Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The Company does not
use processed personal information for purposes other than the following, and when the purposes
for use are changed, the Company is expected to request prior consent

• 1. Reply to customers’ questions
  The Company processes personal information for the purpose of replying mails to customers’ questions.
• 2. Other purposes
  When the Company carries out events, it processes personal information for the purpose of confirming identification
  and sending gifts.

Article 2 (Items of Personal Information to be Processed)
The Company processes items and applies its collection methods for personal information as
follows:

• 1. Customers’ questions
  • - Items of personal information: e-mail.
  • - Collection method: homepage.
• 2. Others (carrying out events, etc.)
  • - Items of personal information: name, e-mail, contact information (cellular phone, etc.).
  • - Collection method: homepage, application for events.

Article 3 (Processing and Retention Period for Personal Information)
In principle, the personal information of users is destroyed without delay once the purpose of
processing said personal information has been accomplished.

Article 4 (Provision of Personal Information to Third Parties)

• ① In principle, he Company processes the personal information of users within the scope
  specified in Article 1 (Purpose of Processing Personal Information) and does not process or of
  provide to third parties personal information in excess of the original scope, without prior
  consent users; provided,however, that the Company may provide personal information to a third
  party in the following cases:
  1. 1. Where the prior consent of users has been obtained;
  2. 2. Where there is a specific provision under the law or it is unavoidable to comply with the obligations set by law;
  3. 3. Where public authorities are unavoidable required to perform competent duties as prescribed by law, etc.;
  4. 4. Where it is necessary to prepare statistics or conduct academic studies or market research in a way that a
     specific individual cannot be identified; or
  5. 5. Where it is otherwise permitted under the law.

• ② When the Company obtains the consent of a user for the provision of their personal information
  to a third party, it informs the user of the following matters:
  1. 1. The third party who receives the personal information;
  2. 2. The purpose to which the third party receiving the personal information will put it to use;
  3. 3. Items of personal information to be provided;
  4. 4. The retention and use period of the personal information being provided to a third party; and
  5. 5. The fact that the user has the right to reject their consent and, where there is a disadvantage as a result of the
     rejection, the content of any disadvantage.

Article 5 (Delegation for the Processing of Personal Information)
The Company may pass on the information of users to an outside company if it is necessary to
maintain and manage its homepage. The Company delegates the duties for the maintenance and
management of its homepage as follows:

• Delegatee: WebVision Co., Ltd. (www.codpro.co.kr/ 02-538-6592)
• Delegated duties: maintaining and operating the homepage, planning and operating events.

In entering into delegation agreements, the Company definitely sets forth provisions, including compliance with the
relevant laws relating to personal information protection, prohibition of providing personal information to third parties,
and liabilities, and keeps to the relevant agreements. In changing companies, the Company will inform you of any
notifications and personal information processing policies.

Article 6 (Rights, Obligations, and the Rights Exercise Method of Information Owners)
A user may, as an owner of his or her personal information, exercise the following rights:

• 1. To inquire about, change the personal information of himself or herself or a child of not more than 14 years old,
  a termination of subscription.
• 2. To request the correction and deletion of mistakes in personal information;
• 3. If a user requests, by phone or e-mail, the personal information control manager for an inquiry, change,
  termination, or deletion of personal information, the user may directly read, correct their personal information or
  withdraw from membership.
• 4. Where a user has requested a correction or deletion of mistakes in their personal information, the Company does
  not use or provide a third party with the user’s personal information until it has completed the requested correction
  or deletion. In this case, when the Company has used or provided mistaken personal information, it will make
  corrections thereof without delay.
• 5. The personal information terminated or deleted upon the request of a user is processed according to the
  processing and retention period of personal information in Article 3.

Article 7 (Destruction of Personal Information)
In principle, the Company destroys the relevant personal information without delay when the
purpose for processing personal information has been accomplished. The procedures, due date, and methods of destruction are as follows:

1. Procedures for destruction
The information entered by a user is moved to a separate database, after the purpose has been accomplished
(a separate document in the case of a sheet), and destroyed either after the information has been saved for a
certain period of time, under the internal policies and other relevant laws, or immediately. At this time, the
personal information moved to a database is not used for other purposes unless it is so required by law.

2. Due date of destruction
The personal information of a user is destroyed within five (5) days from the date of completion of the retention
period for personal information, where the retention period has lapsed, or within five (5) days from the date it
has been found unnecessary to process personal information, where the personal information became
unnecessary because the purpose of processing personal information has been accomplished, the relevant
services have been discontinued, or the business has been completed, etc. The personal information printed
as sheets is shredded or destroyed by way of incineration.
Information in an electronic form uses technical methods that cannot reprocess records.

Article 8 (Measures to Obtain Personal Information Security)
The Company takes the technical, managerial, and physical measures necessary to obtain the
necessary level of security pursuant to Article 29 of the Personal Information Protection Act
as follows:

• 1. Minimizing and providing education to employees who process personal information
  The Company takes measures to manage personal information by designating, limiting and minimizing the
  employee(s) who process personal information.
• 2. Conducting regular self-auditing
  The Company conducts its self-auditing regularly (once per quarter) in order to ensure the highest level of
  security related to the processing of personal information.
• 3. Establishing and carrying out an internal management plan
  The Company establishes and carries out its internal management plan in order to safely process personal
  information.
• 4. Encrypting personal information
  As to the personal information of users, their passwords are encrypted, saved, and controlled, and as to
  important data that only oneself can know, the files and data for transmission are encrypted or separate
  security functions are used to lock files, etc.
• 5. Taking technical measures to overcome hacking, etc.
  In order to prevent the outflow or damage to personal information by hacking, computer viruses, etc., the
  Company establishes security programs and does occasional renewal and checking activities, establishes
  systems in areas where access from the outside is restricted, and monitors and detects any access from
  the outside technically and physically.
• 6. Restricting access to personal information
  The Company takes the necessary measures to restrict the access to personal information by granting,
  changing, or cancelling the rights to get access to its database system that processes personal information.
• 7. Retaining access records and preventing fabrications or alterations
  The Company retains and controls the records of those who have accessed the personal information processing
  system for at least more than six (6) months. Security measures are taken to ensure that the access records
  are not fabricated, altered, stolen, or lost.
• 8. Using a locking device for the security of documents
  The Company keeps documents, supplementary storage media, etc., with personal information in a safe place
  with a locking device.
• 9. Restricting access by unauthorized persons
  The Company establishes and operates access control procedures by separately having a physical retention
  place where all personal information is kept.

Article 9 (Personal Information Protection Manager)
The Company has appointed a Personal Information Protection Manger and Personal Information
Control Manager in order to protect the personal information and to process complaints related
to personal information as follows:
(Personal information protection manager appointed pursuant to Article 31, Section 1 of the
Personal Information Protection Act)

• 1. Personal Information Protection Manager
  • - Name: Joong-Geun Kang – Executive Director
  • - Affiliation: Samsung Corning Precision Materials, Personnel Management Team
  • - Phone: 041-520-1100
  • - E-mail: jameskang@samsung.com
• 2. Personal Information Control Manager
  • - Name: Soon-Gon Kim - Group Leader
  • - Affiliation: Samsung Corning Precision Materials, Communication Group
  • - Phone: 02-2255-2732
  • - E-mail: sgoni.kim@samsung.com

Article 10 (Changes in Personal Information Processing Policies)
The personal information processing policies are applied from their date of implementation, and
where there is an addition, a deletion or a correction of the content according to the law and
the policies, the Company will inform users seven (7) days before the implementation of such
changes.

Article 11 (Remedial Measures for Infringement of Rights and Interests)
An owner of personal information may file an application for dispute resolution or consultation
with the Personal Information Dispute Mediation Committee, the Personal Information Infringement
Reporting Center of the Korea Internet & Security Agency, etc ., in order to remedy an infringement
on their personal information. In addition, as to other reports or consultations related to personal
information infringements, please contact the following institutions:

• 1. Personal Information Dispute Mediation Committee: 118 (without a telephone exchange number)
• 2. Information Protection Mark Certification Committee: 02-580-0533~4
• 3. Internet Crime Investigation Center of Supreme Prosecutors’ Office: 02-3480-2000
• 4. Cyber Crime Investigative Service of National Police Agency: 02-392-0330