For the proper use of services at the website, the following information items may be generated and collected automatically.

• Items (automatically collected): IP address, cookie, date/time of visit, service use record
• Method of collection: automatic collection through the website

For how to refuse automatic collection of information, please refer to Article 8 of this information processing policy (Installation and operation of and refusal to the automatic personal information collection method).

For an appropriate answer to customer inquiries through 'Contact Us' at the right top of the web page, the following personal information is collected:

• Information items: name (required), e-mail address (required), mobile phone number, company name
• Items to be handled (automatically collected): IP address, cookie, date/time of visit, service use record
• How to collect: customer inquiries and automatic log collection through a log analysis program

For how to refuse automatic collection of information, please refer to Article 8 of this information processing policy (Installation and operation of and refusal to the automatic personal information collection method).

• Record of website visits: 3 months
• Reason of retainment: Protection of Communications Secrets Act

• 3 years from the completion of handling the inquiry

• With a separate consent of the information subject
• With a special provision applicable in another relevant law
• The information subject or his/her legal representative is unable to express an intention or the address is unknown and thus confirming an informed consent is impossible, but the information is urgently necessary for the life, physical body, material, or interest of the information subject or a third party.
• The information is necessary for the purpose of statistical preparation, academic research, etc. and it is provided in a form that is unable to identify the certain individual.

The Company entrusts a qualified entity with personal information processing as below for its smooth operation.

For a service agreement, the Company specifies and documents details of entrusted service in accordance with Article 26 of the Personal Information Protection Act, including prohibition of personal information processing for any other purpose than fulfillment of the entrusted service, technical and managerial measures for protection, restriction of reentrust, management and supervision of assignees, liability for damages, and so forth. The Company assures that the assignee safely handles personal information.

In the event that there is any change to the content or assignee of the entrusted service, the Company will make it known without delay according to this policy of personal information processing.

Information subjects can exercise their rights to protect personal information anytime in the following ways:

• Request to access personal information
• Request to correct errors if any
• Request for deletion
• Request to stop processing information

Users can exercise the right stated in Paragraph 1 above by sending a written request or by telephone, e-mail, or fax to the Company. The Company then will take a measure without delay after the identification process.

In the event that a user requests to correct errors or delete personal information, the Company does not use or provide the personal information until the action of correction or deletion is taken.

The right stated in Paragraph 1 may be exercised through a legal representative or an entrusted individual. In this case, a letter of attorney shall be submitted in Annex Form No. 11 according to Enforcement Rules of the Personal Information Protection Act.

Information subjects shall not reveal personal information that the company processes or infringe privacy of one's own or others in violation of relevant laws or regulations such as Information Communications Network Act and Personal Protection Act.

The Company does not collect personal information of anyone aged less than 14 in principle. If it is inevitable to collect information of someone aged less than 14, the Company will obtain his/her legal representative's prior consent. The minimal information (name and contact) necessary to obtain a legal representative's prior consent in this case may be collected from the person aged less than 14 with no need to obtain his/her legal representative's consent.

The Company deletes personal information without delay when it is no longer necessary as the period of information storage ends or the purpose is fulfilled.

In the event that personal information is required to be stored by law even though as the period of information storage ends or the purpose is fulfilled, the personal information is transferred to another place of storage.

Personal information is deleted in the following procedure and method:

• Deletion Procedures: The Company determines personal information that shall be deleted and deletes it upon approval of the person in charge of protecting personal information.
• Deletion Method: The Company shall delete personal information in an electronic file format in a technical way that makes it impossible to restore it. The Company shall destroy personal information in a paper document using a shredder by incinerating it.

The Company takes the following measures for security of personal information

• Restriction and management of access to personal information
• Identification and authentication for access to personal information
• Installation of a system to restrict any unauthorized access to personal information
• Encryption for safe storage and transmission of personal information
• Storage of access records and prevention of forgery
• Installation, regular renewal, and inspection of security programs

To provide users with customized services, the Company collects cookies that save and occasionally loads user information in addition to automatically generated IPs and access time data.

Cookies are a small amount of information that the server (http) for website operation sends to the user's computer browser. They may be saved in the hard disk of the user's computer.

• Logs are saved and retained for a designated period of time to secure the user traceability and responsibilities through identification and to improve the system.

• Users may choose for cookies not to be installed. Therefore, in order to reject cookies, a user may select one of the following options of web browser: to allow every cookie to be installed, to check every time when a cookie is saved, or to reject every cookie.
• How to set up (MS Explorer): Tool at the top of the web browser > Internet Options > Personal Information > Advanced > Allow Cookies

The Company designates a person in charge of personal information protection, who takes the general responsibilities for personal information processing, handling complaints among information subjects, damage relief, etc.

Information subjects may inquire the person in charge of personal information protection of any aspects of the Company's service (or business) such as personal information protection, complaint, damage relief, etc. The Company will reply and handle inquiries from information subjects without delay.

Information subjects may inquire the institution below about information infringement, damage relief, consultation, etc.
(The institution below is independent from the Company. You may contact it if you have any complaint about the Company's personal information or the result of a damage relief or if you need more details.)

< Personal information infringement report center (operated by Korea Internet & Security Agency) >

• Services: Report of personal information infringements, consultation, etc.
• Website : privacy.kisa.or.kr
• Tel : 118 (no exchange number)
• Address : (58324) Personal Information Infringement Report Center, 3F, Jinheung-gil 9 (Bitgaram-dong 301-2), Naju-si, Jeollanam-do

< Personal information dispute committee >

• Services : Request for personal information dispute settlement, mediation for group disputes (civil settlement)
• Website : www.kopico.go.kr
• Tel : 1833-6972 (no exchange number)
• Address : (03171) 4F, Government Complex-Seoul, Saejongdasero 209, Jongno-gu, Seoul

The person in charge of personal information protection and website operation as well as "LX group employment portal site (LX Careers)" is responsible for recruiting-related personal information management.

< Cyber Crime Investigation Unit, Supreme Prosecutor's Office : 02-3480-3573 (www.spo.go.kr) >

< Cyber Bureau, National Police Agency : 182 (cyberbureau.police.go.kr) >

If there is any addition, deletion, or modification to the present personal information processing policy, it will be notified through the 'Notice' page of the website at least 7 days in advance. However, if the change is significant in terms of user rights, it will be notified at least 30 days in advance.

This provision will come into effect on September 15, 2024.