Privacy Policy

Woori Seed Net (hereinafter referred to as the "Company") processes personal information lawfully and manages it securely in compliance with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of data subjects. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following Privacy Policy to guide data subjects on the procedures and standards regarding the processing of personal information and to ensure the prompt and smooth handling of grievances related thereto.

1. Purpose of Personal Information Processing

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, the Company plans to take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1) Membership Registration and Management

• Personal information is processed for the purposes of confirming intent to register as a member, identifying and authenticating the individual for the provision of membership services, maintaining and managing membership status, and preventing fraudulent use of the service. ### 2) Provision of Goods or Services
• Personal information is processed for the purposes of providing garden/plant news, community services, content, personalized services, and identity verification.

3) Use for Marketing and Advertising

• Personal information is processed for the purposes of developing new services and providing personalized services, providing event and promotional information and opportunities to participate, verifying the effectiveness of services, identifying access frequency, or compiling statistics on members' service usage.

2. Processing and Retention Period of Personal Information

The Company processes and retains personal information within the retention and usage period stipulated by relevant laws and regulations or within the retention and usage period agreed upon by the data subject at the time of collection. ### The processing and retention periods for each type of personal information are as follows:

1. Membership Registration and Management: Until membership withdrawal

• However, if an investigation or inquiry is in progress due to a violation of relevant laws and regulations, until the completion of such investigation or inquiry

2. Provision of Goods or Services: Until the completion of supply of goods or services and payment or settlement of fees

• However, in cases falling under the following reasons, until the end of the relevant period

• Records regarding labeling, advertising, contract details, and performance, etc. pursuant to the "Act on the Consumer Protection in Electronic Commerce, etc.": 6 months

• Login records pursuant to the "Act on the Protection of Communications Secrets": 3 months

3. Items of Personal Information Processed

The Company processes the following items of personal information. ### 1) Membership Registration and Management

• Required items: Email address, password, nickname
• Optional items: Profile image, information on plants of interest, garden type

2) Information Automatically Generated and Collected During Service Usage

• IP address, cookies, service usage records, date and time of visit, device information (OS, browser information, etc.)

3) Writing Community Posts and Comments

• Post content, comment content, date and time of writing, attached images

4. Provision of Personal Information to Third Parties

The Company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing) and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the data subject's consent or special provisions of the law.

Currently, the Company does not provide personal information to third parties.

5. Outsourcing of Personal Information Processing

To ensure smooth processing of personal information tasks, the Company outsources personal information processing tasks as follows. ### Entrusted Party (Trustee)

• Cloud Service Provision: Replit, Inc.

• Content of Entrusted Work: Server hosting and data storage

• Entrustment Period: Until membership withdrawal or termination of the entrustment contract

• AI Service Provision: OpenAI, LLC

• Content of Entrusted Work: Provision of AI chat services

• Entrustment Period: From the time of service use until termination

6. Rights and Obligations of Data Subjects and Method of Exercise

Data subjects may exercise the following rights related to personal information protection against the Company at any time:

1. Request for access to personal information

2. Request for correction in case of errors, etc.

3. Request for deletion

4. Request for suspension of processing

The exercise of rights pursuant to Paragraph 1 may be made to the Company in writing, by telephone, email, etc., and the Company will take action regarding this without delay. ## 7. Destruction of Personal Information

The Company destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose.

Destruction Procedure

• Information entered by users is transferred to a separate database (or separate documents in the case of paper) after the purpose is achieved. It is then stored for a certain period in accordance with internal policies and other relevant laws, or destroyed immediately.

Destruction Method

• For information in the form of electronic files, technical methods are used that prevent the records from being reproduced.

• Personal information printed on paper is destroyed by shredding or incineration.

8. Measures to Ensure the Safety of Personal Information

The Company takes the following measures to ensure the safety of personal information. 1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs

3. Physical Measures: Access control to computer rooms, data storage rooms, etc.

9. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The Company uses cookies that store and frequently retrieve usage information to provide personalized services to users.

Purpose of Using Cookies

• Analysis of user access frequency or visit time

• Identification of user preferences and interests, and tracking of browsing history

• Provision of targeted marketing and personalized services by determining participation levels in various events and visit frequency

Installation, Operation, and Refusal of Cookies

• Users have the right to choose regarding the installation of cookies.

• By setting options in your web browser, you can allow all cookies, be prompted for confirmation whenever a cookie is saved, or refuse the storage of all cookies. ## 10. Chief Privacy Officer

The Company assumes overall responsibility for tasks related to the processing of personal information and has designated a Chief Privacy Officer as follows to handle complaints and provide relief for damages to data subjects regarding the processing of personal information.

Chief Privacy Officer

• Name: Park Du-su, Uriseed Co., Ltd.

• Email: dspark@uriseed.com

Data subjects may contact the Chief Privacy Officer regarding all inquiries, complaint handling, and damage relief matters related to personal information protection arising from the use of the Company's services.

11. Changes to the Privacy Policy

This Privacy Policy is effective from December 12, 2025. In the event of any additions, deletions, or corrections to the contents pursuant to relevant laws and policies, notice will be provided through announcements at least 7 days prior to the effective date of the changes.

12. Remedies for Infringement of Rights

Data subjects may contact the following organizations regarding damage relief, consultation, etc., concerning personal information infringement. - Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency)

• Phone: 118 (without area code)

• Website: privacy.kisa.or.kr

• Personal Information Dispute Mediation Committee

• Phone: 1833-6972 (without area code)

• Website: www.kopico.go.kr

• Supreme Prosecutors' Office Cybercrime Investigation Division

• Phone: 02-3480-3573

• Website: www.spo.go.kr

• National Police Agency Cyber ​​Bureau

• Phone: 182 (without area code)

• Website: cyberbureau.police.go.kr