01. Items of Personal Information Collected

Cuckoo Holdings, Cuckoo Electronics, and Cuckoo Homesys (hereinafter collectively referred to as the "Company") operate websites (hereinafter referred to as "Cuckoo Sites"). The Cuckoo Sites refer to the Cuckoo brand website operated jointly by Cuckoo Holdings, Cuckoo Electronics, and Cuckoo Homesys (http://www.cuckoo.co.kr), the Cuckoo Mall operated by Cuckoo Electronics (http://www.cuckoomall.com), and the Cuckoo Rental website operated by Cuckoo Homesys (http://www.cuckoorental.co.kr). Although these sites have different URLs, they are integrated into a single unified website. When users access any of the individual domains, they are directed to the same integrated site. Upon registering as a member on the Cuckoo Sites, users become integrated members. The Company collects the following personal information to facilitate membership registration, customer consultations, and service applications:

• Collected Items: Name, gender, date of birth, login ID, password, home telephone number, home address, mobile phone number, email, i-PIN, credit card information, bank account information, access logs, cookies, IP address, and payment records.
• Method of Collection: Website (membership registration)

02. Purpose of Collection and Use of Personal Information

The Company uses the collected personal information for the following purposes: Purpose Usage
Service Provision Fulfillment of contracts related to service provision, billing settlement, provision of content, processing purchases and payments, delivery of products or invoices, user authentication for financial transactions and financial services, and debt collection. Member Management Identity verification for membership services, personal identification, prevention of unauthorized or fraudulent use by problematic members, confirmation of membership intent, age verification, handling customer complaints, and delivery of notices. Marketing and Advertising Development and customization of new services (products), delivery of promotional information such as events, provision of services and advertisements based on demographic characteristics, analysis of access frequency, and statistical analysis of service usage.

03. Retention and Use Period of Personal Information

In principle, personal information is promptly destroyed once the purpose of collection and usage has been achieved. However, the following information will be retained for the period specified below due to the reasons listed:

• Retention Items: Name, gender, date of birth, login ID, password, home telephone number, home address, mobile phone number, email, i-PIN, credit card information, bank account information, access logs, cookies, IP address, payment records.
• Legal Basis for Retention: Act on the Consumer Protection in Electronic Commerce, etc.
• Retention Period: 5 years

Furthermore, when required by applicable laws and regulations, the Company retains member information for the specified period as outlined below:

• Retention Items: Name, gender, date of birth, login ID, password, home telephone number, home address, mobile phone number, email, marital status, anniversary dates, i-PIN, credit card information, bank account information, access logs, cookies, IP address, payment records
• Legal Basis for Retention: Act on the Consumer Protection in Electronic Commerce, etc.
• Retention Period: 5 years

04. Procedures and Methods for Destroying Personal Information

1. The Company promptly destroys personal information without delay once it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose. However, if the information falls under the following circumstances, it may be retained and used until the specified period.

Cuckoo Electronics separately stores personal information beyond the retention period stipulated by relevant laws if required by such applicable regulations.

Governing Law Clause Retention Period
Act on the Consumer Protection in Electronic Commerce, etc. Records on contracts or withdrawal of offers 5 years
Records on payment and supply of goods and services
Records on customer complaints or dispute resolution 3 years
Protection of Communications Secrets Act Records on communication confirmation data 3 months
l Procedures and Methods for Destroying Personal Information
Cuckoo Electronics promptly destroys personal information without delay once it becomes unnecessary, such as upon the expiration of the retention period or when the purpose of processing personal information has been achieved. Personal information printed on paper is destroyed by shredding or incineration, while personal information stored in electronic file formats is deleted using technical methods that render the data unrecoverable.

05. Provision of Personal Information

Since users register as integrated members on a single unified site operated jointly by Cuckoo Holdings, Cuckoo Electronics, and Cuckoo Homesys, member information is shared among these companies by default.

• 1. Purpose of Use
  - To provide points and verify user identity
  - To offer various convenient services and benefits to members; verify orders, applications, and payments for products and services; ensure accurate delivery of ordered products and prizes; operate customer service centers; deliver notices and verify customer intentions; handle complaints; and facilitate effective communication for accident investigations.
  - For marketing activities, including product and service introductions provided by the Company, affiliates, and points partners; newsletter provision; promotional event information (SMS, Email, DM, TM); joint promotions; analysis of customer information for marketing purposes; and service development.
• 2. Information Provided
  - Name, gender, date of birth, login ID, password, home telephone number, home address, mobile phone number, email, i-PIN, credit card information, bank account information, access logs, cookies, IP address, payment records
• 3. Retention and Usage Period
  - Unless required to retain your personal information according to relevant laws, the information will be retained for a period of 30 days after membership cancellation (this grace period is provided to handle member requests and temporarily defer the expiration of points).
• 4. Refusal to Consent and Consequences
  - Customers have the right to refuse the sharing of member information among companies by opting not to register as integrated members on the Cuckoo Sites.

06. Consignment of Collected Personal Information

The Company outsources the processing of personal information to specialized external companies as listed below to facilitate service fulfillment.

• Consignees
  - Cuckoo Electronics: Lotte Parcel Service, Kyungdong Parcel Service, NICEPAY Co., Ltd., Toss Payments Co., Ltd., B&Partner Co., Ltd., SJCO Inc.
  - Cuckoo Homesys: Lotte Parcel Service, Kyungdong Parcel Service, NICEPAY Co., Ltd., Toss Payments Co., Ltd., B&Partner Co., Ltd.
• Description of Consigned Duties
  - Delivery of purchased products, processing of payment-related tasks, notification of events and delivery of prizes, customer consultation services

Company Consigned Company Consigned Duties
Cuckoo Electronics Lotte Parcel Service, Kyungdong Parcel Service Delivery of purchased products
NICEPAY Co., Ltd., Toss Payments Co., Ltd. Payment processing services
SJCO Inc.
Event notification and prize delivery
B&Partner Co., Ltd. Event notification, prize delivery, and customer support
Cuckoo Homesys Lotte Parcel Service, Kyungdong Parcel Service Delivery of purchased products
NICEPAY Co., Ltd., Toss Payments Co., Ltd. Payment processing services
SJCO Inc.
Event notification and prize delivery
B&Partner Co., Ltd. Event notification, prize delivery, and customer support
* The list of consigned companies above is subject to change or expansion based on the Company’s operational requirements.

07. Rights of Users and Legal Representatives and How to Exercise Them

Users may view or edit their registered personal information at any time, and may also request to withdraw their membership.
To view or modify personal information, users can click on “Edit Personal Information” (or “Modify Member Information”) and to withdraw consent (cancel membership), click on “Withdraw Membership.” After completing identity verification, users can directly access, correct, or delete their information. Alternatively, users may contact the Personal Information Protection Officer in writing, by phone, or via email, and we will promptly take appropriate action. If a user requests the correction of an error in their personal information, the relevant information will not be used or provided until the correction is completed. In cases where inaccurate personal information has already been provided to a third party, the Company will promptly notify the third party of the correction request so that the correction may be applied. Personal information that has been deleted or withdrawn at the user’s request will be handled in accordance with the “Retention and Use Period of Personal Information” section and will not be accessed or used for any other purposes.

08 Matters Concerning the Installation, Operation, and Rejection of Automatic Data Collection Devices

The Company uses cookies and other similar technologies to store and retrieve your information as needed. A cookie is a small text file sent by the server operating the Cuckoo brand site (http://www.cuckoo.co.kr) by Cuckoo Holdings, Cuckoo Electronics’ Cuckoo Mall (http://www.cuckoomall.com), or Cuckoo Homesys’ Cuckoo Rental site (http://www.cuckoorental.co.kr) to the user's browser, and is stored on the user’s computer hard drive.

▶ Purpose of Using Cookies

• To analyze the frequency of visits and visit times of members and non-members, track user preferences and areas of interest, monitor participation in various events, measure the number of visits, and use the data for targeted marketing and personalized services.
• Users have the option to accept or refuse the installation of cookies. By adjusting settings in the web browser, users can allow all cookies, choose to be notified whenever a cookie is stored, or refuse all cookies.

▶ How to Refuse Cookie Settings

[Blocking/Allowing Advertising Identifiers on Mobile Devices]

• (1) Android: ① Settings → ② Privacy → ③ Ads → ④ Reset Advertising ID or Delete Advertising ID
• (2) iPhone: ① Settings → ② Privacy → ③ Tracking → ④ Turn off “Allow Apps to Request to Track”
• ※ Menu options and methods may vary slightly depending on your mobile OS version

[Blocking/Allowing Personalized Ads via Web Browser]

• (1) Microsoft Edge
  Click the "…" button at the top right corner of Edge, then go to Settings.
  In the left menu, click Privacy, Search, and Services, and under the Tracking Prevention section, choose your tracking prevention level.
  Optionally, enable “Always use Strict tracking prevention when browsing InPrivate.”.
  Under the Privacy section, you may also enable “Send Do Not Track requests.”
  
• (2) Chrome Browser
  Click the menu (⋮) at the top right corner, then select Settings.
  Scroll down and click Advanced, then go to the Privacy section and click Content Settings.
  Under the Cookies section, check “Block third-party cookies and site data.”
  
• ※ Menu names and methods may differ slightly depending on your mobile OS or browser version.

▶ Location Information Collection and Use (IoT App)

The Company may collect and use users' location information through the IoT app as follows:

• (1) Types of Location Information Collected
  - Device location information obtained via GPS, Wi-Fi, Bluetooth, and cellular network data
  - Indoor/outdoor location or designated location information associated with IoT devices (e.g., smart home devices)
• (2) Methods of Location Information Collection
  - Location information is collected only when the user grants permission for location services on the mobile device where the IoT app is installed.
  - Users can allow or deny location information access through their mobile operating system settings (e.g., Android/iOS).
• (3) Purpose of Using Location Information
  - Automation and location-based control of IoT devices (e.g., automatic device operation based on user location)
  - Provision of location-based alerts and security features
  - Delivery of personalized services based on location, such as device registration or verifying the service area
• (4) Retention and Use Period
  - Location information is temporarily collected to provide real-time services and is deleted immediately after the service purpose is achieved.
  - For continuous service provision, location data may be stored for a certain period with user consent and will be promptly deleted after the retention period ends.
• (5) Provision to Third Parties
  - The Company does not provide location information to third parties without the user's prior consent.
  - If third-party provision is necessary, the purpose, data provided, and retention/use period will be disclosed separately, and consent will be obtained.
• (6) User Rights and How to Exercise Them
  - Users may withdraw their consent to the collection and use of location information at any time and may request to view, correct, or delete their location data.
  - Withdrawal of consent may limit the use of certain location-based IoT services.

09. Measures to Ensure the Security of Personal Information

The Company takes technical, administrative, and physical safeguards to protect users' personal information from theft, leakage, alteration, or damage during processing.

• Technical Safeguards: Real-time monitoring and blocking of hacking attempts and data breaches, access control enforcement, retention and integrity protection of access logs, encrypted storage of passwords and personal information, and encryption during data transmission.
• Administrative Safeguards: Operation of a dedicated personal information protection team, regular training for personnel handling personal data, employee awareness programs, and periodic compliance audits.
• Physical Safeguards: Installation and operation of systems in access-controlled areas, and establishment and implementation of secure access control procedures.

10. Personal Information Inquiry and Complaint Services

The Company designates the following departments and a Personal Information Protection Officer to protect customers’ personal information and to handle complaints related to personal information.

▶ Cuckoo Electronics

• Customer Service Department: Online Distribution Team
• Phone: 1588-8899
• Email: cuckoomall@cuckoo.co.kr

▶ Cuckoo Homesys

• Customer Service Department: Online Distribution Team
• Phone: 1577-0010
• Email: rentalcuckoo@cuckoo.co.kr

[Personal Information Protection Officer]

• Name : Youngmin Na (Executive Director)
• Title : Chief Privacy Officer (CPO)
• Contact : 1588-8899, naym@cuckoo.co.kr

You may report any complaints or inquiries related to the protection of personal information that arise while using the Company’s services to the Personal Information Protection Officer or the relevant department. The Company will respond promptly and sufficiently to users’ inquiries and reports.

11. Provision of Personal Information to Third Parties

In principle, the Company processes personal information within the scope explicitly stated in Article 2 (Purpose of Collection and Use of Personal Information), and does not use the information beyond this scope or provide it to third parties without the prior consent of the data subject. However, exceptions may apply in the following cases as provided by law:

• When required by other laws and regulations
• When requested by investigative agencies according to procedures and methods stipulated by law
• When necessary for billing and settlement of paid services
• When the information is processed into a format that does not allow individual identification for statistical purposes, academic research, or market analysis
• When minimum necessary information is provided with the consent of the data subject for the purpose of delivering services smoothly

Recipient Purpose of Use by Recipient Items Provided Retention and Use Period by Recipient
DB Insurance Co., Ltd. Provision and guidance of affiliate products (insurance, goods, financial products, etc.) Name, date of birth, phone number, gender, payment information Until service termination (or for the period stipulated by relevant laws)
InfoYou Financial Services Co.
Daemyung Stationery Co., Ltd.
Boboram Soft Inc.
Hyundai Marine & Fire Insurance
Taeyang Life Co., Ltd.
Smart Sam Co., Ltd.
Bluecare Co., Ltd.
Divine Internet Co., Ltd. BNPL service (e.g. Lotte Card installment service) Name, date of birth, phone number, delivery address, gender, foreigner status, payment information
Criteo Korea Behavioral analytics and targeted advertising Hashed email address, cookie, ADID, IDFA, and browsing/search history on the website Until the purpose of personal information usage is fulfilled (or for the period stipulated by relevant laws)
Google
RTB House
Meta
Naver Corp.
Kakao Corp.
Appsflyer Ltd.
TikTok
DoYouAD
* You have the right to refuse consent. In such a case, membership registration will still be possible; however, affiliate product and service offerings may not be available.