Robros (hereinafter referred to as the "Company") establishes and discloses the following privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information) The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be implemented.

1. Inquiry Handling
• Identification of the complainant, confirmation of inquiries, contact/notification, and notification of processing results.
2. Service Provision
• Provision of technical and product information, identity verification.
3. Marketing and Advertising
• Notification of new services, provision of event and advertising information, analysis of access frequency, and statistics on service use.

Article 2 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the period of retention and use of personal information in accordance with laws and regulations, or the period agreed upon by the data subject when collecting the personal information.
2. The processing and retention periods for each type of personal information are as follows:
• Personal information related to inquiries: 1 year (Consent from the data subject)
• Service visit records: 1 year (Protection of Communications Secrets Act)

Article 3 (Provision to Third Parties and Outsourcing of Personal Information)

1. The Company does not provide users' personal information to external parties.
2. The Company does not outsource personal information processing to external companies.

Article 4 (Rights, Obligations of Data Subjects and Methods of Exercise)

1. Data subjects may exercise their rights to view, correct, delete, or suspend the processing of their personal information against the Company at any time.
2. The exercise of rights can be done in writing, by email, fax, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
3. Rights may also be exercised through a legal representative or an authorized delegate of the data subject. In this case, a power of attorney must be submitted.
4. Requests for viewing and suspending the processing of personal information may be restricted under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for the correction and deletion of personal information may be restricted if the retention of personal information is specified in other laws and regulations.

Article 5 (Personal Information Items Processed)

• Required items for inquiries: Application Area, Inquiry Type, Name, Contact Number, Email, Company Name, Position, Inquiry Details
• Information automatically generated and collected during internet service use:
• IP address, cookies, visit records, service usage records

Article 6 (Destruction of Personal Information)

1. The Company immediately destroys the relevant information when the personal information retention period has expired or the purpose of processing has been achieved.
2. The procedure and method for destroying personal information are as follows:
• Destruction Procedure: The personal information requiring destruction is selected and destroyed after approval by the Company's Privacy Officer.
• Destruction Method: Electronic files are permanently deleted using technical methods so that they cannot be recovered, and paper documents are destroyed by shredding or incineration.

Article 7 (Measures to Ensure the Safety of Personal Information)

1. Administrative Measures: Restriction of access to personal information, training for employees handling personal information.
2. Technical Measures: Operation of security systems, encryption, access control.
3. Physical Measures: Restriction of document storage locations, use of locks.

Article 8 (Use and Refusal of Cookies)

1. The Company may use cookies to provide customized services.
2. Users can refuse to store cookies through their web browser settings. However, refusing to store cookies may cause difficulties in using some customized services.

Article 9 (Privacy Officer and Contact Information)

1. The Company has designated a Privacy Officer as follows to protect personal information.
• Privacy Officer: Noh Seung-jun, CEO
• Privacy Manager: Choi Nak-jun, Assistant Researcher
• Phone Number: 02-2641-0081
2. Users may direct any inquiries or complaints related to personal information protection to the Privacy Officer, and the Company will respond and process them promptly.

Article 10 (Changes to the Privacy Policy)

1. This Privacy Policy is effective from [May 1, 2026].
2. Contents may be added, deleted, or modified in accordance with changes in laws, policies, or security technologies, and such changes will be announced at least 7 days before implementation.