This Privacy Policy is effective from July 21, 2022.

Fingerlabs (hereinafter referred to as the 'Company'), which provides the FAVORLET service, protects the personal information of information subjects in accordance with Article 30 of the「Personal Information Protection Act」and handles complaints promptly and smoothly. We establish and disclose the personal information processing policy together.

Article 1 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes. The collected personal information will not be used for purposes other than those specified below, and if the purpose of use is changed, necessary measures, including obtaining separate consent, will be taken in accordance with Article 18 of the Personal Information Protection Act.

• Membership registration and management: Processing personal information for verifying the intention of membership registration, collecting email addresses for providing membership services, preventing unauthorized and fraudulent use of the service, and sending various notifications and announcements.

• Service provision: Processing personal information for managing personal preferences, generating virtual asset wallet addresses, ensuring the security of the service, providing a safe service, and restricting actions that violate laws and the service's terms of use.

• Service error and environment improvement: Processing personal information for resolving errors through performance and log analysis, imposing sanctions for violations of the terms of use, monitoring to establish a healthy service environment, and utilizing statistical analysis of service usage to improve the service.

Article 2 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the period specified by law for the retention and use of personal information or within the period agreed upon by the information subject at the time of collecting personal information.

The processing and retention periods for each category of personal information are as follows:

• Membership registration and management: Retained until withdrawal

The Company will dispose of the personal information without delay after achieving the purpose of processing specified in Article 1 and the retention period specified in Article 2, Paragraph 2.

Article 3 (Items of Personal Information Processed)

The Company processes the following personal information for the purpose of providing services to users:

Article 4 (Provision of Personal Information to Third Parties)

The Company processes the user's personal information within the scope specified for the purpose of personal information processing and does not provide it to third parties without the user's consent.

Article 5 (Handling of Personal Information of Children under 14 Years Old)

The Company does not allow children under 14 years old to use the services.

Article 6 (Outsourcing of Personal Information Processing)

1. The Company entrusts personal information processing tasks to the following entities for smooth handling of personal information:

2. The Company ensures that a contract is signed with the service provider in accordance with Article 26 of the Personal Information Protection Act. The contract includes provisions regarding the prohibition of personal information processing beyond the specified tasks, technical and administrative safeguards, restrictions on re-entrustment, and management and supervision of the service provider.

3. In the event of any changes to the contents of the outsourced tasks or the service provider, the Company will promptly disclose such changes through this privacy policy.

Article 7 (Disposal Procedure and Method of Personal Information)

1. The company immediately disposes of personal information when it becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose.

2. However, in cases where personal information must be continuously retained in accordance with the provisions of the law, such as those specified in Article 2, Paragraph 3, Item 1 of this Privacy Policy and Article 8 (Disposal of Personal Information of Non-Users), even after the consent for the retention period has expired or the processing purpose has been achieved, the company retains such personal information by transferring it to a separate database (DB) or storing it in a different storage location.

3. The procedure and method for the disposal of personal information are as follows:

   • Disposal Procedure: The company selects the personal information for disposal based on the occurrence of disposal reasons and obtains approval from the personal information protection manager before proceeding with the disposal.

Article 8 (Disposal of Personal Information of Non-Users)

1. However, personal information of non-users may be stored and managed separately from the personal information of other users until the retention period specified by other laws has expired.

2. The company notifies users of the impending disposal of personal information, the expiration date, and the specific items of personal information to be disposed of, through methods such as email or text message, 30 days prior to the disposal.

3. If you do not wish to have your personal information disposed of, you can log in to the service before the expiration date.

Article 9 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives)

① Data subjects have the right to exercise their rights such as access, correction, deletion, and suspension of processing of their personal information at any time against the company. However, the exercise of these rights may be restricted in accordance with the provisions of related laws, such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act.

② The exercise of the rights mentioned in paragraph 1 can be made to the company in writing, by email, facsimile, or other means specified in Article 41(1) of the Enforcement Rules of the Personal Information Protection Act, and the company will promptly take necessary measures in response.

③ The rights mentioned in paragraph 1 can be exercised through a legal representative or a delegate authorized by the data subject. In this case, a power of attorney according to the format specified in Attachment 11 of the "Guidelines on Personal Information Processing Methods (No. 2020-7)" must be submitted.

Data subjects and legal representatives can access personal information by logging into the service and selecting "More > Login Information".

⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.

⑥ The company verifies whether the requester of access, correction, deletion, or suspension of processing, as requested based on the rights of data subjects, is the data subject or a legitimate representative.

Article 10 (Measures for Ensuring the Security of Personal Information)

The company takes the following measures to ensure the security of personal information:

1. Minimization and education of personnel handling personal information

   • The company designates specific personnel to handle personal information and restricts them to a minimum, implementing measures to manage personal information.

2. Establishment and implementation of internal management plans

   • The company establishes and implements internal management plans to ensure the secure processing of personal information.

3. Technical measures

   • Encryption of personal information: The company applies secure encryption algorithms to store and manage important personal information such as user PIN numbers.

Article 11 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)

The company does not use "cookies" to store and retrieve user information for the provision of the FAVORLET service.

Article 12 (Collection, Use, and Provision of Behavioral Information and Rejection)

The company does not collect, use, or provide behavioral information for online personalized advertising or any other purposes in relation to the FAVORLET service.

Article 13 (Details of Personal Information Protection Manager)

1. The company appoints a personal information protection manager who is responsible for overseeing the processing of personal information and handling complaints and remedies related to personal information processing.

▶ Personal Information Protection Manager

Name: Kyung-Sik Shin

Position: Head of Planning Department

Rank: Senior

Contact: 02-552-9511

※ You will be connected to the Personal Information Protection Department.

▶ Personal Information Protection Department

Department: Planning Department

Contact Person: Kyung-Sik Shin

Contact: 02-552-9511

② Information subjects can contact the Personal Information Protection Manager and the relevant department for any inquiries, complaints, or requests regarding personal information protection related to the FAVORLET service (or business) provided by the company. The company will respond and handle your inquiries promptly.

Article 14 (Department for Receiving and Processing Requests for Access to Personal Information)

The data subject may submit a request for access to personal information under Article 35 of the Personal Information Protection Act to the following department:

▶Department for Receiving and Processing Requests for Access to Personal Information:

Department Name: Planning Department

Contact Person: Kyung-sik Shin

Contact Number: 02-552-9511

The company will make efforts to ensure prompt handling of requests for access to personal information by the data subjects.

Article 15 (Remedies for Violation of Data Subject's Rights)

To seek remedies for personal information breaches, the data subject may apply for dispute resolution or consultation to the Personal Information Dispute Resolution Committee, the Korea Internet & Security Agency Personal Information Infringement Reporting Center, or other relevant organizations. For reporting and consultation on other personal information infringements, please contact the following institutions:

1. Personal Information Dispute Resolution Committee: 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: 1301

4. National Police Agency: 182

For individuals who have suffered infringement of rights or interests due to a disposition or negligent act of a public institution in response to requests under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), or Article 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act, they may request administrative adjudication in accordance with the Administrative Adjudication Act.

※ For more information on administrative adjudication, please refer to the website of the Central Administrative Appeals Commission (http://www.simpan.go.kr).

Article 16 (Changes to the Privacy Policy)

① This privacy policy will be effective from July 21, 2023.

② The previous privacy policy can be found at the following link:

https://docs.favorlet.io/v/english/terms/previous