Policies to protect consumers personal information

1. What Personal Information We Collect

STARINDEX, Inc. (the “Company”) collects and uses mandatory information only for the purposes of rendering efficient management of membership, customer consulting service, and all types of services. The Company also collects and uses optional information to provide customized service, and other various services.

1. Items of Information to be collected

● Mandatory Information (Upon signing up for membership): ID, name, email address, and some other information that the member agrees to give it to the company

● Optional Information (It will be collected upon necessary, and the member may refuse to provide optional information, but in such case, the member may be restricted from accessing or using the services we provide.): Photo, residence, self-introduction, occupation, cell-phone number, phone number (house), facsimile number, external membership provider service ID, voucher number, approval number, contact number and photo of a third person stored in the mobile phone of a member

● Following information may be automatically created and collected in the course of rendering or accessing the service we provide. Record on the use of the service, log file information (time and date that the member visits web site), Cookies and IP address, inappropriate using record, model and SN (Serial Number) of mobile phone, and mobile phone carrier

2. How to Collect Personal Information

We collect the member’s personal information through mobile phone application and website, external membership provider service login, written documents, facsimile, phone, use of service, feedback site and email, subscription for event, tools gathering created information, and change of membership information, etc.

3. Consent to Personal Information Collection

The member is considered to consent to this Privacy Policy and to give personal information by signup and login[Consent] in ComeUp service. The Company does not collect any sensitive information that may infringe on the basic human rights (ethnic group, ideology and creed, political bias and criminal record, health condition and sexual life, etc.) of a member.

2. Purpose of Collection and Use of Personal Information

The personal information collected is used for the following purposes. Any and all information provided by the member will not be used for any purpose other than the purposes described below, and in case that the purposes are changed, the Company will obtain the prior consent from the member. Provision of Service Provision of contents and specific service on demand, delivery of products or invoice, verification of identity, purchase and payment, collection of fee Membership Identification and Management Confirmation and verification of identity, prevention of inappropriate use and unauthorized use by bad user, confirmation of membership intent, handling of customer complaint, and delivery of notice Utilization for marketing and advertisement, provision of customer information and personalized service in accordance with the development of new service and special event, provision of service in accordance with the demographic characteristics and publish of advertisement, identifying the access frequency or compilation of statistics on service use Notification of information that a member should know such as material changes and improvement of Company’s service, and announcement of new service

3. Period for Retention and Use of Personal Information

The Company will retain and use the personal information of a member for the time span from the membership application date to the termination date of membership. In case that a member withdraws his/her consent for collection and use of personal information, or in case that the Company fulfills the purposes outlined in this Privacy Policy and that the retention period hereunder is expired, the concerned personal information will be destroyed immediately. In such case, the personal information may not be either inspected or used for any other purposes. However, the following information will be retained for a specified time only for the causes described below. Items to be retained: any and all records of membership register and its management including name, nickname, gender, date of birth, residence, personal introduction and photo, statement of settlement and purchase and records of fee-based commercial service. Reasons for retention: prevention of confusion or interference in using the service, cooperation with the relevant authority which investigates the illegal user, and settlement of debtor-creditor relations between the Company and the Member

Retention period: 1 year

If any personal information of a member is required to be retained under the applicable laws and regulations, the Company will keep the information for a certain period of time.

Record of indication/advertisement: 6months (Act on the Consumer Protection in the Electronic Commerce Transactions, etc.)

Records of contract or withdrawal of subscription: 5years (Act on the Consumer Protection in the Electronic Commerce Transactions, etc.)

Records of payment and supply of goods: 5years (Act on the Consumer Protection in the Electronic Commerce Transactions, etc.)

Records of consumer complaint or handling of disputes: 3 years (Act on the Consumer Protection in the Electronic Commerce Transactions, etc.)

4. Procedures and Method of Destruction of Personal Information

After fulfilling the purposes of collection and use of the personal information, the member’s personal information will be discarded, in principle. Any personal information stored in electronic files will be discarded using technical methods preventing restoration thereof and the personal information printed on paper will be discarded by method of shredding or incineration.

5. Provision of Personal Information to Third Person

Personal information of a member will be used to the extent of being described in the “Purpose of Collection and Use of Personal Information”, and it cannot be used for other purposes without the prior consent of the member, and opened to the public, in principle. Any personal information will not be divulged or disclosed to a third person, corporate or organization without the consent of a member. However, in cases falling under any of the following, the Company may use or provide the personal information with caution:

● Where a member gives the prior consent for disclosure. The member may refuse to consent but in such case, he/she may be restricted in using the service.

● Where the personal information is required for the performance of any contract related to the provision of service, but it is remarkably difficult to obtain normal consent due to economic/technical reasons

● Where it is required under the applicable laws and regulations, or where it is required by the enforcement authority in accordance with the statutory procedures for the purpose of investigation

● Where it is necessary for operation of new service to be rendered by the Company

● Where it is provided to sponsor, affiliate or research institute, etc. in the form of non-identifiable information for the purpose of compiling statistics, conducting academic research or market research

● Where it is requested in accordance with the procedures defined in the applicable laws and regulations

However, even in case that any personal information is provided pursuant to applicable laws and regulation or at the request of enforcement authority, the Company should notify the concerned member of the fact, in principle. However, legal issues may force the Company to omit notification to the concerned member. The Company will exert our best efforts to prevent the personal information from being disclosed or provided indiscreetly contrary to the intended purposes of collection and use. Provided however, even though the Company collects information related to the use pattern of the service of the user using Google Analytics and user analysis service, the Company will not disclose the information gathered to third parties.

6. Entrustment of Management of Personal Information

The Company may entrust an outside company with the management of some of the personal information for smooth process, and upon executing the consignment agreement, the Company should stipulate the provisions about purpose and scope of entrustment, prevention from handling personal information for the purpose other than that entrusted, restriction on sub-entrustment, management and supervision of trustee, measures for security and responsibility in the document, and supervise whether the trustee handles the personal information entrusted in safe ways.

7. Matters about Installation, Operation and Denial of Device for Automatic Collection of Personal Information

The Company may operate ‘Cookies’ which stores and finds the member’s information from time to time in order to personalized service to the member. Cookies are used to operate the web site server sent to a member’s browser as a very small text file, which is stored on a member’s computer hard disk. Company (s) use cookies for the following purposes: Company provides targeted marketing and personalized services through analysis of the frequencies of access and visiting-hour of the member and non-member, the user's tastes and interests and identification of various events such as participation rate and number of visits. You have a choice in the placement of Cookies. Thus, by setting your web browser options you may allow all Cookies, or confirm each time Cookie is stored, or you can refuse all Cookies stored.

How to reject Cookies set:

For example, as methods to reject Cookies, by setting your web browser options you may allow all Cookies, or confirm each time a Cookie is stored, or you can refuse all Cookies stored.

How to set (Internet Explorer only):

Web browser at the top of the tools> Internet Options> Personal Information

However, if you reject the placement of Cookies, it may be difficult to provide services which require log-on.

8. How to Exercise the Rights of User

The member reserves the rights to access, correct and delete personal information and to request the company to suspend the handling of the information at any time. Upon request of the member, the Company manages the member’s request without delay. However, upon request, the Company deletes the personal information in accordance with the procedures and method described in Section 4 hereof.

9. Linked Sites

The service provided by the Company may contain links to other company’s web sites or data. In such case, the Company does not reserve any rights to control the external web sites and data, and thus the Company should not be liable for or guarantee the utility of the service or data provided by outside company. In particular, if the member clicks on the links contained and transfers to other web site, the privacy policy of the concerned web site will be applied.

10. Technical and Managerial Measures to Protect the Personal Information

In handling the personal information of a member, the Company applies the technical and managerial measures as follows in order to prevent loss, stolen, divulge, falsification or compromise and to secure the safety.

Encryption of personal information: Personal information of a member is protected by password, and important data is encrypted or locked so that all the files and transferred data are not read by other person.

Technical measures against hacking: The Company operates system which blocks hacking and prevents personal information from being leaked or compromised and the Company also installs a system detecting external invasion and monitoring external access around the clock.

Restriction on access to Personal Information Management System: The Company takes any and all necessary measures to control the access to the personal information by establishing criteria regulating the grant of accessibility to, changes and cancellation of the database system which is systematically composed to manage the personal information, and operating the regulations on creation method of password and cycle of its change.

Education of Personnel in charge of Personal Information: The Company takes measures for efficient management of accessibility by limiting the number of the personnel managing personal information at the very least, providing training and education about acquisition of new security technology and obligation to protect the personal information on a regular basis and granting separate password to the member.

Management of Personal ID and Password: ID and password of a member is used only by the member in principle. The Company shall not be liable for any damages incurred due to the member’s negligence in connection with the leaks of personal information including ID, password and email address and due to the inherent risks in Internet.

11. Civil Service about Personal Information

The Company designates personal information manager to protect customers' personal information and to handle customer’s complaints regarding personal information.

The user may report any complaint related to Privacy Policy which occurs in the course of using the Company’s service to the personal information manager, and the Company will make prompt and sufficient response to the user’s complaint.

Personal information manager

Name: Wook Kim

Phone number: +82.2.6243.0771

Email address: cs@starindex.com

For report about infringement on personal information or more consultation, please contact the following agencies.

Private Dispute Resolution Committee (+82.1336)

Privacy Mark Certification Committee (+82.2.580.0533~4)

Internet criminal investigation center of Supreme Prosecutor Office (+82.2.3480.3600)

Cyber Terror Response Center of National Police Agency (+82.2.392.0330)

12. Miscellaneous

If the Company makes additions, deletions and changes to any terms or conditions of this Privacy Policy in accordance with the laws/ policy or changes in the security technology, such changes will be notified through a post through the service or email 7 days prior to the implementation of new Privacy Policy.

Addendum

This Privacy Policy was enacted on June 15, 2015.