The ONE store Developer Center website ( http://dev.onestore.co.kr , hereinafter, referred to as the “Website”), operated and provided by One store Co., Ltd., LG Uplus Corp. and KT Corp. (hereinafter, referred to as the “Company”), which supports the e-commerce related service and other services (hereinafter, referred to as the “Service”), is aware that your Personal Information is valuable. In order to protect your Personal Information, the Company makes its best efforts by stipulating a management policy for Personal Information which is handled as below.

1. “Personal Information” refers to the information of a living person from which the individual can be identified through marks, letters, voice, sounds, images, etc. (Including data from which alone is not sufficient to identify a specific person, but from which, if easily combined with any other information, a specific person is identifiable).
2. The Company values the protection of the Personal Information of its Members highly, and complies with all regulations related to the protection of Personal Information, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (hereinafter “Act on Information and Communications Network”) and the Personal Information Protection Act.
3. This Privacy Policy informs Members of the purpose and method of the use and collection of the Member’s Personal Information, and demonstrates the Company’s efforts in effectively and actively protecting the collected Personal Information.
4. The Company discloses this Privacy Policy on the initial page of the Homepage (dev.onestore.co.kr) or Service registration page, to provide Members with easy access and review.
5. This Privacy Policy may be modified to reflect any changes to the applicable laws and regulations, or according to changes in the Company’s internal policy. Any changes made to the Privacy Policy are announced on the Homepage in order to provide Members with easy access and review.

Information Type	Purpose	Items
Essential Information	User identification and identity verification 	Full Name, ID, Password, Birth Date, Security Question/Answer, Telephone Number, Mobile Phone Number, Country, Address, Individual Identity Authentication Information*
Essential Information	Receipt and handling of complaints related to use of the service	Email, Telephone Number, Mobile Phone Number
Essential Information	Operation and analysis of the user’s use of the service	IP Address, Date/Time of Visits, Web Browser Cookies
Essential Information	Detection of fraudulent transactions	ID, Full Name, Date of Withdrawal, Reasons for Withdrawal
Essential Information	Verification of circumstances of use of service	IP Address, Date/Time of Visits, Web Browser Cookies
Optional Information	Financial information for use of invoicing, tax, and payment services	Resident Registration Number, Bank Account, Copy of Bank Statement

Information Type	Purpose	Items
Essential Information	User identification and identity verification	ID, Password, Security Question/Answer, Country, Company Name, Corporate Registration Number, Individual Identity Authentication Information of Person in Charge* (Telephone Number, Mobile Phone Number, Email and etc.)
Essential Information	Receipt and handling of complaints related to use of the service	Information of Person in Charge (Telephone Number, Mobile Phone Number, Email) and Customer Service Center Contact Information (CS Center Phone Number, CS Email)
Essential Information	Operation and analysis of the user’s use of the service	IP Address, Date/Time of Visits
Essential Information	Detection of fraudulent transactions	ID, Full Name, Date of Withdrawal, Reasons for Withdrawal
Essential Information	Verification of circumstances of use of service	IP Address, Date/Time of Visits, Web Browser Cookies
Optional Information	Financial information for use of invoicing, tax, and payment services	Corporate Registration Number, Bank Account, Copy of Bank Statement

Individual Identity Authentication Information (only applied to Korean Members)

Authentication Method	Information Used for Authentication	Information Saved After Authentication
Mobile Phone	* Telecommunication Company * Individual’s Mobile Phone Number * Individual’s Birth Date * Individual’s Gender * Individual’s Full Name * Whether the Individual is a Local/Foreigner ※ If the Member is a minor (under 19 years old), form must be signed by a Legal Representative to sell paid apps or in-app items. Information below used for authentication in these cases: * Legal Representative’s Full Name * Legal Representative’s Birth Date * Legal Representative’s Gender * Whether the Legal Representative is a Local/Foreigner * Legal Representative’s Mobile Phone Number	* Individual’s Birth Date * Individual’s Member Number * Registration Date and Time ※ If the Member is a minor (under 19 years old), form must be signed by a Legal Representative to sell paid apps or in-app items. Information below saved in these cases: * Legal Representative’s Consent * Legal Representative’s Full Name * Legal Representative’s Birth Date * Legal Representative’s Gender * Legal Representative’s Mobile Phone Number * Legal Representative’s Communication Company Code
i-Pin	* i-Pin ID * i-Pin Password	* Individual’s Birth Date * Individual’s Member Number * Registration Date and Time ※ If the Member is a minor (under 19 years old), form must be signed by a Legal Representative to sell paid apps or in-app items. Information below saved in these cases: * Legal Representative’s Consent * Legal Representative’s Full Name * Legal Representative’s Birth Date

• The Member’s Personal Information shall be retained and used only during the Service period. The Personal Information shall be destroyed or stored until the time of membership withdrawal or the expiry date of Personal Information in order to prevent access to or use of the Personal Information thereafter; provided, however, in the event that such Personal Information does not need to be retained and kept in accordance with applicable Korean laws and regulations or for the purpose of preventing the illegal or expedient receiving of economic interests such as discount coupons, event benefits, etc. provided by the Service through repetitive subscription and termination of membership of the Service, or any illegal acts in relation thereto, such as the illegal use of another individual’s name, the Personal Information that was provided during member subscription shall be retained for one (1) month from the date of withdrawal of membership.

  • The expiry date of Personal Information refers to the case that the Service has not been used for a certain amount of time (one (1) year). After this period, any action such as membership withdrawal will be applied.

• In cases where your Personal Information should be retained, even in cases where a Member has already terminated the Service, in accordance with the relevant laws below, the Company will store such information for the period set forth in the relevant laws, such as the Commercial Act, the Act on the Consumer Protection in Electronic Commerce, Etc. (hereafter referred to as the “E-Commerce Act”), the Electronic Financial Transactions Act, the Specialised Credit Financial Business Act, the Framework Act on National Taxes, the Corporate Tax Act, the Value-Added Tax Act, etc. The Personal Information may be retained for a period of time specified in the law or regulation; provided that access to and use of the Personal Information shall be limited to the applicable reason. The retention periods are as follows:

The relevant laws	Purpose	Items	Period
Framework Act on National Taxes	Allowing a withholding agent to carry out withholding duty by handling data, including Personal Information.	Individual and Business Identifications including Name, Country, Resident Registration Number, Business Registration Number, etc.	5 years
Framework Act on National Taxes	Calculating the exclusion period on imposition of national tax	Proofs of National Tax, including Account Information, Copy of Bank Book, etc.	5 years
Framework Act on National Taxes	Calculating the extinctive prescription such as authority to collect national tax, etc.	Report of the Tax Base and the Tax Amount, such as Price Settlements, etc.	10 years for National tax over 500 million(KRW) 5 years in other cases
Act on The Consumer Protection in Electronic Commerce, Etc.	Records related to customers’ complaints or dispute resolution	Consumer Identification Information and Records Related to Handling of Consumer Complaints or Disputes, such as Full Name (or the Name of Person in Charge), ID, Email, Mobile Phone Number, etc.	3 Years
Act on The Consumer Protection in Electronic Commerce, Etc.	Records related to payment settlement and supply of commodities, etc.	Consumer Identification Information and Records Related to Signing or Revocation of Contracts or Offers, etc.	5 Years
Act on The Consumer Protection in Electronic Commerce, Etc.	Records related to indication/advertisements	Full Name, Email, Company Name, Corporate Registration Number, CS Contact information (Phone Number and Email)	6 Months
Protection of Communications Secrets Act	Providing information when requested by investigative agency with the warrant of the court	Data Log, IP Addresses, etc. that are required to be provided in order to factually verify communications data	3 Months
Use and Protection of Credit Information Act	Records related to collection, handling, and use of credit information, etc.	Identification Data for a Person or a Person in Charge including Name, Birthday, Mobile Phone Number, etc.	3 Years

In the event that the Member requests to view the transaction information that is kept by the Company with the Member’s consent, the Company shall promptly take the necessary measures to allow the Member to view and check the information

The Company establishes a procedure in which Members may select either a ‘Consent’ or ‘Do Not Consent’ button in regards to the collection and use of the Members’ Personal Information. By clicking ‘Consent,’ it shall be deemed that the Member consents to the collection of his/her Personal Information.

The Company shall collect Personal Information through the member registration process on its Homepage, consultations, event or giveaway functions, agencies that are entrusted with or manage Personal Information, and through the use of the information collecting tools (cookies) of mobile phones and wired/wireless Internet services.

1. The Company uses the Member’s Personal Information within the scope specified in the member application form, TOS, and the section titled, <Purpose of Collection and Use of Personal Information, Items Collected, and Retention Period> of this Privacy Policy, and shall not use such information beyond the mentioned scope, nor provide such information to any third party, corporation, or organisation. However, the Personal Information may be used and provided with caution in the following circumstances

• Business Partners
  A Member’s Personal Information may be provided to or shared with business partners in order to provide an improved Service. Prior to the provision or sharing of the Personal Information, consent shall be obtained from each of the Members through an email or written notice specifying the information regarding who the business partner is, the Personal Information that shall be provided or shared, the purpose of such provision or sharing, and until when and how such Personal Information shall be protected or managed. In the event that the Member does not consent, the Member’s Personal Information shall not be provided to, nor shared with, the business partners. The Member shall be notified of, or consent shall be sought regarding, any change or termination of the business affiliation relationship in the like manner.
• Sales, Mergers, and Acquisitions
  In the event of a partial or complete transfer, merger, or inheritance resulting in the succession of rights and obligations of the Service provider, a notification of such an event shall be made to the Member in order to protect the Members’ rights related to Personal Information.

2. The Company shall not use nor share with Third Parties, the collected Personal Information beyond the scope permitted by the Member at time of collection. However, the Personal Information may be used or shared beyond the scope permitted if the Member’s consent is obtained or in any of the following circumstances:

• If the Personal Information is needed to carry out a contract regarding the provision of the Service, and an ordinary consent is significantly difficult to obtain due to economic/technical reasons.
• If necessary for the calculation/settlement of a fee upon the provision of the Service.
• If particularly permitted under applicable Korean laws, such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Information and Communications Network, the Personal Information Protection Act, the Act on Real Name Financial Transactions and Confidentiality, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, or the Criminal Procedure Act, etc. However, even if administrative authorities or investigative agencies request the disclosure of the Personal Information for administrative or investigative purposes on the premise that such action is “permitted under applicable Korean laws,” the Personal Information of a Member shall not be provided, unless subject to lawful procedures – i.e., if a warrant is issued in accordance with the law, or if the head of the organisation has signed a relevant document.
• If necessary for statistics, academic study/research or market research; provided that the Personal Information is provided in a processed form that no specific individual can be identified.

1. For the smooth operation of the service, including the provision of standard service, improved service, and Member convenience, the management of Personal Information is outsourced to professional agencies (or the Company’s other service) as follows:

Outsourced Service Providers	Scope of Outsourced
Infra Communications(c)	Service Operation and Customer Consultations
Danal(c)	Mobile phone small amount settlement
Inicis(c)	Credit card transaction
KCPi(c)	Payment of cultural gift certificate
t-m onet	Mobile T-money settlement
Point-I(c)	Service Operation of Application DRM
FLK(c)	Development and Service Operation of in-App purchase SDK and of Download Server Platform, and Service Usage Statistics/Analysis
Point-I(c)	Service Operation of Application DRM
Korea Mobile Certification (KMC), Seoul Credit Rating & Information inc.	Name/Identity Authentication
GTinovision(c), Damoa Solution(c), IS plus, Ex-em(c), WideTNS(c), SPtek(c), kth, Karezsoft, LTvision, Inno I(c)	Development and Maintenance of System and Service
(c) Test E&C	Server system maintenance and QA
(c)KT M house, kth	Service outsourcing for AD, premiums
(c) Moiba	Handling customer complaints by customers / development companies
SK planet(c)	Infra service for issuing receipts

2. The Company complies to laws and regulations related to Personal Information protection in outsourcing contracts, and requires that the outsourced service providers comply with applicable laws and regulations related to Personal Information protection, maintain confidentiality, prohibit the transfer/disclosure of Personal Information to third parties, maintain liability for damages, and return or destroy the Personal Information immediately after the termination or expiration of the applicable outsourcing period.

1. The Member may at any time request to view or correct his or her Personal Information registered with the Company. In the event a Member wishes to view or correct the registered Personal Information, the Member may personally do so by clicking on [Manage your information] and subsequently [Change Member Information], or may make a notification via writing, email, or phone to the Personal Information Manager or officer in charge. In which case, the Manager or officer shall take the appropriate measures without delay.
2. In the event that the Member requests a correction of error(s) in the Personal Information, the inaccurate information stored heretofore shall not be used or provided until a correction has been made.
3. If, however, such inaccurate Personal Information has already been provided to a third party, the third party shall be immediately notified of the correction.

1. The Member may at any time withdraw his/her consent to the collection, use, and provision of Personal Information that was provided during member subscription. Consent can be withdrawn by clicking “Withdrawal from Membership” in the “Manage your information” menu on the initial page of the Homepage, or the Member may make a notification via writing, email, or phone to the Personal Information Manager or officer in charge. In which case, the Manager or officer shall take the necessary measures without delay, and in the event the Personal Information is destroyed, the Member shall be immediately notified of such an action.
2. The Company shall take the necessary measures to ensure that the procedure for withdrawal of consent to the collection of Personal Information (membership withdrawal) is easier than the procedure for the collection of Personal Information.

The Company shall destroy, in accordance with the retention and usage periods, the applicable Personal Information without delay after the purpose of collection and use of the Personal Information has been fulfilled. The procedure, method, and point of time of destruction are as follows:

1. Procedure and Point of Time of Destruction
   Upon the accomplishment of the purposes, such as at the termination of the Service, any information that was provided by the Member for subscription to the Service, or for any other reason, shall be disposed of after the retention period of the applicable internal policies and regulations (please refer to the above “Retention/Use Period of Personal Information”). If there are no remaining claim-obligation relationships, the Personal Information collected and electronically managed at the time of Service subscription shall be immediately deleted upon the point of withdrawal of membership.
   However, for Member response and cooperation with investigative authorities regarding delinquent users, the Personal Information shall be kept for twelve (12) months after the termination of the membership, and shall be completely deleted thenceforth.

2. Method of Destruction
   Personal Information recorded on paper shall be disposed of by shredding using a shredder, burning, and melting using chemicals, while Personal information recorded on electronic files shall be unrecoverable destroyed using appropriate technological means.

1. This Service values the Member’s opinion, and the Members have the right to receive a sincere response to any inquiry at all times.
2. The Member is advised to accurately input up-to-date Personal Information in order to prevent any unexpected problems. The Member shall be responsible for any problems arising from the inaccuracy of his/her provided Personal Information, and may lose membership due to the provision of false information.
3. Aside from the right to the protection of his or her Personal Information, the Member has the obligation to not violate the Personal Information of others. It is advised that the Member prevents the leakage of Personal Information, including passwords, and that the Member does not violate or damage the postings and Personal Information of others. If the Member fails to fulfil such an obligation and violates the Personal Information of others, the Member may be subject to criminal punishment in accordance with the Act on Information and Communications Network.

1. The Company, through the Service, may install and use cookies that frequently search and save the Member’s information. A cookie is a character string of data that a web server sends to and stores in a web browser and the web browser re-sends upon additional request from the server. When the Member accesses the Homepage, cookies installed in the Member’s browser shall be read to find additional information in order to provide the Service without the additional input of additional information, such as name.
2. The Personal information that the Company collects using cookies is limited to Member IDs; no other information is collected. The Member ID collected by the cookies may be used for the following purposes:

• Differentiating between Members or providing country-specific information.
• Analyzing the access frequency or duration of use by members and non-members for the identification of user preferences and interests that shall be used for marketing.
• Tracing Member settings such as browser language, to provide a customized Service for subsequent access.
• Analyzing Member habits that shall serve as the criteria for Service renewal

3. The Member has the right to choose whether or not to install cookies. By accessing [Internet Options] > [Privacy] > [Settings] in the [Tools] menu at the top of the web browser, the Member can choose to accept all cookies, to receive a notice whenever cookies are installed, or to refuse the installation of all cookies. Blocking cookies may cause inconveniences or interferences to the use of the Service.
4. Cookies expire when the browser is shut down or after logging out.

1. In the event that the Company intends to obtain additional consent from the Members in order to use the Personal Information and provide such Personal Information to a third party beyond the previously approved scope, the Company shall obtain prior consent by making a notification via writing, email, phone, or the Internet Homepage to the Member.
2. In the event that the collection, retention, handling, use, provision, management, disposal, etc. of the Member’s Personal Information is outsourced to a third party, the Company shall notify the Member of such a fact through the Privacy Policy on the Internet Homepage.
3. Members shall be individually notified in writing, by email, or through other means, in the event the Company’s rights and obligations are transferred as a result of a complete or partial transfer, merger, or inheritance of the business. However, if the Members’ contact information is unavailable without fault of the written notification, email, or other means, such notification shall be made on the Internet Homepage at least thirty (30) days before the transfer of the Company’s rights and obligations. If, for any natural or uncontrolled event, or for any other legitimate reason, such a notification cannot be made on the Homepage, the notification shall be placed in two (2) major daily newspapers at least once (if most Members reside in a specific area, the notification may be made in major daily newspapers whose distribution area includes the said area).

This Service prepares and applies technical and administrative measures to protect the Personal Information of the Members.

1. Technical Measures
   The Company takes the following technical measures in order to protect the Member’s Personal Information from being lost, stolen, leaked, falsified or damaged:

• The Member’s Personal Information is protected using a password and an ID-based password authentication scheme. Important data is protected by additional security functions, such as file/transmission encryption or file locking.
• The Company utilizes an anti-virus program in order to prevent damages caused by computer viruses. The anti-virus program is updated on a regular basis. In the event of an unexpected emergence of a new type of virus, the Service shall adopt a new anti-virus program, as soon as one is available, to protect Personal Information.
• The Company utilizes security architectures (SSL or SET) in order to support the safe transmission of Personal Information over the network using encryption algorithms.
• The Company makes every effort to strengthen security by using a firewall system and a system for analyzing the weaknesses of each server to prepare for intrusions such as hacking.

2. Administrative Measures
   

• For the sound protection of Personal Information, the Company operates its major systems and equipment after obtaining certifications from external professional establishments regarding its system for information protection and management.
• The Company establishes the necessary procedures for accessing and managing the Members’ Personal Information, and requires that its employees understand and comply with such procedures.
• The Company limits the number of personnel authorized to access the Members’ Personal Information to a minimum. Such limited personnel are as follows:
  • Persons who conduct marketing operations directed at Members
  • Persons who carry out the management of the Personal Information such as Personal Information Managers and officers
  • Persons who inevitably need to handle the Personal Information due to other job duties
• The Company establishes the procedures necessary for accessing and managing the Members’ Personal Information, and requires that its employees understand and comply with said procedures; internal and outsourced education is provided on a regular basis to employees who handle Personal Information, in order to support the acquisition of new security technology and knowledge on Personal Information protection.
• Hand-over procedures for those handling Personal Information are thoroughly conducted in a security-enhanced environment, and individual responsibility for the infringement of Personal Information upon entering or leaving the Company is clearly set out.
• Computer and data storage rooms, etc., are designated as restricted areas and physical/logical access thereto is restricted.
• In the event that the Company processes the Members’ Personal Information using computers, a person who has authority to access Personal Information shall be designated, and shall be assigned an ID and password. The applicable password shall be renewed on a regular basis.
• When a new employee is hired, the Company requests that the employee signs an information protection pledge or privacy protection pledge, in order to prevent leakage of information (including Personal Information) by employees. The Company has established and continuously enforces internal procedures that supervise employee enforcement of and compliance with the Privacy Policy.
• The Company requires employees who have handled Personal Information to sign a nondisclosure agreement when leaving the Company in order to prevent damages, infringements, or disclosures of Personal Information that the employee may have become aware of on the job.
• The Company undergoes appropriate measures to confirm the identity of the Member when collecting or providing payment information, such as bank accounts or credit card numbers, necessary for the execution of the Service Use Agreement or the provision of this Service.
• The Company shall not be liable for any incidents caused by mistakes on the Member’s part or the inherent risks of the Internet. Each Member shall be responsible for the management of his/her own ID and password to protect his/her Personal Information. It is requested that predictable and obvious passwords are not used, and that the passwords are changed on a regular basis.
• In the event a public computer is used to access the Service Homepage and the Member intends to move to another site while he/she is still logged in, or if the Member wishes to end the session of the Service, the Member must log out of the Service and shut down the applicable Homepage to appropriately end his or her session. If not, the Member’s Personal Information, such as ID or password, may be easily leaked to a third party through the browser.
• In the event a Member’s Personal Information is lost, leaked, falsified, or damaged due to any other mistake made by an internal manager or mismanagement of technology, the Company shall immediately notify the Members of such a mistake, and take the appropriate measures and provide necessary compensation.

1. The Company operates Member centers, such as the Member Satisfaction Center, for smooth communication with its Members. Should a Member have inquiries, the following contacts can be reached for a timely and sincere response.

• Member Center Related to Personal Information
  • Officer in charge of handling Personal Information: [email protected]
  • Phone numbers: mobile phone 1534-01 (Free), (without telephone exchange number) 1600-6573 (Paid)

• Website Consultations: Inquiries can be sent to cyber consultants via the Q&A section of the Member Satisfaction Center menu in the Service.

2. The Company shall make every effort to respond to inquiries made through email, fax or postal services within 24 hours of the receipt of such inquiries.
3. Consultations or inquiries regarding infringement of Personal Information may be directed to the Personal Information Infringement Reporting Center of the Korea Information Security Agency, or Cyber Terror Response Center of the Korean National Police Agency

• Personal Information Infringement Reporting Center
  • Telephone: 118
  • URL: http://privacy.kisa.or.kr
• Cyber Terror Response Center of the Korean National Police Agency
  • Telephone: 02-3939-112
  • URL: http://www.netan.go.kr

1. The Company values the protection of the Personal Information of its Members, and strives to prevent damages, infringements, or leakages of the Personal Information. However, the Company shall not be liable for any damages to information incurred from unexpected accidents caused by basic network risks such as hacking, despite the fact that necessary technical protection measures were taken, nor for any disputes that may occur from postings made by visitors.
2. The Member Satisfaction Center of this Service shall respond to any inquiries related to Personal Information protection in a timely and accurate manner. In addition, if the Member wishes to contact the personnel in charge of Personal Information protection, the Member can contact the following personnel via email for a timely and sincere response:

	(c)KT	(c)LG U+	One store Co., Ltd.
Head of Personal Information Protection	Kim Hakjun VP * email: [email protected] * phone: KT carrier users 100+call button(free)	Choi Chang-guk * email : [email protected] * phone: 114(mobile)	Kang Jungyu Director * email: [email protected] * phone: 1600-6573(free)
Personal Information Manager	Lee Pilguk * email : [email protected] * phone: KT carrier users 100+call button(paid)	Seo Sangtae * email: [email protected] * phone: 114(mobile)	Park Yunhye * email: [email protected] * phone: 1600-6573(paid)

1. The Company shall not transmit any advertising information for profit-making purposes without the prior consent of the Member.
2. In the event the Company transmits advertisements via email for the purpose of carrying out Member-oriented marketing, such as to promote new products or events, prior Member consent regarding the transmission of advertisements shall be obtained, and measures such as below shall be taken in the email’s subject and body in order to ensure easy recognition by the Member that the email contains advertising information.

• Email Subject: The phrases “(Advertisement)” or “(Adult Advertisement)” shall be the first letters to appear, without any preceding spacing, in the email’s subject line, and the corresponding content shall be included in the body of the email.

3. In the event that the advertising information for profit-making purposes is transmitted to consenting Members through methods other than fax, mobile phone SMS, or email, the transmitter shall take necessary measures, such as marking the transmitted information with the transmitter’s name.

This Privacy Policy was enacted on June 30, 2009. Any additions, deletions, or revisions of the Privacy Policy in accordance with changes in government policy or security technology shall be announced in the “[Public Announcement]” section of the Homepage at least seven (7) days prior to the effective date thereof.

The parties hereto acknowledge that this Privacy Policy was originally written in the Korean language and this is an English translation of such Korean Privacy Policy, provided for your convenience only. If any discrepancy exists between the Korean and English versions, the Korean version will take precedence.

[Supplementary Provision] (Date of Enforcement) These TOS shall be effective as of 01 August, 2017