Purpose of processing personal information 'Company' processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and prior consent will be sought when the purpose of use is changed.

Company will notify you through website announcements and e-mails when revising the personal information processing policy.

○ This policy applies to the use of services on the company's website ('https://moneyonline.kr'), effective July 1, 2022.

가. Website membership registration and management

Personal information is processed for the purpose of confirming the intention to sign up for membership, identification and authentication of the member in accordance with the provision of membership service, maintenance and management of membership, prevention of illegal use of services, various notices and notifications, handling of grievances, and preservation of records for dispute resolution.

나. Provision of goods or services

Personal information is processed for the purpose of providing small overseas remittance service, real name verification, and identity verification.

다. Use in Marketing and Advertising

For the purpose of developing new services and providing customized services, providing event and advertising information and participation opportunities, providing services and posting advertisements according to demographic characteristics, verifying service validity, identifying access frequency, or statistics on member service use We process personal data.

라. Fulfillment of obligations under laws and regulations

Personal information is processed for the purpose of fulfilling the reporting obligations stipulated in the Foreign Exchange Transactions Act, the Enforcement Decree of the Foreign Exchange Transactions Act, the Foreign Exchange Transactions Regulations and related laws and regulations in accordance with the provision of small-value overseas remittance services.

2. Processing and retention period of personal information

• ① The company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
• ② Each personal information processing and retention period is as follows.

  가. Personal information file name: member information

  • - Personal information items: name, date of birth, gender, nationality, resident registration number, passport number, alien registration number, email, mobile phone number, home address, home phone number, bank account information, password, login ID, service use record, access log , cookies, access IP information
  • - Collection method: website, written form, member present original ID card or submit a copy
  • - Basis for retention: Consent of members for continuous use of services and related laws
  • - Retention period: period determined by laws and regulations
  • - Relevant laws:
    • Records on handling consumer complaints or disputes: Act on Consumer Protection in Electronic Commerce, etc. (3 years) Records on payment and supply of goods: Act on Consumer Protection in Electronic Commerce, etc. (5 years)
    • Records on contract or subscription withdrawal: Act on Consumer Protection in Electronic Commerce, etc. (5 years) Records on Display/Advertising: Act on Consumer Protection in Electronic Commerce, etc. (6 months)
    • Personal information related to service use: Communication Secret Protection Act (3 months)

  나. Personal information file name: Real name verification record

  • - Personal information items: name, date of birth, gender, nationality, resident registration number, passport number, alien registration number, driver's license number, identification number, identification authenticity, identification validity period, mobile phone number, home address, home phone number
  • - Collection method: The member himself/herself submits an ID card or a copy of the ID card through the website, written form, mail, or face-to-face
  • - Basis of retention: Business regulations on anti-money laundering and prohibition of public intimidation financing
  • - Retention period: 5 years
  • - Relevant laws: Act on the Reporting and Use of Specific Financial Transaction Information

  다. Personal information file name: Overseas remittance transaction record

  • - Personal information items: name, date of birth, gender, resident registration number, passport number, alien registration number, driver's license number, identification number, mobile phone number, home address, home phone number, confirmation of financial sanctions subject, confirmation of important foreign political figures record
  • - Collection method: website, written form - Basis of retention: Foreign exchange transaction regulations, business regulations on the prevention of money laundering and public threat financing - Retention period: 5 years
  • - Relevant laws: Foreign Exchange Transactions Act, Act on Reporting and Use of Specific Financial Transaction Information, etc.

  라. Personal information file name: subject to financial sanctions

  • - Personal information items: name, nickname, business name, group name, organization name, date of birth, gender, nationality, place of birth, resident registration number, passport number, alien registration number, passport issuance date, passport validity date, mobile phone number, address, phone number
  • - Collection method: Announced by the Ministry of Strategy and Finance
  • - Basis of retention: Guidelines for permission to pay and receive for the fulfillment of obligations such as maintaining international peace and safety
  • - Retention period: the period determined by laws and regulations, until the time of deletion from the list of financial sanctioners
  • - Relevant laws: Foreign Exchange Transactions Act D. Personal information file name: foreign political figures
  • - Personal information items: name, business name, group name, date of birth, gender, nationality, organization name, position, relationship with major foreign political figures, place of birth, passport number, passport issuance date, passport validity date, alien registration number, mobile phone number, address , Phone number - Collection method: Reporting of members when using the service, providing information from related organizations, providing information from overseas organizations, and providing information from partner companies
  • - Basis of retention: Guidelines for permission to pay and receive for the fulfillment of obligations such as maintaining international peace and safety
  • - Retention period: period determined by laws and regulations
  • - Relevant laws: Foreign Exchange Transactions Act

• ③ The company installs and operates cookies, and the information subject may reject them. However, if you refuse to install cookies, you may experience inconvenience in using the service or there may be difficulties in using some services.3. 개인정보의

3. Matters concerning provision to third parties

In principle, the company processes the personal information of the information subject within the range specified for the purpose of collection and use, and only removes personal information if it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject or special provisions of the law. Give it to 3rd party.

4. Consignment of personal information processing

가. ('Company') entrusts the following personal information processing tasks for smooth personal information processing

1.	Persons to whom personal information is provided	C-Square Inc.
	Purpose of use of personal information by the recipient	Provision of small overseas remittance service and fulfillment of obligations under the laws of the respective country
	Recipient's retention and use period	7 years from the time it was provided in accordance with the relevant laws and regulations of the country concerned

2.	Persons to whom personal information is provided	MoneyGram International B.V
	Purpose of use of personal information by the recipient	Provision of small overseas remittance service and fulfillment of obligations under the laws of the respective country
	Recipient's retention and use period	5 years from the time it was provided in accordance with the relevant laws and regulations of the country concerned

3.	Persons to whom personal information is provided	Shinhan Bank
	Purpose of use of personal information by the recipient	Provision of small overseas remittance service and fulfillment of obligations under the laws of the respective country
	Recipient's retention and use period	period prescribed by law

4.	Persons to whom personal information is provided	Gwangju Bank
	Purpose of use of personal information by the recipient	Direct deposit payment
	Recipient's retention and use period	period prescribed by law

5.	Persons to whom personal information is provided	Korea Financial Telecommunications & Clearings Institute
	Purpose of use of personal information by the recipient	Matters regarding the use of open banking and automatic payment registration
	Recipient's retention and use period	period prescribed by law

나. When the company concludes a consignment contract, in accordance with Article 25 of the Personal Information Protection Act, the company shall provide for matters related to responsibilities such as prohibition of personal information processing other than the purpose of performing entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, etc. It is specified in the document and supervises whether the trustee handles personal information safely.

다. If the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

5. Rights and obligations of information subjects and how to exercise them

Users can exercise the following rights as the subject of personal information.

6. Destruction of personal information

In principle, when the purpose of personal information processing is achieved, the company destroys the personal information without delay. The procedures, deadlines and methods of destruction are as follows.

가. destruction procedure

The information entered by the user is transferred to a separate DB after the purpose is achieved (a separate document in the case of paper) and is destroyed after being stored for a certain period according to internal policies and other related laws or immediately. At this time, the personal information transferred to the DB will not be used for any other purpose unless it is in accordance with the law.

나. When the personal information of the destroyed user becomes unnecessary within 5 days from the end of the retention period when the retention period of personal information has elapsed, the personal information becomes unnecessary, such as achieving the purpose of processing personal information, abolishing the service, or terminating the business We destroy the personal information within 5 days from the date on which the processing of personal information is deemed unnecessary.

다. Destruction method Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is shredded with a shredder or destroyed through incineration.

7. Measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, the company is taking the following technical/administrative and physical measures necessary to secure safety.

가. Conduct regular self-audits

We conduct regular self-audits to ensure stability in handling personal information

나. Minimization and training of personnel handling personal information

We are implementing measures to manage personal information by designating employees who handle personal information and limiting them to the person in charge.

다. Establishment and implementation of internal management plan

We have established and implemented an internal management plan for safe handling of personal information.

라. Technical measures against hacking, etc.

In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the company installs security programs, periodically updates and checks, installs systems in areas where access is controlled from outside, and technically and physically monitors and blocks them.

마. Storage of access records and prevention of forgery

The records of access to the personal information processing system are stored and managed for at least 6 months, and security functions are used to prevent forgery, theft, or loss of access records..

바. Restricting access to personal information

We take necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from outside..

사. Encryption of personal information

아. Use of locks for document security Documents and auxiliary storage media containing personal information are stored in a safe place with a locking device.

차. Access Control for Unauthorized Persons We establish and operate access control procedures in a separate physical storage location that stores personal information.

8. Created by the person in charge of personal information protection

가. The company is responsible for overall handling of personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.

▶ Personal Information Protection Officer

• Name: Jung Joong-ki
• Position: CEO
• Contact : 02-6956-0309, privacy.kr@c-square.net t

※ You will be directed to the department in charge of personal information protection.

▶ Department in charge of personal information protection

• Contact Person : Jinho Kang
• Contact :02-6956-0309, compliance.kr@c-square.net

나. The information subject is responsible for all personal information protection-related inquiries, complaint handling, and damage relief that occurred while using the company's services.

You can inquire about matters related to personal information protection to the person in charge of personal information protection and the department in charge. The company will respond and handle the inquiries of the information subject without delay.

9. Request to view personal information

가. The information subject may file a request for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The company will make every effort to promptly process the personal information access request of the information subject.

▶ Reception and processing department of personal information access request

• Contact Person : Kim Hyun-jung
• Contact: 02-6956-0309, compliance.kr@c-square.net

나. In addition to the department for processing requests for access requests, information subjects can also request access to personal information through the ‘Comprehensive Support Portal for Personal Information Protection’ website (www.privacy.go.kr) of the Ministry of Public Administration and Security.

▶ Ministry of Public Administration and Security's Personal Information Protection Comprehensive Support Portal → Personal Information Complaints → Personal Information Access Request

(You must have an I-PIN to verify your identity)

다. The following organizations are separate organizations from the company. If you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us.

▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

• - Responsibilities: Report personal information infringement, apply for counseling
• - Homepage: privacy.kisa.or.kr
• - Phone: (without area code) 118
• - Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, Personal Information Infringement Report Center

▶ Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)

• - Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil resolution)
• - Website: www.kopico.go.kr
• - Tel: (without area code) 1833-6972
• - Address: (03171) Personal Information Dispute Mediation Committee, 12th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)

▶ Supreme Prosecutor's Office Cyber Crime Investigation Team: (without area code) 1301 (www.spo.go.kr)

▶ National Police Agency Cyber Crime Investigation Team: (without area code) 182 (ecrm.police.go.kr)

10. Changes to the Privacy Policy

This personal information processing policy is effective from the effective date, and if there are additions, deletions, or corrections of changes according to laws and regulations, we will notify you through a notice 7 days before the implementation of the changes.