We collect the following personal data:

<Personal data collected from the BioStar 2 Cloud service>

Article 2. How do we collect and use your data?

We collect and use your personal data for the purpose set out below. We solely use the collected personal data for the following purpose only. In the event of any change to such purpose, we will take the necessary measures required by laws, including obtaining your prior consent.

Article 3. How long are we going to keep your data?

Unless required by applicable laws, we promptly destroy personal data after achieving the purposes for which it was collected.

We will retain personal data collected upon your consent for an agreed period.

Email address retention and usage period : Data requested to be deleted by a user or data that has not been used for more than one year shall be destroyed within one month.

If you wish to withdraw your consent, please contact our data protection division (privacy@suprema.co.kr) or the customer service team (biostar2@suprema.co.kr).

In the event that applicable laws require the personal data to be retained, we may keep your information for a certain period of time as stipulated in applicable laws as follows:

Article 5. Entrustment and international transfer of your personal data

We manage and supervise the entrusted entities to ensure that the entrusted entities process personal data solely for the entrusted tasks, take technical and administrative security measures, and comply with applicable laws relating to personal data.

In the event that details of entrusted tasks or entrusted entities change, we will promptly disclose such information under this Privacy Policy.

Article 6. What are your data protection rights, and how to enforce them?

① You can at any time exercise the following rights pertaining to the protection of personal data:

1. Your right to request access to personal data
2. Your right to request correction of errors
3. Your right to request deletion of personal data
4. Your right to request suspension of processing personal data
5. Your right to oppose our processing of personal data
6. The right to data portability

② The rights set forth above may be exercised in writing or by telephone, e-mail or fax, etc., and we will take action immediately upon identity verification.

③ In principle, we do not collect personal data of users under the age of 16. We will delete personal data of Users once it is notified that the User is under 16. However, the applicable law may provide otherwise depending on which country you live in, in which case our policy may change accordingly.

Article 7. About cookies, types of cookies we use, and how to refuse them

① We use cookies to store and retrieve your data from time to time to provide relevant and useful services to you. Cookies are small text files that the servers running our website send to your computers and are stored on your computer hard disks. You can choose whether or not to accept cookies, provided, however, that we shall not be held accountable for any issues or limitations in using services caused by disabling cookies.

② How to reject cookies

- You can either accept all cookies, confirm each time, or reject all cookies from your web browser settings.

- How to enable/disable cookies (for Internet Explorer)

1. 1. Select [Internet Options] from the [Tools] menu
2. 2. Click on [Privacy]
3. 3. Click on [Advanced]
4. 4. Select to enable/disable

Article 8. How do we destroy your personal data?

Once the purposes for which personal data is being processed are achieved, we promptly destroy said personal data by default. Procedure and method of destruction are as follows:

①Procedure

Once the purposes have been achieved, the personal data you entered will be either destroyed immediately or after being stored for a certain period of time in a separate database (separate documents if the information is on paper) as required by internal policies or applicable laws. Personal data transferred to the database will not be used for any other purpose unless required by law.

② Method of destroying personal data

The information in the form of electronic files will be deleted using technical methods that prevent records from being recovered. Personal data printed on paper will be either shredded or incinerated.

Article 9. How do we protect your personal data?

We take technical, administrative, and physical measures necessary for ensuring security as follows:

① Administrative measures

We establish and implement an internal management plan, and train personnel regarding the protection of personal data

② Technical measures

We manage rights to access to personal data processing systems, install and operate access control systems, encrypt security programs, and other necessary measures.

③ Physical measures

We control access to computer rooms.

Article 10. How to contact our Data Protection Officer?

In order to protect your personal data and respond to complaints regarding personal data, we have appointed a Data Protection Officer and the relevant division as follows:

* Data Protection Officer

Name: Park Chang-sun

Contact information : 031-710-2450/cspark@suprema.co.kr

Title: Head of Division

Contact information : 031-710-2450/cspark@suprema.co.kr

* Data Protection Division

Division: Information security sector

Contact information: privacy@suprema.co.kr

* Customer Service Team

Division: BSS

Contact information:: biostar2@suprema.co.kr

If you need to report or consult on any other infringement of your personal data, please contact the authorities using the details below.
* Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 (no area code))
* Cybercrime Investigation Division of the Supreme Prosecutor's Office (www.spo.go.kr/ 1301 (no area code))
* Cyber Investigation Bureau of the National Police Agency (police.go.kr / 182 (no area code))

* Personal Information Dispute Mediation Committee (www.kopico.go.kr/ 1833-6972)

Article 11. Updates or changes to our Privacy Policy and duty of notification

A pop-up on our website will notify any changes for at least 7 days before the revised Privacy Policy becomes effective.

Any significant changes to your rights, including changes to collection and use of personal data and provision of personal data to third parties, will be notified at least 30 days in advance.

1) Announcement date: 2021December 14, 2021

2) Effective date: 2021December 22, 2021