NdotCAD Privacy Policy (Version 1.0)

NdotLight Co., Ltd. (hereinafter 'NdotLight' or 'Company') strictly complies with domestic Personal Information Protection laws such as Act On Promotion Of Information And Communications Network Utilization And Information Protection (hereinafter 'Information and Communications Network Act') and the Personal Information Protection Act.

1. What Our Privacy Policy Means
Privacy Policy has the following important implications.
- Privacy Policy provides transparent information in relation to the “life cycle of personal information,” such as the information collected by NdotCAD, how the collected information is used, with whom the information is shared('consigned or provided') when necessary, and when and how the information is destroyed once it fully serves its purpose.
- Privacy Policy informs users, the information subjects, their rights regarding their personal information as well as the methods and procedures to exercise such rights. Guidelines are also provided for the rights that legal representatives (including parents, etc.) may exercise to protect the personal information of minors under the age of 14.
- Where the privacy infringement takes place, Privacy Policy guides you who to contact and what kind of help you should expect in order to prevent further damage and restore the damage you have already sustained.

2. Personal Information Collected
The personal information that NdotLight collects from users at the time they sign up for plan is as follows.
- When a user signs up for plan, his/her ‘ID, password, name, date of birth, gender, mobile phone number’ are collected as required fields.
- If the date of birth entered by the user shows that he/she is a minor under 14 years of age, the information (name, date of birth, gender, and duplication information (DI), mobile phone number) on his/her legal representative is additionally collected. Then, his/her email address is collected as optional field.
- If a user signs up for plan with a group ID, the group ID, password, group name, email address and mobile phone number are collected as required fields. The group representative’s name is also collected as an optional field.

The personal information that NdotLight collects from users at the time of receiving customer inquiries is as follows.
- We collect ‘e-mail address’ as a required field to receive bug reports.
- We collect ‘name, affiliation, phone number and e-mail address’ as required fields to receive a partnership proposal.
- We collect ‘name, affiliation, phone number and e-mail address’ as required fields to receive product inquiries.

In the process of using the service, the following information may be automatically generated and collected.
- NdotCAD product information and cookies, device information, OS, IP address

3. Retention and Usage Period of Personal Information
NdotLight processes and retains personal information within the period of retention and usage of personal information in accordance with laws and regulations, or within the period of retention and usage of personal information agreed upon when collecting personal information from users.
The items and period of personal information retained by the company in accordance with relevant laws and regulations are as follows.
- Act on The Consumer Protection In Electronic Commerce, Etc.
   · Records on contract or subscription withdrawal: Stored for 5 years
   · Records on payment and supply of goods: Stored for 5 years
   · Records on consumer complaints or dispute resolution: Stored for 3 years
- Electronic Financial Transactions Act
   Records related to electronic finance: Stored for 5 years
- Protection of Communications Secrets Act
   Login information 3 months

4. Destruction of personal information
In principle, NdotLight destroys the information without delay after the purpose of collection and use of personal information is achieved.
The destruction procedure and method are as follows.

<Destruction procedure>
- As a user of the website, the personal information of the member is continuously retained by the company while receiving the services provided by the company and is used to provide the company's services to the members.
- When a member requests cancelation of plan or loses plan, unique information that can identify an individual member is immediately deleted, leaving only the minimum information for cancelation-related statistical management among personal information, and is destroyed to an irreversible state.
- However, in the case of a member registered as a product customer, the product number and the minimum personal information that matches the product number are left so that problems do not occur in providing customer support services related to product usage.
- In addition, the company destroys the member's personal information without delay when the purpose of collection or provision of personal information has been achieved.
- If the purpose of collection or provision has been achieved, we may retain your personal information only when it is necessary to preserve it according to the provisions of the Commercial Act, etc., and the personal information is managed only for the purpose of storage.

<Destruction method>
- Personal information printed on paper is destroyed with a shredder or through incineration.
- Personal information stored in electronic file format is deleted using a technical method that cannot reproduce the record.

5. Rights of Users & Legal Representatives and Exercising Those Rights
Users can exercise the following rights related to personal information protection at any time with respect to NdotCAD.
- Users can go to ‘My Information > Member Information’ to view or update their personal information.
- Users can withdraw their consent to the collection and use of personal information at any time through ‘Plan withdrawal’.
If the user is under the age of 14, the child’s legal representative has the right to view and update the child’s personal information, and to revoke his/her consent to the collection and use of the child’s personal information.
- If a user requests correction of errors in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the correction can be made.

6. Technical/Administrative Protection Measures for Personal Information
- In handling members' personal information, NdotLight is taking the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged.
- Password encryption
The password set at the time of plan registration is encrypted, stored and managed, so only the person knows it, and it is possible to check and change personal information only by the person who knows the password.
- Members can choose whether to use cookies.
- Countermeasures against hacking
NdotLight is doing its best to prevent the leakage or damage to applicants' personal information by hacking or computer viruses. Data is frequently backed up in preparation for damage to personal information and the latest vaccine program is used to prevent personal information or data of applicants from being leaked or damaged. Through encrypted communication, etc., personal information can be safely transmitted over the network. In addition, an intrusion prevention system is used to control unauthorized access from the outside and we are trying to equip all possible technical devices to secure other systemic security.
- Minimization and training of personal information processing staff
The company's personal information processing staff is limited to the person in charge, and a separate password for this purpose is assigned and updated regularly. In addition, we provide frequent training for the person in charge, emphasizing the importance of protecting the personal information of job applicants.
- Operation of a dedicated organization for personal information protection
Through the in-house personal information protection organization, etc., we check the compliance of the company's personal information processing policy and the compliance of the person in charge. If any problems are found, we are working hard to correct them immediately. However, the company is not responsible for any problems caused by the leakage of personal information such as passwords and resident registration numbers due to the user's negligence or problems on the Internet.

7. Chief Privacy Officer & Responsible Personnel
NdotLight has designated the following persons as the Chief Privacy Officer and Responsible Personnel to remain responsible for responding to user inquiries regarding personal information and resolving any related complaints.
- Chief Privacy Officer
   · Name: Park Jin-young
   · Affiliation: CEO
   · Position: CEO
   · Mail: contact@ndotcad.com
- Responsible Personnel
   · Name: Kim Sung-hwan
   · Affiliation: Product Development Team
   · Position: Leader
   · Mail: contact@ndotcad.com
- If you need to report or consult on other personal information infringement, you can contact the following organizations.
   · Privacy Policy Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
   · Cyber ​​Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
   · National Police Agency Cyber ​​Security Bureau (police.go.kr / 182 without area code)

8. Application of this Privacy Policy
- This privacy policy applies to 'NdotCAD (www.ndotcad.com)', a brand of the company and other related services (including mobile web/app), whereas a separate privacy policy may be applicable to services provided under a different brand name.
- This Privacy Policy will not be applied to personal information collected from websites that are run by other companies through links to NdotLight after such information is provided under the consent of users.

9. Obligation to Notify Prior to Amendment
Users will be notified of any addition, deletion and/or modification in this Privacy Policy through ‘Notices’ at least 7 days prior to the scheduled amendment. However, if an important modification is made to the rights of users, such as the modification to the collected items of personal information and the purposes of their use, the notification will be sent at least 30 days prior to any such modification, and if necessary, the company may obtain users’ consent again.
- Announcement Date: September 18, 2020
- Effective date: September 27, 2020