KJF Co., Ltd. - Flanges & Flow Element Global Leader

KJF Co., Ltd. (hereinafter referred to as the "Company") has established the following Privacy Policy in accordance with applicable laws and regulations to protect the personal information and rights of customers who use the internet site operated by the Company (hereinafter referred to as the "Site"), and to handle related grievances smoothly. In the event that the Company amends this Privacy Policy, the changes will be announced through a notice on the relevant website (or individual notice).

Article 1. Purpose of Collection and Use of Personal Information

The Company collects personal information for the following purposes. The collected personal information will not be used for purposes other than those listed below, and prior consent will be obtained if the purpose of use changes.

Processing of Civil Complaints

For the purpose of verifying the identity of complainants, confirming the details of complaints, contacting for fact-finding, and notifying of results.

Service Provision

For the purpose of providing services, delivering content, offering customized services, identity verification, age verification, and other input-related purposes.

Marketing and Advertising

For the purpose of developing new services and providing customized services, providing event and promotional information and participation opportunities, delivering services and placing advertisements based on demographic characteristics, verifying service validity, identifying access frequency, and compiling statistics on member service usage.

Article 2. Items of Personal Information Collected and Collection Methods

Items of Personal Information Collected

① Contact Form Inquiries

[Required] Name, Email Address, Mobile Phone Number

② Information Automatically Generated and Collected During Service Use or Business Processing

[Required] Access IP information, Cookies, Service usage records, Access logs
[Optional] Response records per item from customer satisfaction surveys

③ Other

• When additional personal information not collected at the time of membership registration is required during the use of supplementary or customized services, or during event participation, the Company will notify users of the relevant items and obtain separate consent before processing.

Methods of Personal Information Collection

• Online collection through website and consultation boards, offline collection through phone calls, in-company written application forms, and collection through email or event participation.
• Provision from identity verification agencies or affiliated companies.
• Collection through generated information collection tools.

Article 3. Retention and Use Period of Personal Information

• 1. The Company retains and uses personal information within the period consented to at the time of collection. However, if there is a need to preserve information in accordance with applicable laws and regulations, it will be retained accordingly.
• 2. For members, the retention and use period of personal information runs from the time of service agreement (membership registration) until the termination of the service agreement (including voluntary or forced withdrawal). Unless otherwise stipulated by law or requested by the customer, the Company will destroy the personal information of members who have not reused the service for the period defined by law (1 year). However, at least 30 days before the expiration, the member will be notified of the destruction of personal information, the expiration date, and the relevant items via email, phone, or similar means.
• 3. Retention periods of personal information under relevant laws are as follows:
  • <Retained Information / Retention Period>
    Records related to display/advertising: 6 months
    Computer communication or internet access records: 3 months
• 4. Even without a legal basis, personal information may be retained in accordance with Company policy if necessary to prevent significant losses, or for criminal investigations or litigation purposes. However, only the minimum period and items necessary to achieve that purpose will be retained.
  • <Retained Information / Retention Period>
    Member information disqualified under the Terms of Service: 5 years

Article 4. Provision of Personal Information to Third Parties

• 1. In principle, the Company does not provide users' personal information to external parties. However, exceptions are made in the following cases where special provisions exist in law or where compliance with legal obligations is unavoidable. When providing personal information to a third party for purposes other than the original intent, the Company requests that the recipient implement certain restrictions on the purpose and method of use, or establish necessary measures to ensure security.
  • ① When the user has given prior consent.
  • ② When there is a legal basis in other laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Telecommunications Business Act, or the Act on the Use and Protection of Credit Information.
  • ③ When provided in a form that does not identify specific individuals, for purposes such as statistical compilation, academic research, market research, information provision, or announcement mailing.
  • ④ When the data subject or their legal representative is unable to express their intention or prior consent cannot be obtained due to unknown address, and it is necessary for the urgent protection of the life, body, or property of the data subject or a third party.
  • ⑤ When necessary for the investigation, prosecution, and execution of criminal cases, court proceedings, or enforcement of sentences, following lawful procedures.
• 2. In the event that a third-party provision situation arises, it will be processed through separate consent.
• 3. Withdrawal of consent for third-party provision can be requested by contacting the Company, and upon withdrawal, the information will be immediately destroyed.

Article 5. Procedures and Methods for Destruction of Personal Information

The Company destroys personal information when the purpose of collection and use has been achieved or the retention period has expired. The procedures and methods of destruction are as follows. However, cases where personal information must be preserved under other laws are exceptions.

Destruction Procedure

Information entered by users is transferred to a separate database (or separate documents in the case of paper) after the purpose has been achieved, stored for a certain period in accordance with internal policies and other relevant laws, and then destroyed immediately or after that period. Personal information transferred to the database is not used for any other purpose unless required by law.

Destruction Deadline

When the retention period has expired, personal information is destroyed within 5 business days from the end of the retention period. When the personal information becomes unnecessary due to the achievement of the processing purpose, discontinuation of the relevant service, or closure of the business, it is destroyed within 5 business days from the date it is recognized as no longer necessary. If a legal representative of a child under 14 years of age refuses consent or consent cannot be confirmed, the personal information is destroyed within 5 business days from the date of collection.

Destruction Method

Information in electronic file format is destroyed using technical methods that prevent the records from being reproduced. Personal information printed on paper is destroyed by shredding or incineration.

Article 6. Rights of Users and Legal Representatives and How to Exercise Them

• 1. Users may withdraw their consent to the collection, use, and provision of personal information at any time. Upon withdrawal, the Company will take necessary measures without delay, such as destroying the collected personal information.
• 2. Users may request to view, receive, or correct the following information held by the Company:
  • ① Personal information held by the Company about the user.
  • ② Status of the use and third-party provision of the user's personal information.
  • ③ Status of consent given to the Company for collection, use, and provision of personal information.
• 3. If a user requests correction or deletion of errors in their personal information, the Company will not use or provide that personal information until the correction or deletion is completed.
• 4. Users may submit requests for access to personal information to the department listed below. We will make every effort to process such requests promptly.
• <Inquiries Regarding Personal Information Access>

  Personal Information Access Inquiry Details

  Department	KJF Co., Ltd. Customer Support Team
  Main Phone	KJF Co., Ltd. (+82-51-600-9350)
  Email	sales@kjfkorea.com

Article 7. Installation, Operation, and Opt-Out of Automatic Personal Information Collection Devices

• 1. The Company uses cookies, which store and retrieve user information, in order to identify users, maintain login status, and provide personalized services. Cookies are small pieces of information sent by the website server to the user's web browser and are stored on the user's computer hard drive.
• 2. Users have the right to choose whether to allow cookies. Users can configure their web browser settings to allow or block all cookies, or to prompt for confirmation each time a cookie is saved. However, if cookies are blocked, some services provided by the Company, such as personalized services, may not be available.
  • To refuse cookie settings (based on Internet Explorer):
    Go to [Tools] menu in the web browser → Select [Internet Options] → Select [Privacy] tab → Choose the desired option under [Advanced]

Article 8. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act and Article 28 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Company takes the following technical, administrative, and physical measures to ensure security.

Minimization of Personal Information Handlers and Training

The Company designates employees who handle personal information and limits access to those responsible, implementing measures to manage personal information with the minimum number of personnel necessary.

Regular Internal Audits

Regular internal audits (once per quarter) are conducted to ensure the security of personal information processing.

Establishment and Implementation of Internal Management Plans

Internal management plans are established and implemented for the secure processing of personal information.

Encryption of Personal Information

Users' personal information and passwords are stored and managed in encrypted form so that only the individual can access them. Important data is protected using additional security functions such as file and transmission data encryption or file locking.

Technical Countermeasures Against Hacking

The Company installs security programs and conducts periodic updates and inspections to prevent personal information leakage or damage from hacking or computer viruses. Systems are installed in areas with controlled external access, and technical and physical monitoring and blocking are in place.

Restriction of Access to Personal Information

Necessary measures for access control to personal information are implemented through the granting, modification, and revocation of access rights to database systems that process personal information. Intrusion prevention systems are used to control unauthorized external access.

Preservation and Forgery Prevention of Access Records

Access records to personal information processing systems are retained and managed for a minimum of 6 months, and security functions are used to prevent access records from being forged, altered, stolen, or lost.

Use of Locks for Document Security

Documents and auxiliary storage media containing personal information are stored in a secure location equipped with a locking device.

Access Control for Unauthorized Personnel

Separate physical storage locations for personal information are maintained, and access control procedures are established and operated for these locations.

Personal Information Validity Period Policy

In accordance with applicable laws including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Company destroys personal information of users who have not used the service for an extended period (1 year) to protect their personal information. The Company notifies the relevant user via email or other means 30 days prior to account deactivation.

Article 9. Personal Information Protection Officer

Users may direct any inquiries, complaints, or requests for remedy related to personal information protection arising from the use of the Company's services to the Personal Information Protection Officer and the relevant department. The Company will respond to and handle all such inquiries.

[Personal Information Protection Officer]

Name: Baek Tae-sik

Department: KJF Co., Ltd. Customer Support Team

Position: Representative

Contact: +82-51-600-9350, sales@kjfkorea.com

Article 10. Remedies for Infringement of Rights

Users may contact the following organizations for remedies, consultations, or inquiries regarding personal information infringement. (Please use these resources if you are not satisfied with the Company's internal complaint handling or remedy results, or if you require more detailed assistance.)

Personal Information Protection Portal (Operated by the Ministry of the Interior and Safety)

• Website: http://www.privacy.go.kr
• Phone: 02-403-0073

Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)

• Website: http://privacy.kisa.or.kr
• Phone: 118 (no area code required)

Personal Information Dispute Mediation Committee (Operated by Korea Internet & Security Agency)

• Website: http://www.kopico.go.kr
• Phone: 1833-6972

National Police Agency Cyber Safety Bureau

• Website: http://cyberbureau.police.go.kr
• Phone: 182 (no area code required)

Article 11. Notification of Changes to the Privacy Policy

This Privacy Policy may be amended in accordance with government policies, laws, or the needs of the Company. In the event of additions, deletions, or corrections, prior notice will be given at least 7 days before the effective date of the changes via website posting or email. If prior notice is not feasible, notice will be given as soon as possible. However, in the case of significant changes such as additions, deletions, or corrections to the purpose of personal information collection and use, or the recipients of third-party provision, at least 30 days' prior notice will be given.