1. Personal information is defined as information that identifies an individual (including that which can be identified by combining it with other information, when it cannot identify an individual with the relevant information alone) with items that are included in the relevant information about an individual, such as their name and resident registration number. 2. Shinsegae Food Co., LTD (hereinafter referred to as Shinsegae Food) considers the personal information of our customers as important and follows the relevant laws such as the “Act on Information and Communications Network Use Promotion and Information Protection” and the “Personal Informational Protection Law” . Additionally, Shinsegae Food makes efforts to protect the rights and interests of our customers through our privacy policy. 3. Shinsegae Food’s privacy policy provides information regarding the purposes and uses of the personal information provided by the customer and indicates the kinds of measures that are taken to protect the personal information through our privacy policy. 4. Shinsegae Food discloses the privacy policy on the main page of the company website, where the customer can find it with ease. Shinsegae Food has implemented necessary procedures for revising the privacy policy for its sustainable improvement. If the policy is revised, the version number is written so that the customer may recognize the revised item with ease.

1. Shinsegae Food collects at least the below items of personal information to provide the customer with various and convenient services, such as identification, point accumulation and payment services. ① Personal information to be collected [Business Inquiry] (Required) Name, E-mail , Country (Optional) Contact number [VOC and consultations for consignment meal services, product purchase consultation and restaurant brand businesses] (Required) Name and contact information (Optional) E-mail [Supplier consulting] (Required) Name, mobile phone number, phone number, E-mail, ID and password (Optional) Department name and position [Bono Bono reservation] (Required) Name and contact information [Range of personal information to be collected for use of services and for transaction processing] - Service use records, access log, payment records, credit card information and transaction information ② Methods of collecting personal information Personal information is collected when the customer agrees and inputs information into the Shinsegae Food website, as well as by signing written documents such as applications 2. The user may have access to most of the Shinsegae Food website content without a separate membership subscription. Shinsegae Food can collect the personal information of the customer under their agreement; however, there is no limit to the use of the services if the user does not fill in the optional items. 3. Shinsegae Food’s measures against the input of false information The customer must guarantee the accuracy and legitimacy of their personal information. If they input false information by any means, including stealing other people’s information, Shinsegae Food may notify the authorities of such customer’s activities, according to the relevant laws, and have them withdrawn by force. The company shall not collect personal information that concerns a danger of violating the fundamental civil rights of the customer. 4. An individual is fully responsible for problems or losses arising from personal information that they have voluntarily disclosed. Please be aware of the fact that personal information published in an open space is apt to be used without permission, and may lead to unwanted damages for an individual.

Shinsegae Food collects at least the following items of personal information for the purpose of the provision of services. - Various services such as reservations and payments by the customer - Securing an accurate postal address to send giveaways and deliveries - Sending information about Shinsegae Food services and events (via SMS/DM) ※ This needs a separate agreement from the place of operation - Securing easy communication channels for notification/complaints/consulting

11. Shinsegae Food shall not provide the personal information of the customer to third parties without permission. 2. If Shinsegae Food provides and shares the personal information of the customer, we shall separately request an agreement by notifying the customer of this via the website, e-mail, or written documents and applications detailing to whom the information will be provided, what items will be shared, and the purpose of providing the information as well as the retention and use period. 3. The following circumstances allow Shinsegae Food to provide the personal information without the customer’s permission, according to the relevant laws and regulations: A. When the information is needed to balance fees for the provision of services or to deliver goods or process disputes; B. When the information is needed for statistics, academic research or market research, and when the information is provided in a form where it is impossible to recognize an individual; C. When there is a request from an investigative agency, according to the relevant regulations or the methods and procedures defined by laws, for the purpose of an investigation.

1. Shinsegae Food entrusts the following duties related to the handling of personal information to outside suppliers, to ensure better services.

2. Shinsegae Food shall not, in any case, provide more than the agreed part of the personal information of the customer to other companies or organizations, except when approved in advanced by the customer or when required by the relevant laws and regulations. However, if complaints or inquiries from the customer are judged to be related to the suppliers in business with Shinsegae Food, we shall provide the personal information and registered information of the customer to the relevant suppliers to ensure more prompt service.

3. For the safe protection of personal information, Shinsegae Food shall keep a consignment contract in a written or digital form after strictly conforming to the instructions related to the protection of personal information and clearly defining the restricted items of personal information and who is responsible in case of an accident. If the supplier is changed, Shinsegae Food shall post the name of the supplier on the privacy policy page.

1. Shinsegae Food shall dispose of the personal information of the customer without delay, once its purpose for the collection of personal information is achieved. However, we shall keep the information for a certain period when necessary for reasons such as confirming the following management duties related to a transaction, according to the relevant laws and regulations such as the commercial law: A. Records on contracts or the withdrawal of a subscription: 5 years B. Records on payment and the supplying of goods: 5 years C. Records on customer complaints or the processing of disputes: 3 years D. Shinsegae Food shall separately request an agreement after notifying the individuals of the detailed information of an agreement refusal and the disadvantages of this via the company website, or by e-mail, a written document or an application. 2. The methods of disposing of personal information are as follows: A. Personal information in written documents: shredding or incineration B. Personal information in digital file forms: deleted by using technology that prevents the recovery of such records

1. The customer may request to view, revise, or delete their registered personal information at any time. A. Contact the Personal Information Management Officer and your request will be addressed without delay. 2. If the customer has requested the revision of an error in their personal information, the information shall not be used or provided to other parties until the revision is complete. If the wrong information has already been provided to third parties, the third party shall be notified of the revised version without delay. 3. Shinsegae Food shall take care of any personal information withdrawn or deleted, by the request of the customer, as stipulated in the Retention and Use Period of the Collected Personal Information and shall make sure that such information is not viewed or used for other purposes.

Shinsegae Food does not use cookies on its website.

1. Shinsegae Food has appointed a Personal Information Management Officer and a relevant department as below, to protect the personal information of our customers and to take care of any complaints and inquiries related to this information.

2. Please contact the following organizations, should a report or consultation about other invasions of personal information be necessary. - KISA Privacy Center (www.118.or.kr / 118) - National Police Agency, Cyber Bureau (www.netan.go.kr / 02-363-0112) - Supreme Prosecutors’ Office, Cyber Crime Investigation Department (http://icic.sppo.go.kr / 02-3480-3600)

1. Technical measures Shinsegae Food takes the following technical measures to secure the stability of the personal information of our customers, so that there is no loss, theft, leakage, external attack or damage to the information. A. The personal information of the customer is secured using passwords, and important data is protected with a special security function by encrypting or locking the file and the transmission data. B. Shinsegae Food uses anti-virus programs to prevent damage resulting from PC viruses. The anti-virus programs are updated every week, and if there is a sudden appearance of a virus, the relevant program is run to prevent personal information from being attacked. C. Shinsegae Food selects the security solution (SSL or SET) for the safe transmission of personal information, using an encrypted algorithm. D. Shinsegae Food is fully engaged in security matters by using a firewall system and a vulnerability analysis system on each server, to prevent external attacks such as hacking. 2. Management measures Shinsegae Food limits the number of persons with access to the personal information of our customers to a minimum. The people with limited access are as follows: - Individuals engaging in marketing activities - Individuals engaging in managing personal information, such as the Personal Information Management Officer - Individuals who necessarily need to use the personal information for business purposes - Shinsegae Food holds regular company training and outsourced training for employees who deal with personal information to acquire new security technology and methods of protecting personal information. - Shinsegae Food has security oath to prevent the leakage of information, as well as internal procedures to monitor whether employees are conforming to the requirements of the privacy policy. - The transfer of duties related to personal information is held under a strictly secured environment, and the responsibility for accidents regarding personal information after joining and leaving the company is clearly stated. - Personal information and general data are not mixed but are separately stored.

신Shinsegae Food shall not allow the collection of personal information of children under the age of 14 who need a guardian’s approval.

Shinsegae Food shall not transmit advertising information for profit-making purposes without the customer’s permission. Shinsegae Food shall fill in the title and main body of the e-mail as follows when sending advertising information to the customer via e-mail for online marketing, such as the product information guide, so that the customer can easily understand the nature of this material. A. Title of the e-mail: The word (advertisement) is included in the title and the important part in the main body of the e-mail is highlighted. B. Main body of the e-mail: The name, e-mail address, phone number and address of the sender is specified, so that the user can decide whether to accept the e-mail. The information about how the user can reject unwanted e-mails with ease is stated in both Korean and English.

The current privacy policy was revised on July 1, 2015. Should there be information to be added, deleted and revised according to government policies or a change in the security technology, notification of this will be provided via the website at least seven days before the revision.