Bobae F&B Co., Ltd. (hereinafter referred to as the "Company") complies with relevant privacy protection regulations under the "Personal Information Protection Act," the "Act on Promotion of Information and Communications Network Utilization and Information Protection" (hereinafter referred to as the "Information and Communications Network Act"), and the "Location Information Protection and Utilization Act" (hereinafter referred to as the "Location Information Act"). The Company has established this Privacy Policy in accordance with the Personal Information Protection Act to protect the rights and interests of users. This Privacy Policy applies to the web services provided by the Company and includes the following details.

1. Collection and Use of Personal Information
a. The Company collects personal information with the consent of the user, within the minimum scope necessary for providing services. All collected personal information will only be used within the scope of the stated purpose. Additionally, due to the nature of the services provided (such as providing recruitment information), users under the age of 15 are not permitted to register as members in accordance with the "Labor Standards Act." Depending on the type of service provided by the Company, the following details apply regarding the collection, use, retention, and disposal of personal information.

2. Provision of Personal Information to Third Parties
The Company uses personal information only within the scope disclosed in "1. Personal Information Collection and Usage" and, in principle, does not provide personal information to third parties. However, exceptions apply in the following cases:
a. When the user has agreed (accepted) to provide personal information to a third party while using the service.
b. When required by law or requested by law enforcement authorities following the procedures and methods prescribed by law for investigation purposes.
You may refuse the provision of personal information to third parties and can withdraw your consent for third-party provision at any time. However, please note that some services related to third-party provision may be restricted (membership registration services will still be available).

3. Outsourcing of Personal Information Processing
The Company outsources certain tasks related to the processing of personal information as described below and takes necessary measures to ensure that the personal information being outsourced is securely managed in accordance with relevant laws and regulations. Additionally, the outsourced information is limited to the minimum scope required for providing the service.
The tasks outsourced by the Company are as follows, and if there are any changes in the outsourced tasks, we will notify you accordingly.

4. Retention and Use Period of Personal Information
The Company retains the user's personal information until the purpose for which the information was collected and used is achieved, or until the user requests withdrawal, in accordance with the matters disclosed and agreed upon. However, the information will be stored separately in a database or table isolated from external access in cases where retention is necessary for the following reasons:
a. Retention of Personal Information in accordance with Relevant Laws
① Telecommunications Privacy Protection Act
- Service usage records, access logs, access IP information: 3 months
② Consumer Protection in Electronic Commerce, etc. Act
- Records related to advertising and display: 6 months
- Records related to contract or withdrawal of subscription: 5 years
- Records related to payment and provision of goods: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
③Value Added Tax Act
- Transaction-related information such as invoices and receipts: 5 years

5.Procedures and Methods for Destroying Personal Information
The Company, in principle, destroys users' personal information without delay once the purpose of collection and use is achieved. However, information that must be retained under other laws will be separately stored for the legally required period before being destroyed.
a. Procedures and Timing of Destruction
- Personal information that has fulfilled its purpose of collection and use is destroyed without delay. If retention is required under relevant laws, the information is transferred to a separate database and securely stored for a designated period in compliance with internal regulations and legal requirements before being permanently destroyed.
- Personal information transferred to a separate database will not be used for any other purposes unless required by law.
b. Methods of Destruction
- Electronic files containing personal information are permanently deleted using technical methods that prevent recovery or restoration.
- Personal information printed on paper is shredded or incinerated to ensure complete destruction.

6. User Rights and Exercise Methods
As the data subject, users can exercise the following rights at any time through the company's website. Additionally, the company operates a dedicated customer service center to handle related inquiries and consultations.

7. Automatically Collected Personal Information and Cookie Preferences The company installs and operates cookies to provide personalized services for users. The purpose of using cookies and how to manage them are as follows:
a. What are cookies?
Cookies are small text files sent by the server operating the website to the user's browser, which are then stored on the user's computer for operation.
b. Purpose of Using Cookies
Cookies are used for session management, providing customized user environments, tracking user activity, and analyzing statistics for events and promotions to deliver optimized personalized services.
c. Cookie Installation, Operation, and Rejection
Users have the right to choose whether to allow cookies when using the service. By adjusting their web browser settings, users can allow all cookies, reject them, or receive a notification whenever a cookie is stored. The methods to manage cookie settings for different browsers are as follows:
- Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Set privacy level
- Chrome: Settings menu at the top-right of the web browser > Tools > Clear browsing data

8. Measures for the Protection of Personal Information
The company takes appropriate technical and managerial measures in accordance with the Information and Communications Network Act, the Personal Information Protection Act, and other relevant laws to ensure the safety of users' personal information, preventing loss, theft, leakage, falsification, or damage.
a. Technical Measures
- Users' personal information is protected by passwords, and important data is encrypted or secured using file lock functions to ensure enhanced security.
- The company employs antivirus programs to prevent damages caused by computer viruses. These programs are regularly updated, and in the event of a new virus outbreak, the company immediately provides updates to prevent any potential personal information breaches.
- Personal information transmitted over the network is securely encrypted using SSL (Secure Sockets Layer) during transmission.
- To guard against hacking and external intrusions, the company operates intrusion prevention systems and other security measures.
b. Managerial Measures
- The company limits the number of personnel handling personal information to the minimum necessary and provides regular training to employees on new security technologies and their obligation to protect personal information.
- Upon employment, all employees sign a confidentiality agreement to prevent personal information leaks, and internal procedures are in place to monitor compliance with the privacy policy.
- The company ensures that the transfer of duties for personnel handling personal information is conducted securely, and accountability for personal information incidents is clearly established before and after employment.
- The data center and document storage rooms are designated as restricted areas with controlled access. - In the event of a personal information breach due to human error or technical issues, the company will promptly notify users and take appropriate measures, including compensation if necessary.