‍Article 1 Purpose of collecting and usingpersonal information

The company collectsand uses personal information for the following purposes. All information provided by users will not be used for any other purpose, and if the purpose of use is changed, prior consent from the user will be obtained.

As a data controller, the company is obliged to comply with the provisions of relevant laws and regulations.Legal basis for the matter based on the Personal Data Protection Act 2012(PDPA).

・ Membership management: Provision of membership services, personal identification, prevention of fraudulent and unauthorized use by delinquent members, confirmation of intention to join, membership of children under the age of 14, handling of complaints, etc.

・ Implementation of contracts for service provision and settlement of fees for service provision: Service use records, payment information.

・ External service data management : Provides functions that allow users to conveniently manage data by uploading, downloading, and analyzing data through linking to external services (YouTube, Google Drive, Dropbox, OneDrive).

・ New service development and marketing utilization: Statistical characteristics, types of use, access frequency, and statistics on members' use of services.

‍

‍

Article 2 Items and methods of collecting personal information

When collecting the user's personal information, the company will inform the user in advance of the purpose of collecting personal information, items to be collected, etc. and obtain the user's consent.
‍

1. Personal information collection items

・ When the user agrees to the collection of personal information and enters the information personally during the process of signing up and using the service,

・ When personal information is provided by a third party such as a webpage, email, fax, phone.

and affiliate, etc. during the consultation through the customer center In this case, according to the Personal Information Protection Act, it is provided to us after obtaining consent from affiliates, etc. to provide personal information to a third party.

・ During the using PC web and mobile web/apps, information such as device information, IP address, cookies, visit date and time, and illegal userecords may be automatically generated and collected.

・ Collection of information through linking with external services (YouTube, Google Drive, Dropbox, OneDrive).

・ Event application, event participation, etc.

2. Personal information collection items

・ When registering and modifying your membership information

· Required : Name or nickname,email, password, date of birth

・ When signing up for social media and modifying information

· Required : Google (name /email), Apple (name / email)

· Optional : Profile information : Profile photo/interest , date of birth

・ Payment-related information such as bank account or credit card information such as payment information (card information, etc.) for use ofpaid services and payments, and your credit information.

・ External service integration information

· YouTube : Channel name, number of subscribers, number of channel videos, list of videos, video titles, video privacy status, video upload date, and number of views.

· Google Drive, Dropbox, OneDrive : Metadata such as file name, file format, file size,  modification date, and etc.

・ In the process of using the service, device information, cookies,and basic statistics on service use may be collected in a form that does not identify you.

3. Purpose of collection and use

・ User identification, confirmation of intent to sign up, prevention of illegal use by delinquent members.

・ Providing various services, handling inquiries or complaints, anddelivering notices.

・ Collection of use records and settlement of fees when using paid services.

・ Prevention and sanctions against actions that limit the smooth operation of the service.

・ Used for developing new content and services, delivering information on events, marketing and advertising, etc.

・ Used to build a service environment where users can use the service feeling easy in terms of security, privacy, and safety.

・ Purpose of collecting additional linked data for management and utilization of external service data.

4. YouTube API Usage and Privacy Policy

・ We use the YouTube API service for tasks such as translating user content, and are subject to the Terms of Use and Privacy Policy.

・ YouTube Terms of Service (https://www.youtube.com/t/terms)

・ Google Privacy Policy (https://policies.google.com/privacy)

・ YouTube API Terms of Service (https://developers.google.com/youtube/terms/api-services-terms-of-service)

・ Collected data includes YouTube channel name, number of channel subscribers, number of channel videos, full video list, video title, video post status, video upload date and time, and video views. If you do not want your company to access the API, you can revoke permission at the link below: (https://myaccount.google.com/permissions)

‍

‍

‍

Article 3 Consent to collection ofpersonal information

If your personal data is shared with a third partyacting with 'Twigfarm Co., Ltd.' as a co-manager under the PDPA, the company will provide additional information about the primary contact manager regarding the request for your rights to the extent required by law.

1. We have established a procedure that allows users to select whether or not to agree to the contents of the personal information protection policyor terms of use by clicking the 'Agree' button. If you select the 'Agree' button, the personal information you entered will be stored in the customer database and considered to be used appropriately for the purposes specifiedabove.

2. If you enter and save additional personal information collectedthrough modification of member information, etc, you are deemed to have consented to the collection of personal information.

3. Even when consent to the collection of personal information isobtained through a third party, such as an affiliate, the company will providea procedure for users to choose whether or not to agree with the contents ofthe privacy policy or terms of use through the 'Agree' button, and if the 'Agree' button is selected, it will be considered as if the user has agreed.

‍

‍

Article 4 Processing and retention period of personal information

1. Retention and Use Period of Personal Information

We may retain your personal data for as long as necessary for the purposes for which it was collected in accordance with local laws and regulations. If you request withdrawal from membership or your consent to the collection and use ofpersonal information, the information will be destroyed without delay when thepurpose of collection and use is achieved or the retention and use period ends.

However, the following information willbe kept separately for the specified period in accordance with relevant lawsand regulations, and personal information after the period will be destroyed without delay, and you may contact the data protection manager to request detailed information on the retention of your personal data.

A) Records regarding contracts or application withdrawal, etc.

· Retention basis : Act on consumer protection in electronic commerce, etc

· Retention Period : 5 years

B) Records of payment and supply ofgoods, etc.

· Retention basis : Act on consumer protection in electronic commerce, etc

· Retention Period : 5 years

C) Records of consumer complaints ordispute resolution

· Retention basis : Act on consumer protection in electronic commerce, etc

· Retention Period : 3 years

D) Records of consumer complaints ordispute resolution

· Retention basis : Act on consumer protection in electronic commerce, etc

· Retention period : 3 years

2. Membership Withdrawal and Re-signing up

Personal information and activity information of accounts that have been withdrawn will be permanently deleted immediately upon withdrawal and cannot be recovered. Additionally, the account will be disconnected from all social media accounts. After withdrawal, you canre-sign up with the same email address or social media account as beforewithdrawal.

3. Rights of personal information subjects
In principle, users have the right to refuse consent to the collection of personal information under the personal information Protection Act. However, if you refuse to collect essential personal information items, you cannot sign up for membership and use theservice.

‍

‍

Article 5 Entrustment of personal information processing work

In order to providesmooth service, the company entrusts the processing of personal information tothe following third parties to the minimum extent. In any other case, the company will not use or provide the user's personal information to a thirdparty beyond the scope notified in the 'Items and methods of collecting personal information'.

Additionally, members may request withdrawal of consent to provision of personal information at any time.

<Entrusted tasks handled by oversea scorporations>

・Trustee (solution) : Auth0

· Date and method of entrustment : When singing up or withdrawing, transmitted at any time through a privatenetwork

· Information manager contact : privacy@auth0.com

· Personal information items tobe transferred : Nickname, email address, password, date of birth

· Purpose of use of trustee : System work related to customer sign-up and management

·  Retention and use period : Until membership withdrawal or termination of entrustment contract (however,retention is possible during the retention period stipulated by related laws)

・ Trustee (Solution) : MailChimp

· Date and method of entrustment :When signing up or withdrawing membership, transmitted at any time through aprivate network

· Information manager contact : privacy@mailchimp.com

· Personal information items tobe transferred : Nickname, email address, password, date of birth

· Purpose of use of trustee : Sending email marketing contents such as advertisements

· Retention and use period : Until membership withdrawal or termination of entrustment contract (however,retention is possible during the retention period stipulated by related laws)

・ Trustee (solution) : Typeform

· Time and method of entrustment : When providing survey responses, send them frequently through private networks

· Information Manager Contact : support@typeform.com

· Personal information items tobe transferred: Personal information provided by respondents

· Purpose of use of trustee : marketing and improving service quality and user experience

· Retention and use period : Untilmembership withdrawal or destruction of personal information notified inadvance

・ Trustee (Solution) : Google LLC (Google Analytics)

· Time and method of entrustment : Remote transmission using a private network when using the service

· Information Manager Contact : Google

· Personal information items tobe transferred : Region, access history, content usage history, etc.

· Purpose of use of trustee : Compiling statistics, measuring service performance, and improving userexperience

· Retention and use period : Until membership withdrawal or termination of entrustment contract (however,retention is possible during the period stipulated by related laws)

‍

‍

Article 6 Provision of personal information to third parties

We do not use user information or provide it to third parties beyond the scope of user's consent obtained when collecting personal information. However, exceptions are made if the user agrees or if one of the following applies.

1. When it is necessary to settle fees for the provision of informationand communication services

2. When there are special provisions in the law or when it is unavoidable to comply with statutory obligations.

Overseas Data Transfer

Your personal datamay be stored on external servers located overseas. In addition, as described above, in conducting the business, the company may need to share information with related companies and third party service providers (that may be locatedin countries other than your country of residence).

We may also transfer your personal information to other countries (including countries other than Singapore) within the scope of sharing described above.

If personal information is transferred to a country other than Korea, Personal Data Protection Act 2012 (PDPA) applies.

‍

‍

Article 7 Procedures and methods for destroying personal information

After the purpose of collecting and using personal information hasbeen achieved, the company destroys the information without delay. Destruction procedures and methods are as follows.

1. Destruction Procedure

· The information entered byusers for membership sign-up, etc. is transferred to a separate database(separate filing cabinet in the case of paper) after the purpose is achieved and stored for a certain period and then destroyed in accordance with information protection reasons according to internal policies and other relevant laws.

· Personal information transferred to a separate DB will not be used for any purpose other than asrequired by law.

· The company selects thepersonal information that requires destruction and destroys the personal information with the approval of the company's personal information protection manager.

2. Destruction method

· Personal information stored inelectronic file format is deleted using technical methods that render the records unrecoverable.

· Personal information printed onpaper will be destroyed by shredding or incineration.

3.    Personal information destruction procedure for dormant accounts

· In accordance with Article 39-6of the Personal Information Protection Act and Article 48-5 of the Enforcement Decree of the same Act, the company turns the personal information of members who have not logged in to the website for more than one year into a dormant account and manages it separately to protect personal information.

· Dormant membership information : All information collected and managed at the time of membership sign-up or modification of membership information

· The company will notify the user of the relevant information through e-mail one month before the personal information separation and storage period of the dormant account arrives.

· Personal information stored separately by switching to a dormant account is destroyed without delay after 3years.

‍

‍

Article 8 Personal information protection measures

1. Establishment and implementation of internal personal information management plan

We have established an internal personal information management plan, including matters related to the composition and operation of the personal information protection organization, such as the designation of a personal information protection manager, and are checking whether it is being properly implemented every year.

2. Access control and access rights restriction measures for personal information

In order to block illegal access to personal information, the company has access to the personal information processing system. one We establish and enforce standards for granting, changing,and deleting personal data, train employees who handle personal data to respectthe confidentiality of personal data, and take violations of all applicable data protection laws very seriously.

The company alsokeeps the number of employees who process personal information to a minimum.

3. We are taking encryption measures to safely store and transmitpersonal information.

4. We are taking measures to prevent storage, forgery and alteration ofpersonal information access.

‍

‍

Article 9 Operation and options for cookies

A. Operation andpurpose of cookies

The company operates cookies just likeany other website. Cookies are small amounts of information that a websites ends to the user's computer's Internet browser and are stored on the computer disk. Cookies identify only the user's computer, not the user, and are used to provide optimized services to the user, such as maintaining login, storing ID, and analyzing usage patterns.

Google Analytics

This website uses Google Analyticsa web analytics service provided by Google, Inc. (“Google”).Information generated by cookies (including your IP address) about using theGoogle Analytics website is sent by Google to a server in the United States andstored.

B. Installation, operation and rejectionof cookies

You have choices about cookies. This may vary depending on the type of web browser, but in most cases you can decide whether to accept cookies or delete all existing cookies through your web browser settings. However, if you refuse to store cookies, the use of some services that require login may be restricted.

‍

[How to set cookies]

· Internet Explorer: Select Tools menu → Select Internet Options → Click Personal Information tab → Personal information processing level settings

· Chrome : Select the Settings menu → Select Show advanced settings → Select Privacy-Content Settings → Cookielevel settings

· Safari : Select the Settings menu → Select the Privacy tab → Cookie and website data level settings

‍

‍

Article 10 Management and protectionmeasures for personal information

The company is takingthe following management measures to protect users' personal information. The company strictly limits employees who handle personal information to those who perform personal information management duties and those who inevitably have tohandle personal information for work purposes, and emphasizes compliance withthis policy through regular training for employees in charge. The company has designated a personal information protection manager to protect personal information. If you have any questions regarding personal information, thecompany will do the best to answer.

‍

<Personal Information ProtectionOfficer>

· Name : Hyuntaek Park

· Department : R&D Center

· Email : hyuntaek.park@twigfarm.net

‍

‍

Article 11 Duty to notify before revisionof personal information processing policy

This personal information processing policy will be applied from October 31, 2024, and if there are any changes, the company will notify you through a notice on the website or a separate notice 7 days prior to the implementation of the changes.

Both this policy and the use of this website are in compliance with the laws of Singapore. Where applicable, for the avoidance of doubt, the processing of personal data will also be subject to other data protection laws.

‍

‍