1. Purpose of Collecting Personal Information; Information Collected; Period of Holding and Using the Information

1. The Company processes the personal information of information subjects as follows.

   Names of service	Purpose of information collection, applicable statutes	Type of information	Information collected	Period of holding and using the information
   Casino use	Guest (foreigner) verification / Article 29 of Tourism Promotion Act, Article 5-2 of Specific Financial Information Act	Essential information	Name, guest number, date of birth, gender, passport number, nationality, address, contact information, occupation, owner of information	5 years from the final transaction date
   Q&A	Identification of a guest, service and information provision, processing complaints, guest management (answer to a question by a guest etc.)	Essential information	Name, Email, password	3 years after the inquiry of a guest has been processed

2. The Company retains personal information in accordance with the relevant laws and regulations as follows.

   Applicable statutes	Information retained	Period of holding the information
   Act on Consumer Protection in Electronic Commercial Transactions etc.	Record on contracts, withdrawal of subscription, etc.	5 years
   	Record of payment, supply of goods, etc.	5 years
   	Record of consumer complaints, or dispute resolution	3 years
   	Record on indication and statements	6 months
   Basic Act on National Tax	Books and supporting documents for all transactions as prescribed under the tax law	5 years
   Act on Communication Confidentiality Protection	Internet log	3 months
   Commercial Act	Commercial ledgers and important documents related to business	10 years
   	Sales slips, or similar documents	5 years
   Credit Information Act	Record of collection, processing and use of personal credit information	3 years
   Specific Financial Information Act	Information to verify the identity of a guest	5 years from the last transaction date

2. Processing of Personal Information of Children under 14 Years of Age

1. In principle, we do not process personal information of children under 14 years of age.
2. In exceptional cases, when it is necessary to process the personal information of children under the age of 14, the consent of a legal representative is validly obtained.

3. Provision of Personal Information to a Third Party

1. We process the personal information of an information subject, only within the scope specified in the purpose of processing the personal information. We provide personal information to a third party only as specified in Articles 17 and 18 of the Personal Information Protection Act, including by obtaining the consent of the information subject and complying with the special provisions of the law and otherwise do not personal information of an information subject to a third party.

   Organizations to receive information	Purpose of provision / applicable statutes	Categories	Information provided	Period of information holding and use
   Korea Financial Intelligence Unit	Collection and analysis of anti-money laundering information / Article 5(2) of the Act on Report, Use, etc. of Specific Financial Transaction Information	Essential information	Name of guest, guest number, date of birth, gender, passport information, nationality, address, contact information, occupation, owner of information	5 years
   National Tax Service	Submission of payment statement and foreign exchange transaction details, tax exemption report on domestic source income / Article 164 and Article 156-2 of Income Tax Act	Essential information	Name of guest, nationality, passport information, address	5 years
   Customs Service	Submission of foreign exchange transaction details, regular business report for companies engaged in currency exchange / Article 20 of Foreign Exchange Transactions Act (report, inspection)	Essential information	Name of guest, nationality, passport information	5 years
   Ministry of Culture, Sports and Tourism	Submission of sales and other information / Article 30 of the Enforcement Decree of the Tourism Promotion Act	Essential information	Name of guest, nationality, passport information	5 years
   Bank of Korea	Submission of Chips credit status / Article 18 of Foreign Exchange Transactions Act	Essential information	Name of guest, guest number	5 years

2. In order to provide the service effectively, the Company obtains the consent of the information subject and provides it to a third party as follows, only in the minimum scope necessary.

   Hotels which receive the information	Purpose of information provision	Categories	Information provided	Period of holding and using the information
   Grand Walkerhill Seoul	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Paradise City	To provide accommodation service	Essential information	To provide accommodation service	Information destroyed immediately after the end of the service
   Paradise Hotel Busan	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Maison Glad Jeju	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Hotel Raum	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Jeju Central City Hotel	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Silla Stay Jeju	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Hotel With Jeju	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service
   Jeju Hotel The One	To provide accommodation service	Essential information	Name of guest, nationality, gender, room class, arrival date, departure date, departure flight	Information destroyed immediately after the end of the service

4. Delegation of Personal Information Processing

1. If the Company delegates the processing of personal information to provide services, the Company discloses such delegation so that the information subject can easily make verification at any time. If the Company entrusts the work of promoting, or recommending goods or services, the Company provides additional instructions to the information subject in writing, or by other means.
2. Paradise Casino Co. Ltd. entrusts personal information processing as follows to ensure effective processing of personal information.

   Companies which are entrusted with information	Delegated works
   SK C&C (entrust to : Gifti Biz, Grid System)	ITO operation of Paradise integration system
   ELUO CNC	Development, maintenance and management of casino website
   Kyndryl	Administration, maintenance and management of casino infrastructures
   Gifti Biz	Production, maintenance and management of casino contents
   PricewaterhouseCoopers Consulting	Diagnose, analyze customer data

5. Destruction of Personal Information

1. If it is no longer necessary to hold personal information (the period of holding personal information has passed, the purpose of information processing has been achieved, etc.), the Company promptly destroys the relevant personal information.
2. If personal information must continue to be preserved pursuant to other laws and regulations although the purpose of processing has been achieved, or despite the expiration of the period of the personal information retention consented to by the information subject, the personal information shall be transferred to a separate database, or preserved at a different storage location.
3. The Company will destroy personal information recorded and stored in the form of electronic files so that it cannot be recovered, or reproduced. The Company destroys other records, printed materials, documents, etc. by shredding, or incineration.

6. Rights and Obligations of Information Subjects and Their Legal Guardians, and Method of Exercising the Rights

1. Information subjects can exercise rights to view, correct, delete, or suspend processing of their personal information, request withdrawal of consent, and otherwise exercise their rights at any time.
   
   * For children under the age of 14, their legal guardians shall directly exercise the rights regarding the personal information rights. Information subjects who are minors over the age of 14 may directly exercise their rights regarding the personal information, or through a legal guardian.
2. To exercise your rights, please contact the department in charge of personal information in writing or via email, and we will promptly take measures. The Company may restrict the rights of an information subject if there is a justifiable reason to do so, and the Company will promptly inform the information subject of the reason for such restriction.

7. Measures to Ensure the Security of Personal Information

1. The Company is taking the following measures to ensure the security of personal information.
   • Minimizing the scope of the authority given to persons processing the personal information: For the protection of personal information, the authority given to persons in charge of personal information is minimized.
   • Regular trainings for officers in charge of personal information: We provide regular trainings to alert officers to the importance of personal information protection.
   • Regularly conducting internal inspections: The Company conducts regular self-inspections to ensure the security of personal information processing.
   • Establishment and implementation of an internal management plan: The Company has formulated and administers an internal management plan to securely process and manage personal information.
   • Encryption of personal information: The personal information and password of an information subject are stored and managed after encryption. Even during the transmission, the information is safely managed with use of a separate security function.
   • Technical measures against hacking, etc.: To prevent unauthorized disclosure or loss of personal information due to hacking, computer virus, etc., the Company installs a security program, periodically updates and inspects it, installs the system in an area where access from the outside is controlled, and monitors and blocks system breach technically and physically.
   • Restriction of access to personal information: Necessary measures are taken to control the access authority and the access to the personal information processing system, and unauthorized access from outside is controlled using an intrusion prevention system.
   • Storage of access record and prevention of forgery and falsification: The Company stores and manages the record of access to the personal information processing system and uses security functions to prevent access record from forgery, falsification, theft, or loss.
   • Use of locking devices for document security: Documents, auxiliary storage media, etc. containing personal information are stored in a safe place with a locking device.
   • Access control for unauthorized persons: The Company has a separate physical storage location where personal information is stored and has formulated and administers the access control procedure.

8. Installation, operation and refusal of device of automatic collection of personal information

1. The Company uses cookies to store the information used by guests and retrieves it from time to time to provide individualized services to users.
2. Cookies are a small amount of information which the server which is used to administer the website sends to the user’s computer browser and are sometimes stored on the hard disk of a user’s computer.
   • Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, whether or not the connection is secure, etc.
   • Installation, operation and refusal of cookies: A guest can refuse the storage of cookies in the settings menu of the guest’s web browser. If a guest refuses to store cookies, the guest may have not be able to use customized services.

9. Basis of Determining Whether Additional Use, or Provision of Personal Information May Be Made

1. The Company may use and provide personal information without the consent of the information subject, taking into account the following matters to the extent reasonably related to the initial purpose of the information collection.
   • Whether the purpose of additional use and provision of personal information is related to the initial purpose of information collection.
   • Whether there is a possibility of additional use and provision of personal information based on the practice of information processing, or the circumstances in which the personal information was collected.
   • Whether the additional use and provision of personal information unfairly infringes on the interests of the information subject.
   • Whether necessary measures were taken to ensure security such as use of pseudonym, or encryption.

10. Officers and Departments in Charge of Personal Information Protection

[Paradise Corporation]

- Officer in charge of personal information protection

• * Name : Bon-Ghwa Jeong Managing Director

[Casino Walkerhill]

- Officer in charge of personal information protection

• * Name: Chong-Myung General Manager(Planning Team)
• * Phone: 02-2204-3367
• * Email: jmkang@paradian.com

- Department in charge of personal information protection

• * Department: Planning Team
• * Phone: 02-2204-3367
• * Email: plan@paradian.com

[Casino Busan]

- Officer in charge of personal information protection

• * Name: Managing Director Jeon Jae-yeong (branch manager)
• * Phone: 051-749-3307
• * Email: bs33@paradian.com

- Department in charge of personal information protection

• * Department: Management Team
• * Phone: 051-749-3307
• * Email: bs33@paradian.com

[Casino Jeju Grand]

- Officer in charge of personal information protection

• * Name: Heo Jun Senior Manager(Planning Team)
• * Phone: 064-740-7704
• * Email: hurjun@paradian.com

- Department in charge of personal information protection

• * Department: Planning Team
• * Phone: 064-740-7065
• * Email: sjkang1227@paradian.com

11. Remedy for Infringement of Rights and Interests of Information Subjects

1. To receive a remedy from personal information infringement, an information subject may request the Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center of Korea Internet and Security Agency, etc. for dispute resolution, consultation, etc. For other types of report and consultation regarding personal information infringements, please contact the following organizations:
   • Personal Information Dispute Mediation Committee: (no extension) 1833-6972 (www.kopico.go.kr)
   • Personal Information Infringement Report Center: (no extension) 118 (privacy.kisa.or.kr)
   • Supreme Public Prosecutors’ Office: (no extension) 1301 (www.spo.go.kr)
   • National Police Agency: (no extension) 182 (ecrm.police.go.kr)

12. Amendment of Personal Information Processing Policy

This Personal Information Processing Policy shall enter into force on April 5, 2024.