welcome to EVERLAND

<Samsung C&T Corporation> (hereinafter referred to as the 'Company')
legally processes and safely manages personal information in compliance with the 「Personal Information
Protection Act」 and related laws to protect the freedom and rights of information subjects. Accordingly, in accordance with Article 30 of the 「Personal Information Protection Act」,
the following personal information processing policy is established and disclosed in order to guide information subjects on the procedures and standards for personal information
processing, and to promptly and smoothly handle complaints related to this. do.

The company will notify you through website notices (or individual notices) when revising this policy.
This policy is effective from March 22, 2023.

1. Chapter 1 Purpose of Processing Personal Information

   The company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following purposes, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the「Personal Information Protection Act」.

   1. (1) Membership registration and management

      Identification and authentication of the person and legal representative according to the provision of membership service, maintenance and management of membership, identity verification according to the implementation of the limited identity verification system, consent of the legal representative, prevention of illegal use of service, various notices and notices, grievance handling, dispute mediation, infectious disease Personal information is processed for the purpose of preserving records for related epidemiological investigations.

   2. (2) Provision of experience and tour program services

      Personal information is processed for the purpose of identification/authentication, prevention of illegal use of services, various notices/notifications, grievance handling, record preservation for dispute mediation, etc.

   3. (3) Provision of lodging services

      Personal information is processed for the purpose of identification/authentication, prevention of illegal use of services, various notices/notifications, grievance handling, record preservation for dispute mediation, etc.

   4. (4) Group mobile ticketing

      Personal information is processed for the purpose of issuing QR code mobile tickets through KakaoTalk.

   5. (5) Group mobile gift card reservation/send

      We process personal information for the purpose of system access for mobile gift card reservation and delivery services.

   6. (6) Provision of boarding reservation service for the disabled

      Personal information is processed for the purpose of issuing a card and preventing illegal use of services after identification and identity verification according to boarding reservations for the disabled.

   7. (7) Product exchange/refund

      After purchasing Everland souvenirs, personal information is processed for the purpose of exchange, refund, AS business processing and confirmation at the request of the customer.

   8. (8) CAST recruitment/work

      Personal information is processed for the purpose of identification/authentication, request, confirmation of inquiries, contact/notification for fact-finding, result notification, recruitment appointment, training, salary, welfare benefits, etc. according to CAST recruitment.

   9. (9) Handling inquiries about use

      Personal information is processed for the purpose of identity verification, confirmation of requests/inquiries, contact/notification for fact-finding, and notification of processing results.

   10. (10) Provision of goods or services

       Personal information is processed for the purpose of using various contents, applying for events, purchasing and paying fees, shipping goods or sending invoices, authentication of financial transactions, financial services, and fee collection.

   11. (11) Utilization of marketing and advertising

       Delivery of advertising information such as events, delivery of goods when winning events, development and specialization of new services, provision of services and posting advertisements according to demographic characteristics, sending homepage newsletters, identification of access frequency, or personal information for statistical purposes on member service use to process.

2. Chapter 2 Provision of personal information to third parties
   1. The personal information of the information subject is processed only within the scope specified in the purpose of processing personal information, and personal information is only processed under Articles 17 and 18 of the 「Personal Information Protection Act」 such as the consent of the information subject and special provisions of the law. Other than that, we do not provide the personal information of the information subject to a third party.
   2. (1) In order to provide smooth service, the company obtains the consent of the information subject and provides it only to the minimum extent necessary.
   3. (2) The company may provide personal information to related organizations without the consent of the information subject in the event of an emergency, such as a disaster, infectious disease, incident/accident causing imminent danger to life or body, or imminent loss of property. In this case, the company will provide only the minimum amount of personal information necessary in accordance with the applicable laws and will not provide it differently from the purpose.
3. Chapter 3 Consignment and Overseas Transfer of Personal Information Processing Business
   1. (1) In accordance with Article 26 of the 「Personal Information Protection Act」 when concluding a consignment contract, the company is liable for prohibition of handling personal information for purposes other than the purpose of consignment, technical and managerial protection measures, restriction of re-entrustment, management and supervision of consignees, compensation for damages, etc. The relevant matters are specified in documents such as contracts, and we supervise whether the trustee handles personal information safely.
   2. (2) In the case of some personal information, it is consigned and stored to an overseas company to provide services and enhance user convenience.
      • - Recipient company name and contact information: · Google (https://analytics.google.com/)
        · Adobe (https://business.adobe.com/)
      • - Country to be transferred: USA
      • - Date and method of transfer: Transmission through the network at the time of using the visitor service within the website
      • - Items of personal information to be transferred: Cookies, device browser-related data, IP address, site/app activity collection (personal identification information not transmitted)
      • - Purpose of use and period of retention and use by transfer recipient: Within the scope permitted by relevant laws and regulations, until membership withdrawal is requested or membership is lost
   3. (3) If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.
4. Chapter 4 Personal Information Destruction Procedure and Method
   1. In principle, the company destroys personal information of users without delay when the purpose of collection and use of personal information is achieved. The company's personal information destruction procedure, deadline and method are as follows.
   2. (1) Expiration date

      The personal information of the information subject is destroyed without delay when the retention period of the personal information has elapsed, when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the abolition of the relevant service, or the termination of the business.

   3. (2) Destruction method
      • - Personal information printed on paper is shredded with a shredder or destroyed by incineration.
      • - Personal information stored in the form of an electronic file uses a technical method that cannot reproduce the record.
5. Chapter 5 Measures regarding the destruction of personal information of non-users
   1. (1) The company destroys the information of users who have not used the service for one year. However, it can be stored and managed separately from other users' personal information until the retention period prescribed by other laws and regulations has elapsed.
   2. (2) The company notifies users of the fact that personal information will be destroyed, the expiration date of the period, and the items of personal information to be destroyed up to 30 days before the destruction of personal information by means such as e-mail or text message.
   3. (3) If the company does not want to destroy personal information, you can log in to the service before the period expires.
6. Chapter 6 Rights of users and legal representatives and how to exercise them
   1. (1) The information subject can exercise the rights related to personal information protection against the company at any time as follows.
      • - Request to view personal information
      • - Request for correction if there is an error
      • - Deletion request
      • - Request for suspension of processing
   2. (2) The exercise of rights under Paragraph 1 can be done in writing, e-mail, FAX, etc. according to the form prepared for the company, and the company will take action without delay.
   3. (3) If the information subject requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
   4. (4) The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the prepared form.
   5. (5) In case of infringement or leakage of personal information, we will notify you through e-mail or website notice without delay.
   6. <Related Forms> Personal information access/correction/deletion/processing suspension request form, proxy power of attorney
7. Chapter 7 Measures to Ensure Safety of Personal Information
   1. The company takes the following technical, managerial and physical measures necessary to secure safety.
   2. (1) Conduct regular self-audits

      We conduct regular self-audits to ensure stability in handling personal information.

   3. (2) Establishment and execution of internal management plan

      For the safe handling of personal information, an internal management plan is established and implemented.

   4. (3) Encryption of personal information

      Important personal information required by law is encrypted and stored and managed, so only you can know it, and for important data, separate security functions such as encrypting files and transmission data or using a file lock function are used.

   5. (4) Technical measures against hacking, etc.

      In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the company installs security programs, periodically updates and inspects them, installs systems in areas where access from outside is controlled, and technically and physically monitors and blocks them.

   6. (5) Restriction of access to personal information

      We take necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that handles personal information, and we control unauthorized access from outside using an intrusion prevention system.

   7. (6) Storage of access records and prevention of forgery

      Records of access to the personal information processing system are stored and managed for at least one year, and security functions are used to prevent forgery, alteration, theft, and loss of access records.

8. Chapter 8 Installation, operation and rejection of automatic personal information collection device
   1. The company takes the following technical, managerial and physical measures necessary to secure safety.
   2. (1) The company uses 'cookies' that store and retrieve usage information from time to time to provide personalized services to users.
   3. (2) Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser, and is sometimes stored on the hard disk of the user's PC computer.
      1. A. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, security access.
      2. B. Installation/Operation and Rejection of Cookies: The method of rejecting cookie storage through option settings in the web browser menu is as follows.
         • - Internet Explorer: Top right menu 'Tools' > Internet Options > Privacy tab > Advanced > Select Block or Allow Cookies
         • - Chrome: Select '⋮' in the top right menu > Settings > Privacy and security > Cookies and other site data > Block or allow cookies
         • - Edge: Top right menu '…' > Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data > Select Block or Allow Cookies
      3. C. If you refuse to save cookies, you may experience difficulties in using customized services.
   4. (3) The company uses Analytics, a service provided by Google / Adobe, to analyze your use of the website. Information generated through Analytics is subject to the Google / Adobe Privacy Policy, and is stored after being transmitted to Google / Adobe servers in the United States. Google / Adobe processes information on behalf of the company to evaluate your use of the website, compile reports on website activity and provide other services related to internet usage. You may object to the use of cookies for the aforementioned purposes through your browser settings, but in that case you may not be able to fully use all the features of the website. You can opt-out of the collection and processing of additional information about your usage (including your IP address) by downloading and installing an add-on for your current web browser. For more information about how we use your information, please see Google (www.google.com/analytics/learn/privacy.html) and Adobe (www.adobe.com/privacy/policy.html).
9. Chapter 9 Personal information manager and contact information
   1. (1) If the information subject inquires about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business) to the person in charge of personal information management and the department in charge, the company will respond to the information subject's inquiries We will respond to you without delay.
   2. Personal Information Protection Officer
      • Name: Ahn Jae-bum
      • Position: Personal Information Protection Officer
      • Position: Managing Director
      • Contact: ☎ 031-320-5000, infosecu.sei@samsung.com
   3. (2) If you need to report or consult about other personal information infringement, please contact the following organizations.
      • - Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without an area code)
      • - Personal Information Dispute Mediation Committee (www.kopico.go.kr/ 1833-6972)
      • - Supreme Prosecutor’s Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
      • - National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr/ 182 without an area code)