COSMETA, INC. (hereinafter referred to as the ‘Company’) considers customer information important and has the

following privacy policy. The company complies with the “Act on Promotion of Information and Communications

Network Utilization and Information Protection, etc.” and informs you of the purpose and method of using your

information and what measures are being taken to protect your personal information.

1. Items of personal information to be collected and methods of collection

The company collects personal information for membership registration, service provision, and other consultations, and

may also request personal information for collective statistical analysis during a survey or event or for the purpose of

sending out prizes. However, the company does not collect sensitive personal information (race and ethnicity, ideology

and creed, place of birth and domicile, political orientation and criminal record, etc.) that is likely to infringe on users’

basic human rights. Be sure to ask for consent. Even at this time, we inform you that the information entered will not be

used for any purpose other than the provision of the service or the purpose previously disclosed to the member. The

contents of personal information collected are as follows.

1) Required items – Individual member: name, trade name, e-mail address, phone number, address

2) How to collect personal information – Homepage, App

2. Purpose of collection and use of personal information

The company collects personal information for the following purposes. – Marketing and advertising such as service guide

Development and specialization of new services, provision of services and advertisements according to demographic

characteristics; Confirmation of product information and order information confirmation and settlement; Delivery of

advertising information such as access frequency, statistics on service use, and events

3. Consent to collection of personal information

The company obtains consent for the collection of members’ personal information and has prepared a procedure for

consenting to the collection of personal information in the Terms of Use and Privacy Policy during the membership

registration process within the company. If you check the box [I agree to the ‘Privacy Policy], you agree to the collection

of personal information.

4. Provision and Sharing of Personal Information

The company shares member information with merchants in order to provide better service to company members. The

content of the shared information is personally identifiable information (name, contact information, email address, UID),

etc., and the information is not shared for purposes other than service provision and marketing purposes. The company

protects users’ personal information in ‘2. Purpose of collection and use of personal information shall be used within the

scope notified in the ‘Purpose of Collection and Use of Personal Information. However, exceptions are made in the

following cases i) When users consent to disclosure in advance ii) In accordance with the provisions of laws and

regulations, or when there is a request from the investigation agency in accordance with the procedures and methods

stipulated in the laws for the purpose of investigation

5. Period of retention and use of personal information

As long as the service user continues to use the service as a member of our company, the company will continue to

retain the user’s personal information and use it to provide the service. In the event of a request for abuse of rights,

prevention of abuse, infringement of rights/defamation disputes, and cooperation in investigations, the Company may

keep the member’s personal information for one year from the time of the member’s cancellation of the use contract in

preparation for a recurrence. If it is necessary to preserve it in accordance with the provisions of related laws, such as

the Commercial Act, the Consumer Protection Act in Electronic Commerce, etc., the Company keeps member

information for a certain period of time as stipulated by the relevant laws and regulations. In this case, the company

uses the stored information only for the purpose of storage, and the retention period is as follows. end. Reasons for

information retention according to company internal policy The retention period of personal information upon

withdrawal of membership is as follows.

1) Preservation Grounds: User’s Rights Infringement Dispute and Investigation Cooperation

2) Retention period: 1 year Reasons for information retention according to related laws If it is necessary to preserve it in

accordance with the provisions of related laws, such as the Commercial Act, the Consumer Protection Act in Electronic

Commerce, etc., the company keeps member information for a certain period of time as stipulated by the relevant laws

and regulations. In this case, the company uses the stored information only for the purpose of storage, and the

retention period is as follows.

1) Records on handling consumer complaints or disputes Reason for Retention: Act on Consumer Protection in Electronic

Commerce, Etc. Retention period: 3 years

2) Records of visits Reason for retention: Act on Promotion of Information and Communications Network Utilization and

Information Protection Retention period: 3 months

6. Procedure and method of destruction of personal information

In principle, the company destroys the information without delay after the purpose of collection and use of personal

information has been achieved or the period of retention and use has elapsed. However, the information that must be

kept in accordance with the relevant laws and regulations is stored for the period set by the laws and then destroyed. In

accordance with the Act on Promotion of Information and Communications Network Utilization and Information

Protection, etc., in the case of a member who has not had a used record for one year, the company separates it from the

member’s personal information in use and safely stores it, and the purpose of collecting and using personal information

for personal information After this is achieved, the information will be destroyed without delay. At this time, the

separately stored and managed personal information will never be used for any other purpose except as stipulated by

law. Personal information that has achieved the purpose of collection and use of personal information, such as service

termination or the arrival of the personal information retention period agreed by the user, is destroyed in a non-

renewable way. Information for which the duty of preservation is imposed by law is also separately stored and

destroyed in a way that cannot be reproduced without delay after the relevant period has elapsed.

1) Destruction procedure

In accordance with the internal policy and other relevant laws and regulations (see retention and use period), the

information is stored for a certain period and then destroyed. This personal information will not be used for any other

purpose other than being retained unless it is required by law.

2) Destruction method

Personal information printed on paper is shredded with a shredder or destroyed through incineration. Personal

information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.

7. Matters concerning the installation and operation of the automatic personal information collection device and its

rejection

A cookie is a small data file sent by the HTTP server to the user’s browser and is stored on your computer. The company

uses these cookies to obtain the member’s browser type or service usage type, and based on such cookie information, it

is used to provide useful and more convenient customized services to members. You have choices about cookies. By

selecting an option in your web browser, you can accept all cookies, check each time a cookie is saved, or refuse to save

all cookies. However, if you refuse to store cookies, you will not be able to use all services of the company that require

log-in.

8. Technical and administrative measures for personal information protection

Your personal information is protected by a password. Only you can know the password of your account, and only you

who know the password can check and change your personal information. Therefore, you should not disclose your

password to anyone. Also, it is recommended to log out and close the web browser after completing the work. In

particular, if you share a computer with others or use it in a public place, this procedure is more necessary to prevent

personal information from being disclosed to others. The company is not responsible for the leakage of personal

information due to user negligence or problems on the Internet. The company is implementing the following technical

and administrative measures for personal information protection. We are fully committed to firewall and security

systems to prevent hacking. When sending and receiving personal information, an SSL security server certificate is

installed to protect information. Access to personal information is restricted to those who perform the relevant work

and those who need to handle personal information when performing work, so that other employees cannot access it. In

the case of personal information handlers, regular and frequent training is provided. We maintain a record of access to

the personal information processing system and regularly check and supervise it. We are implementing protective

measures when printing and copying personal information.

9. Person in charge of personal information management

If you have any comments regarding the company’s privacy policy, please send us an e-mail and we will take action

immediately upon receipt and notify you of the result. The personal information manager and personal information

protection manager are as follows.

CEO

Name: Hyeonjun Na E-mail: vivranium@cos-in.com

Personal information manager

Privacy Manager

Name: Hoon Kim E-mail: caffeine@cosmeta.us

10. ADDENDUM

The existing personal information protection policy will be amended as a personal information processing policy.

If there is any amendment or change to the current personal information processing policy, we will notify you through a

notice on the site at least 7 days in advance. Date of enforcement of privacy policy: DEC 10th, 2022