OX Entertainment (hereinafter referred to as the “Company”) complies with and adheres to the laws of various countries for the protection of personal information. The Company values the personal information provided by data subjects to use its services and is committed to protecting personal information. The Company's Privacy Policy may be changed due to amendments to laws, changes in government policy, or changes in the Company's internal policy. Changes are posted on the homepage for easy confirmation by data subjects. The Privacy Policy contains the following information. 1. Purpose of Processing Personal Information 2. Items of Personal Information Processed and Collection Methods 3. Processing and Retention Period of Personal Information 4. Provision of Personal Information to Third Parties 5. Entrustment of Personal Information Processing 6. International Transfer of Personal Information 7. Rights of Data Subjects (Users) and Legal Representatives and How to Exercise Them 8. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices 9. Destruction of Personal Information 10. Security Measures and Technical/Managerial Countermeasures for Personal Information 11. Matters Concerning Opinion Gathering and Complaint Handling Related to Personal Information 12. Chief Privacy Officer 13. Changes to the Privacy Policy 1. Purpose of Processing Personal Information The Company processes personal information for the following purposes. Personal information will not be used for purposes other than the following, and prior consent will be obtained if the purpose changes. A. Service Response Responding to product complaints, retaining records for dispute resolution, sales response B. Service Provision Providing music services, curation, providing upload functionality C. Marketing Utilizing collected personal information to provide customized services, opportunities to participate in events, information about the Company's related services, products, etc. D. Handling Civil Complaints Requests for access, correction, suspension of processing of personal information, requests for temporary measures 2. Items of Personal Information Processed and Collection Methods A. The Company collects and retains personal information only based on legal regulations and the consent of the data subject. The main personal information collected and retained by the Company is as follows: ▶ Customer Response: Required items (email, contact number) B. The Company collects personal information through the following methods: ▶ Customer Response: Submission through direct input of personal information on the homepage 3. Processing and Retention Period of Personal Information The Company destroys personal information without delay when the purpose of processing the collected personal information is achieved, the retention period agreed upon at the time of collection expires, the period required by relevant laws expires, or upon request from the data subject. The period required by the Act on Consumer Protection in Electronic Commerce, etc., is as follows: A. All personal information: Unlimited retention 4. Provision of Personal Information to Third Parties The Company does not provide collected personal information to third parties without the data subject's consent, except in the following cases. However, personal information may be provided to third parties without the user's prior consent in the following cases: A. When there are special provisions in the law or it is unavoidable to comply with legal obligations. B. When the data subject or their legal representative is unable to express their intention or prior consent cannot be obtained due to unknown address, etc., and it is clearly recognized as necessary for the immediate life, physical safety, or property interests of the data subject or a third party. C. When requested by investigative agencies or other state institutions, and the Company is recognized as having an obligation to provide personal information according to laws and regulations. 5. Entrustment of Personal Information Processing A. The Company entrusts the processing of the data subject's personal information as follows to provide services: ▶ Homepage maintenance and data management tasks - Entrusted party (trustee): ASOACC - Content of entrusted tasks: Processing of personal information accompanying homepage maintenance and data management B. When entrusting the processing of personal information, the Company manages the entrusted tasks by imposing obligations through the conclusion of a personal information processing entrustment agreement, such as prohibition of processing personal information for purposes other than the entrusted task, technical/managerial protective measures, security measures, restrictions on re-entrustment, management/supervision of the entrusted company, and confidentiality, to ensure that personal information is managed safely. C. If the entrusted company or the content of the entrusted tasks changes, it will be disclosed without delay through posting on the homepage and this Privacy Policy. 6. International Transfer of Personal Information The Company entrusts the operation of its system and data management to the system platform provider, OX Entertainment China Inc., and the details of the international transfer of personal information are as follows: A. Recipient of personal information transfer - OX Entertainment China Inc. B. Items of personal information transferred - At member registration and member information change: Email, system account information - System usage information: Logs related to website access, IP address, cookies, MAC address, and other access records C. Destination country, transfer date/time, transfer method - Member information: China, upon member registration and member information change, transferred using a dedicated network D. Purpose of use, retention, and usage period of personal information by the recipient - Purpose of use: Providing system platform services - Retention and usage period: For member information, from the date of user's consent to collect and use personal information. However, if the mandatory retention period according to relevant laws is longer than this period, it will be retained until that period expires. 7. Rights of Data Subjects (Users) and Legal Representatives and How to Exercise Them A. It's already been leaked, what rights can I exercise? I really don't know. 8. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices A. Purpose of using cookies The Company uses 'cookies' that store and frequently retrieve usage information to provide individual customized services to users. Cookies are small amounts of information sent by the server (http) used to operate the website to the user's computer browser and may be stored on the hard disk of the user's PC. Cookies are used to identify visit and usage patterns for each service and website visited by the user, popular search terms, secure access status, etc., to provide optimized information to the user. B. How to install, operate, and refuse cookies You can refuse to store cookies through the option settings in the Tools > Internet Options > Privacy menu at the top of your web browser. 9. Destruction of Personal Information In principle, the Company destroys the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this does not apply if preservation is required by law. A. Destruction procedure: Stored for a certain period according to internal policy and other relevant laws, then destroyed or deleted. B. Destruction method: Personal information printed on paper is shredded or incinerated, and personal information stored in electronic file format is deleted using a method that prevents record regeneration or restoration. C. Separate storage of personal information: If personal information must be kept continuously according to other laws despite the expiration of the retention period agreed upon by the user or the achievement of the processing purpose, the storage location of the relevant personal information is changed and stored separately from other personal information. 10. Security Measures and Technical/Managerial Countermeasures for Personal Information The Company takes the following technical, managerial, and physical measures necessary for ensuring safety in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.: A. Establish and implement an internal management plan for the safe processing of personal information. B. Restrict access to personal information: Take necessary measures for access control to personal information by granting, changing, and revoking access rights to the database system that processes personal information. C. Minimize and educate personnel handling personal information: Implement measures to manage personal information by designating and limiting personnel handling personal information to the minimum necessary. D. Encrypt personal information: Personal information is encrypted for storage and management. E. Store and prevent forgery/alteration of access records: Store and manage access records for at least 1 year, and manage them to prevent forgery, alteration, theft, or loss. F. Technical countermeasures against hacking, etc.: The Company installs security programs, performs periodic updates/checks to prevent personal information leakage and damage due to hacking or computer viruses, and installs systems in areas where external access is controlled, monitoring and blocking technically/physically. G. Use of locking devices for document security: Maintain a separate physical storage location for the personal information system storing personal information and establish and operate access control procedures for it. H. Conduct regular self-audits: Conduct regular self-audits to ensure stability related to personal information handling. 11. Matters Concerning Opinion Gathering and Complaint Handling Related to Personal Information The Company gathers opinions from data subjects regarding personal information protection and has prepared all procedures and methods to handle complaints. Data subjects can report complaints via phone or email using the contact information of the Chief Privacy Officer and management department specified in Article 12 below, and the Company will provide prompt and sufficient responses to the data subject's reports. Alternatively, complaints can be filed with the following government-established and operated agency: - Ministry of Public Security of the People's Republic of China (https://www.mps.gov.cn/) 12. Chief Privacy Officer The Company designates the following customer service personnel, Chief Privacy Officer, and staff to protect personal information, handle related matters, and receive and respond to complaints from customers who provided personal information, etc.: Chief Privacy Officer: Vacant Privacy Protection Management Department: OX Ent. C wave 13. Changes to the Privacy Policy This Privacy Policy will take effect after its separate final revision.