ZTQ GAMES PTE. LTD. (hereinafter referred to as the "Company") is doing its best to provide smooth and convenient services. In addition, the Company is taking measures to protect Users' personal data by complying with the “The Act on Promotion of Information and Communications Network Utilization and Data Protection, Etc.” (hereinafter referred to as the "Information and Communication Network Act") and other related laws.

The Company displays its policy on the handling of personal data on the homepage of its website (aurorahunt.xyz, hereinafter referred to as the "Website") to ensure its Users have easy and continuous access to it.

The Company's policy on handling personal data may be subject to change as a result of modifications in government laws and regulations, or revisions to the Company's internal policies. In such instances, the Company will promptly inform its Users of the reason and details of the changes through the Website.

The term "personal data" refers to information related to a living individual, including written or spoken words, code, visual images, biological features, and other data (including information that can be easily combined with other information to identify a specific individual, such as name or date of birth).

Privacy Policy of Users

• Items and Methods of Collected Personal Data

  - personal data is used only within the scope specified for the purposes of collection and usage, and in the event that such usage exceeds or diverges from the specified scope, the User's prior consent will be obtained. Any changes to the retention period, usage scope, provision to third parties, or outsourcing of personal data handling will be treated similarly, with significant changes being notified to Users and consent obtained through various means such as internet sites, written communication, telephone, or e-mail.

By clicking on the "Agree" button during the Usership process, including but not limited to receipt of commercial information for-profit purposes via e-mail, mobile phone, and fax transmission, it is understood that the User has consented to receive such communications.

This policy shall come into effect as of August 01, 2022.

The Company may collect the following personal data in order to provide services such as Usership registration, consultation, service application, and performance of contracts.

By clicking on the "Agree" button during the Usership process, including but not limited to receipt of commercial information for-profit purposes via e-mail, mobile phone, and fax transmission, it is understood that the User has consented to receive such communications.

This policy shall come into effect as of August 01, 2022.

- Information collected: ID, password, nickname, password retrieval question/answer, name, address, i-PIN number (for i-PIN Users), mobile phone number, gender, connection date, destination information, usage history, PC specifications, service usage records, legal representative information (name, date of birth, gender, identification (DI), identified CI).

- The Company will display mandatory and optional input fields during the User registration process. In order to use the Usership services provided by the Company, applicants for Usership must complete the mandatory fields. However, the optional fields are not required for Usership service use.

When a User wishes to use a premium (paid) service, the Company may collect the following payment-related information at the time of payment:

• - payment method owner information (such as name, date of birth, etc.), bank account information, credit card information, mobile phone number, fixed-line phone number, PIN number, gift certificate ID/password, and legal representative information (if consent for underage payment is required).

The following outlines how the Company collects personal data:

• - Personal data is collected through the following methods: website (User registration), fax (guardian's consent for payment by minors), telephone, consultation bulletin board, prize event application, delivery request, channeling service, and other services provided by affiliates, as well as through the use of information collection tools.

The purpose of collecting and using personal data collected by the Company is as follows:

• Performance of contracts and settlement of charges for service provision
  • - Providing content, purchasing and paying fees, sending goods or invoices, and identifying financial transactions
• • - Managing Users, including confirming legal representatives' consent or approval to legal acts, handling complaints, issuing temporary passwords, identifying personal identification, providing age-restricted services, and collecting personal data of teenagers and children under the age of 18
• • - Using the information for new services and marketing, such as providing guidance on new services and new product or event information, offering customized services, preparing analysis data according to demographic characteristics, providing services and advertising, compiling statistics on Users' use of services, and accurately delivering prizes.

• The personal data of Users shall be utilized strictly within the scope specified in the "Purpose of Collection and Use of Personal Data". The Company shall not use it beyond the aforementioned scope without obtaining the User's prior consent, nor provide or disclose it to third parties or other organizations. However, this provision shall not apply in cases where the relevant law requires legal action or investigation procedures, or where the User has given prior consent in accordance with the Company's terms of use, policy, or operating regulations.
• The Company reserves the right to share or provide personal data of its Users to its affiliates, in order to provide customized and other services. However, before doing so, the Company shall inform the User of the name of the affiliate, the purpose of the partnership, and the scope of personal data that will be shared or provided. If the User does not agree to the terms, the personal data will not be shared or provided to the affiliate.
• The Company may share the personal data of its Users with the mobile phone/ARS payment arbitration center, to the extent necessary for resolving issues related to customer objections regarding mobile phone/ARS payments.
  • - Mobile Phone/ARS Payment Arbitration Center (www.spayment.org )
  • - Phone: 02-563-4033, 02-563-4012

The Company engages in the outsourcing of personal data handling to a specialized external entity in order to enhance its services. The Company explicitly outlines stringent guidelines for the service provider regarding the handling of personal data, including confidentiality, non-disclosure to third parties, and liability in the event of any mishap.

The following is an overview of the Company's personal data consignment processing agencies and the details of their functions:

Data Processors

Entrustee	Content of entrusted service(s)	Retention & use period of personal data
Payletter		5 years (including payment date)
KG Mobilians	OTP service provision agency	During OTP installation, retained until completion
Korea Credit Information Services	i-PIN registration & identity verification	Personal data held by Company, not stored separately
Mobile network operators/Korean Mobile Certification	Mobile phone identify verification service provider/agency	Personal data held by Company, not stored separately

Retention and period of use of personal data on the contents of entrusted business of the entrusted Company

Payletter Co., Ltd. Keeps it for 5 years, including payment agency payment date

KG Mobilians OTP service provider OTP installation guidance and until completion

Korea Credit Rating Information Co., Ltd. I-PIN Usership registration and self-certification This is personal data already held by the relevant Company, so it is not stored separately

Subscribed mobile carrier/Korea Mobile Certification Co., Ltd. Provide mobile phone identity authentication service/agent Do not store it separately because it is personal data already held by the relevant Company

• As a general rule, the Company promptly destroys personal data once the purpose of its collection and use has been achieved. However, if a User's contract of use is terminated due to illegal activities or violation of the terms of use, the User's personal data may be retained for up to three years from the date of termination of the contract to prevent further illegal activities. Furthermore, if a User's contract is terminated involuntarily due to reasons such as hacking or force majeure, or in preparation for resolving disputes related to a withdrawn account, the User's personal data may be retained for up to 30 days from the date of termination (including Usership withdrawal).
• If a dispute arises, such as identity theft, the copy of the ID card submitted for identification will be promptly destroyed after verification. The legal representative information of minors under the age of 18 will be destroyed when the minor reaches adulthood or when personal data is deleted due to the minor's withdrawal of membership.
• If required by related laws such as the Commercial Act or the Consumer Protection Act in e-commerce, the Company may retain the personal data of the User for a period prescribed by the relevant laws. During this period, the Company will use the information only for the purpose of retention. The retention periods are as follows:
  • Records of contract or subscription withdrawal, etc
    Reason for retention: Act on Consumer Protection in Electronic Commerce, etc
    Retention period: 5 years
  • Records on payment and supply of goods, etc
    Reason for retention: Act on Consumer Protection in Electronic Commerce, etc
    Retention period: 5 years
  • Consumer complaints or dispute settlement records
    Reason for retention: Act on Consumer Protection in Electronic Commerce, etc
    Retention period: 3 years
  • Identification records
    Reason for retention: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc
    Retention period: 6 months
  • Confirmation of communication facts
    Reason for retention: Communication Secret Protection Act
    Retention period: 3 months

• The Company follows a principle of promptly destroying personal data once the purpose of its collection and use has been fulfilled. The procedure and method for such destruction are as follows:
  • Destruction procedure: The Company retains personal data for a specified duration in compliance with internal policies and other information protection measures required by relevant laws and regulations. The information is destroyed in an irreproducible manner.
  • Destruction method: electronic files containing personal data are deleted using a secure technical method that ensures the record cannot be reproduced. Personal data printed on paper is destroyed through shredding or incineration.

• Protection of Minors’ Personal Data
  • In accordance with the Information and Communication Network Act, the enterprise is required to secure the consent of legal guardians before collecting, utilizing, or disclosing personal data belonging to minors below the age of 14. Similarly, when individuals under the age of 18 enroll as Users, the Company must obtain the consent of their respective legal representatives.
  • To obtain the consent mentioned in the preceding clause, the Company may request minimal information necessary, such as the name and contact details of the legal guardian. Furthermore, any personal data collected from the legal guardian in this manner shall not be utilized for any purpose other than verifying their consent and shall not be disclosed to any third party.
  • The consent obtained from the legal guardian shall be utilized for addressing consumer grievances and resolving disputes arising from contracts, subscription cancellations, payments, and the supply of goods between the Company and minors.
  • The consent obtained from the legal representative of a youth who has withdrawn from the service, the withdrawal of such consent, or the consent that has expired, shall be irreversibly destroyed within 30 days from the date of withdrawal. Nonetheless, if it is deemed necessary to retain such information in compliance with relevant laws such as the Consumer Protection Act in the Commercial Act or e-commerce regulations, the Company may retain the personal data of the User for a specific period of time.
  • The legal guardian of a minor is entitled to request access to, correction of, or withdrawal of consent to the collection or disclosure of the minor's personal data. The Company shall not provide or use such personal data until the necessary measures have been taken in response to the aforementioned request.
• Matters Concerning the Management of Users’ Personal Data
  • Users have the option to withdraw their consent to the collection of their personal data by submitting a written request, via phone, or email to the designated personal data manager listed on the Company's website, unless otherwise specified by law. However, if personal data is to be destroyed due to the withdrawal of a User, any related data generated and accumulated by the User during their use of the Company's services may also be destroyed in conjunction with the aforementioned action.
  • Users have the right to request access to and correction of their personal data via the information management page on the Company's website. In such cases, the Company shall take the necessary measures to address the request and refrain from providing or using the personal data until the necessary measures have been completed.
  • If a User's representative visits and requests access to or correction of the User's personal data, the Company may verify the representative's authenticity and request that the representative provide documentation or certification of their representative status.
  • If there is a legitimate reason to deny a User access to all or part of their personal data, or to refuse to correct their personal data, the Company will promptly notify the User and provide an explanation for the reason.
  • Changes in required information provided by Users when signing up for Usership, such as names, resident registration numbers, and e-mail addresses, can cause errors in the services provided by the Company, so the Company may ask the User to take separate steps to change the required information.

• To provide customized services to Users, the Company uses cookies to store and retrieve User information. The Company identifies the User's computer for cookie operation, but​ does not personally identify the User.
• Users have the option to enable or disable the use of cookies. To accept all cookies, Users may select Tools > Internet Options > Security or follow other applicable steps to enable cookies on their web browser. Users may also choose to receive a confirmation prompt each time cookies are saved or reject the storage of all cookies. However, if Users reject the storage of all cookies, they may not be able to fully utilize the services provided by the Company.

• The Company is implementing technical measures to ensure the safety and security of personal data in its handling of Users’ personal data, thus preventing any loss, theft, leakage, tampering or damage to such information.
• Users' personal data is encrypted, ensuring that only the User can access and modify such data.
• The Company ensures the secure transmission of personal data on the network through encrypted communication protocols.
• To prevent unauthorized access or damage caused by hacking or computer viruses, the Company is making every effort to safeguard Users’ personal data.
• The Company implements regular data backup procedures and employs antivirus software to mitigate risks related to computer viruses and other security threats that may compromise personal data.
• The Company also adopts access controls, authority management, and system vulnerability checks to bolster security measures.
• Access to Users' personal data is strictly limited to authorized personnel, and employees who handle such information undergo regular training to maintain their awareness and understanding of relevant policies and procedures.
• The Company is committed to ensuring compliance with its policies and internal regulations governing personal data handling, and takes corrective action immediately upon identifying any breaches or issues.
• The Company shall not be held liable for any issues arising from the User's own carelessness or problems related to internet connectivity, leading to the disclosure of personal data such as ID, password, and resident registration number.

• To ensure the protection of customers' personal data and the handling of complaints regarding personal data, the Company appoints relevant departments and managers for personal data management as follows:

  Customer Service Department: AuroraHunt Customer Center
  - Phone number: 02-588-0105
  - E-mail: support@aurorahunt.xyz

  Data Protection Officer
  - Name: Bae Jong-hoon
  - Phone number: 02-588-0105
  - E-mail: support@aurorahunt.xyz

• If Users encounter any issues regarding the protection of personal data while using the Company's services, they may report them to the designated personal data management department or the person in charge. The Company will promptly respond to User reports and take appropriate actions to address any concerns related to personal data protection.
  If you wish to report or receive consultation on other personal data infringement matters, please contact the institution below:
  • Personal Data Dispute Mediation Committee (www.1336.or.kr/)
  • The Information Protection Mark Certification Committee (www.eprivacy.or.kr/ 02-580-0533-4)
  • National Police Agency Cyber Terror Response Center (www.ctrc.go.kr/ 02-392-0330)

In the event of any further modifications or deletions of content to this privacy policy due to changes in laws or security technologies, the Company will notify Users of the reason and details of the change through the website at least 7 days prior to the implementation of the updated policy.

Announcement Date: August 1, 2022