MINEC Co., Ltd.(hereinafter referred to as the "Company") places great importance on the personal information of users (hereinafter referred to as "Users" or "You") who use MEGA’School [https://www.imegaschool.com/], which is operated by the Company. The Company is committed to protecting the personal information provided by Users to the MEGA’School service online while using MEGA’School.

The Company complies with relevant laws and regulations, including the Personal Information Protection Act, and informs you through the MEGA’School Privacy Policy how the personal information provided by Users is utilized and what measures are taken to protect such information.

The MEGA’School Privacy Policy may be amended from time to time due to changes in government laws and guidelines or internal policies. Accordingly, the Company has established necessary procedures for the continuous improvement of the Privacy Policy. In the event of a change to the Privacy Policy, the Company will notify users through the Privacy Policy section on the first page of MEGA’School.

Article 1

Purpose of Personal Information Processing

1. The Company processes personal information for the following purposes

• ① Membership Registration and Speaker/Mentor Application Management: We process personal information for the purposes of confirming intent to register, identifying and authenticating individuals for the provision of membership services, maintaining and managing membership qualifications, verifying identity in accordance with the implementation of the Limited Identity Verification System, preventing fraudulent use of services, providing various notices and notifications, and handling grievances.
• ② Service Provision: We process personal information for the purposes of verifying applicants for Lectures and Mentoring.
• - Payment for the purchase and sale of goods and services, and provision of services
  - Processing of payment cancellations and refunds
• ③ Handling of Civil Complaints: We process personal information for the purposes of verifying the identity of complainants and confirming the details of complaints.

2. The personal information being processed will not be used for purposes other than those listed below. If the purpose of use changes, we plan to take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

Article 2

Items of Personal Information Collected

1. The Company processes only the minimum amount of personal information required by relevant business duties and laws. When collecting personal information with the consent of the data subject, we collect the information after specifically informing the data subject that they may refuse to consent to the collection of personal information beyond the minimum necessary information.

2. The personal information items are as follows.

• ① Membership Registration and Management
• - Basis for Operation: Consent of the Data Subject
  - Mandatory Collection Items: Profession, Nationality, Name, Email, Affiliation, Password
  - Optional Collection Items: Interested Lectures
  - Processing and Retention Period: Up to 90 days after website withdrawal
• ② Speaker/Mentor Application and Management
• [Mentor Information]
• - Basis for Operation: Consent of the Data Subject
  - Mandatory Collection Items: Profile Image, Skills, CV, Participation Purpose, Years of Experience, Activity History, Areas of Mentoring Interest, Areas Available for Mentoring
  - Optional Collection Items: Mentoring/Guidance Experience
  - Processing and Retention Period: Up to 90 days after website withdrawal
• [Speaker Information]
• - Basis for Operation: Consent of the Data Subject
  - Mandatory Collection Items: Profile Image, Skills, CV, Participation Purpose, Interested Lectures, Major Lecture Title, Activity History
  - Optional Collection Items: Sample Lecture Video, One minute video introducing yourself, Social Media & URLS
  - Processing and Retention Period: Up to 90 days after website withdrawal
• ③ Lectures Application and Management
• - Basis for Operation: Consent of the Data Subject
  - Mandatory Collection Items: Name, Email
  - Processing and Retention Period: Up to 90 days after website withdrawal
• ④ Mentoring Application and Management
• - Basis for Operation: Consent of the Data Subject
  - Mandatory Collection Items: Patient Information(Name, Date of birth/age, Gender), Chief Complaint(C.C.), Classification of medical treatment, Tooth info.(Dental Caries, Restorative and Prosthetic Issues, Tooth and Root Fractures)
  - Processing and Retention Period: Up to 90 days after website withdrawal
• ⑤ Information automatically generated and collected during the process of using the service
• - IP address, service usage records, visit records, date and time of membership registration, records of improper use, mobile device information, payment and purchase information
  - When using analytics tools such as Google Analytics) Behavioral data within the website

Article 3

Processing and Retention Period of Personal Information

1. The Company retains and uses the user's personal information only during the period of providing the MEGA’School service. Personal information will be destroyed without delay if a request for membership withdrawal is made, if consent for the collection and use of personal information is withdrawn, or if the purpose of collection and use is achieved or the usage period ends. However, in the following cases, information will be retained for the reasons and periods specified respectively.

2. If retention is necessary pursuant to the provisions of relevant laws and regulations, such as the Commercial Act, transaction records and minimal basic information will be retained for the retention period stipulated by law.

• ① Records regarding contracts or withdrawal of subscription, etc.: 5 years
• ② Records regarding payment settlement and supply of goods, etc.: 5 years
• ③ Records regarding consumer complaints or dispute resolution: 3 years
• ④ Records regarding fraudulent use, etc.: 5 years
• ⑤ Website visit records (login records, access records): 3 years

3. If the retention period has been announced in advance and has not yet expired, or if individual consent has been obtained, the information will be retained for the agreed period.

Article 4

Provision of Personal Information to Third Parties

1. The Company does not provide users' personal information to third parties without prior consent.

Article 5

Matters Concerning the Entrustment of Personal Information Processing

1. The Company entrusts personal information to external companies to perform some of the tasks necessary for providing the MEGA’School service. Furthermore, the Company manages and supervises these entrusted companies to ensure they do not violate relevant laws and regulations.

• ① Toss Payments Co., Ltd.: Use of escrow services required for product payments and credit card/PayPal payment processing

Article 6

Destruction of Personal Information

1. In principle, the Company destroys personal information without delay once the purpose of processing the personal information has been achieved. The procedures, deadlines, and methods of destruction are as follows.

• ① Destruction Procedure: Information entered by users is transferred to a separate DB (or separate documents in the case of paper records) after the purpose is achieved. It is then stored for a certain period in accordance with internal policies and other relevant laws and regulations, or destroyed immediately. At this time, personal information transferred to the DB is not used for any other purpose unless required by law.
• ② Destruction Deadline: User personal information is destroyed within 5 days from the end of the retention period if the retention period has expired. If the personal information becomes unnecessary due to the achievement of the purpose of processing, the discontinuation of the relevant service, or the termination of the business, the personal information is destroyed within 5 days from the date it is deemed unnecessary to process.

Article 7

Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

1. In principle, the Company destroys personal information without delay once the purpose of processing the personal information has been achieved. The procedures, deadlines, and methods of destruction are as follows.

• ① What are Cookies? : A small text file sent to the user's browser by the server used to operate the website, and stored on the user's hard disk.
• ② Purpose of Cookie Usage: The information collected by the Company through cookies is the same as the 'Items of Personal Information Collected in Article 2' and is not used for purposes other than the 'Purpose of Processing Personal Information in Article 1'.
• ③ Cookie Installation, Operation, and Refusal: Users have the right to choose whether or not to install cookies. By setting options in the web browser, users may allow all cookies, be prompted for confirmation whenever a cookie is saved, or refuse the storage of all cookies. The method for specifying whether to allow cookie installation (in the case of Internet Explorer) is as follows: [e.g., Tools > Internet Options > Privacy at the top of the web browser]. However, if you refuse the storage of cookies, you may experience difficulties using some services that require a login.

Article 8

Matters Concerning Measures to Ensure the Security of Personal Information

1. In accordance with Article 29 of the Personal Information Protection Act, the Company is taking the following technical, administrative, and physical measures necessary to ensure security.

• ① Establishment, Implementation, and Inspection of Internal Management Plans: We establish and implement internal management plans in accordance with the ‘Standards for Measures to Ensure the Safety of Personal Information.’
• ② Minimization and Training of Personnel Handling Personal Information
• - We designate and manage personnel handling personal information only to the extent absolutely necessary, and we conduct training for these employees to ensure safe management.
• ③ Restriction on Access to Personal Information
• - We take necessary measures to control access to personal information by granting, modifying, or revoking access rights to database systems that process personal information, and we control unauthorized access from the outside using intrusion prevention systems.
• ④ Storage of Access Logs
• - We store and manage records of access to personal information processing systems for at least one year.
• - ※ However, in the case of personal information processing systems that process personal information regarding 50,000 or more data subjects, or that process unique identification information or sensitive information, records are stored and managed for at least two years.
• ⑤ Encryption of Personal Information
• - Personal information is securely stored and managed through encryption and other measures. In addition, we utilize separate security functions, such as encrypting important data during storage and transmission.
• ⑥Installation of Security Programs and Periodic Inspection/Updating
• - To prevent the leakage or damage of personal information caused by hacking or computer viruses, we install security programs and periodically update and inspect them.
• ⑦ Access Control for Unauthorized Personnel
• - We maintain a separate physical storage location for personal information systems that store personal information and have established and operate access control procedures for this location.

Article 9

Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising Them

1. The Company does not accept membership registrations from children under the age of 14 who require the consent of a legal representative.

2. Users may view, disclose, or keep private, modify, or delete their registered information at any time. Users may view or modify their personal information through 'Edit Profile.' If you contact the Chief Privacy Officer in writing, by phone, or by email, we will take measures to terminate your membership (withdraw consent) without delay after verifying your identity.

3. If a user requests correction regarding errors in their personal information, we will not use or provide the relevant personal information until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the correction results without delay to ensure that the correction is made.

4. The Company processes personal information that has been terminated or deleted at the user's request in accordance with [Article 3: Processing and Retention Period of Personal Information] and ensures that it cannot be accessed or used for any other purpose.

Article 10

Chief Privacy Officer and Department Receiving and Processing Requests for Access

1. In accordance with Article 3, Paragraph 1 of the Personal Information Protection Act, we have designated a Chief Privacy Officer as follows to take overall responsibility for tasks related to the processing of personal information, and to handle complaints and provide relief for damages to data subjects regarding the processing of personal information.

2. Data subjects may contact the Chief Privacy Officer and the relevant department regarding all inquiries, complaints, and damage relief matters related to personal information protection that arise while using the MEGA’School service. The Company will respond to and process inquiries from data subjects without delay.

3. Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act from the department listed below. The Company will endeavor to ensure that requests for access to personal information by data subjects are processed promptly.

• ① Chief Privacy Officer
• - MINEC Co., Ltd.
• - Position: Chief Privacy Officer
• - Contact: +82-1544-2285, cs@imegagen.com
• ※ You will be connected to the Privacy Officer.
• ② Privacy Officer
• - MINEC Co., Ltd.
• - Position: Privacy Officer
• - Contact: +82-1544-2285, cs@imegagen.com

Article 11

Remedies for Infringement of Data Subjects' Rights and Interests

1. Data subjects may apply for dispute resolution or consultation, etc., to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc., to seek relief for personal information infringement. For other reports or consultations regarding personal information infringement, please contact the following organizations.

• ① Personal Information Dispute Mediation Committee
• - Website: www.kopico.go.kr
• - Phone: +82-1833-6972
• - Address: 4F, ​​Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea (03171)
• ② Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
• - Website: privacy.kisa.or.kr
• - Phone: +82-118
• - Address: 3F, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea (301-2 Bitgaram-dong), Republic of Korea (58324)
• ③ Cybercrime Investigation Division, Supreme Prosecutors' Office
• - Website: www.spo.go.kr
• - Phone: +82-1301
• ④ Cyber ​​Investigation Bureau, National Police Agency
• - Website: ecrm.police.go.kr
• - Phone: +82-182

2. Article 35 (Access to Personal Information) and Article 36 (Personal Information of Any person whose rights or interests have been infringed upon due to a disposition or inaction by the head of a public institution regarding a request under Article 37 (Correction/Deletion, etc.) may file an administrative appeal in accordance with the Administrative Appeals Act.

※ Central Administrative Appeals Commission: Website: www.simpan.go.kr, Phone: +82-110

Article 12

Changes to the Personal Information Processing Policy

1. This Personal Information Processing Policy is effective as of May 21, 2026.