MIRUSYSTEMS Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with Article 30 of the Personal Information Protection Act of Korea in order to protect the personal information of data subjects and to promptly and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

1. Website Inquiry Reception and Consultation  

The Company processes personal information for the purpose of verifying inquiries, providing product and service consultations, responding to requests for proposals, replying to inquiry results, and conducting follow-up communications.

2. Complaint Handling  

The Company processes personal information for the purpose of verifying the identity of complainants, confirming complaint details, contacting and notifying for fact-finding investigations, and informing the results of complaint processing.

The Company does not use collected personal information for marketing or advertising purposes.

Article 2 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the retention and use period prescribed by applicable laws or within the retention and use period agreed upon by the data subject at the time of collection.

② The retention period for personal information collected through website inquiries is as follows:

1. Website Inquiry Reception and Management: Retained for one (1) year after completion of inquiry processing and then promptly destroyed (for inquiry history management and dispute response purposes).  

However, if an investigation or inquiry related to violations of applicable laws is in progress, the information will be retained until such investigation or inquiry is concluded.

Article 3 (Provision of Personal Information to Third Parties)

① The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information). The Company provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or where specifically required by law. Otherwise, the Company does not provide personal information to third parties.

Article 4 (Outsourcing of Personal Information Processing)

① To ensure smooth website operation and provision of the inquiry system, the Company outsources certain personal information processing tasks as follows:

- Entrusted Party (Processor): I’mweb Co., Ltd.  

- Scope of Entrusted Work: Website hosting and operation of the inquiry form system  

② When entering into an outsourcing contract, the Company specifies in written agreements matters concerning prohibition of processing personal information beyond the entrusted purpose, technical and administrative safeguards, restrictions on re-outsourcing, supervision and management of the processor, and liability including compensation for damages, in accordance with Article 25 of the Personal Information Protection Act. The Company supervises whether the processor safely handles personal information.

③ If the details of outsourced tasks or the entrusted party change, the Company will disclose such changes without delay through this Privacy Policy.

Article 5 (Rights of Data Subjects and Methods of Exercise)

① Data subjects may exercise the following rights related to personal information protection at any time with respect to the Company:  

1. Request access to personal information  

2. Request correction in case of errors  

3. Request deletion  

4. Request suspension of processing  

② The rights under Paragraph 1 may be exercised by submitting a written request, telephone call, or email to the Company, and the Company will take prompt action.

③ If a data subject requests correction or deletion of personal information due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.

Article 6 (Items of Personal Information Processed)

The Company processes the following items of personal information:

1. Website Inquiry Submission  

Required Items: Name, Company Email Address, Phone Number, Country, Organization/Government, Inquiry Details  

Optional Items: Job Title, Inquiry Type  

2. Information Automatically Collected During Service Use  

IP address, cookies, access logs, service usage records, browser information, etc.

Article 7 (Destruction of Personal Information)

① The Company promptly destroys personal information when it becomes unnecessary due to expiration of the retention period or achievement of the processing purpose.

② If personal information must be preserved in accordance with other laws, such information will be transferred to a separate database (DB) or stored in a different location.

③ The procedures and methods for destruction are as follows:  

1. Destruction Procedure  

The Company selects personal information subject to destruction and destroys it upon approval from the Chief Privacy Officer.  

2. Destruction Method  

Personal information stored in electronic file format is permanently deleted using methods that make recovery impossible. Personal information recorded or stored in paper documents is destroyed by shredding or incineration.

Article 8 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

1. Administrative Measures: Establishment of internal management plans and employee training  

2. Technical Measures: Management of access rights to personal information processing systems and installation of security programs  

3. Physical Measures: Access control to data storage rooms, etc.

Article 9 (Installation and Operation of Automatic Data Collection Devices and Refusal Thereof)

① The Company may use cookies for website operation.

② Data subjects may refuse or delete cookies through their web browser settings. However, refusal to store cookies may result in limitations on the use of certain services.

Article 10 (Collection, Use, and Overseas Transfer of Behavioral Information)

① The Company may collect and use behavioral information during service use in order to provide improved services to users.

② The Company uses Google Analytics, a web analytics service provided by Google, to collect behavioral information of website users. The Company uses this service solely for basic website traffic analysis purposes and does not use advertising or remarketing features. Only information that does not directly identify individuals is collected and used.

③ Due to the use of Google Analytics, certain information may be transferred overseas to Google LLC.  

- Recipient: Google LLC  

- Country: United States  

- Items Transferred: IP address (processed in anonymized form), cookie information, access logs, and other website usage data  

- Purpose of Transfer: Website traffic analysis  

- Retention and Use Period: In accordance with Google’s policies  

④ Users may opt out of Google Analytics through the following method:  

https://tools.google.com/dlpage/gaoptout

Article 11 (Chief Privacy Officer)

① The Company designates the following Chief Privacy Officer to oversee personal information processing and handle related inquiries and complaints:

Name: Sungsik Park  

Title: Personal Information Protection Officer (Business Development Department)  

Tel: +82-31-622-3900  

Email: contact@mirusystems.com  

② Data subjects may contact the Chief Privacy Officer regarding inquiries, complaints handling, and remedies related to personal information protection. The Company will respond and process such matters without delay.

Article 12 (Remedies for Infringement of Rights)

Data subjects may contact the following institutions for damage relief or consultation regarding personal information infringement:

1. Personal Information Dispute Mediation Committee: +82-1833-6972 (www.kopico.go.kr)  

2. Personal Information Infringement Report Center: +82-118 (privacy.kisa.or.kr)  

3. Supreme Prosecutors’ Office: +82-1301 (www.spo.go.kr)  

4. National Police Agency: +82-182 (ecrm.police.go.kr)

Article 13 (Enforcement and Amendment of this Privacy Policy)

This Privacy Policy shall take effect on March 1, 2026.