Everspin Co., Ltd. (hereinafter referred to as the 'Company') establishes and discloses the following privacy policy in accordance with Article 30 of the 「Personal Information Protection Act」 to protect the personal information of the subjects and to handle related grievances quickly and smoothly.

1. Purpose of Processing Personal Information

The company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the 「Personal Information Protection Act」.

1. Handling customer inquiries and partnership consultations: Personal information is processed for the purpose of identifying inquiries, contacting/notifying for investigation, and notifying processing results.
2. Utilization in marketing and advertising (when subscribing to newsletters): Personal information is processed for the purpose of sending newsletters and providing information on new services (products) and events.
3. Service usage statistics and management: Personal information (access logs, etc.) is processed for the purpose of identifying access frequency, statistics on service use, service stabilization, and security (prevention of malicious code transmission, prevention of unauthorized use, etc.).

2. Items of Personal Information to be Processed and Period of Retention and Use

The company processes the following personal information items with the consent of the information subject in accordance with Article 15 (1) 1 and Article 22 (1) 7 of the 「Personal Information Protection Act」.

3. Matters Concerning the Procedure and Method of Destroying Personal Information

1. The company destroys the personal information without delay when the personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the processing purpose.
2. In cases where personal information must continue to be preserved in accordance with other laws and regulations despite the expiration of the personal information retention period consented to by the information subject or the achievement of the processing purpose, the personal information is transferred to a separate database (DB) or preserved in a different storage location.
   • Records on consumer complaints or dispute handling: 3 years (Act on the Consumer Protection in Electronic Commerce)
   • Website visit records: 3 months (Protection of Communications Secrets Act)
3. The procedure and method of destroying personal information are as follows.
   1. Destruction Procedure: The company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the company's personal information protection officer.
   2. Destruction Method: Personal information recorded and stored in the form of electronic files is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding with a shredder or incineration.

4. Matters Concerning the Provision of Personal Information to Third Parties

The company processes the personal information of the subject only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only when it falls under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the consent of the subject or special provisions of the law, and does not otherwise provide the subject's personal information to third parties.

5. Matters Concerning the Entrustment of Personal Information Processing

1. Currently, the company does not entrust the processing of personal information.
2. When concluding an entrustment contract in the future, we will specify matters regarding responsibilities such as the prohibition of personal information processing other than for the purpose of performing the entrusted work and technical/managerial protection measures, and we will supervise whether the trustee processes personal information safely.

6. Matters Concerning the Overseas Transfer of Personal Information

The company does not provide or entrust personal information collected overseas.

7. Matters Concerning Measures to Ensure the Safety of Personal Information

The company takes the following measures to ensure the safety of personal information.

1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Access authority management of personal information processing systems, etc., installation of access control systems, installation and renewal of security programs (application of SSL certificates, etc.)
3. Physical measures: Access control of computer rooms, data storage rooms, etc.

8. Matters Concerning the Installation and Operation of Automatic Personal Information Collection Devices and Refusal Thereof

1. The company uses 'cookies' that store and frequently retrieve usage information to provide optimized customized services to users.
2. A cookie is a small amount of information that a server (http) used for website operation sends to the information subject's browser and is stored on the information subject's PC or mobile.
3. Installation, operation, and refusal of cookies: You can refuse to store cookies through the option settings in the [Tools] > [Internet Options] > [Privacy] menu at the top of the web browser. However, if you refuse to store cookies, you may experience difficulties in using some services.

9. Matters Concerning the Rights and Obligations of Information Subjects and Legal Representatives and How to Exercise Them

1. Information subjects may exercise their rights, such as requesting access to, correction, deletion, or suspension of processing of personal information, against the company at any time.
2. Rights can be exercised through writing or e-mail to the company, and the company will take action without delay.
   • Refusal to receive newsletters (unsubscription) is also possible through the 'Unsubscribe' link at the bottom of the sent email.
   • Contact email: privacy@everspin.co.kr
3. If an information subject requests correction or deletion of errors in personal information, the company will not use or provide the personal information until the correction or deletion is completed.

10. Personal Information Protection Officer and Department in Charge

1. The company is in overall charge of personal information processing and has designated a personal information protection officer as follows to handle complaints and provide remedies for information subjects related to personal information processing.
   • Personal Information Protection Officer / Department: Team Leader Jaesung Kim / Information Security Team
   • Contact: 02-2135-6239
   • Email: privacy@everspin.co.kr
2. Information subjects can inquire about all personal information protection related inquiries that occurred while using the company's services to the personal information protection officer and the department in charge.

11. Remedies for Infringement of Rights and Interests of Information Subjects

Information subjects may contact the following organizations for damage relief and consultation regarding personal information infringement.

1. Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
4. National Police Agency: (no area code) 182 (ecrm.cyber.go.kr)

Supplementary Provisions

This privacy policy will be effective from January 30, 2026.