Privacy Policy of Kiturami Boiler Company (www.krb.co.kr)

To protect the 'personal information and personal location information’ of its users, Kiturami Co., Ltd. (hereinafter referred to as "the Company") complies with the provisions concerning the protection of personal information and personal location information under the relevant statutes and regulations, including the Act on the Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act"), the Personal Information Protection Act, and the Act on the Protection and Use of Location Information (hereinafter referred to as the "Location Information Act"), and has established the following policy for processing users’ personal information and personal location information (hereinafter referred to as the "Privacy Policy")

The Company informs its users about the purposes and methods of its collection and use of their personal information and personal location information, and the measures it takes to protect such information through the Privacy Policy.

As the Privacy Policy may be revised based on changes in the relevant statutes and regulations or the Company's other policies, users are urged to check the Policy frequently when visiting the Company's website or using the mobile application.

1. Items of personal information and personal location information to be collected and methods of collection

The Company prohibits the unauthorized collection, use, and storage of any items of its users' personal information and personal location information in order to protect their personal information and personal location information and to prevent any leakage thereof. It operates its policy to ensure that personal information and personal location information are destroyed when only the minimum amount of necessary information required to use its website and mobile application services is temporarily collected and used through the user authentication procedure.

1. A. Items collected
   1. ① Items collected during users’ product-related inquiries: Name, e-mail address, phone number, mobile phone number, home address (including personal location information), product information, etc.
   2. ② Items collected during product-related service requests: Name, e-mail address, phone number, mobile phone number, home address (including personal location information), product information, etc.
2. B. Collection method
   1. ① Collection through authentication of personal information and personal location information during subscription to the website or the mobile service membership.
   2. ② Collection by call center agents through the call center system (representative number: 1588-9000).

2. Contents of location-based services

The Company provides the following location-based services to its users

- Name of services : Kiturami Kakao Chatbot Service Request Reception System

- Contents of services : Users' location information is collected in order to identify the location where the product service will be performed.

3. Purposes of collection, processing, and use of users’ personal information and personal location information

1. A. The Company collects, processes, and uses its users’ personal information and personal location information in order to manage the history of customers' inquiries, its provision of services, and its reception of service requests as well as advance inspection, follow-up management, etc.


2. B. The Company may collect additional personal information for the following purposes when conducting the following events and promotions and providing marketing information
1. ① Use of information for market research, customer satisfaction surveys, and statistical analysis.
2. ② Delivery of advertising information on products and TM-, DM- or SMS-based promotional events, etc.
3. (To collect personal information for such purposes, the Company obtains additional consent from the users by separately notifying them of the purposes, items to be collected, and periods of retention of their information on its website.)

4. Provision of personal information and personal location information to third parties

1. A. The Company does not collect, process, use, or provide its users’ personal information and personal location information to any third parties beyond the scope notified under "1. Items to be collected and methods of collecting personal information and personal location information ", "2. The purposes of collecting, processing, and using personal information and personal location information"; and "3. The purposes of collecting, processing, or using personal information and personal location information" in any cases unless the user has consented to such third-party use or unless otherwise provided in the related statutes or regulations. However, this will not apply to the following exceptional cases
1. ① When a user has given his or her prior consent to third-party collection and use of his or her information; or
2. ② When a user’s information has to be provided under the relevant statutes or regulations, or when requested by a law-enforcement agency for the purpose of criminal investigation based on the procedures or methods provided under the relevant statutes or regulations
2. B. The Company provides personal information and personal location information to third parties for the provision of its services as follows
1. ① Recipient of the personal information and personal location information: Kiturami-controlled service centers
2. ② Purpose of third-party recipients' use of personal information and personal location information: Management of the history of customers' inquiries, its provision of services, and its reception of service requests as well as advance inspection, follow-up management, etc.
3. ③ Items of personal information and personal location information provided: Name, home and mobile phone numbers, address, product information, etc.
4. ④ Periods of retention and use by recipients of personal information and personal location information provided: Until the purpose of collection and use of personal information and personal location information has been achieved (or up to the period provided under the relevant statutes or regulations).
3. C. The Company notifies the users immediately upon providing their location information to any third parties, including the recipient, date, and purpose of the information provided.

5. Entrustment of processing of collected personal information and personal location information

The Company entrusts the processing of the personal information and personal location information as follows to provide its services.

• - Recipient of the personal information provided: Service centers controlled by Kiturami
• - Contents of entrustment of personal information processing: Provision of product-related services

6. Purposes and statutory basis for retaining personal information and personal location information, as well as the period of retention of such information

The Company will retain the personal location information collected from the users when they access the Company's Kakao Chatbot Service Reception system by using the application or via the settings for the use of personal location information, for the purposes of management of the history of customers' inquiries, its provision of services, and its reception of service requests as well as advance inspection, follow-up management, etc. It will destroy the relevant information without delay upon expiration of the period of retention notified to and agreed upon by the users at the time of its collection of their personal information and personal location information. However, the Company retains such information until the expiration of the relevant period when it is necessary to retain the information for a certain period of time for such reasons as confirmation of transaction-related rights and obligations in accordance with the provisions of the relevant statutes and regulations, including the Commercial Act, the National Tax Act, and the Act on Consumer Protection in Electronic Commerce, etc. In such cases, the Company will use the personal information and personal location information it retains for the purpose of their retention only. The retention period and retained items are as follows

• - Records concerning contracts or withdrawal of subscription: 5 years (Act on Consumer Protection in Electronic Commerce, etc.).
• - Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.).
• - Records on the handling of consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.).
• - Records on service provision: Until the purpose of collecting or using personal information and personal location information is achieved.

7. Statutory basis for retaining records confirming the collection, use, and provision of personal location information and the period of retention of such information

The Company automatically records and archives written information confirming the collection and/or use of the users' location information on its location information system for more than six months based on the relevant laws and regulations, such as the Location Information Act.

8. Procedures and methods of destroying personal information and personal location information

The Company will destroy users’ personal information and personal location information without delay when they request the destruction of their collected personal information and personal location information. The procedures and methods of destroying information are as follows

1. A. Information destruction procedure
   The information entered by users when making customer inquiries or requesting services is transferred for storage on a separate database (a separate filing cabinet in the case of paper documents) for history management and follow-up management in accordance with the reasons for information protection under the Company's Privacy Policy or other relevant statutes or regulations. Such information is destroyed when the purpose of its collection and use has been achieved or when their period of retention has elapsed based on the Privacy Policy and other relevant statutes or regulations.


2. B. Method of destruction
   Personal information printed on paper (hard copy) is shredded or incinerated, while personal information stored in digital files is deleted using technical means which disables their recovery.

9. Rights and obligations of the users and their legal representatives (legal guardians) and methods of exercising such rights and fulfilling such obligations

Users and their legal representatives may, at any time, request the review, provision, or correction of any errors in their own personal information or personal information belonging to their children under the age of 14. They may also withdraw their consent to the collection, use, or provision of such information to third parties. The legal guardians of users pursuant to the Location Information Act may withdraw their consent to the collection, use or provision of the users’ personal location information to protect the life and body thereof. Users, children under the age of 14, or guardians of children under the age of 8 or minors may review or correct their personal information and personal location information by contacting the Company's Customer Service Center at 1588-9000 and undergoing the user authentication procedure.

10. Information concerning the installation, operation or refusal of the device for collecting personal information automatically

The Company does not operate cookies or other similar devices to automatically collect the users’ personal information upon their accessing the Company's Internet service.

11. Technical and administrative measures for protecting personal information and personal location information

The Company takes the following technical and administrative measures to secure the safety of users' personal information and personal location information so as to prevent the loss, theft, leakage, and alteration of, or damage to, such information during the processing thereof.

1. A. Technical protective actions
   1. ① The Company controls any unauthorized access to its servers from the outside using security programs for each server in preparation against external intrusions such as hacking and cyberattacks. The Company also ensures the perfect security of users’ personal information and personal location information by installing other available technical devices to ensure systematic security.
   2. ② The Company minimizes the items to be output based on usage by specifying the usage when outputting (printing, screen display, file creation, etc.) any personal information and personal location information using any personal information processing systems.
   3. ③ Those who process users’ personal information and personal location information are required to obtain prior approval from the person in charge of the management of personal information and personal location information before printing any such information on paper or copying it on to a portable storage medium, such as diskettes, compact discs, etc. The same applies to the reprinting or reproduction of printed materials.
2. B. Administrative protection measures
   1. ① Access to the personal information and personal location information of the users is limited to a minimum number of the Company's personnel.
   2. ② When the personnel responsible for processing the users' personal information and personal location information are replaced due to their reassignment or retirement, their authority to access the personal information processing system is updated or canceled without delay.
   3. ③ The personal information processing system and the personal computers of the personnel responsible for processing personal information and personal location information are set up so that personal information and personal location information undergoing processing are not disclosed to unauthorized parties through the website, P2P, sharing settings, etc.
   4. ④ When any personal information is collected, utilized or destroyed, the Company retains the grounds for and records of such collection, use or destruction in accordance with the guidelines recommended by the relevant statutes (Act on the Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act, Location Information Act), and prescribes and implements its internal policies and processes and conducts the relevant training accordingly.
   5. ⑤ The Company enforces internal procedures for monitoring its officers and employees’ compliance with its Privacy Policy, while proactively preventing information leakage by its personnel, by requiring all officers and employees responsible for the processing of personal information and personal location information to sign a sworn security statement.
   6. ⑥ The duties of former processors of personal information and personal location information are taken over by newly appointed processors thoroughly in an environment where security is maintained thoroughly. The Company also clearly defines their accountability for any errors, accidents or other mishaps related to personal information after their joining and leaving the company.
   7. ⑦ The Company designates its computing rooms and data storage rooms as “special protected zones” and controls access to them accordingly.
   8. ⑧ The Company will not be held liable for any incidents that occur due to the mistakes of individual users, basic internet risks, or other causes that are not attributable to the Company.
   9. ⑨ In addition, the Company will immediately notify the users in the event of damages caused by the loss, leakage, tampering with, or destruction of their personal information and personal location information due to the mistakes of its internal manager or technical management accidents, and take appropriate corrective and compensatory measures.

12. Persons responsible for the management of user complaints concerning personal information and personal location information

1. A. The Company appoints personnel to manage and protect users’ personal information and personal location information and to handle questions related to personal information, and handles users’ complaints concerning their personal information and personal location information as follows.
   • - Department / person in charge: Public Relations Team / Hye-jeong Bang, Executive Managing Director
   • - Responsibilities: Protection of personal location information and handling of related grievances.
   • - Contact phone number: 02)2600-9101
   • - E-mail address: krbconfirm@krb.co.kr
B. Users may contact the agencies listed below for consultation on and relief of damages, etc. caused by infringements of their personal information and personal location information.

(The following agencies are separate from the Company. Please contact them if you are not satisfied with the results of the Company’s handling of a complaint or relief of damages related to your personal information and personal location information, or if you need more detailed information or assistance.)

1. ① Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
   • - Responsibilities: Reception of reports and requests for counseling on infringements of personal information.
   • - Website: https://privacy.kisa.or.kr
   • - Phone: 118 (without station code)
   • - Address: (58324) KISA Personal Information Infringement Report Center, 3rd floor, 9 Jinheung-gil, Naju-si, Jeonnam (formerly, 301-2 Bitgaram-dong)
2. ② Personal Information Dispute Mediation Committee
   • - Responsibilities: Reception of applications or requests for mediation in personal information-related disputes, whether individual or collective.
   • - Website: https://www.kopico.go.kr
   • - Phone: 1833-6972 (without station code)
   • - Address: (03171) 4th floor, Central Government Complex, 209 Sejong-daero, Jongno-gu, Seoul
3. ③ Supreme Prosecutors' Office Cybercrime Investigation Division
   • - Website: https://www.spo.go.kr
   • - Phone: 02-3480-3573
4. ④ National Police Agency Cyber Security Bureau
   • - Website: https://cyberbureau.police.go.kr
   • - Phone: 182 (without station code)

Users may report to the Company personnel in charge of personal information management any complaints or grievances which may arise while using the Company's services in relation to the protection of their personal information. The Company will respond promptly and thoroughly to all such complaints or suggestions reported by the users.

13. Obligation of notification

The Company will notify the users in advance of any additions, deletions, or corrections that are made to this Privacy Policy due to changes in the related statutes, regulations, policies or security technologies in the “Notice” column on the first page or on a separate window of its website.

Date enacted: January 02, 2019
Enforcement date of 1st revision: January 01, 2023