Article 1 Consent to the collection of personal information and collection method

"Glow tour" shall establish procedures that allow customers to click the "agree" button, the terms of use, the collection of personal information and the details of the personal information used. By clicking the "Agree" button, customers are deemed to consent to the collection and use of their personal information.

Article 2 Items of personal information collected and purpose of using personal information

"Personal Information" means information about a living person and refers to their name, resident registration number or any other information that identifies such person. (Even if this information by itself does not identify an individual, this information can be easily combined with other information and used to identify such an individual.)

This website has the following purposes for collecting and using customer personal information:

General member's personal information

- Collection time: Register for membership

- Mandatory collection of items: ID card, password, email, name

- Optional collection items: profile picture, date of birth, phone number, address

- Purpose of using personal information: Membership registration, customer consultation on use of services, and sending of notifications

- Retention Period: Immediate deletion upon withdrawal of membership, or five (5) years for purchasing members

Order information (including members and non-members)

- Collection time: when order is placed

- Mandatory collection items: customer information for placing orders (name, address, phone, social ID email), recipient information (name, address, phone), payment approval information

- Optional collection item: delivery of messages

- Purpose of using personal information: Payment and delivery of ordered products

- Retention period: five (5) years

Article 3 Collection of personal information through cookies

This website may install and operate cookies that store and frequently retrieve customer information. Cookies represent small text files that a website sends to the user's computer browser (Internet Explorer, etc.)

1) Purpose of using cookies - Provide differentiated information based on individual interests - Analyze users' visit frequency or stay time, identify users' tastes and interests, and use them for target marketing and as a measure of service improvement - Track purchased items information and items of user concern, and provide tailored services

2) Cookie operation and rejection of cookies Cookies are stored on the hard drive of the user's computer. Cookies identify the user's computer, but not the user. In addition, customers can accept or reject all cookies or check when cookies are stored by changing the settings on their web browser.

However, if customers refuse to store cookies, they may not use certain services that require them.

3) How to change settings to reject cookies

A. Internet Explorer directly changes settings by clicking Tools > Internet Options > Personal Information tab on the menu above the web browser

B. Chrome changes settings directly by clicking the menu icon on the right bar at the bottom of the screen > "Settings" at the bottom of the screen > "Advanced settings" > "Content Settings" button in the "Personal Information" section > "Cookies" section

Article 4 Period of retention, use and destruction of personal information

1) Customers’ personal information should be destroyed immediately after collecting and using their personal information. However, if the customer's personal information needs to be retained for a period of time in order to verify the rights and obligations of the transaction parties in accordance with relevant regulations, such as consumer protection in e-commerce and other transactions. The bill provides that such information should be retained for a specified period of time:

Article 6 of the "Consumer Protection in Electronic Commerce and Other Transactions Law" - Records of contracts or withdrawals of offers: Retention for five (5) years

- Records regarding payments and supply of goods: retained for five (5) years

- Records regarding resolution of customer complaints or disputes: retained for three (3) years

B "Law for the Protection of Communications Secrecy" Article 15.2 - Login records: retained for three (3) months

COther relevant regulations

2) This website shall destroy personal information in the following ways.

A. Destruction Procedure - Information entered for membership registration should be transferred to a separate database (in the case of paper information, a separate filing cabinet), stored for a period of time in accordance with internal guidelines and other relevant regulations, and then destroyed.

- The above personal information shall not be used for any other purpose except the purposes specified by law.

B. Destruction method - Personal information printed on paper should be destroyed by crushing or burning. - Personal information in electronic file format should be completely destroyed through technical methods to avoid recovery or regeneration.

3) In accordance with Article 29.2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, this website shall issue a notice regarding the forfeiture of membership to dormant members (who have not used the service in the past twelve (12) months). If such member fails to respond to such notice, his or her membership may be deemed to have been forfeited at the Site's sole discretion. In such cases, the dormant member's personal information may be stored and managed separately from the personal information of other members. Such personal information separated and stored shall be destroyed after the statutory retention period. If requested by the customer, the customer's personal information that has not been destroyed shall be provided again when use of the service is resumed.

Article 5 Provision of personal information to third parties

1) This website shall not use customers' personal information, nor shall it provide such information to other persons, companies and institutions outside the scope of Article 1 above (items of personal information collected and purposes of using personal information).

2) The following situations are exceptions.

A. According to relevant regulations, relevant agencies require customers’ personal information for investigation purposes.

B. When customers' personal information is provided to advertisers, suppliers or research organizations in a form that does not identify certain individuals for the purpose of compiling statistical data or conducting academic or market research

C. When requesting customers' personal information in accordance with predetermined procedures of other relevant regulations, even if personal information is provided in accordance with the above provisions, we will do our best to ensure that such information is not provided unconditionally. Collection and use of such information.

Article 6 Outsourcing of Personal Information Processing

This website outsources the processing of users' personal information to external professional organizations in order to facilitate the smooth conduct of business, such as providing better services and customer convenience.

- Delivery of ordered products: OO delivery service *requires modification*

- Building and maintaining computer systems: Hosting company *Bonzer*

- Delivery Tracking System Service: Goodsflow Inc.

- Payment and Escrow Services: PG *requires modification*

- Self-authentication, i-PIN service: Dream Security Inc.

※The information shared with the outsourcing company should be limited to the minimum information necessary to achieve the original purpose of outsourcing. In addition, optional personal information is provided to the outsourcing company upon request by the client.

※The list of outsourcing companies may change depending on the changed services and contract period. Any changes to this list shall be announced in advance via notification. Customers participating in short-term events should be notified separately of such events.

Article 7 Access and Modification of Personal Information

1) Customers can access or modify the personal information registered on this website at any time. Customers can click the "Change Member Information" menu to directly access or modify their personal information. They may also request such access or modification by sending an email or written request to the Chief Privacy Officer or the personal information processing employee at the Site. The Website shall then take relevant measures without delay.

2) If a customer requests that any errors in his or her personal information be corrected, this website shall not use or provide such personal information until such errors are corrected.

3) If incorrect personal information has been provided to any third party, this website should immediately notify the third party of the results of correcting this information and let the third party also modify the information.

Article 8 Withdrawal of consent to collection, use and provision of personal information

1) Customers may revoke their consent to the collection, use and provision of their personal information when registering for membership at any time. They can do this by clicking "Withdraw Consent (Membership)" in the "Personal Information Management" menu on the initial login page of the website. They may also do so by contacting this website's Chief Privacy Officer in writing, by phone, or by email. Then, this website should immediately take necessary measures, such as deleting the personal information. This website shall promptly notify customers of such measures, including withdrawal of consent and destruction of personal information.

2) This website should take necessary measures to ensure that customers withdraw their consent to the collection of information (membership) through a simpler method than the method through which they consented to the collection of personal information in the past.

Article 9 Measures to ensure the security of personal information

This website shall take technical/administrative/physical measures necessary to ensure the security of personal information in accordance with Article 29 of the Personal Information Protection Act.

1. Encrypt personal information

Users' personal information (including passwords) will be stored and managed and known only to the user who owns it. Protect important data with separate features such as encrypting and locking files and transferred data.

2. Technical measures against hacker attacks

This website should install, regularly update and check security charts to ensure that personal information is not leaked and damaged by hackers or computer viruses. It should also install the system in areas accessible from the outside and technically/physically inspect and barricade these areas.

Article 10 Protection of personal information of children under fourteen years of age

This website believes it is important to protect children's personal information in the online environment. It does not allow children under the age of fourteen to apply for membership without the consent of their legal counsel. Legal counsel may exercise all rights of such children should they register on the Site or provide their personal information due to theft of their name and information or misuse of the system.

Article 11 Chief Privacy Officer

This website appoints the following Chief Privacy Officer, who is responsible for handling personal information and handling customer complaints regarding personal information and relief of damages.

▶Chief Privacy Officer

- Name: Lu Junjiang

- Title: Privacy Officer

- Job Level: High

- Contact point: +82-10-3921-8978

Article 12 Modification of "Personal Information Processing Guidelines"

This Personal Information Handling Guideline is effective from the effective date. Any changes added to regulations and these Guidelines, as well as deletions and corrections to any content in these Guidelines, shall be notified seven (7) days prior to implementation of such additions, deletions, or corrections.