Personal Information Management Policy

COMMAX Co., Ltd. (hereinafter, the “Company”) has established the personal information management policy as follows (the “Policy”) in accordance with the Personal Information Protection Act and Act on Promotion of Information and Communication Network Utilization and Information Protection to protect the rights and interests of the users of the Company’s services and to handle any problems that the users may face in respect of their personal information.
This Policy is applied to all the Smart Home solution provided by the Company, and any amendment of this Policy will be publicly announced by a posting on the application of the Smart Home solution of the Company. (or individual notice)

1. Purpose of Personal Information Management Company processes user’s personal information for the following purposes. Processed information will not be used for any purposes other than for the following purposes. Company will seek prior consent of the persons who are the subject of the personal information (the “Users”) before any change to the intended use is implemented. 1) Membership Registration and Management Company processes personal information for the following purposes: - To confirm the User’s intention to be a registered member - To maintain or manage membership status - To prevent unauthorized use of service - To give public announcement or notice - To handle customer complaints - To keep records for dispute resolution purposes. 2) Complaint Handling Company processes personal information for the following purposes: - To verify the complaining person’s identification - To review complaints - To contact or notify the complaining persons to investigate the cause of the complaints - To notify complaint review results. 3) Provision of Smart Home Solution Company processes personal information for the following purposes. - To provide Smart Home solution by data collection/analysis - To provide customized/intelligent solution

2. Collecting and use of Personal Information Company collects, uses, and provides the personal information with user’s consent. 1) Types of Personal Information • ID, password, email address, BLDG/Unit No and size, nickname, gender, age • During the use/provision of services, the following information may be automatically collected. (device information, service use history, access log, etc.) 2) Method of collection: Manual/automatic collection by using sign-up, device/application installation information, modifying membership information, telephone, customer service, application, or voluntary provision of users while using the service 3) Retention basis: Provision of Solution and response 4) Retention periods: In the event of withdrawal of membership or consent and not using services for a year, his/her personal information will be promptly destroyed. However, if retention any of the above information is required by law, the Company shall process and retain such information during the required period in accordance with the law.

3. Right of the users and method to exercising such rights As the subject of the personal information, User may exercise the following rights. 1) User may at any time exercise the following rights against the Company in order to protect his/her personal information: ① Right to have access to personal information; ② Right to request correction of any error; ③ Right to request deletion of information; ④ Right to request discontinuance of personal information processing. 2) The rights may be exercised by the Form No. 8 of the Enforcement Regulation of the Personal Information Protection Act and submitting to the Company in writing, or by telephone or email. The Company will immediately take action upon receipt of such request. 3) In case User requests correction or deletion of any error in his/her personal information, the Company will not use or provide the concerned information until such correction or deletion is completed. 4) The rights may be exercised by a legal agent or an authorized representative of the User. In such a case, power of attorney as provided in Form No. 11 of the Enforcement Regulation of the Personal Information Protection Act must be submitted to the Company.

4. Destruction of personal information In principle, the company destroys the personal information without delay if the purpose of personal information processing is achieved. The procedure, deadline and method of destruction are as follows. 1) Destruction Procedure The information entered by the user is transferred to a separate DB after achieving the purpose(in case of paper, separate documents) and destroyed immediately after being stored for a certain period of time in accordance with the internal policy and other related statutes. At this time, personal information transferred to the DB will not be used for any other purpose unless required by law. 2) Method of destruction • Information in electronic file formats is deleted using technical methods that cannot reproduce the records. • Personal information printed on paper is shredded or destroyed by incineration.

5. Measures to secure the safety of personal information In accordance with Article 29 of the Personal Information Protection Act, the company takes technical, administrative and physical measures necessary for securing safety as follows: 1) Encryption of personal information The user’s personal information is stored and managed by encryption, and only the user can know the password. Important data is managed by separate security functions such as encryption files and transmission data or using file lock function. 2) Technical measures against hacking, etc. In order to prevent personal information leakage or damage caused by hacking or computer viruses, the company installs security programs, updates and checks regularly, installs systems in areas where access from outside is controlled, and monitors and blocks them technically and physically. 3) Restrict access to personal information We take necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information, and control unauthorized access from the outside using an intrusion prevention system. 4) Minimization and training of personal information handling staff We are taking measures to manage personal information by designating and minimizing the number of employees who handle personal information. 5) Personal ID and Password management In principle, the ID and password used by the user are intended to be used only by the user. The company is not responsible for the problems caused by the leakage of personal information such as ID and password due to the user’s personal carelessness and the basic internet risks.

6. Personal information protection officer and person in charge The company is responsible for the handling of personal information, and designates a person in charge of personal information protection and a person in charge as follows to handle complaints and remedy damages of information subjects related to personal information processing. and answers questions related to personal information promptly and sincerely. Personal Information Protection Head Manager Name : Kang Min Soo Team : R&D Center Position : R&D Director Personal Information Protection General Manager Name : Kwon Hee Hoon Team : R&D Center / Cloud Team Position : Chief Researcher Inquiry : COMMAX Customer Service 1599-8866

7. Remedy for infringement of rights and interests (Request for personal information access) If you need to report or consult about personal information infringement, please contact the institution below for help. Personal Information InfringementReporting Center https://privacy.kisa.or.kr Cyber Investigation Division of theSupreme Prosecutors’ Office https://cybercid.spo.go.kr Cyber Security Bureau of the NationalPolice Agency https://cyberbureau.police.go.kr

8. Notice of Privacy Policy Notice • Personal information processing policy version number : v1.0 • Personal information processing policy implementation date : August 31, 2020

Terms and Conditions for COMMAX Location-Based Service

Article 1 (Purpose) These Terms and Conditions has the purpose to define rights, obligations, responsibilities, and other necessary matters between the company and the users of personal location information (hereinafter referred to as “users”) who use location-based services provided by COMMAX (hereinafter referred to as “the Company”).

Article 2 (Effect and Change of Terms of Use) ① These terms and conditions take effect when the user agrees to these terms and conditions and is registered as a user of the location-based service according to the procedures set by the company. ② The company may amend the terms and conditions for the purpose of reflecting changes in laws or location-based services. ③ If the terms and conditions are changed, the company will post the changes at least 7 days in advance on the company's website and other notice pages.

Article 3 (Rules other than the terms and conditions) For matters not specified in these terms and conditions, the relevant laws and regulations such as the ACT ON THE PROTECTION, USE, ETC. OF LOCATION INFORMATION, TELECOMMUNICATIONS BUSINESS ACT, ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC. and the guidelines set by the company shall be followed.

Article 4 (Content of Service) The company provides the following location-based services by using the user's current location or the area containing the current location collected directly or indirectly from location information providers. ① The company provides the customer with only the location information of the product registered by the customer, and does not combine the location information with other information and use it as personal location information. ② The location information provided by the customer is provided by the smartphone registered by the customer. ③ The company receives location information from a mobile operator, a location information provider, and provides the following location-based services through the dedicated mobile application of COMMAX (hereinafter “application”). 1) Access location service: Based on the last service access location of customers who have approved the use of location information, information within the service scope is provided on a map or through a list. 2) Location information: Points created by customers using coordinates extracted from WPS (Wifi Positioning System) and GPS of mobile terminals, etc. 3) Search result service using the last access point: When information search is requested, search results are presented for information provided according to the function within the service using the current location of the subject of personal location information. 4) The customer's location information is updated during direct execution or after execution, when using the location-related menu, and the final location is reflected based on the user's location information updated by the customer

Article 5 (Service fee) The location-based service provided by the company is free. However, the data communication fee incurred when using the wireless service is separate, and it is subject to the policy of each mobile carrier the user subscribes.

Article 6 (Restriction and Suspension of Service) ① The company may limit, change, or suspend all or part of the location-based service if it is unable to maintain the location-based service for various reasons or legal reasons, such as a policy change of the location-based service provider. ② However, in the case of discontinuation of location-based service pursuant to the above paragraph, the company notifies the user in advance through other notice pages such as the company website.

Article 7 (Rights of Subjects of Personal Location Information) ① A user may at any time withhold all or part of consent to the collection, use, and provision of personal location information. ② Users may withdraw all or part of their consent to the collection, use, and provision of personal location information at any time. In this case, without delay, the company destroys the withdrawn range of personal location information and data confirming the collection, use, and provision of location information. ③ The user may request the temporary suspension of collection, use, and provision of personal location information, and in this case, the company cannot refuse it and prepares technical means to satisfy it. ④ The user may request the company to view or notify the following materials, and if there are errors in the materials, they may request correction. In this case, the request will not be rejected without justifiable reasons. 1) Data confirming the collection, use, and provision of location information about users 2) The reason and content of the user's personal location information provided to a third party in accordance with the Act on the Protection and Use of Location Information or other statutes ⑤ Users may request the company by using the contact information in Article 14 of these Terms and Conditions to execute their rights.

Article 8 (Use or Provision of Personal Location Information) ① If the company provides location-based services using personal location information, it will notify you in these terms and conditions and obtain consent. ② The company does not provide personal location information to a third party without the consent of the user, and in the case of providing it to a third party, the recipient and purpose of the provision are notified to the user in advance and consent is obtained. ③ When the company provides personal location information to a third party designated by the user, the company immediately notifies the recipient of the personal location information, the date of provision and the purpose of the provision to the user each time through the communication terminal device that collected the personal location information. ④ However, in the following cases, the user will be notified in advance through the designated communication terminal device, e-mail address, online posting, etc. 1) When the communication terminal device that has collected personal location information does not have a text, voice or video reception function 2) In the case of a request in advance to notify the user through a communication terminal device other than the communication terminal device that collects personal location information, e-mail address, online posting, etc. ⑤ The company does not record or preserve data confirming the use or provision of personal location information for purposes other than the purpose of these Terms and Conditions.

Article 9 (Rights of Legal Representative) For users under the age of 14, the company must obtain consent from the user and the user's legal representative for the provision of location-based services using personal location information and the provision of personal location information to a third party. In this case, the legal representative has all the rights of the user under Article 7 of these Terms and Conditions.

Article 10 (Change and Suspension of "Service") 1. The company may limit, change or suspend all or part of the service if it is unable to maintain the service due to various circumstances of the company or legal obstacles, such as a policy change of a location information service provider. 2. In the case of service interruption pursuant to Paragraph 1, the company notifies the Internet and service screens in advance or notifies the subject of personal location information.

Article 11 (Damage Compensation and Indemnification) ① The company shall not be liable for any damages incurred by the user if the location-based service cannot be provided in any of the following cases. 1) In the event of a natural disaster or force majeure equivalent thereto 2) In case of intentional service interference by a third party that has entered into a service alliance contract with the company to provide location-based services 3) If there is an obstacle to the use of location-based services due to reasons attributable to the user 4) In the event of any other cause other than the company's intention or negligence, except for subparagraphs 1 through 3. 5) The company shall not compensate for damages suffered by users and third parties as a result of the use of erroneous location information that may occur depending on the communication environment of the network operator. ② The company does not guarantee the reliability, accuracy, etc. of the location-based service and the information, data, and facts posted on the location-based service, and is not responsible for any damage to users caused by this.

Article 13 (Settlement of Disputes and Others) ① The company faithfully consults with users to resolve disputes related to location information. ② If the dispute is not resolved through the consultations in the preceding paragraph, the company and the user may apply for dispute settlement to the Korea Communications Commission in accordance with Article 28 of the Act on the Protection and Use of Location Information, or apply for dispute settlement to the Personal Information Protection Act pursuant to Article 43 of the Personal Information Protection Act. You can apply for mediation with the Information Dispute Mediation Committee.

Article 14 (Company's address and contact information) The company name, address and contact information are as follows. Company name: COMMAX Co., Ltd. Representative : Byun Woo-seok Address: 494 Dunchon-daero, Jungwon-gu, Seongnam-si, Gyeonggi-do Phone number: +82-31-731-8791

Addendum

Article 1 (Enforcement Date) These Terms and Conditions are effective from July 1, 2021.

Article 2 (Location Information Manager Information) In order to properly manage and protect personal location information and to handle user complaints smoothly, the company designates and operates a person in a position to take practical responsibility as the location information manager, and the location information manager operates the location-based service. As the department head of the department provided, the name and contact information are as follows. Name: Hwang In-cheol Main phone number: +82-31-739-3721