Smart GEO Expo 2023 Privacy Policy Smart GEO Expo 2023 Organizing Committee (hereinafter referred to as "SGE Secretariat") establishes and discloses this Privacy Policy to protect the personal information of individuals in accordance with Article 30 of the Personal Information Protection Act and to handle related grievances promptly and seamlessly.

Article 1 (Purpose of Processing Personal Information)
1. Website registration – confirmation and management of user registration information
2. Verification and authentication of individuals for the provision of other services
3. Maintenance and management of registration qualifications
4. Identity verification according to the implementation of the limited identity verification system
5. Prevention of unauthorized use of services

Article 2 (Retention Period of Processed Personal Information)
1. The SGE Secretariat processes and retains personal information within the period agreed upon or specified by law for personal information retention and use, or within the period agreed upon when collecting personal information from data subjects.
2. The processing and retention periods for each category of personal information are as follows:
▶ Article 1, items 1 to 5: Until the end of the event and the completion of related business Secretariat

Article 3 (Provision of Personal Information to Third Parties)
1. The SGE Secretariat processes personal information within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when it falls under Article 17 and Article 18 of the Personal Information Protection Act, such as data subject's consent or specific legal provisions.
2. The Committee provides personal information to the following third parties:
▶ Unione Communications Co., Ltd. (official event agency)
- Recipient of personal information: Unione Communications Co., Ltd.
- Purpose of personal information usage by the recipient: operation of event
- Personal information items provided: Nationality, email address (ID), password, name, affiliation, country, contact information
- Retention and use period by the recipient: Until the end of the event and the completion of related business Secretariat

Article 4 (Outsourcing of Processed Personal Information )
1. The SGE Secretariat outsources personal information processing tasks for streamlined personal information management as follows:
▶ Website maintenance and support
- Outsourced party: Unione Communications Co., Ltd.
- Contents of outsourced tasks: Website maintenance and support, server management, event operation, management office, general management of SGE events
2. When entering into an outsourcing agreement, the SGE Secretariat specifies in the contract or other documents the matters concerning the prohibition of personal information processing beyond the purpose of performing the outsourced tasks, technical and managerial protective measures, restrictions on re-outsourcing, management and supervision of the outsourced party, liability for damages, etc. It also supervises the safe handling of personal information by the outsourced party.
3. In the event of a change in the content of the outsourced tasks or the outsourced party, the SGE Secretariat will promptly disclose such changes through this Privacy Policy.

Article 5 (Rights and Obligations of Data Subjects and Methods of Exercising Rights)
1. Data subjects may exercise the following rights regarding their personal information protection against the SGE Secretariat:
- Right to access, correct, delete, or suspend processing of personal information
2. Data subjects can exercise the rights mentioned in Clause 1 by submitting a written request, making a phone call, or sending an email in accordance with Article 41, Clause 1 of the Enforcement Decree of the Personal Information Protection Act. The SGE Secretariat will take appropriate measures without delay.
3. When exercising the rights mentioned in Clause 1 through a legal representative or an authorized agent, the data subject must submit a power of attorney in the format specified in Annex 11 of the "Guidelines on Personal Information Processing Methods" (No. 2020-7).
4. The right to access personal information and request suspension of processing personal information may be restricted in accordance with Article 35(5) and Article 37(2) of the Personal Information Protection Act.
5. The request for correction or deletion of personal information may not be made if the personal information is expressly specified as the subject of collection under other laws.
6. When SGE Secretariat receives a request for access, correction or deletion, or suspension of processing in accordance with the data subject's rights, it verifies whether the person who has put in the request is the data subject or a legitimate representative.

Article 6 (Personal Information Items Processed)
SGE Secretariat processes the following personal information items:
1. Items under Article 1, Clauses 1 to 5:
- Mandatory items: Email address (ID), password, full name, affiliation, country, mobile phone number
- Optional items: Age, address, and other non-mandatory information entered during registration
2. The following personal information items may be automatically generated and collected during the use of internet services for the purpose of content and participating company recommendations: IP address, cookies, MAC address, service usage records, website visitation records

Article 7 (Destruction of Personal Information)
1. When personal information becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose, SGE Secretariat will promptly destroy relevant personal information.
2. If the personal information needs to be retained in accordance with other laws despite the expiration of the consent-based retention period or the achievement of the processing purpose, the relevant personal information will be transferred to a separate database or stored in a different location.
3. The procedure and method for the destruction of personal information are as follows:
▶ Procedure: SGE Secretariat selects the personal information for destruction and obtains approval from the Personal Information Protection Manager of SGE Secretariat before proceeding with the destruction.
▶ Method: SGE Secretariat destroys electronically recorded and stored personal information in a manner that makes it impossible to reproduce the records, using methods such as low-level formatting. Personal information recorded and stored on paper documents is shredded or incinerated for destruction.

Article 8 (Measures to Ensure the Security of Personal Information)
SGE Secretariat takes the following measures to ensure the security of personal information:
- Administrative measures: Establishing and implementing internal management plans, regular employee training, etc.
- Technical measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
- Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
1. SGE Secretariat uses "cookies" to store and retrieve user information for providing personalized services.
2. Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser, and they may also be stored on the hard disk of the users' PC.
a. Purpose of using cookies: Cookies are used to track and analyze the visits and usage patterns of users on each service and website visited, popular search terms, secure connections, etc., in order to provide optimized information to users.
b. Installation, operation, and rejection of cookies: Users can refuse to store cookies by configuring the options in the Tools > Internet Options > Privacy menu of their web browser.
c. If the storage of cookies is rejected, it may cause difficulties in using personalized services.

Article 10 (Personal Information Protection Manager)
1. SGE Secretariat designates and appoints a personal information protection manager who is responsible for overall personal information processing, as well as handling inquiries, complaints, and remedies related to personal information processing. The following individuals are designated as the personal information protection manager and the contact person for the personal information protection department:
▶ Personal Information Protection Manager:
- Affiliation: SGE Secretariat
- Name: Lee Yun-jae
- Contact: 070-7668-7291, sgeinfo1@gmail.com
* Directs to the Personal Information Protection Department
- Personal Information Protection Department:
- Affiliation: SGE Secretariat
- Contact Person: Kang Eun-soo
- Contact: 070-7668-7291, sgeinfo1@gmail.com

2. Users can contact the personal information protection manager and the contact person for the personal information protection department to inquire about or request assistance with all matters related to personal information protection, complaints, and remedies arising from using the services (or business) of SGE Secretariat. SGE Secretariat will respond and handle the inquiries of the data subject promptly.

Article 11 (Request for Access to Personal Information)
Data subjects can make requests for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the following department:
- Department for Receipt and Processing of Requests for Access to Personal Information
- Affiliation: SGE Secretariat
- Contact Person: Kang Eun-soo
- Contact: 070-7668-7291, sgeinfo1@gmail.com
SGE Secretariat will make efforts to promptly process requests for access to personal information from data subjects.

Article 12 (Remedies for Violation of Rights)
Data subjects can contact the following organizations for remedies, counseling, etc., regarding personal information breaches:
- Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information breaches, applying for counseling
- Website: privacy.kisa.or.kr
- Phone: 118 (without area code)
- Address: 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea, 58324
- Personal Information Dispute Mediation Committee
- Responsibilities: Applying for personal information dispute mediation, group dispute resolution (civil resolution)
- Website: www.kopico.go.kr
- Phone: 1833-6972 (without area code)
- Address: 4th floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea, 03171
- Cyber Crime Investigation Unit, Supreme Prosecutors' Office
- Phone: 02-3480-3573 (website: www.spo.go.kr)
- Cyber Safety Bureau, Korean National Police Agency
- Phone: 182 (website: http://cyberbureau.police.go.kr)

Article 13 (Changes to the Personal Information Processing Policy)
1. This personal information processing policy will be effective from August 16, 2023