AGL Inc. (hereinafter referred to as the “Company”) is responsible for complying with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the “Information and Communications Network Act”), the Personal Information Protection Act, the Communications Secrets Protection Act, and the Telecommunications Business Act, which information and communications service providers must comply with. The company complies with the personal information protection regulations of relevant laws and do our best to protect user rights and interests by establishing the following personal information handling policy in accordance with relevant laws and regulations.

1. Purpose of collection and use of personal information

The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1) Smooth provision and operation of services and products

2) Processing of matters related to the service agreement, including service use, change, termination, complaint reception/processing information, payment information, etc.

2. Collection items and collection methods of personal information

1) Items of personal information collected

① The personal information the company collects from users at the time of service use is as follows.

- Reservation information [Required]: Reservation name (English), email address, mobile phone number, nationality

- Reservation information [Optional]: Entry date, entry flight, departure date, departure flight

② Personal information collected from users during the service use process is as follows.

- Customer Center: Name, contact information (landline phone number, mobile phone number), etc.

③ The following information may be automatically generated and collected during the service use process or business processing process.

- Automatically generated history information: IP address, cookie, access log, service use record, suspension record, cancellation record, inappropriate use record, visit date and time, payment record, etc.

3. Information on providing and sharing personal information with third parties

The company has established a procedure to check whether users agree to the privacy policy and terms of use when entering personal information in connection with the use of the service. If he/she checks this, it is deemed to have consented to the collection of personal information to process it.

4. Use of personal information for other purposes and handling in partnership

1) The company uses users’ personal information in “1. It is used within the scope notified in “Purpose of collection and use of personal information”, and in principle, the user’s personal information is not used beyond this scope or disclosed to outside parties without the user’s prior consent.

2) However, in the following cases, personal information may be provided or used with the member's consent through reasonable procedures.

* Affiliate processing: In order to process work smoothly and provide better services to members, the member's personal information may be provided and processed. In this case, the company name and purpose, scope of personal information, partnership period, etc. must be notified in advance.

* Handling of personal information provided by third parties (affiliate)

Third Party Providers

Provided detail

Retention and use period of personal information

AGL

Customer consultation, prevention of fraudulent use, consultation and marketing, customer reservation and payment history, customer management history

Until the purpose of using personal information is achieved

KICC (Korea Information and Communications Corporation)

Credit card payment processing, bank transfer, bank transfer payment processing

(However, in accordance with relevant laws and regulations)

Company-affiliated golf courses and affiliated agencies

Name, English name, contact information (email/mobile phone)

※ For some events, the work may be handled by an external partner company through a separate consent process.

5. Retention period and destruction of personal information

1) In principle, the company automatically destroys users’ personal information after one year.

Retention period: 1 year after product transaction

2) Member information is stored for a certain period of time in accordance with the provisions of related laws such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc., the Framework Act on National Taxes, the Electronic Financial Transactions Act, and the Information and Communications Network Act. In this case, the company uses the stored information only for the purpose of storage, and the retention period is as follows.

① Records of consumer complaints or dispute resolution: 3 years

② Records of electronic financial transactions: 5 years

③ Records of identity verification: 1 year

④ Records of visits: 1 year

* In order to protect customers' personal information and prevent damage from personal information leakage, the company destroys personal information through the following methods.

- Personal information printed on paper is destroyed by shredding or incineration.

- Personal information stored in electronic file format is deleted using technical methods that render the records unrecoverable.

6. Matters related to installation, operation and refusal of automatic personal information collection devices

1) What are cookies?

① The company uses ‘cookies’ to store user information and retrieve it from time to time to provide personalized and customized services.

② The cookie is a small text file that the website's server sends to the user's browser every time the user visits a website, and is stored on the user's computer's hard disk. Additionally, the information contained in the cookie file is read each time the user visits the website and is frequently updated with new information.

③ Cookies do not automatically/actively collect personally identifiable information, and users can refuse to store or delete these cookies at any time.

2) Purpose of the company’s use of cookies

It is used to provide optimized services and information to users by identifying users' site visit and use patterns, number of user, etc., including whether each user accesses the service and views service products.

3) Installation, operation and rejection of cookies

① Users have the option to install cookies. Therefore, by changing the web browser option settings, users can allow all cookies, confirm each time a cookie is saved, or refuse to save all cookies.

② If you refuse to store cookies, you may have difficulty using the company's services that require login.

7. Technical/administrative protection measures for personal information

When handling users' personal information, the company is taking the following technical/administrative measures to ensure safety and prevent personal information from being lost, stolen, leaked, altered or damaged. However, the company is not responsible for any problems arising from leakage of personal information such as ID and password due to the user's carelessness or Internet or communication problems.

1) Password encryption

Passwords of customers are encrypted, stored and managed, so only the member knows them, and personal information can only be checked or changed by the person who knows the password.

2) Measures against hacking, etc.

The company is doing its best to prevent members' personal information from being leaked or damaged by hacking or computer viruses. In preparation for damage to personal information, data is backed up on a regular basis, and the latest anti-virus program is used to prevent users' personal information or data from being leaked or damaged. Personal information can be transmitted safely over the network through encrypted communication, etc. The company controls unauthorized access from the outside using an intrusion prevention system, and strive to equip all possible technical devices to systematically retain security.

3) Minimization and training of handling staff

The company's staff handling personal information is limited to the person in charge, and a separate password is provided for this purpose and updated regularly. Compliance with the personal information handling policy is always emphasized through regular training for the person in charge.

8. Contact information of personal information manager and person in charge

1) The personal information protection manager is responsible for protecting the user's personal information and preventing its leakage. He/She helps the user use the services provided by the company without any concern and does not violate the notices notified to the user regarding the protection of personal information. If an accident occurs regarding personal information protection which is against what the company notified to the users, company is responsible for it.

2) Despite taking technical supplementary measures, company is not responsible for damage or loss of information due to unexpected accidents caused by basic network risks such as hacking, or for various disputes caused by postings made by users.

3) The company designates the following protection officers as prescribed by relevant laws and regulations.

Personal Information Protection officer

Personal Information Protection Manager

4) If you need to report or consult about other personal information infringements, please contact the organizations below.

Personal Information Infringement Reporting Center (http://privacy.kisa.or.kr / 118 without area code)

Personal Information Protection Association ( http://www.eprivacy.or.kr / 02-550-9531~2 )

Supreme Prosecutors' Office Cyber Investigation Division (http://www.spo.go.kr / 02-3480-3570)

National Police Agency Cyber Security Bureau (http://cyberbureau.police.go.kr / 182 without area code)

9. Duty to notify

The current personal information processing policy was enacted on November 5, 2022, and if there are additions, deletions, or modifications to the content due to changes in information, company policy, or security technology, the 'Notice' will be posted on the website at least 7 days prior to the revision. You will be notified through.

Revision date: March 21, 2023

Effective date: March 28, 2023