Seoul Semiconductor

PRIVACY POLICY v1.2

Seoul Semiconductor Co., Ltd. (hereinafter the “Company”) lawfully and safely handles users’ personal information in accordance with the Personal Information Protection Act, relevant laws, and the 2024 Guidelines for Drafting Privacy Policies (published by the Personal Information Protection Commission).
This policy is established and disclosed to protect the rights of data subjects, and applies to all services provided by the Company.

1. Items of Personal Information Collected and Purpose of Use

The Company collects and uses personal information for the purposes described below and within the minimum scope required by applicable laws.
If the purpose of use is changed, prior consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.

Purpose of Collection	Items Collected	Retention Period
Comment posting (optional)	SNS account, name	Until purpose is fulfilled
Service usage analysis (required)	Cookies, IP address, browser information, etc.	3 months (as per Communications Privacy Protection Act)
Responding to inquiries	Name, contact information, email	3 years after inquiry resolution

※ The Company does not collect sensitive or unique identifying information. If such collection is unavoidable, the Company will notify and obtain separate consent based on legal grounds.

2. Provision of Personal Information to Third Parties

In principle, the Company does not provide users‘ personal information to third parties.
However, in the following exceptional cases, it may be provided with prior consent from the data subject.

Recipient	Purpose of Provision	Information Provided	Retention Period
Emotion Global Co., Ltd.	Website maintenance	IP address, cookies, etc.	Until purpose is fulfilled
Seoul Semiconductor Affiliates	Inquiry response	Inquiry content, contact details	Until purpose is fulfilled
Hello Digital Co., Ltd.	CRM system operation	Website usage and inquiry data	Until purpose is fulfilled

※ Overseas transfer: Google LLC (U.S.) / Website analytics / Cookies, IP, etc. / Retained for 2 years from collection

※ Legal Basis: Article 28-8 of the Personal Information Protection Act

3. Outsourcing of Personal Information Processing

To provide services, the Company outsources certain tasks as follows:

Subcontractor	Details of Outsourced Work
Emotion Global Co., Ltd.	Website maintenance and customer support system operation
Hello Digital Co., Ltd.	CRM system operation
HubSpot Inc.	CRM system operation and technical support
Amazon Web Services	Storage of user and system operation data

※ All outsourcing contracts include data protection clauses under Article 26 of the Personal Information Protection Act.
If further outsourcing occurs, data subjects will be notified separately and consent will be obtained.

4. Procedures and Methods for Destruction of Personal Information

Personal information is destroyed without delay after the purpose of processing has been achieved. The specific procedures and methods are as follows:

Electronic files: Permanently deleted using irreversible technical methods
Paper documents: Shredded or incinerated
If legally required to retain: Destroyed within 5 days after the retention period ends

5. Rights of Data Subjects and How to Exercise Them

Data subjects may exercise the following rights at any time:

Request to access, correct, delete, suspend processing of, or withdraw consent to personal information
Request explanation of automated decision-making

▶ How to exercise: By email (info@seoulsemicon.com), in writing, or via the ‘Contact Us’ menu on the website

▶ Response time: Within 10 days of receipt

▶ For legal representatives: A power of attorney must be submitted (Attachment No. 11 of the Enforcement Rules)

6. Measures for Ensuring Security of Personal Information

To securely manage personal information, the Company implements the following measures:

Establishment of internal management plans and regular staff training
Technical safeguards such as DB encryption and SSL
Access control and access logs retained for at least 1 year
Installation and regular inspection of security software
Response protocols for data breaches and incident reporting system

7. Use of Automatic Collection Devices and Behavioral Information

Automatically collected items: Visit history, search terms, browser type, IP address, etc.
Purpose: Provision of personalized content and statistical analysis
Tools: Use of Google Analytics cookies
How to disable: Users can delete or block cookies via their browser settings

※ Please note that disabling cookies may restrict some service functions.

8. Personal Information Protection Officer and Contact Department

Role	Name/Department	Contact
Chief Privacy Officer	Management Information GT Lead	sec@seoulsemicon.com
Privacy Officer	Information Security LT Lead	sec@seoulsemicon.com

▶ For inquiries, contact via email or through the “Contact Us” page on the website.

9. Remedies for Rights Violations

In case of personal data disputes or violations, you may contact the following organizations for assistance:

Personal Information Infringement Report Center: 118 / https://privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972 / https://www.kopico.go.kr
Supreme Prosecutors’ Office Cyber Crime Investigation Division: 1301 / https://www.spo.go.kr
National Police Agency Cyber Bureau: 182 / https://cyberbureau.police.go.kr

10. Overseas Transfer of Personal Information

Pursuant to Article 28-8 of the Personal Information Protection Act, the Company may transfer personal information overseas as follows:

Provider	HubSpot Inc.	Amazon Web Services
Country	United States	United States
Contact	HubSpot Inc.	aws-korea-privacy@amazon.com
Transfer Timing & Method	Upon service use, via network	Upon service use, via network
Information Transferred	Name, contact, email, inquiry content	Name, contact, email, inquiry content
Purpose of Use	CRM system operation and support	CRM data storage
Retention Period	Until purpose of use is achieved	Until purpose of use is achieved

11. Revisions to This Privacy Policy

This policy will take effect on April 24, 2025.
Any revisions will be announced on the Company’s website at least 7 days in advance.

Version: v1.2
Effective Date: April 24, 2025

※ This privacy policy has been prepared in accordance with the 2024 Guidelines for Drafting Privacy Policies and is structured to center the rights and understanding of the data subject.