termination of the outsourcing contract.

---

7. Rights of Users and Legal Guardians, and How to Exercise Those Rights

A. Rights

Users and legal guardians may at any time access, correct, or request deletion of their personal information or that of children under 14.

B. How to Exercise

• Users may correct or delete their information through “Edit Personal Information” or “Account Settings.”

• Membership withdrawal is available through the “Delete Account” function.

• Requests may also be made via written request, phone, or email to the Personal Information Protection Officer.

• If correction is requested, the information will not be used or shared until correction is completed.

• If incorrect information has already been shared with third parties, the Company will notify them without delay to ensure correction.

C. Deleted information

Deleted or withdrawn information is handled per Article 3 and is not accessible for any other purpose.

---

8. Use of Cookies

The Company uses cookies to store user information and provide personalized services.

A. Purpose of Cookies

• Analyze visit frequency and patterns

• Identify user interests, preferences, and behavior

• Track participation in events

• Provide targeted marketing and personalized services

Users may choose to allow, block, or require confirmation for cookie installation through browser settings.

B. Cookie Settings Guide

Example (Internet Explorer):
Tools → Internet Options → Privacy

Note: Blocking cookies may result in limited service functionality.

---

9. Technical and Administrative Measures for Protecting Personal Information

A. Technical Measures

• Encryption of personal data (storage and transmission)

• Secure password protection and encrypted transmission of important data

• Use of updated antivirus software with 24-hour monitoring

• SSL encryption for secure transmission

• 24-hour intrusion detection and prevention system operation

Users must responsibly manage their own login information. The Company is not liable for losses caused by user negligence (e.g., phishing, password sharing).

B. Administrative Measures

• Regular security training for employees handling personal information

• Security pledge signed by all employees

• Strict management of access rights and separation of servers storing personal data

• Controlled access to computer rooms and data storage rooms

• Enforcement of responsibility for personal information breaches even after employment termination

---

10. Personal Information Protection Officer

The Company appoints the following Personal Information Protection Officer:

• Name: Choo Yeonwoo

• Phone: 1811-1266

• Email: (to be provided)

The Company will respond promptly and sincerely to all inquiries regarding personal information.

---

11. Customer Support for Personal Information Matters

Department Handling Privacy Inquiries

• Department: CS Team

• Phone: 1811-1266

• Email: (to be provided)

Users may submit complaints related to personal information to the above contacts.
For additional support, users may contact the following agencies:

• Personal Information Dispute Mediation Committee: 1833-6972 (https://kopico.go.kr)

• Supreme Prosecutors’ Office Cyber Bureau: 1301 (http://spo.go.kr)

• National Police Agency Cyber Safety Bureau: 182 (https://www.police.go.kr/www/security/cyber.jsp)

• Korea Internet & Security Agency (KISA): 118 (https://privacy.kisa.or.kr)

---

12. Obligation to Notify

A.

The Company makes this Privacy Policy easily accessible on the homepage for users to review at any time.

B.

If changes are made due to revisions in laws or security technologies, the Company will notify users prior to implementation.

C.

This Privacy Policy may be updated periodically. Users are encouraged to review it whenever visiting the website.

---

This Privacy Policy is effective as of January 1, 2025.