Suprema Download Center Privacy Policy

Suprema Co., Ltd. (hereafter "Company") provides the Download Center (hereinafter referred to as “the service”) and is committed to adhering to relevant domestic and foreign laws, such as the Personal Information Protection Act and General Data Protection Regulation (GDPR). To safeguard the personal data of data subjects and ensure efficient handling of related complaints, the Company has established and is disclosing its privacy policy as follows.


Article 1. Purpose of Personal Data Processing and Processing Items, and Duration of Processing and Retention

Article 2. Method of Personal Information Collection

Article 3. Provision of Personal Data to Third Parties

Article 4. Consignment of Personal Data Processing and Overseas Transfer

Article 5. Personal Data Destruction Procedure and Method

Article 6. Rights and Duties of Data Subjects and Exercise of Rights

Article 7. Measures to Ensure the Safety of Personal Data

Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices

Article 9. Contact Information for Privacy Officer and Relevant Department

Article 10. Remedy for Infringement of Rights and Interests of Data Subjects

Article 11. Privacy Policy of Other Websites

Article 12. Changes in Personal Data Processing Policy and Obligation to Notify

Article 1. Purpose of Personal Data Processing and Processing Items, and Duration of Processing and Retention

? The Company processes the personal data of data subjects as follows

Category (Service) Purpose of processing Processed personal data Duration of Processing and Retention
Download Center Registration Download Center Service Provision Required ? Download Center membership information:
- ID (email address), last name, first name, company name, business type, job title, country
Until service withdrawal
DM Subscription DM Subscription Service Provision Optional ? DM subscription application information:
- Email address- Required when applying for DM subscription
Until subscription cancellation

? The company may process and retain personal information in accordance with other legal regulations besides the personal information processing outlined in Paragraph (1). Personal information processed under other laws will be retained for the period specified by the relevant legislation.

Record Legal Basis Retention Period
Records related to contracts or withdrawal of subscriptions, etc. Act on the Consumer Protection in Electronic Commerce 5 years
Records related to payment of fees and supply of goods, etc. 5 years
Records related to consumer complaints or dispute resolution 3 years
Records related to advertisements 6 months
Website access records Protection Of Communications Secrets Act 3 months

Article 2. Method of Personal Information Collection

? The Company collects personal data through the following methods:

1) The Company''s website (including mobile web and apps)

2) Information collection tools (access logs, cookies, etc.)

3) Direct provision by the data subject via offline channels (exhibitions, etc.)

4) Mail, telephone, fax, or other means used by the data subject for inquiry and consultation purposes

? The Company collects the minimum amount of personal data necessary to achieve the purpose of collection and ensures that such data is not used for purposes other than the intended ones. If the purpose of use changes, the Company will take necessary measures, including obtaining separate or additional consent from the data subject.

Article 3. Provision of Personal Data to Third Parties

? The Company will not use or disclose the data subject''s personal data to third parties without consent, except when required by relevant laws or regulations.

? However, personal data may be provided without separate consent in the following situations:

1) For the purpose of settling service fees;

2) When providing data in an anonymized form for statistical, research, or market survey purposes to research institutions, survey organizations, or other entities; or

3) When required by special provisions of relevant laws, such as the Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Act on Consumer Protection in Electronic Commerce, Criminal Procedure Act.

? If personal data is provided to third parties without the data subject''s consent under special legal provisions, only the minimum necessary information will be provided, and it will not be used for purposes other than the intended ones.

Article 4. Consignment of Personal Data Processing and Overseas Transfer

? The company transfers (stores) personal information overseas for the purpose of providing smooth information and marketing, ensuring the stability of service provision, and offering the latest technology as follows.

Personal data(items) being transferred Destination country of the transfer Timing and method of the transfer Recipient of the transfer
Corporate name Contact information Purpose of using the personal data Retention and usage period
? Download Center membership information:
-ID (email address), last name, first name, company name, business type, job title, country
? DM subscription information:
-Email address
South Korea ? Transmission of personal information via network at the moment the service user enters the information on the app/website. Amazon Web Services Inc. aws-korea-privacy@amazon.com Cloud Service Provision (Data Storage) Until service withdrawal or information deletion
? Download Center membership information:
-ID (email address), last name, first name, company name, business type, job title, country
? DM subscription information:
-Email address
Japan ? Transmission of personal information via network at the moment the service user enters the information on the app/website. Salesforce.com privacy@salesforce.com Direct mailing (DM) Until a request to cancel DM subscription or a request for deletion is made

? The Company manages and supervises the entrusted entity to ensure compliance with technical and administrative protection measures, as well as other relevant laws and regulations related to personal data, and prohibits them from processing the data for purposes beyond the scope specified.

? In the event of a change in the content of the consigned processing or the entrusted company, the Company will promptly disclose such changes through this privacy policy.

? The technical and administrative protection measures of cloud services shall comply with the policies of the cloud service provider. The cloud service provider shall solely manage the physical aspect of the outsourced personal data and shall not access it.

? The data subject may choose to refuse the transfer of their personal data by contacting the Privacy Officer or the relevant department of the Company. However, please note that refusal to transfer personal data may result in limited access to the Company''s relevant services.

Article 5. Personal Data Destruction Procedure and Method

? When personal data becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Company shall dispose of the personal data promptly.

? In cases where personal data needs to be retained despite the expiration of the agreed-upon retention period or the achievement of the processing purpose due to other laws, it will be transferred to a separate database (DB) or stored in a different location.

? The following outlines the procedure and method for the destruction of personal data:

1) Procedure:

Information entered by a data subject shall be transferred to a separate database (or a separate document if provided in hard copy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.

2) Method:

Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.

Article 6. Rights and Duties of Data Subjects and Exercise of Rights

    ? The data subject may exercise the following privacy-related rights directly or indirectly through their legal representative with the Company at any time:

    1) The right to receive information about the processing of personal data.

    2) The right to determine the extent of consent for the processing of personal data.

    3) The right to verify the processing of personal data and request access to (including obtaining copies of) and the transfer of personal data.

    4) The right to request the suspension, correction, or deletion of personal data processing.

    5) The right to seek compensation for damages caused by the processing of personal data through prompt and fair procedures.

    6) The right to object to automated decisions based on personal data processing and request an explanation.

    ? The exercise of rights and withdrawal of consent pursuant to Paragraph (1) can be done through written documents, phone, email, facsimile (FAX), etc., and the company should process it immediately after verifying the individual's identity.

    ? The data subject may exercise their rights either directly or indirectly through their legal representative or an authorized agent. In such cases, a letter of authorization is required.

    ? Notwithstanding the provisions of Paragraph 1, access to personal data and the right to correction may be restricted when:

    1) It poses a serious threat to the life, body, property, or rights of the data subject or a third party;

    2) It significantly disrupts the proper operation of the service provider; or

    3) It violates other laws, etc.

    ? The Company does not generally collect personal data from individuals under the age of 16. However, if it becomes necessary to collect personal data from individuals under the age of 16, the Company will comply with the consent requirements and other criteria mandated by applicable laws after obtaining the consent of their legal guardian.

Article 7. Measures to Ensure the Safety of Personal Data

The Company takes the following administrative, technical, and physical measures to safeguard personal data.

1) Administrative measures:

Establishment and implementation of information security regulations and privacy control policy, operation of a dedicated organization, and regular training for employees.

2) Technical measures:

Access control and authentication for personal data processing systems, installation, and operation of access control systems and security programs, encryption of personal data, encrypted transmission, etc.

3) Physical measures:

Access control for computer rooms, etc.

Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices

? The Company may use cookies, which have the following characteristics, to provide individualized customized services to users:

1) Cookies are small pieces of information sent by the website's server to the user's computer browser.

2) Cookies are used to store and retrieve usage histories of website visitors.

3) Cookies may be stored on users' PC hard drives.

? The company uses such cookies to recognize users on the website and remember the preferences they have previously selected. If the company uses cookies, it will publish a policy regarding their use.

? Users have the option to configure their web browsers to allow all cookies, request permission before saving cookies, or refuse all cookies. However, it is important to note that rejecting cookies may lead to limitations and issues in the use of our services, and the Company does not assume responsibility for any resulting restrictions.

? How to install, enable, or reject cookies

Record Rejection method
Microsoft browser For Windows 10 Internet Explorer 11 Click on the "Tools" button in Internet Explorer. Select "Internet Options." Go to the "Privacy" tab. Click on "Advanced" in the Settings section. Choose whether to block or allow cookies.
Microsoft Edge Click on the "..." button in the top right corner of Edge. Select "Settings."
On the left side of the Settings page, click on "Privacy, search, and services." In the "Tracking prevention" section, choose the level of tracking prevention you prefer.
Decide whether to always use "Strict" tracking prevention when searching in InPrivate mode.
In the "Privacy" section below, select whether to send "Do Not Track" requests.
Chrome PC Click on the menu in the top right corner of the web browser, and choose "Settings." Navigate to "Privacy and security."
Go to "Cookies and other site data" and decide whether to allow cookies.
Mobile Click on the menu in the top right corner of the web browser, and select "Settings." In "Advanced settings," choose "Site settings."
Go to "Cookies" and decide whether to allow cookies.
Safari Mac OS Click on "Safari" in the top left corner of the Mac OS menu bar and choose "Preferences."
Go to "Privacy" and decide whether to allow cookies.
iOS Go to "Settings." Find and select "Safari" in the list of apps. Under "Privacy & Security," decide whether to allow cookies.

Article 9. Contact Information for Privacy Officer and Relevant Department

? The Company has designated a Privacy Officer, who takes on the general roles and responsibilities of a Data Protection Officer (DPO), to ensure the protection of your personal data and handle any privacy-related inquiries or complaints.

Record Privacy Officer Department in Charge of Privacy Protection
Name Chang-soon Park Information Security Office
Contact / E-mail +82-31-710-2450 / cspark@suprema.co.kr privacy@suprema.co.kr

? Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal data that arise while using the Company's services (or business). The Company will promptly respond and handle inquiries from data subjects.

Article 10. Remedy for Infringement of Rights and Interests of Data Subjects

? If you need to report or consult about a violation of personal data, you can contact the agencies listed below for assistance:

Privacy Breach Report Center Personal Information Dispute Mediation Committee Cyber Investigation Division, Supreme Prosecutors' Office Cybercrime Report and Management Bureau, National Police Agency
118
privacy.kisa.or.kr
1833-6972
www.kopico.go.kr
1301
www.spo.go.kr
182
ecrm.police.go.kr

? The Company ensures that data subjects have the right to control their personal data and is committed to offering assistance and solutions in case of any violations. If you need to report or seek advice, please use the contact details provided in Article 6.

Article 11. Privacy Policy of Other Websites

The website where the Company's Privacy Policy is posted may contain links to other websites. The Company's Privacy Policy applies solely to its own services provided on the website. Clicking on the links to third-party websites will require reviewing the respective privacy policies of those sites.

Article 12. Changes in Personal Data Processing Policy and Obligation to Notify

? This Privacy Policy may be updated whenever necessary to comply with legal requirements or Company policies. Any additions, deletions, or modifications to the policy will be communicated through the Company's website along with the reasons for the changes.

? This Privacy Policy will be implemented starting from April 18, 2024.