Morakano Studio (hereinafter referred to as “the Company”) has established and publicly disclosed the following privacy processing guidelines to protect personal information in accordance with Article 30 of the Personal Information Protection Act and to quickly and smoothly handle any related complaints.

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes, and will not use it for any purposes other than those specified below.

Confirming customer intent to sign up Identifying and authenticating customers to provide services Managing customer memberships, confirming intent to withdraw membership, etc. Identity verification, purchase and payment processing, and delivery of products and services related to paid services

2. Processing and Retention Period of Personal Information

① The Company processes and retains personal information within the period agreed upon by the information subject or as required by law.

② The specific processing and retention periods for personal information are as follows:

a. Personal information provided by users during membership registration and service use:

• Retention reason: Customer registration and management
• Retention period: Until service contract termination or membership withdrawal. However, if there are remaining claims or debts, until settlement of those claims)

b. Records related to contracts or withdrawal of subscriptions:

• Retention reason: Protection of consumers in electronic commerce, etc.
• Retention period: 5 years

c. Records related to payment and delivery of goods or services:

• Retention reason: Protection of consumers in electronic commerce, etc.
• Retention period: 5 years

d. Records related to consumer complaints or dispute resolution:

• Retention reason: Protection of consumers in electronic commerce, etc.
• Retention period: 3 years

e. Other personal information retained with the consent of the customer: Until the agreed-upon period

f. If retention is required by other laws, the period specified by those laws will apply.

3. Provision of Personal Information to Third Parties

The Company does not provide personal information to third parties except with the separate consent of the information subject or in cases specified by law, such as under Article 17 of the Personal Information Protection Act.

4. Outsourcing of Personal Information Processing

The Company outsources the processing of personal information for the provision of basic services or service improvement, and the personal information is stored in the systems of the outsourced company. The Company manages and supervises the outsourced company to ensure compliance with personal information protection laws. If there are changes in the outsourced work or the service provider, the Company will disclose such changes promptly via this privacy policy.

• Outsourcing company: Amazon Web Services
• Contact: aws-korea-blog@amazon.com
• Outsourced task: Service provision and personal information storage

5. Rights and Obligations of Information Subjects and Legal Representatives

Information subjects may exercise the following privacy-related rights at any time:

Request to view personal information Request to correct any errors in personal information Request to delete personal information Request to stop processing personal information

7. Types of Personal Information Processed

The Company does not collect personal information in principle but only collects and uses the following information necessary for service use:

• ID, password

8. Destruction of Personal Information

① When the retention period for personal information has passed or the purpose of processing has been achieved, and the information is no longer necessary, the Company will promptly destroy the personal information.

② The Company will destroy personal information using the following methods:

• Electronic files: Deleting files and database

9. Measures to Ensure the Security of Personal Information

The Company takes the following measures to ensure the safety of personal information:

Administrative measures: Establishment and implementation of internal management plans, regular training for employees Technical measures: Setting passwords for personal information processing systems (or computers storing personal information), installing security software like antivirus programs, encrypting files containing personal information Physical measures: Locking places where personal information is stored, controlling access

10. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

① The Company uses cookies to store and retrieve login/logout information for users.

② A cookie is a small piece of information sent by the server (HTTP) of the website to the user’s computer browser, which may be stored on the user’s hard disk.

a. Purpose of using cookies: To maintain the login/logout status when users revisit the site after visiting other websites.

b. Installation, operation, and refusal of cookies: Cookies can be refused by configuring the options in the “Privacy” menu under the “Tools > Internet Options” of the web browser.

c. Refusing to store cookies may cause difficulties in using the site while logged in.

11. Remedies for the Infringement of the Data Subject’s Rights

① The data subject may contact the institutions listed below for remedies, consultations, etc. regarding personal data infringement.

• Personal Information Infringement Report Center https://privacy.kisa.or.kr / +82-118
  
• Personal Information Dispute Mediation Committee www.kopico.go.kr / +82-1833-6972
  
• Supreme Prosecutor’s Office www.spo.go.kr / +82-1301
  
• National Police Agency ecrm.cyber.go.kr / +82-182
  

12. Personal Information Protection Officer

The Company has designated a personal information protection officer who is responsible for overseeing personal information processing and handling complaints or disputes related to personal information as follows:

▶ Personal Information Protection Officer

• Name: Minnie Nam
• Position: CEO
• Contact: minnie@morakano.com

13. Changes to the Privacy Policy

This privacy policy will be effective from March 31, 2025.