Privacy Policy

1. (1) The Company collects and uses only the minimum necessary personal information required to provide services. Collected personal information will not be used for purposes other than those explicitly agreed upon. If the purpose of use changes after consent, the Company will take appropriate measures, such as obtaining additional consent in advance.

   Category	Items for Collection and Use	Purpose of Collection and Use	Retention and Usage Period
   Contact Us	(Required) Name, e-mail address, mobile phone number (Optional) Affiliation, occupation, country	Provision of Contact Us services, receiving and processing inquiries, notification of processing results, and response to related inquiries	1 year from the date of inquiry completion
   Fact Sheet Download	(Optional) Name, e-mail address, mobile phone number, affiliation, occupation, country	Provision of Fact Sheet download service	1 month from the date of collection
   Customized Information Provision and Website Improvement	(Optional) Name, e-mail address, mobile phone number (Optional) Affiliation, occupation, country	Provision of customized information, statistics analysis, and service improvements	1 year from the date of collection

2. (2) Additionally, during service use and processing, certain personal information may be generated and collected, including but not limited to:
   • ① Usage frequency, service usage time, and activity records
   • ② Access logs, IP addresses, cookies, usage history, and session information
3. (3) The Company may also generate and collect the following information during service use and processing. If a user enters additional personal information and saves it by clicking the consent button or through other means, it will be deemed that they have consented to the collection of personal information.
   • ① Information collected through the use of web and mobile web services
   • ② Automatically generated information collected through log analysis programs
   • ③ Information collected via cookies
4. (4) The Company may process personal information in a pseudonymized form for purposes such as statistical analysis, scientific research, and public record preservation.

1. (1) The Company processes and retains personal information only for the retention and usage period agreed upon at the time of collection. However, if the user provides separate consent for an extended retention period or if applicable laws require a specific retention period, the Company securely stores the personal information for the mandated duration.
2. (2) If personal information must be retained in accordance with relevant laws, the Company will store member information for a specified period as outlined below:

   Relevant Laws	Retained Items	Retention Period
   Protection of Communications Secrets Act	Service visit records	3 months

1. The Company promptly destroys personal information when the retention period expires or when the purpose of processing has been fulfilled, rendering the data no longer necessary. However, if the Company has obtained separate consent from the Customer or if applicable laws require continued retention, the personal information will be securely stored and used within the permitted scope.
   • Personal information recorded or printed on paper: Shredded or incinerated
   • Personal information stored in electronic files (e.g., database): Permanently deleted using technical methods that prevent data recovery

When a Customer uses the Company’s services, cookie data, service usage records, and access device information may be automatically generated, collected, and stored on the Customer’s device (e.g., hard disk). Cookies are data transmitted by the Company’s website to the Customer’s web browser (e.g., Internet Explorer, Chrome, Firefox).
The Company provides cookies to Customers visiting the Company’s website. When a Customer revisits the website, the Company retrieves the stored cookie data from the Customer’s device and analyzes past visit records, service usage details, access times and frequency, as well as information generated or provided (entered) during service use. This analysis is used to enhance services, prevent fraudulent activities, and identify user errors.

1. (1) Essential Cookie

   Cookie	Purpose	Type	Expiration	Provider
   CookieConsent	Stores the user’s cookie consent status.	HTTP Cookie	1 day	cjenm.com
   _ga	Registers a unique ID used to collect statistical data on how visitors use the website.	HTTP Cookie	2 years	google
   _gat	Used by Google Analytics to throttle the request rate.	HTTP Cookie	1 day	google
   _gid	Registers a unique ID used to collect statistical data on how visitors use the website.	HTTP Cookie	1 day	google
   _lang	Remembers the selected language for the website.	HTTP Cookie	Immediately after closing the browser	cjenm.com

2. (2) Cookie notification, scope of validity, and Third-Party Cookies
   The cookie notification is valid only when using the Company’s website (http://cjenm.com). When accessing the Company’s website, Customers may also receive third-party cookies from service providers that assist the Company. However, the Company does not share the collected cookies with third parties. When providing cookies, the Company ensures that Customers are notified. Customers also have the right to refuse the collection of cookies provided by the Company. However, if Customers choose to refuse cookie collection, some features of the Company’s website may not function properly, which may result in limited access to certain services.
3. (3) How to disable cookie collection
   1. ① For Chrome :
      Go to the “Settings” menu at the top-right of the browser > Privacy and Security > Cookies and other site data
   2. ② For Internet Explorer :
      Click the “Tools” menu at the top of the browser > Internet Options > Privacy > Settings > Advanced Settings
   3. ③ For Microsoft Edge :
      Click the “Settings” menu at the top of the browser > Cookies and site permissions > Manage and delete cookies and site data

1. (1) Customers may exercise their rights (hereinafter referred to as “Rights Exercise”) to access, correct, delete, suspend processing, or withdraw their personal information stored by the Company at any time through the Company’s website.
2. (2) Rights Exercise may be carried out by an authorized representative. In such cases, a power of attorney must be submitted using Annex Form No. 11 of the “Notification on the Method of Processing Personal Information.”
3. (3) Requests to access or suspend the processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act. Additionally, requests for the correction or deletion of personal information may not be granted if the information is required to be collected under other applicable laws.
4. (4) The Company operates a dedicated customer service center to handle related inquiries and consultations. Customers may also contact the Personal Information Protection Officer, who will take prompt action as necessary.

1. (1) The Company has designated a Privacy Officer and a dedicated department to facilitate smooth communication with Customers and operates a consultation channel for personal information inquiries.
   1. ① Privacy Officer
      
      • Affiliate/Name: Kim Ji-hoon, Information Protection Team at CJ ENM Entertainment Division
      • Contact Information: +82-2-371-5501
   2. ② Personal Information Protection Department
      
      • Affiliate: CJ ENM Customer Service Center
      • Contact Information: +82-2-371-5501
2. 1. (2) If you require further assistance regarding personal information infringement, please contact the following institutions:

      Institution	URL	Contact Information
      KISA Personal Information Infringement Report Center	http://privacy.kisa.or.kr	(No area code) 118
      Supreme Prosecutors’ Office Cyber Investigation Division	http://www.spo.go.kr	(No area code) 1301
      National Police Agency Cyber Investigation Bureau	https://ecrm.cyber.go.kr	(No area code) 182
      Personal Information Dispute Mediation Committee	http://kopico.go.kr	(No area code) 1833-6972

The Company uses Customers’ personal information only within the scope specified in this Privacy Policy and does not use it beyond the stated purposes or provide it to third parties. However, exceptions may apply if the Customer has given prior consent or if the disclosure is required by applicable laws and regulations in accordance with prescribed procedures.

1. (1) The Company does not, in principle, collect personal information from children under the age of 14 (hereinafter referred to as “Children”). However, if collection is necessary for service provision, the Company will obtain prior consent from a legal guardian.
2. (2) To obtain consent from a legal guardian (e.g., a parent), the Company collects only the minimum necessary personal information from Children, such as the legal guardian’s name and contact information. Legal guardians may access, correct, or delete the Children’s personal information by contacting the Personal Information Protection Officer by phone or e-mail, and the Company will take the necessary measures accordingly.

The Company implements the following technical and administrative measures to ensure the security of Customers’ personal information and prevent loss, theft, leakage, alteration, or damage.

1. (1) Technical Protection Measures
   • ① Personal information is protected by passwords, and critical data is secured through encryption of files and transmitted data or by using additional security features such as file lock functions.
   • ② The Company uses antivirus programs to prevent damage from computer viruses. These programs are regularly updated, and in the event of a sudden virus outbreak, newly developed antivirus solutions are promptly implemented to prevent personal information breaches.
   • ③ Security protocols, such as SSL (Secure Sockets Layer), are adopted to safely transmit personal information over the network.
   • ④ To prevent unauthorized access and personal information leakage due to hacking, the Company installs systems in restricted access areas and employs an intrusion prevention mechanism.
2. (2) Administrative Protection Measures
   • ① The Company has established procedures for managing and accessing personal information, ensuring that employees understand and comply with them. Compliance is regularly monitored.
   • ② The Company minimizes the number of personnel authorized to process personal information, manages access rights, and provides training to ensure compliance with laws and policies. The personnel handling personal information include:
   • • Employees directly or indirectly handling Customer-related tasks
     • The Personal Information Protection Officer and those responsible for personal information management and protection
     • Other employees who require access to personal information for business purposes
   • ③ New employees sign a confidentiality agreement upon hiring to prevent unauthorized information disclosure (including personal information). Additionally, the Company continuously reminds employees of their personal information protection obligations and conducts periodic compliance audits.
   • ④ Handover procedures for employees handling personal information are conducted securely, and the Company clearly defines responsibilities regarding personal information breaches, both during and after employment.

This Privacy Policy may be subject to additions, deletions, or modifications due to amendments to personal information protection laws, changes in government policies or security technologies, or revisions to Company policies. In such cases, the Company will notify Customers in advance through its website before the revised policy takes effect.

• Current Privacy Policy Version: 1.8 (View previous policy)
• Notification Date: February 27, 2025 / Effective Date: March 6, 2025