The Company manages personal information collected for the following purposes:

The company uses the collected personal information within the period of retention in accordance with laws and regulations or within the period of retention agreed when collecting personal information from users. Each period of use and retention of personal information is as follows

• (1) Period of Use and Retention of Personal Information for operating UDC(Upbit D Conference)

• Type	Retention Period
  Management of UDC program purchasers and registrants	- Registered Information: to be disposed after the conference. - UDC Wallet Address: 5 years from date of issuance. However, the date of refusal to receive, if you receive event and promotion notification emails.
  Management of Special Program registration	To be disposed of safely after the conference
  Management of UDC · D-CON speaker registrations	To be disposed of safely after the conference, except for registered speaker’s name(prefix), organization, position, photo and biography, which are to be disposed of upon the speaker’s withdrawal of consent
  UDC Event Complaints	3 years from date of receipt
  Promotion of UDC events	Until refusal to receive
  UDC raffle	To be disposed of safely after the event prize is provided.
  UDC Feedback Survey	[Online Participants] UDC registration number, mobile phone number

• (2) Preservation by law in accordance with the provision of goods or services
• Notwithstanding Paragraph 1, The information may be retained for longer periods as required by law.

• Type	Legal Ground	Retention Period
  Records related to withdrawal of contract or subscription	The Act on Consumer Protection in Electronic Commerce, ETC.	5 years
  Record of payment and goods supply		5 years
  Records of consumer complaints or disputes		3 years
  User's Internet log record	The Communication Confidentiality Protection Act	More than 3 months
  Payment of taxes and dues, processing records for cash receipts	Framework Act on National Taxes	5 years

The Company does not disclose the User’s information to third parties, unless such disclosure is required by law.

• ① The Company entrusts personal information to external contractors to allow them to perform some of the tasks necessary for the provision of services. It supervises and monitors entrusted parties to ensure their compliance with relevant law.
• ② The Company entrusts the handling of personal information to external contractors as follows:

• External Professional Contractor	Task
  Amazon Web Services, Inc.	Data storage and Service operation for service provision
  Futurewiz, Inc.	UDC Infrastructure Maintenance
  UNIONE Communications Co.,Ltd.	- Operation Agency of UDC Event - Operator of UDC Promotions and Distributor of Prizes
  Infobank Inc.	Message service on event information of the UDC
  BIZTALK Co., Ltd	Send notification talk(Kakao)
  KG INICIS Co., Ltd	Payment gateway
  Opensurvey Inc.	Survey service platform usage

The Company transfers personal information overseas as follows:

• (1) Overseas contractors to process personal information
• The company outsources the processing and storage of personal information to overseas companies through contractual agreements in accordance with Article 28-8 Paragraph 1 Subparagraph 3 of the Personal Information Protection Act. The company manages and supervises these contracts to ensure that the outsourced personal information is handled securely. Users may refuse the transfer of their personal information overseas by contacting customer service. However, refusal may result in the inability to participate in UDC related events or access information provided by UDC.

• Entrusted contractors	Purpose of entrustment	Personal information to be entrusted	Entrusted country, contact information	Timing and method of entrustment	Retention/use period
  Twilio Inc.	Send information email	Name, affiliation, phone number, email address	USA, [email protected]	At the time of email communication and service use via a network	30 days after an email is sent
  PayPal Pte. Ltd.	Payment Gateway	Purchase and payment information	Singapore, [email protected]	At the time of payment via a network	Until the purpose of using the PayPal payment service is met

• ① Users have the right to exercise their rights to access, correct, delete, request processing cessation, or withdraw consent regarding their personal information from the Company at any time. However, according to relevant laws such as Article 35, Paragraph 4 Article 37, Paragraph 2 and 3 of the Personal Information Protection Act, the exercise of these rights, including access, correction, deletion, request for processing cessation, and withdrawal of consent, may be restricted.
• ② The User can exercise their rights through means such as paper document, email, and fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the PIPA, in which case the Company shall take prompt action.
• ③ Users who are dissatisfied with the Company’s response to their request for access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information may file an objection within 10 days of the action by the Company, using the method outlined in paragraph 2.
• ④ The User may exercise the rights stipulated in Paragraph 1 through an agent such as a legal representative or a person who has been delegated to act on the User’s behalf, in which case a power of attorney shall be submitted in accordance with Form 11 of the Appendix of the Public Notice on the Management of Personal Information.
• ⑤ A request to correct or delete personal information shall not be accommodated if such personal information must be collected in accordance with other laws.
• ⑥ When there is a request to access, correct, delete, suspend the management or withdraw of consent of personal information in accordance with the User’s rights, the Company shall verify if the requestor is the User or their authorized agent.

• ① The Company processes the following personal information of the User with their consent in accordance with Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act, when operating the Upbit D Conference (UDC) and providing relevant services:

• (1) Types of Personal Information Items

  Type	Personal Information Items To Be Managed
  Management of UDC ticket purchaser and registrants	[Information on Onsite Registrants] (Required) Name(Eng), mobile phone number, email address, affiliation(Eng), position, occupation, UDC Wallet address, payment information (optional) Name(KOR), affiliation(Eng), and inflow channel [Information on Online Registrants] (Required) Name(Eng), mobile phone number, email address, affiliation(Eng), position, occupation (optional) Name(KOR), affiliation(Eng), and inflow channel [Information on Invited Registrants] (Required) Name(Eng), mobile phone number, email address, affiliation(Eng), position, occupation, UDC Wallet address (optional) Name(KOR), affiliation(Eng), and inflow channel
  Management of Special Program registration	[D-CON] (Required) Name, mobile phone number, email address, affiliation, position [Web3 Security Talk] (Required) Name, mobile phone number, email address, affiliation, traffic source. (Optional) Position, email address, Interest in UPSide Academy season 2
  Register and manage speaker's information	[UDC] (Required) Name, mobile phone number, email address, nationality, affiliation, position, biography, profile picture, emergency contact information (contact name, contact number) (Optional) Preferred prefix [D-CON] (Required) Name, preferred prefix, mobile phone number, email address, affiliation(Kor/Eng), biography, profile picture (Optional) emergency contact information (contact name, contact number)
  UDC Event Complaints	- [Required] Email, inquiry - [Optional] Mobile phone number
  Items generated and processed during service use	Device information (OS, model name, carrier, device identification number, language information), IP address, service records, cookies
  UDC raffle	Nickname, mobile phone number [If delivery is required] Address [For paying taxes and the public utilitiesr' charge] Copy of identification, resident registration number
  Event and promotional information notification (Option)	Email address

  ※ In principle, the company does not collect personal information if the user is under 14 years old.

• ② The Company may collect personal information and use it for the intended purpose of collection, in accordance with Article 15 (Collection and Use of Personal Information) of Personal Information Protection Act, where:

• 1. required by law or necessary to comply with legal obligations; or

  2. necessary to enter into or perform a contract with the subject of information; or

  3. deemed necessary for physical safety and property interests of the subject of information or a third person, as the subject of information or his/her legal representative cannot give prior consent because he/she is unable to express his/her intention or by reason of his/her unidentified address; or

  4. necessary for a personal information manager to realize his/her legitimate interests, which explicitly take precedence over the rights of the subject of the information, provided that such information is substantially relevant to the personal information manager's legitimate interests and falls within the reasonable scope.

• ① The company shall destroy the information immediately after the purpose of collecting and using personal information is achieved.
• ② If personal information must be retained even after the retention period as agreed upon by the User expires or the purpose of management has been achieved, such personal information shall be transferred to a separate database or stored in another location.
• ③ Personal information shall be destroyed as follows:

• (1) The personal information stored in the form of electronic files shall be deleted using a technical method that prevents the data to be recovered.

  (2) the personal information printed on paper shall be shredded by a paper shredder or destroyed by incineration.

In accordance with Article 29 of the PIPA, the Company shall take managerial, technical, and physical measures which are necessary to ensure the security of personal information as stipulated in the following subparagraphs:

• (1) Managerial measures

• - Creation of internal management plans: The Company shall develop and implement internal plans to manage the personal information retained in a secure manner.

  - Minimum staff to manage personal information and their training: The Company shall keep the size of the staff responsible for managing personal information to a minimum required for the work and instill the importance of personal information in them by taking managerial measures including the training of the staff.

  - Operation of a dedicated organization for personal information protection: The Company shall monitor compliance with security measures for personal information in the personal information processing system by operation of a dedicated organization for personal information protection.

• (2) Technical measures

• - Control of access to the personal information management system: The Company shall take measures necessary to control access to personal information by granting, modifying, or revoking access to the personal information system. The Company shall use the intrusion prevention system to block unauthorized access to the personal information system from outside

  - Encryption of personal information: The Company shall use safe algorithms to encrypt personally identifiable information, bank account numbers, card numbers, and other personal information subject to encryption under the Personal Information Protection Act before storing and managing such information.

  - Technical measures against attacks such as hacking: The Company shall strive to prevent the User's personal information from being leaked or compromised due to hacking or computer viruses. It shall back up data on a continued basis in response to the potential leakage or compromise of the User's personal information and shall ensure personal information is transmitted securely on the network by leveraging encrypted communication etc.

• (3) Physical measures

• - The Company shall place its systems in a location which is not accessible by external entities to prevent the leakage or compromise of the User's personal information and shall create and implement access control procedures.

We may also collect specific information through the use of"cookies" and other tracking technologies.

Cookies refer to a small packet of information sent to the User's computer browser by the server which is used to manage the website (http).

• (1) Purpose of Using Cookies
• Cookies support more rapid web environments for users by storing users' preferred settings and are used for the improvement of services to allow for the more convenient use of Services. By doing so, cookies allow Users to use services more easily.
• (2) Installation, Operation and Rejection of Cookies
• Applicants / Users have an option to either install cookies, refuse to accept/store cookies or delete them at any time.
• (3) How to block the storage of Cookies
• Applicants / Users have an option to either install cookies, refuse to accept/store cookies or delete them at any time.

• - Microsoft Edge: Setting > Cookies and site permissions > Set-Cookie Level

  - Chrome: Select Settings Menu > Privacy and security > Cookies and other site data > Set-Cookie Level

  - Safari: Select Settings Menu > Click Advanced Ta > Turn on Block All Cookies.

• ① Behavioral information means the User's online activity information which can help identify and analyze his/her interests, preferences and tendencies, such as history of website visits, purchases and searches.
• ② The Company processes behavioral information for product and service development, customer analysis and the provision of customized services tailored to the User's behaviors.

• (1) Behavioral information to be collected

  1. The User's activity information is collected, such as web service visits, usage records including searches/clicks, device information and IP addresses.

  (2) Method of collection

  1. Behavioral information is automatically generated and saved by Google Analytics when the User uses a service.

  (3) Purpose of collection

  1. Behavioral information is processed for the purpose of product and service development, statistical and customer analysis, service speed and quality improvement and the provision of customized services tailored to the User's behaviors.

  (4) Retention and use period

  1. Behavioral information is retained for up to 26 months, after which it will be deleted without delay.

  (5) How to exercise user control

  1. The User may decline the use of his/her behavioral information by changing browser settings, including through declining to give consent for cookies.
  2. e.g. Web browser: Tools > Internet Options > Privacy > Advanced > Block Cookies
  3. How to disable Google Analytics

  (6) How to file a user complaint

  1. Contact: +82-2-1588-5682(Customer Service)
  2. Email: [email protected]

• ① In order to protect the personal information of the user and to deal with complaints related to personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.

• (1) Person in Charge of Personal information Protection

  Position	Name	Team in Charge	Contact / Email
  Person in Charge of Personal information Protection	Jaeyong Jung	Information Security Team (Dunamu Inc.)	+82-2-1588-5682 (Customer Service) [email protected]
  Personal information Protection Manager	Taesung Park

• ② 2. The User may notify all personal information protection complaints that occur while using company's services to the person in charge of personal information protection or the relevant department. The company shall respond promptly to the users' complaints promptly.

The User can make a request for accessing their personal information retained in accordance with Article 35 of the PIPA to the following team:

▶ Team responsible for receiving and processing requests for accessing personal information retained

Team in charge: Operation Support Team

Contact: +82-2-1588-5682(Customer Service)

Email : [email protected]

If you need to report or consult about other personal information infringement, please contact the following organizations.

Privacy Infringement Reporting Center (privacy.kisa.or.kr / 118 without area code)

Supreme Prosecutor's Office (www.spo.go.kr / 1301 without area code)

National Police Agency (ecrm.cyber.go.kr / 182 without area code)

Personal Information Dispute Resolution Committee (www.kopico.go.kr / +82-2-1833-6972)

The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and Affiliates. Please note that the Company has no control over the external websites, so the Company cannot guarantee or be held responsible for the usefulness, authenticity, and legality of the service or data provided to the User through the external sites. Also, the privacy policies of the linked external websites are not relevant to the Company, so please check their policies.

In the event that the Company makes changes to the Privacy Policy, the Company shall notify the dates of change and implementation and revised provisions on a continued basis and show provisions before and after such revisions for easy comparison by the User.