The Grand Expedition

General Provisions

Quantum Universe Inc. (the “Company”) values the protection of the personal information of members who use the services provided by the Company (“Member(s)”) and is always committed to protecting the Members’ privacy.

The Company complies with all applicable laws and regulations related to the protection of personal information, including the 「Personal Information Protection Act ("PIPA")」 and the 「Act on Promotion of Information and Communications Network Utilization and Information Protection」, as well as guidelines, orders and instructions established by government agencies and other relevant authorities regarding personal information protection.

Pursuant to Article 30 of PIPA, the Company takes measures to protect the personal information of data subjects and discloses its privacy policy (the "Privacy Policy") as below, which has been established to ensure the prompt and efficient resolution of privacy-related complaints.

Article 1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. The personal information processed by the Company is used solely for these purposes set forth below and is not used for any other purposes. In the event that any changes are made to the intended use of personal information, the Company will take necessary measures such as obtaining additional consent in accordance with Article 18 of the PIPA.

1. Website Membership Registration and Management

The Company processes personal information to confirm the intent to join as a member, verify and authenticate the identity for the provision of member-exclusive services, maintain and manage membership status, prevent the misuse of services, provide various notices and notifications, and handle complaints.

1. Website Membership Registration and Management

2. Provision of Services

The Company processes personal information to provide services, deliver content, provide personalized services, and verify identity or age.

2. Provision of Services

The Company processes personal information to provide services, deliver content, provide personalized services, and verify identity or age.

3. Handling Complaints

The Company processes personal information to verify the identity of the complainant, confirm the details of the complaint, contact and notify regarding factual investigations, and provide notification of the outcome of the complaint.

3. Handling Complaints

Article 2. Period for Processing and Retaining Personal Information

① The Company processes and retains personal information for the period stipulated in applicable laws or regulations, or the period agreed upon by data subjects at the time of their personal information collection.

② The Company uses legal and proper means to collect the minimum personal information necessary to provide the Company’s services. When collecting personally identifiable information from Members, the Company provides information regarding the consent for the collection and use of personal information at the time the Members sign up, and when Members click the “agree” button, the Company considers it as their consent to the collection and use of personal information. The Company does not request personal information that may infringe fundamental human rights, including but not limited to factors such as race, ethnicity, creed, place of origin, political beliefs, criminal records, health status, and sexual activities.

③ The period for processing and retaining each category of personal information is as follows:

1. Membership Registration and Management: Personal information is retained until the Member's withdrawal. However, in the case of the following circumstances, personal information is retained until the applicable circumstance ends:

1) When ongoing investigations or inquiries are being conducted on the violation of applicable laws and regulations, the personal information is retained until the conclusion of such investigations or inquiries.

2) In the event of any outstanding debt or debt-creditor relationship arising from the use of the service, the personal information is retained until the debt or debt-creditor relationship is fully settled.

2. Service Provision: Personal information is retained until the completion of service provision and bill payment and settlement. However, under the following circumstances, personal information is retained until the expiration of the applicable period:

1) Transaction records such as marks and advertisements as well as contents and performance of contracts under the 「Act on Consumer Protection in Electronic Commerce, Etc.」.

- Records on marks or advertisement: 6 months

- Records on contracts, offer revocation, payment, and supply of goods, etc.: 5 years

- Records on consumer complaints or settlement of disputes: 3 years

2) Storage of communication confirmation data under the 「Protection of Communications Secrets Act」

- The date of telecommunications by subscribers; the time that the telecommunications commence and end; the subscriber number of the other party; the frequency of use; the data on tracing a location of information communications apparatus connecting to the information communications networks: 1 year

- Computer communications, Internet log records, the data on tracing a location of connectors: 3 months

1) Transaction records such as marks and advertisements as well as contents and performance of contracts under the 「Act on Consumer Protection in Electronic Commerce, Etc.」.

- Records on marks or advertisement: 6 months

- Records on contracts, offer revocation, payment, and supply of goods, etc.: 5 years

- Records on consumer complaints or settlement of disputes: 3 years

2) Storage of communication confirmation data under the 「Protection of Communications Secrets Act」

- Computer communications, Internet log records, the data on tracing a location of connectors: 3 months

Article 3. Provision of Personal Information to Third Parties

① The Company processes data subjects’ personal information within the scope as specified in Article 1 of this Privacy Policy, and provides data subjects’ personal information to third parties only under the circumstances stipulated in Article 17 and/or Article 18 of PIPA, such as obtaining a data subject’s consent or availability of special provisions in other laws. However, exceptions are made when there is a Member’s consent or when it falls under any of the following circumstances:

1. Where it is necessary to settle charges related to the provision of services;

2. Where it is requested by relevant authorities for the purpose of criminal investigation, legal proceedings, or administrative procedures pursuant to applicable laws or regulations;

3. Where personal information is provided in an anonymized form that prevents the identification of specific individuals, and such disclosure is necessary for statistical analysis, academic research, or market studies; or

4. Where the request is made pursuant to the procedures prescribed in other applicable laws and regulations, such as the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, and the Criminal Procedure Act.

Article 4. Rights and Obligations of Data Subjects; Exercise of Rights

① Data subjects are entitled to exercise their rights, including the right to access, correct, delete, or request the suspension of processing of their personal information, against the Company at any time.

② The data subject may exercise the rights under Section 1 above by submitting a written request, using electronic means such as email or facsimile transmission (FAX), etc. in accordance with Article 41 (1) of the Enforcement Decree of the PIPA. The Company will promptly respond to such requests.

③ Requests for access to personal information and suspension of processing may restrict the rights of the data subjects in accordance with Articles 35 (4) and 37 (2) of PIPA.

④ Requests for correction and deletion of personal information may not be available if such personal information is specifically designated as the subject of collection under other laws or regulations.

⑤ The Company verifies the identity of individuals who submit requests for access, correction, deletion, or suspension of processing, etc. based on the rights of the data subject to ensure that the requester is the applicable data subject or an authorized representative.

Article 5. Items of Personal Information to be Processed

The types of personal information the Company processes are as follows:

1. Member Registration and Management

- Required items: name, date of birth, identification (ID), password, address, phone number, email address

- Optional items: interests

1. Member Registration and Management

- Required items: name, date of birth, identification (ID), password, address, phone number, email address

- Optional items: interests

2. Provision of Services

- Required items: name, date of birth, identification (ID), password, address, phone number, email address, credit card information, bank account information

- Optional items: interests, purchase history

2. Provision of Services

- Required items: name, date of birth, identification (ID), password, address, phone number, email address, credit card information, bank account information

- Optional items: interests, purchase history

3. The following items of personal information may be automatically generated and collected during the use of Internet services:

- Login history, page views, scrolling, exit clicks, site searches, form interactions, video responses, file downloads, application of personal preferences, etc.

3. The following items of personal information may be automatically generated and collected during the use of Internet services:

- Login history, page views, scrolling, exit clicks, site searches, form interactions, video responses, file downloads, application of personal preferences, etc.

Article 6. Destruction of Personal Information

① The Company immediately destroys personal information when it becomes unnecessary due to the expiration of its retention period, fulfillment of the processing purpose, etc. If a Member voluntarily withdraws from membership or if the Company deletes the account of a Member for providing false personal information, the collected personal information is permanently destroyed and rendered incapable of any further use. However, in order to address potential risks, such as unwanted account deletion resulting from identity theft, when a Member requests the deletion of the Member’s account, the Company temporarily retains the Member's personal information for a period of seven (7) days and informs this grace period to the applicable user at the time of account deletion or service use termination. After the seven-day period elapses, the Member's personal information is completely destroyed from the Company's database of Member information.

② In case of disputes such as identity theft, a submitted copy of a Member’s identification card received for the purpose of verifying the Member’s identity, is immediately destroyed upon the completion of the identity verification process.

③ Once the purpose of collecting and using the users' personal information is fulfilled, such personal information is immediately destroyed, or in the case of each of the following subparagraphs, retained for a specific period and solely used for the purpose as set forth below:

- If the user has caused harm to the service through improper use, the Company may retain such Member’s personal information for one (1) year for the purposes of requesting private investigation or protecting other Members.

- If applicable laws or regulations require the Company to retain Members’ personal information, the Company may keep such information for the period prescribed by the applicable laws or regulations, even after the information has fulfilled its purpose of collection and use.

A. Records on cancellation of contracts, offers, etc.: 5 years (Article 6 (3) of 「Act on Consumer Protection in Electronic Commerce, Etc.」; Article 6 (1) 2 of the 「Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, Etc.」)

B. Records on payment for and supply of goods: 5 years (Article 6 (3) of 「Act on Consumer Protection in Electronic Commerce, Etc.」; Article 6 (1) 3 of the 「Enforcement Decree of Act on Consumer Protection in Electronic Commerce, Etc.」)

C. Records on resolution of consumer complaints or disputes: 3 years (Article 6 (3) of 「Act on Consumer Protection in Electronic Commerce, Etc.」; Article 6 (1) 4 of the 「Enforcement Decree of Act on Consumer Protection in Electronic Commerce, Etc.」)

D. Records on marks and advertisements: 6 months (Article 6 (3) of 「Act on Consumer Protection in Electronic Commerce, Etc.」; Article 6 (1) 4 of the 「Enforcement Decree of Act on Consumer Protection in Electronic Commerce, Etc.」)

E. Records on website visits: 3 months (Article 15 (2) of the 「Protection of Communications Secrets Act」; Article 31 (2) 2 of 「Enforcement Decree of the Protection of Communications Secrets Act」)

④ The procedures and methods for the destruction of personal information are as follows.

1. Procedures for Destruction

- Once the personal information provided by a Member has fully served its intended purpose, the Company, in accordance with its internal policies and applicable laws and regulations, retains and stores such information for a specific period (as set forth in Article 2 hereof). Subsequently, the information is deleted or destroyed.

1. Procedures for Destruction

2. Methods for Destruction

- Personal information recorded or printed on paper documents is destroyed using a shredder, while personal information stored in electronic files is destroyed using technical measures that prevent the recovery of the records.

2. Methods for Destruction

Article 7. Measures for Ensuring Safety of Personal Information

The Company has implemented the following measures to safeguard the security of personal information. However, the Company is not responsible for any issues resulting from a data breach caused by the Member's negligence or Internet-related issues, despite the Company’s fulfillment of its obligations to protect personal information of Members.

1. Administrative Measures: The Company limits the personnel responsible for handling personal information-related matters of the Company, such as regular employee training, to designated individuals and provides such individuals with separate passwords, which are periodically updated. Additionally, the Company conducts ongoing training for them to consistently emphasize compliance with the Company’s privacy policy.

2. Technical Measures: The Company strives to prevent the unauthorized disclosure or damage of Members' personal information caused by hacking, computer viruses, etc. The Company frequently backs up data in preparation of damage to personal information and uses up-to-date antivirus software to prevent unauthorized disclosure or damage of Members' personal information and data. Additionally, the Company uses encrypted communication protocols to facilitate the safe transmission of personal information over networks. Furthermore, the Company uses intrusion prevention systems to control unauthorized access from external sources and endeavors to employ all other feasible technical measures to ensure the security of its systems.

3. Physical Measures: The Company restricts the entry of unauthorized individuals and has a separate place for storage of personal information, for which the Company has established and been operating the access control procedures. The Company also stores documents and secondary storage devices in a safe place by using special locks for securing documents.

Article 8. Cookie Policy

① In order to provide personalized services to users, the Company uses "cookies" that store and retrieve user information from time to time.

② Cookies are small pieces of information sent by the website's server (HTTP) to the user’s computer browser, where they can be stored on the user’s PC computer's hard disk.

A. Purpose of using cookies: Cookies are used to provide optimized information to users by allowing the Company to identify the types of visits and use of each service and website visited by the user, popular search terms, secure access, etc.

B. Installation, operation, and refusal of cookies: The storage of cookies can be refused by adjusting the settings within the "Privacy" menu located under "Tools" > "Internet Options" in the web browser.

C. Opting out of saving cookies may cause difficulties in using personalized services.

Article 9. Notice Obligations

The Company will notify users of any additions, deletions, changes to or modifications of this Privacy Policy at least 7 days in advance through reasonable methods, including displaying a notification message on the initial service screen that appears after the sign-in. However, if a proposed update is unfavorable to users, the Company will provide notification at least 30 days in advance. Inquiries concerning any change or modification of this Privacy Policy can be made through the customer center.

Article 10. Chief Privacy Officer

① The Company is responsible for overall handling of personal information and has designated a Chief Privacy Officer to handle complaints and provide remedies related to personal information processing as follows:

Chief Privacy Officer

Name : Young-min Kim

Title : Chief Technology Officer (CTO)

Contact : <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

Chief Privacy Officer

Name : Young-min Kim

Title : Chief Technology Officer (CTO)

Contact : <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

Privacy Department:

Department: Backend Development Team

Person in Charge: Young-min Kim

Contact: <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

Privacy Department:

Department: Backend Development Team

Person in Charge: Young-min Kim

Contact: <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

② Data subjects may contact the Chief Privacy Officer and Privacy Department to address any privacy-related inquiries, complaints, remedies, etc. arising from using the Company’s services or business. The Company will respond to and handle such inquiries of data subjects without delay.

Article 11. Processing of Pseudonymized Information

The Company processes pseudonymized information for the following purposes:

Purpose of Processing Pseudonymized Information:

- Protection of personal information

Purpose of Processing Pseudonymized Information:

- Protection of personal information

Processing and Retention Period of Pseudonymized Information:

- Until the Member's withdrawal

Processing and Retention Period of Pseudonymized Information:

- Until the Member's withdrawal

Types of Personal Information Subject to Pseudonymization:

- Name, email address, telephone number, address

Types of Personal Information Subject to Pseudonymization:

- Name, email address, telephone number, address

Article 12. Request for Access to Personal Information

The data subjects may exercise their right to request access to their personal information, as provided under Article 35 of the PIPA, by contacting the department set forth below. The Company will make efforts to promptly process data subjects' requests for access to their personal information.

Department for Receiving and Processing Requests for Access to Personal Information

Department: Backend Development Team

Person in Charge: Young-min Kim

Contact: <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

Department for Receiving and Processing Requests for Access to Personal Information

Department: Backend Development Team

Person in Charge: Young-min Kim

Contact: <+82.10.2745.6347>, <youngmin@quantumuniverse.co>

Article 13. Enforcement of and Changes to the Privacy Policy

① This Privacy Policy is effective as of April 26, 2024.