Sierra BASE (hereinafter referred to as the “Company”) complies with the personal information protection regulations required under applicable laws and regulations that information and communications service providers must follow, including the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and does its best to protect users’ rights and interests by establishing a Privacy Policy in accordance with applicable laws and regulations.
This Privacy Policy may be changed due to amendments to laws or guidelines related to personal information protection or changes in the Company’s policies, so please check it regularly when visiting our website.

The Company’s Privacy Policy is as follows.

1. “Personal Information” means information about a living individual that can identify a specific individual by name, resident registration number, etc., including codes, characters, voice, sound, images, and video (including information that cannot identify a specific individual by itself but can be easily combined with other information to identify the individual).
2. “User” means a person who accesses Sierra BASE’s website (https://www.sierrabase.co.kr/) and receives services provided by the Company in accordance with these terms.

The Company has prepared a procedure that allows users to click the “Agree” button or the “Disagree” button regarding the contents of the Company’s Privacy Policy or Terms of Use.
If the user indicates consent, the user will be deemed to have agreed to the collection of personal information.

1. The Company collects the following personal information to provide smooth customer consultations and various services. [Online Inquiry / Newsletter Collection Items]
   1. Online inquiries, responses, and customer support: name, email address, mobile phone number
   2. Newsletter subscription and delivery: name, email address
   3. IP address: cookies, visit date and time, service usage records
2. Methods of collecting personal information
   The Company collects personal information through the following methods.
   1. Website inquiry board, telephone, email

1. If the Company collects personal information of children under the age of 14, it obtains consent from the legal representative.
2. The legal representative of a child under the age of 14 may request to view, correct, or withdraw consent for the child’s personal information, and upon such a request, the Company will take necessary measures without delay.

1. Service provision
   1. Use of various content provided to users and responding to consultation inquiries
   2. Handling complaints and other civil petitions, delivering notices
2. Utilization for new service development and marketing/advertising
   1. Delivering promotional information such as events, and shipping goods for event winners
   2. Developing and specializing new services, providing services and placing advertisements based on demographic characteristics
   3. Identifying access frequency or compiling statistics on users’ service usage

The Company retains and uses users’ personal information only for the period during which it provides services.
The Company will destroy the relevant personal information without delay when consent to collection and use is withdrawn, when the purpose of collection/use is achieved or the retention/use period expires, or when reasons such as business closure arise.
However, the following information is retained for the period specified below for the reasons stated.

1. Act on Consumer Protection in Electronic Commerce, etc.
   1. Personal information and consultation details provided at the time of inquiry submission: retained for 3 years
   2. Records related to consumer complaints or dispute resolution: retained for 3 years

In principle, the Company destroys personal information without delay once the purpose of use has been achieved, in accordance with the retention and use period.
The Company’s procedures and methods for destruction of personal information are as follows.

1. Destruction procedure
   1. Information entered for site use is stored for a certain period in accordance with internal policies and reasons for information protection under relevant laws (see “Retention and Use Period”), and then deleted or destroyed.
2. Destruction method
   1. Personal information stored in electronic file form is deleted using technical methods that make the records irrecoverable.
      Personal information printed on paper is destroyed by shredding or incineration.

The Company uses users’ personal information within the scope notified in Article 4, and will not use it beyond that scope or provide it externally without the user’s prior consent, in principle.

To provide better services, the Company may provide or share users’ personal information with third parties. In such cases, the Company will either individually notify and obtain consent in advance via email or written notice regarding who will receive the information, what personal information will be provided or shared, why the information must be provided or shared, and how and until when it will be protected and managed, or may obtain consent through the terms at the time of inquiry submission. If the user does not consent, the Company will not provide or share the information with third parties. The same procedure will be followed to notify or obtain consent if there is any change in the third-party provision/sharing relationship or when the relationship ends.

However, the following cases are exceptions.

1. When the user has agreed in advance to the disclosure of personal information
2. When required by laws and regulations, or when an investigative agency requests it in accordance with procedures and methods prescribed by law for investigative purposes

The Company outsources personal information processing as follows to improve services, and stipulates in outsourcing agreements, in accordance with relevant laws and regulations, that personal information will be managed safely.

When entering into an outsourcing agreement, the Company specifies in documents such as the contract, pursuant to Article 26 of the Personal Information Protection Act, matters including prohibition of processing personal information beyond the purpose of outsourced work, technical and administrative safeguards, restrictions on re-outsourcing, management and supervision of the service provider, and liabilities such as damages, and supervises whether the service provider processes personal information safely.

If the outsourced work or the service provider changes, the Company will disclose it without delay through this Privacy Policy.

1. Users may view or modify their registered personal information at any time, and may request deletion.
2. To view or modify personal information, users may use “Edit Information,” and to cancel membership (withdraw consent), users may contact the Chief Privacy Officer in writing, by phone, or by email.
3. If a user requests correction of an error in personal information, the Company will make the correction as quickly as possible.
   In addition, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction results without delay so that the correction can be made.
4. The Company processes personal information terminated or deleted at the user’s request in accordance with “5. Retention and Use Period of Personal Information,” and ensures it cannot be accessed or used for any other purpose.

Cookies are small pieces of information that a website server transmits to the user’s computer. They contain information about the website visited and the user’s personal information needed to verify the provision of services. Users can refuse to receive cookies or change their web browser settings to warn them when cookies are received. The Company may transmit cookies to the user’s computer when it deems them necessary for the use of web services, as follows.

1. Purposes of using cookies: providing differentiated information according to individual interests; analyzing access frequency or usage time to understand users’ preferences and interests and utilize them for targeted marketing; tracking information the user viewed with interest to provide personalized services; analyzing users’ habits as a metric to consider service improvements; and they may be collected and used through posting on the board.
2. Installation/operation and refusal of cookies
   1. Users have the option to allow cookies, and may set their web browser options to allow all cookies, to prompt confirmation whenever a cookie is saved, or to refuse to save all cookies.
   2. However, if users refuse to save cookies, some services of the Company may be difficult to use.
   3. How to configure cookies
      Firefox: https://support.mozilla.com/ko/kb/disable-third-party-cookies
      Chrome: https://support.google.com/chrome/answer/95647?hl=ko&topic=14666&ctx=topic
      Internet Explorer: https://support.microsoft.com/ko-kr/help/17442
      Safari: https://support.apple.com/ko-kr/guide/safari/sfri11471/mac

To ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged, the Company establishes the following technical and administrative measures when processing users’ personal information.

1. Technical measures
   1. Users’ personal information is thoroughly protected. Users must not disclose their personal information to anyone.
      To this end, the Company basically recommends closing the web browser online after finishing use on a PC. In particular, if a PC is shared with others or used in public places (such as a company, school, library, or internet café), the above steps are even more necessary to prevent personal information from being disclosed to others.
   2. The Company takes measures to prevent users’ personal information from being leaked or damaged due to hacking or computer viruses by using antivirus programs.
      The Company frequently backs up data in preparation for damage to personal information, uses up-to-date antivirus programs to prevent leakage or damage to users’ personal information or data, enables secure transmission of personal information on the network through encrypted communication, controls unauthorized external access using an intrusion prevention system, and strives to implement all possible technical measures to secure system security.
2. Administrative measures
   1. To safely protect users’ personal information, the Company limits employees who handle personal information to designated personnel, assigns separate passwords for this purpose and updates them regularly, and continually emphasizes compliance with the Company’s Privacy Policy through periodic training for staff on new security technologies and obligations to protect personal information.
   2. However, the Company bears no responsibility whatsoever for issues arising from leakage of personal information caused by the user’s negligence or problems on the internet.

Users may report all complaints related to personal information protection that occur while using the Company’s services to the Chief Privacy Officer or the responsible department.
The person in charge of personal information processing and the 담당 department will respond promptly and faithfully to inquiries related to personal information.

Name: Administrator
Department: Security Business Division
Position: Division Head
Contact: privacy@abc.com

If you need to report or consult regarding personal information infringement, please contact the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA). In addition, if you have suffered financial or emotional damage due to personal information infringement, you may apply for relief to the Personal Information Dispute Mediation Committee of the Korea Internet & Security Agency (KISA).

Personal Information Infringement Report Center (http://www.cyberprivacy.or.kr, Tel. 1336)
Personal Information Dispute Mediation Committee (http://www.kopico.or.kr, Tel. 1336)
Privacy Mark Certification Committee (http://www.privacymark.or.kr, Tel. 02-580-0533)
Supreme Prosecutors’ Office Internet Crime Investigation Center (http://www.spo.go.kr, Tel. 02-3480-3600)
National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr, Tel. 02-392-0330)
National Police Agency (http://www.police.go.kr)

If there are any additions, deletions, or revisions to this Privacy Policy, the Company will provide advance notice through “Announcements” at least 7 days prior to the effective date of the revision. However, if a significant change occurs to the data subject’s rights—such as changes to the items of personal information collected or the purposes of use—the Company will provide notice at least 30 days in advance, and may obtain the data subject’s consent again if necessary.

Notice date: July 1, 2021
Effective date: July 1, 2021