Yea Studio Co., Ltd. (“Company” herein after) values your personal information.

Company complies with relevant laws and regulations including the 「Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc」 and the 「Personal Information Protection Act」, and does its best to respect and protect your personal information. This Privacy Policy provides information on the use of personal information you provide and how your personal information is managed for privacy protection.

This Privacy Policy takes effect beginning on , Decembe 1, 2019.

1. Personal information to be collected and method of collection

a. Personal information to be collected

First, Company collects the following required information upon an initial user registration to provide various optimized services including registration, sign-up, and customer support. If a smartphone user for services is a minor, we may collect the user’s name and date of birth, and the legal guardian’s name, date of birth and contact information, as required information, in order to verify consent by the legal guardian.

- ID (ID, user’s unique key), password, nickname (nickname created by user for our services)

Second, when you use a mobile service, your mobile device information (device model, hardware ID, operating system version information) and basic statistics on the service use (synchronization and application use information to provide service functions) may be collected, but such information does not identify users. If we need to collect additional personal information while you use the service, we will notify you in advance and obtain consent from you.

Third, if Company holds contests for our users, we will collect the following required informations once the price delivery. This information will be deleted upon prize delivery.

- Name, mailing address, home (mobile) phone number, email address

Fourth, in the process of service use or business process, the following information may be automatically generated and collected.

- IP address, cookies, access log, records of illegal use, records of service use

Fifth, Company may post ads for commercial services different from Pixel ColorFil application service, but Company does not collect or retain information of users required for commercial services.

b. Method of collection

Company collects your personal information as follows:.

- Web site, mobile apps, written format, fax, telephone, notice board, email, event application, contest

c. Collecting personal information with cookies

First, Company uses ‘cookies’ on a mobile device (e.g. smartphones, tablets) to provide the same or similar Internet settings to PC settings. A ‘cookie’ is a small piece of information that a Web site (or application) sends to the Internet browser of your device. Cookies identify users’ device only, not users personally and enables us to provide optimized service to users, including maintain login status, ID storage and a user trend analysis. Login cookies expire upon logout or closing the browser. Cookies for ID storage and automatic login are kept for 90 days.

Second, cookies are optional. Cookies options may vary according to Web browsers, but you can decide to accept cookies or delete all of the existing cookies through Web browser settings. If you do not accept cookies, you may not gain full access to services that require login.

2. Purpose of Using Personal Information

a. Terms of Service

To provide services and contents, to hold contests, to deliver prizes, to provide an inter-device synchronization service, to identify individuals, etc.

b. User management

To verify identity, to prevent illegal and unauthorized use of banned users (Users who have been permanently banned from use of our services due to violation of Article 17 and Article 19 of the Terms of Service of Pixel ColorFil), to verify registration intent, to verify a legal guardian’s consent when collecting personal information from children under 14 years old, to verify the legal representative’s identity later, to keep records for settlement of disputes, to handle complaints, to serve notice of such revisions to the terms of Service, verifying user’s intent for membership withdrawal, etc.

c. Utilization for new service development and marketing

To develop a new service, to provide customized services by statistical characteristics and user behavior, to post ads, to give a chance to participate in events, to analyze frequency of access, and to compile statistics on users’ service usage

3. Consent to personal information collection

First, Company creates a procedure in which a user may choose whether or not to agree to the Privacy Policy or Terms of Service by pressing the ‘Agree’ button. Upon user clicking the ‘Agree’ button, personal information entered is saved in our user database and is deemed to have been used properly for the above-listed purposes.

Second, even in case that Company obtains your consent to collect personal information through a third party including partners, Company also requires a procedure in which a user chooses ‘Agree’ or ‘Decline’ to the Privacy Policy or Terms of Service with the ‘Agree’ button, and upon user clicking the ‘Agree’ button, Company presumes your consent .

4. Sharing and supplying personal information

Company uses your personal information only within the above scope "2. Purpose of Using Personal Information," and Company does not use your personal information exceeding this scope or provide your personal information to a third party, other firms or other organizations. But Company may provide your personal information in the following instances:

a. When you consent to disclose your personal information in advance.

b. When an investigation agency demands in accordance to laws and regulations, or according to procedures and method set forth in applicable laws and regulations for an investigative purpose.

c. When collected personal information is supplied for

- : the delivery of a prize

- : payment for services

5. Term of retention of personal information and withdrawal from membership

a. Term of retention and use of personal information

When you ask for a cancellation of the terms of Service, or revoke your consent to collection and use of personal information, and when the purpose of collecting and using personal information is achieved or the term of retention and use of personal information expires, Company destroys your personal information without delay. The ID and password required for access to our services are not deleted when you continue to use the services.

The below-listed personal information is preserved for a specified period by reason of:

1) Retention of personal information according to our internal policy

- ID (unique key), nickname: 6 months (prevention of re-registration by banned users, disputes regarding the infringement of right, including defamation, and assistance to criminal investigation)

2) Retention of personal information under relevant laws and regulations

- Record of user visits: 3 months (「Act on the Protection of Communications Secrets」)

- Record of customer complaints or dispute settlement: 3 years (「Act on Consumer Protection in Electronic Commerce Transactions, etc.」)

- Records regarding contracts or termination of contract: 5 years (「Act on Consumer Protection in Electronic Commerce Transactions, etc.」)

- Record of payment and supply of goods: 5 years (「Act on Consumer Protection in Electronic Commerce Transactions, etc.」)

b. Rights

In principle, you are entitled to refuse to consent to the collection of personal information in accordance with the 「Personal Information Protection Act」, and when you decline the collection of personal information, registration for membership is disabled.

6. Procedure and method of destroying personal information

Company destroys your personal information without delay as a matter of principle, when we have achieved the purpose of collecting and using personal information. Company implements the following procedure and method of destroying personal information.

a. Procedure for destroying personal information

- Personal information you provide for registration is stored for a specific period, then gets destroyed for privacy protection (see “retention” and “ period of use”) under our internal policy and other relevant laws and regulations, and upon collecting and using personal information, the personal information collected is transferred to a separate database (separate filing cabinet for documents).

- Unless otherwise stipulated in laws and regulations, such personal information is not used for purposes other than retention purposes.

b. Method of destroying personal information

- Paper-printed personal information is destroyed by shredding or incineration.

- Personal information saved in an electronic file is deleted and cannot be restored.

7. Your rights and obligations

a. Your rights

- You can view or modify your registered personal information at any time and request withdrawal from membership registration. Of your personal information, your ID should not be changed and a nickname can be changed only once.

- To view or modify personal information, click on “Manage Personal Information.” To withdraw from membership registration, click on “Withdraw (Withdraw consent)” to view or modify your personal information or withdraw from membership registration upon identity verification.

- When you contact our privacy staff in writing, phone or email, we take immediate action.

- When you request that we correct errors of personal information, Company will not use or provide your personal information until the personal information is completely corrected. Also, in the case that the wrong personal information has already been provided to a third party, Company will notify the third party of the correction results immediately and then let the third party correct the wrong personal information.

b. Your obligations

- Company asks you to accurately provide your up to date most recent personal information in order to prevent unexpected accidents. You are responsible for accidents arising out of your supplying of inaccurate information, and if you use another person’s personal information illegally or provide false information, you may no longer be eligible for membership.

- You have a duty to protect your personal information for yourself and not to violate another user’s personal information. Please note that your personal information including password should not be disclosed, and you should not damage another user’s personal information and posting.

- If you damage another user’s information and dignity, not carrying out your duty, you may be subject to punishment pursuant to the “「Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.」.”

8. Privacy protection of children

a. For personal information of children under 14 years old (“children” hereinafter), we obtain the legal guardian’s consent if:

1. Company collects and uses personal information of children, or provides such personal information to 3rd parties

2. The person who is supplied with personal information of children uses it for other purposes, or provides personal information to 3rd parties

b. Company may ask for required information, including the legal guardian’s name, date of birth, and phone number in order to obtain the legal guardian’s consent. In this case, Company notifies children of the purpose of collecting and using personal information and the need for consent by a legal guardian in plain language. Company does not use the legal guardian’s personal information collected for the legal guardian’s consent for purposes other than the purpose of confirming the legal guardian’s consent, and do not provide such personal information to 3rd parties.

1. A legal guardian of children under 14 years old may request revocation of consent given by such children to collection personal information, and to view, revise and delete their personal information. We will comply with such requests.

2. In the event of a legal guardian requesting revisions to personal information collected from children under 14 years old, Company does not use or provide such personal information until errors are completely corrected.

9. Technical/managerial privacy protection

Our following technical/managerial measures safeguard your personal information from being lost, stolen, discharged, falsified or damaged.

a. Password encryption

As Pixel ColorFil ID password is saved and managed by encryption, only you know your password information and your personal information can be confirmed and modified only by you.

b. Anti-hacking measures

We do our best to prevent your personal information from being disclosed or damaged by hacking or viruses.

- Company performs regular data backups to prevent your personal information from being damaged and your personal information or data from being disclosed or damaged by using an up-to-date vaccine program. Encrypted communication ensures your personal information is transmitted safely on our network.

- Our firewalls block illegal access and system security of technical devices is ensured.

c. Minimization of privacy staff, their education and training

- Access to your personal information is restricted to our privacy staff performing regular updates accessible with a separate password. We stress compliance with our privacy policy at all times with continuous education of our privacy staff.

- Company’s internal procedures safeguard against security breaches in advance and monitor privacy policy compliance by our employees who take security pledges upon hiring.

- Personnel shifts in our privacy staff take place in completely secure environments. We also clarify liability for security breaches by employees after their employments or resignations.

d. Operation of privacy protection unit

Company’s protection unit strives to fix issues immediately upon occurrence by verifying privacy policy compliance as well as compliance by our privacy staff.

Company is not liable for any problems arising out of privacy breach including compromised ID, password, email address due to your negligence or general network issues.

10. Privacy staff

a. Privacy protection duty

Company does its best to provide optimum service with safe use of personal information. In the event of a privacy breach running counter to our posted notices, the privacy supervisor is held accountable. Company is not liable for accident-induced privacy breach resulting from basic network risks including hacking despite technical measures having been taken, and for any disputes arising out of postings written by visitors.

b. Contact information

Please submit privacy claims arising out of the use of our services to our staff handling privacy issues. Our response will be timely and sufficient.

Privacy supervisor

Name: Choi Won Man

Team: Development team

Position: Team Manager

Email: wmchoi@yeastudio.net

Privacy staff

Name: Kim Yong-jae

Team: Development team

Position: Development team member

Email: yongjae@yeastudio.net

To report or obtain counseling on privacy violation, please contact the following organizations.

- Privacy Information Dispute Arbitration Board (http://www.1336.or.kr)

- Leak of Privacy Information Report Center, KISA (www.118.or.kr)

- Information Protection Mark Authorization Board (www.eprivacy.or.kr)

- Supreme Prosecutor's Office, Online Crime Investigation Center (http://www.spo.go.kr)

- National Police Agency Cyber Bureau(www.ctrc.go.kr)

11. Duty to notify

Notice of additions, deletions or amendments to the existing Privacy Policy will be posted on the service screen or our Web site at least seven (7) days prior to the revision. With material changes to the user’s rights including collecting and using personal information and providing personal information to 3rd parties, notice will be posted at least thirty (30) days in advance.

- Announced on: December 1, 2018

- Executed on: December 6, 2018