MEJE Works Corp.
Privacy Policy

MEJE Works Corp. (hereinafter referred to as the "Company") processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act (개인정보 보호법) and other applicable laws and regulations, in order to protect the freedom and rights of data subjects. Pursuant to Article 30 of the Personal Information Protection Act, the Company hereby establishes and publishes this Privacy Policy to inform data subjects of the procedures and standards for personal information processing and to ensure the prompt and smooth resolution of related grievances.

The Company processes personal information for the following purposes. Personal information being processed shall not be used for purposes other than those stated below. In the event that the purpose of use is changed, the Company shall take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act (개인정보 보호법).

• Member Management: Personal information is processed for the purposes of verifying membership registration intent, identifying users, maintaining and managing membership status, preventing unauthorized use of services, verifying legal guardian consent for processing personal information of children under 14, delivering various notices and notifications, and handling grievances.
• Service Provision: Personal information is processed for the purposes of providing game services, delivering content, processing purchases and payments, identity verification, and age verification.
• Marketing and Advertising: Personal information is processed for the purposes of developing new services and providing personalized services, providing event and promotional information and participation opportunities, analyzing access frequency, and compiling statistics on members' service usage.
• User Protection and Service Operations: Personal information is used for restricting use by members who violate applicable laws or the Terms of Service, preventing and sanctioning unauthorized use, preventing account theft, preserving records for dispute resolution, handling complaints, and otherwise protecting users and ensuring smooth service operations.

The Company collects the following personal information to the minimum extent necessary for service provision.

1. Upon Membership Registration

• Standard Login: email address, password, nickname
• Social Login (Google, Apple, etc.): user identification data (unique identifier), email address, nickname, profile picture

2. Information Automatically Generated or Additionally Collected During Service Use

• IP address, cookies, service usage records, device information (device identifier, OS information, model name), payment records

3. Upon Customer Support Inquiries and Event Participation

• Customer inquiries: email address, nickname, device information
• Event participation and prize delivery: name, contact information, address

The Company processes and retains personal information within the retention and usage period prescribed by applicable laws or within the retention and usage period consented to by the data subject at the time of collection.

• Member Information: Until membership withdrawal. However, to prevent unauthorized use and to comply with other applicable laws, the information shall be retained for 30 days following withdrawal and then destroyed.
• Records relating to contracts or withdrawal of offers: 5 years (Act on Consumer Protection in Electronic Commerce, Etc. / 전자상거래 등에서의 소비자보호에 관한 법률)
• Records relating to payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, Etc. / 전자상거래 등에서의 소비자보호에 관한 법률)
• Records relating to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, Etc. / 전자상거래 등에서의 소비자보호에 관한 법률)
• Login records: 3 months (Protection of Communications Secrets Act / 통신비밀보호법)

• Destruction Procedure: The Company selects personal information for which grounds for destruction have arisen and destroys such personal information upon obtaining approval from the Company's Data Protection Officer.
• Destruction Method: Personal information recorded and stored in electronic file format is deleted using technical methods that render the records irreproducible. Personal information printed on paper is destroyed by shredding or incineration.

The Company provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act (개인정보 보호법), such as when the data subject has given consent or when there is a special provision under applicable law.

The Company does not currently entrust the processing of personal information to third parties. Should entrustment become necessary in the future, the Company shall comply with the procedures prescribed by applicable laws and provide appropriate notice.

• Data subjects may exercise their rights to access, correct, delete, or suspend the processing of their personal information with respect to the Company at any time.
• Such rights may be exercised through written notice, email, or facsimile (FAX), and the Company shall take action without delay.
• In the event that a data subject requests correction or deletion of errors in their personal information, the Company shall not use or provide such personal information until the correction or deletion has been completed.
• For children under 14 years of age, the legal guardian may exercise rights with respect to the child's personal information.

The Company takes the following measures to ensure the security of personal information.

• Administrative Measures: Establishment and implementation of internal management plans, regular employee training
• Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information
• Physical Measures: Access control for server rooms, data storage facilities, and similar locations

• The Company uses "cookies" that store and periodically retrieve usage information in order to provide individually customized services to users.
• Users have the right to choose whether to install cookies. Users may configure their web browser settings to allow or block cookies.
• If cookie installation is refused, there may be difficulties in the provision of certain services.

The Company has designated a Data Protection Officer as set forth below to take overall responsibility for the processing of personal information and to handle complaints and remedies for damage related to personal information processing by data subjects.

You may direct any inquiries, complaints, or requests for remedies regarding personal information protection arising from the use of the Company's services to the Data Protection Officer. The Company shall respond to and process data subjects' inquiries without delay.

Data subjects may apply for dispute resolution or consultation with the following organizations to obtain remedies for personal information infringement.

This Privacy Policy shall take effect from the effective date. In the event of any additions, deletions, or modifications pursuant to applicable laws or this Policy, the Company shall provide notice through announcements at least 7 days prior to the implementation of such changes.

• Date of Public Notice: October 6, 2025
• Effective Date: October 13, 2025