OCI Corporation (the “Company” hereinafter) places the highest priority upon the protection of personal information of the user and adheres to [Act on Promotion of Information and Communication Network Utilization and information Protection.] The Company hereby announces how and what purpose the personal information provided by the user based on personal information collection policy is used, and what measures are being taken to protect the personal information. The Company is to notify the users through the Announcement at the website (or individual notice) in the event where any amendments are made within this Privacy Policy.

* This Privacy Policy is to be enforced on November 1, 2012.

The Company collects minimal information from users through internet for the purpose of providing feedbacks in response to customers’ questionnaires. Types of personal information to be mandatorily obtained at the time of customers’ questioning are as follows:

• Name, Contact Information, email address.

The Company shall not collect sensitive information which is deemed to potentially cause invasion of user’s basic civil rights (i.e. racial or ethnic background, personal thoughts or creeds, political belief, criminal record, health records or sexual orientation); however, prior consent from the users shall be obtained in the event where special circumstances dictate the Company to acquire such information. In any events, the Company shall NOT use the information provided by users for the purposes other than previously announced by the Company or release the information to other parties.

The term, ‘personal information,’ is defined as the information of a surviving individual, which is identifiable of the provider as it includes the name and the date of birth (it includes the information that can be combined with other information to identify a certain individual even if such specific information alone is unlikely to identify the individual who owns the information).

The Company collects the personal information of the users for the purpose of recruitment for employment. The Company shall NOT release the personal information of the users without users’ prior consent, and the purposes of the use of collected information are as follows:

• -Name, Contact Information, email address: It is collected for the purpose of individual identification in order to process the individual complaints made during the course of using the service.

Personal information of the user is to be immediately destroyed when it is deemed that the personal information collected is no longer necessary such as when the purpose of collection or provision of personal information is fulfilled or the duration of storage of personal information is expired.

In principle, the Company is to immediately destroy the personal information collected when the purpose of collection or the use of personal information is fulfilled. The procedure and method of destruction of personal information in order to prevent its leakage are as follows:

• Destruction Procedure
• -Notwithstanding the fulfillment of the purpose of collection or provision of personal information, the personal information provided by users is to be destroyed after it is preserved for a specified duration in accordance with in-house regulation as well as other applicable laws and regulations (Please see Article 3, ‘ Duration of storage and use of personal information’)
• Destruction Method
• -Personal Information printed on a hard copy is to be incinerated or shredded with a paper shredder.
• -Personal Information stored in a digital file is to be deleted by a technology destroying the data unrecoverable.

The Company uses the personal information of users within the scope of Article 2 above, ‘Purpose of collection and use of the personal information,’ and the Company shall not use the information exceeding the scope without prior consent from the users or reveal the information to the outside parties. Notwithstanding the above, exemptions are as follows:

• -in the event where it is deemed required by applicable laws and regulations or required in good faith (i.e. in the event where it is required by governmental/law enforcement agencies in accordance with lawful procedure stipulated by applicable laws and regulations),
• -in the event where a user provides personal information to the personnel in charge of customers’ complaints for the purpose of processing the complaint subsequent to the user’s use of the service.

Users are entitled to access and edit the stored personal information of the users to request for the termination of membership at any time. Or the personnel in charge of personal information management are to respond immediately upon a request made by the user via written form, telephone or email.
In the event where a user requests to correct the errors upon his/her personal information, the personal information of the said user will not be made available until the requested correction process becomes complete. Moreover, in the event where incorrect personal information is already provided to the third party, the correction made upon the incorrect information is to be immediately noticed to the third party in order to complete the correction process. The Company ensures that the personal information terminated or deleted upon a user’s request shall be processed as stipulated by Article 3, ‘Duration of storage and use of personal information,’ above and shall not be accessed or used for other purposes.

The devices collecting personal information automatically generated during the course of using the internet service such as cookies are NOT being employed or operated.

The Company invests utmost efforts to ensure the safety for the users to access reliable information. In the event where unforeseen incidents which conflict the notices that the Company assured the users arise, the personnel responsible for personal information management shall be held liable. The Company appointed the personnel who are in charge of personal information management to gather users’ thoughts upon personal information as well as to process complaints, and the contact information of the said personnel is as follows:

• Personnel responsible for personal information management
• -Name: Jeong Sang Choon
• -Division/Title: Human Resource Division / Director
• -E-mail : scjeong@unidcorp.co.kr

In regards to the protection of personal information, the Company procures all procedures and measures to gather the users’ thoughts as well as to promptly process any complaints. Users my report any complaints after referring to the email addresses of the personnel in charge of personal information management listed below, and the Company is to response to all reports made by users in prompt and sufficient manners.

• 1.Personal Information Dispute Mediation Committee (www.1336.or.kr/1336)
• 2.Information Protection Authentication Committee (www.eprivacy.or.kr/02-580-0533~4)
• 3.Internet Crime Investigation Center, Supreme Prosecutors’ Office (http://icic.sppo.go.kr/02-3480-3600)
• 4.Counter Cyber Terror Center, National Police Agency (www.ctrc.go.kr/02-392-0330)

The Company entrusted ‘Vryus,’ a contract company for website operation, to operate the recruitment process.

• -Company: Vryus
• -Job Description: Proxy for recruitment and maintenance of the Company’s website
• -Duration of Entrustment: Upon expiration of the entrustment agreement