Seoul International Music Fair(hereinafter “MU:CON”) will collect users’ information as submitted in registration as described below for the registration process and to provide effective client services and web services.

User Agreement for Private Information Protection

• 1. Purpose of collection/usage: to provide curated services for clients.
• 2. Personal Information Services to be collected
  · Required: name, artist name, company and title, phone number, mobile number, email, the introduction of the company, area of business interests
  · Optional: website URL, Social Media URL, image file (profile, business card, the introduction of the company, etc.)
• 3. Duration of private information retention and usage: From the date of registration to the time of membership withdrawal request and its completion.
• 4. Automated collection of information: While using the following web services, personal data can be automatically generated to be stored.
• 5. Disadvantage due to the refusal of the following agreement: If users opt not to agree with the following items listed in the Privacy Policy Agreement, users will be restricted from using membership-based services. However, the restriction will not apply even users do not provide optional items as listed above.

MU:CON (Seoul International Music Fair, hereinafter “MU:CON”) hereby establishes and discloses personal information processing policy per Article 30 of the Personal Information Protection Act. The purpose of the following procedure is to protect and secure personal information and process and resolve relevant concerns effectively and expeditiously.

Article 1 (The purpose of processing personal information, and the duration of its retention)
Please refer to the information below for processing personal data, items, duration of retention, etc. regarding personal data that MU:CON holds and processes.

Purpose of processing
Identity verification, administration of membership qualification maintenance, prevention of exploitation of the service, contact or notices, announcements and notification regarding the web service, processing of FAQs

Grounds for data retention
Agreement from the subject of the information, following Article 26 of Public Records Management Act

Items
Required : company name, name, department and title, phone number, email, introduction
Optional : website URL, Social Network URL (blog, Facebook, Youtube, Instagram, Twitter, etc.), image file (profile, business card, company introduction, etc.)

Duration of retention
1 month after the end of MU:CON

② MU:CON holds and processes personal information for the administrative purpose as announced on the privacy protection web portal, www.privacy.go.kr, and does not utilize for a purpose other than the administration. If changes in the administrative use occur, MU:CON will make any necessary resolution, such as requesting additional consent, per Article 18 of the Personal Information Protection Act.

③ In using the web services, storage, and retrieval of users' information (cookies) may automatically occur to be collected.

• 1. The purpose of cookie usage
  - To provide optimized service by identifying users’ visit history within the service, types of usage, and scale.
• 2. Rejection of the automatic collection of cookies
  - Users can decline the automatic collection of cookies, and it can quickly be done by customizing system preferences of the web browser.
  - How to set up cookie settings
  1) Go on to [Setting] on the browser
  2) Click [Privacy and Security] tab
  3) Set [Cookies and other site data]

Article 2 (Third Party Privacy Notice)

① Without the consent of the privacy owner, MU:CON does not provide private data to third parties. However, any inevitabilities following Chapter 1 of Article 17 and Chapter 2 of Article 18 of the 'Privacy Protection Act,' MU:CON can provide private data to third parties without privacy owners' consent.

② MU:CON can utilize private data for administrative and marketing purposes of the event.

Article 3 (Commission of Processing Private Data)

① To process administrative tasks related to private data efficiently, MU:CON gives commission to third parties.
- Third Parties: SBS medianet, PRODIGM Co., INFRAFIX, and Swapcard Corp.
- Commission items: Building and administration of the official website, delivery of announcements
- Duration of Commission: Until the end of the commission contract

② When signing a commission contract, MU:CON will provide information on responsibilities such as the prohibition of processing of private data other than the purpose of performing commission business, technical and administrative protection measures, restrictions on re-commission, administration and supervision of the commissioner, compensation for any damages, etc. on the contract and any other documents. MU:CON further oversees whether the commissioner handles private data safely and responsibly.

③ In case the contents of the commission business or the commissioner change, MU:CON will disclose it through the following personal information processing policy.

Article 4 (Rights and Obligation of Privacy Owner and the Methods of Exercising Rights)

① Privacy owners can always exercise rights related to the protection of their personal information as follows:
Request to view personal information
The request for correction in case of errors in the information
Request to delete information
Request to terminate processing of information
Exercising rights, as mentioned in Article 4.1, can be done via letter, email, fax, etc. and MU:CON will process requests without delay.
[Personal Information Protection Act Enforcement Rule, Appendix 8] Personal Information Access Request Form

③ If the privacy owner requests correction or deletion of personal information, MU:CON will not use or provide personal data until the correction or deletion is completed.

④ Exercising rights, following Article 4.1, can be done through the legal representative of the privacy owner, or through an agent who has been delegated. In this case, the privacy owner should submit a power of attorney following the form of Appendix 11 of the Personal Information Protection Act Enforcement Rule.
[Personal Information Protection Act Enforcement Rule, Appendix 11] Power of Attorney

⑤ Privacy owners must not infringe personal information of itself or others administered by MU:CON, as it violates the Personal Information Protection Act and other related laws.

⑥ According to Article 35 of Clause 5 and Article 77 of Clause 2 of the Personal Information Protection Act, privacy owners' requests to view the personal information and request to terminated the processing of information may be restricted.

⑦ Requests for correction and deletion of personal information may not be processed if the personal information is specified as the object of the collection in other laws.

⑧ MU:CON verifies whether the person who requested to view, seek to correct or delete, or terminate the processing per right of privacy owner is the subject itself or its legitimate agent.

Article 5 (Destruction of Personal Information)

① If personal information is no longer necessary in case of the elapse of the personal information retention period or achievement of the processing purpose, MU:CON destroys personal information without delay.

② Suppose MU:CON needs to conserve personal information despite the elapse of the personal information retention period or achievement of the processing purpose according to other related laws. In that case, the personal data will be transferred and stored in a separate database.

③ The procedure and method of destroying personal information are as follows:
1. Procedure
- After fulfilling its purpose, the information submitted by a privacy owner will be stored in a separate database (separate document if written in a physical document). According to internal policies or related laws, the information will be destroyed immediately or after a brief period of retention. Personal information will not be used for other purposes other than the purpose required by law.
2. Deadline of destruction
- If the retention period of the personal information has elapsed, the personal information will be destroyed within five (5) days from the end of the retention period. 3. Method of destruction
- Physical documents with personal information will be either shredded or incinerated. Electronic files will utilize a technical method to prohibit the reproduction of information.

Article 6 (Personal Information protection officer and subjects in charge)

① MU:CON is responsible for the handling of personal information, and designates the department in charge of personal information protection for the processing of complaints and damage relief of privacy owners, regarding the processing of personal information.
▶ Department for personal information protection: MU:CON Operation Secretariat
▶ Contact: mail@mucon.kr@mucon.kr / +82-1566-1114

② Privacy owners can inquire MU:CON Operation Secretariat for all personal information protection related inquiries, complaint handling, damage, etc. that occurred while using services provided by MU:CON. MU:CON will respond and process inquiries requested by privacy owners as early as possible.

Article 7 (Remedy for Infringement of Rights and Interests)

Privacy owners can inquire about the following organizations for damage relief and consultation regarding personal information infringement. (These organizations are separate from MU:CON. Please contact the following if you are not satisfied with MU:CON’s complaint handling and the results of damage relief or further assistance)
▶ Personal Information Dispute Mediation Committee: +82-1388-6972 (www.kopico.co.kr)
▶ Personal Information Infringement Report Center: +82-118 (privacy.kisa.or.kr)
▶ Supreme Prosecutors’ Office Cyber Investigation Division: +82-1301 (www.spo.go.kr)
▶ National Police Department Bureau of Cyber Security: +82-182 (cyberbureau.police.go.kr)

Article 8 (Change in Personal Information Processing Policy)

① The following Personal Information Policy is effective of August 1st, 2021.

② If any correction or deletion in the Personal Information Policy must occur, the change will be notified via announcements seven (7) days before the enforcement of the policy.