PRIVACY POLICY

Effective Date: 25-Mar-2024

1. INTRODUCTION

1.1 This privacy policy (this “Privacy Policy”), together with our Terms of Service, applies to your use of the SecuLetter site (the “SecuLetter Site”), as well as SecuLetter Cloud-based cybersecurity platform and application (the “SecuLetter Service”).

1.2 This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

1.3 SecuLetter Co., Ltd. (“SecuLetter” or “We”) is the data controller and is responsible for your personal data.

1.4 We have appointed a data protection officer. If you have any questions about this Privacy Policy, please contact the officer using the details set out below:
Name: Yunsoo Lee
E-mail Address: yunsoo.lee@seculetter.com
Telephone Number: +82-31-608-8860
Postal Address: 14F, PangyoInnovationLab, 422-1, Gumto-dong, Sujeong-gu, Seongnam-si, Gyeonggi-do, Korea

1.5 We keep this Privacy Policy under regular review. This Privacy Policy may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next access the SecuLetter Site and/or SecuLetter Service. The amended Privacy Policy may be displayed on the SecuLetter Site and/or SecuLetter Service, and you may be required to read and accept the changes to continue your use of the SecuLetter Site and/or SecuLetter Service.

1.6 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

2. THE PERSONAL DATA WE COLLECT ABOUT YOU

2.1 While you access the SecuLetter Site and/or SecuLetter Service, we may collect, use, store and transfer different kinds of personal data about you as follows:

2.1.1 Name;

2.1.2 Company Name;

2.1.3 E-mail address;

2.1.4 Phone number;

2.1.5 Usage Data; and

2.1.6 Location Data.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

3.1 We will collect and process the following data about you:

3.1.1 Information you give us. The information about you that you consent to give us by corresponding with us. If you contact us, we will keep a record of that correspondence.

3.1.2 Information we collect about you and your device. Each time you access the SecuLetter Site and/or SecuLetter Service, we will automatically collect personal data including device data (the type of device you use, your unique device ID, the IP address of your device, your device operating system, the type of Internet browser used on your device, the unique device identifiers and other diagnostic data) and usage data (IP address, Internet browser type, Internet browser version, the pages of the SecuLetter Site and/or SecuLetter Service that you have visited, the time and date of your visit, the time spent on those pages, Unique Device Identifiers and other diagnostic data). We collect this data using cookies and other similar technologies. Please see our cookie policy below for further details.

3.1.3 We also use GPS technology to determine your current location. You will be asked to consent to your data being used for this purpose.

3.1.4 Information we receive from other sources including third-parties and publicly available sources.

4. COOKIES

4.1 We use cookies and/or other tracking technologies to distinguish you from other users on the SecuLetter Site and/or SecuLetter Service, and to remember your preferences. This helps us to provide you with a good experience when you access the SecuLetter Site and/or SecuLetter Service, and allows us to improve the SecuLetter Site and/or SecuLetter Service. For detailed information on the cookies we use and how you can exercise your choices regarding our use of your cookies, see our cookie policy below.

5. HOW WE USE YOUR PERSONAL DATA

5.1 We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:

5.1.1 Where you have consented before the processing;

5.1.2 Where we need to perform a contract we are about to enter or have entered with you;

5.1.3 Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests; or

5.1.4 Where we need to comply with a legal or regulatory obligation.

5.2 We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.

5.3 We will get your express opt-in consent before we share your personal data with any third-party for marketing purposes.

5.4 Purposes for which we will use your personal data are as follows:

Purpose/Activity	Type of Personal Data	Lawful Basis for Processing
Marketing	Name or Company Name Email Address Phone Number Usage Data Location Data	Consent

6. DATA RETENTION

6.1 We keep your personal data to enable your continued use of the SecuLetter Site and/or SecuLetter Service, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as may be required by law, or as otherwise communicated to you. How long we retain specific personal data varies depending on the purpose for its use, and we will delete your personal data in accordance with applicable law.

7. DATA TRANSFERS

7.1 Your personal data may be transferred to and stored on servers located outside your jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the Republic of Korea and choose to provide your personal data to us, please note that we transfer all personal data to servers located in the Republic of Korea for processing and storage purposes.

7.2 Whenever we transfer personal data internationally, we will ensure that the personal data is transferred in accordance with this Privacy Policy and as permitted by applicable data protection laws.

8. DISCLOSURE OF YOUR PERSONAL DATA

8.1

8.1.1 Regulators and other authorities acting as processors or joint data controllers if required by law or valid orders;

8.1.2 Service providers acting as processors who provide IT and system administration;

8.1.3 Service providers acting as processors who provide marketing services; and

8.1.4 Third-parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

9. DATA SECURITY

9.1 At SecuLetter, security is our highest priority. We design our systems with your security and privacy in mind.

9.1.1 We maintain a variety of compliance programs that validate our security controls.

9.1.2 We protect the security of your personal data during transmission by using encryption protocols and software.

9.1.3 We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. Our security procedures mean that we may request proof of identity before we disclose personal data to you.

9.1.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

10. CHILDREN’S PRIVACY

10.1 The SecuLetter Site and/or SecuLetter Service is not intended for use by children under the age of 18.

10.2 We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child without verification from a parent or legal guardian, we will take measure to remove that data from our servers.

11. LEGAL RIGHTS

11.1 Subject to possible restrictions under applicable law, you have the right to access, rectification, erasure, restriction of processing and data portability with regards to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data based on legitimate interests. You can also file a complaint with a supervisory authority.

12. COOKIE POLICY

12.1 What are cookies Cookies are very small text files that the server used to operate the SecuLetter Site and/or SecuLetter Service sends to the user’s web browser. They are saved on your computer or mobile device. When you visit the SecuLetter Site and/or SecuLetter Service, the server reads the content of the cookies saved on your computer or mobile device.

12.2 What are cookies for? First, to recognize you when you re-visit the SecuLetter Site and/or SecuLetter Service. This helps us to personalize our content and information such as optimized advertisements. It also enables us to recognize your preferences each time you visit. Second, to recognize how many visitors visit the SecuLetter Site and/or SecuLetter Service, and analyze visitor behavior. This helps us to improve our services and functionality.

12.3 We use the following cookie: popup_DB[serial number]

12.4 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If, however, you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of the SecuLetter Site and/or SecuLetter Service.

13. ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS

13.1 We provide additional information about the privacy, collection and use of personal data of prospective and current users of the SecuLetter Site and/or SecuLetter Service located in certain jurisdictions.

13.2 Republic of Korea

13.2.1 SecuLetter does not knowingly collect personal data from children under the age of 14 without the consent of the child’s parent or legal guardian.

13.2.2 SecuLetter has contracts in place with the following third-party service providers to perform functions on behalf of SecuLetter in Korea, and they may have access to your personal data as needed to perform their functions as described below:

Name of Third-Party Service Provider	Description of Function
Avansoft, Microsoft Azure, Amazon Web Services	IT & Administrator

13.2.3 SecuLetter will delete your personal data as described in this Privacy Policy. When deleting personal data, SecuLetter will take standard commercially reasonable measures to make the personal information practically irrecoverable or irreproducible. The specific manner of deletion will depend on the data being deleted, how the data was collected and stored, and your interactions with us. Electronic documents or files containing personal data will be deleted using a technical method that makes recovery or retrieval of such data practically impossible or renders the data no longer personally identifiable. Non-electronic documents or files containing personal data will be shredded, incinerated or both.

13.3 European Economic Area, UK, and Switzerland

13.3.1 Your Rights. Subject to applicable law, you have the right to:

13.3.1.1 Ask whether we hold personal data about you and request copies of such personal data and information about how it is processed;

13.3.1.2 Request that inaccurate personal data is corrected;

13.3.1.3 Request deletion of personal data that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;

13.3.1.4 Request us to restrict the processing of personal data where the processing is inappropriate;

13.3.1.5 Object to the processing of personal data; and

13.3.1.6 Request portability of personal data that you have provided to us (which does not include data derived from the collected data), where the processing of such personal data is based on consent or a contract with you and is carried out by automated means.

13.3.1.7 When you consent to our processing your personal data of a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.

13.3.2 Transfers outside of the EEA. When we transfer your personal data outside the EEA, we do so in accordance with the terms of this Privacy Policy and applicable data protection law.