1. Collection and Use of Personal Information

HelloArt (hereinafter "the Company") collects the following personal information to provide design, digital production, and marketing-related services and to respond to inquiries.

Personal Information We Collect

2. Retention and Use Period of Personal Information

The Company processes personal information within the retention and use period required by applicable law or the period agreed upon when collecting personal information from the data subject.

Retention Period

• Inquiry records: Retained for 1 year after the inquiry is resolved, then destroyed
• Marketing contract-related information: 5 years after contract termination (as required by the Commercial Act)
• Spam-blocking logs: Retained for 3 months, then automatically deleted

Destruction Procedure and Method

When the retention period has expired or the purpose of processing has been achieved, the Company destroys the relevant information without delay.

• Electronic files: Permanently deleted using methods that make recovery impossible
• Paper documents: Shredded or incinerated

3. Provision of Personal Information to Third Parties

In principle, the Company does not provide users' personal information to external parties. However, the following cases are exceptions.

• When the user has given prior consent
• When required by law, or when a law enforcement agency requests information for investigative purposes in accordance with procedures and methods prescribed by law
• When unavoidable for service provision (after prior notice and consent)

4. Outsourcing of Personal Information Processing

To provide services smoothly, the Company outsources the following personal information processing tasks to external providers.

Current Outsourcing Arrangements

When entering into outsourcing agreements, the Company stipulates the necessary measures to ensure that contractors handle personal information securely, in accordance with applicable privacy laws.

5. Rights of Data Subjects and How to Exercise Them

Users may exercise the following rights at any time.

• Request access to personal information
• Request correction of personal information
• Request deletion of personal information
• Request suspension of personal information processing

How to Exercise Your Rights

You may exercise the rights above by contacting us in writing, by phone, by email, or through other means listed below. The Company will take action without undue delay.

• Email: cs@helloart.kr
• Response time: Within 10 days of receiving your request

6. Privacy Officer

The Company is responsible for overseeing personal information processing and has designated a Privacy Officer as follows to handle complaints and provide remedies related to personal information processing.

7. Measures to Ensure Security of Personal Information

The Company takes the following measures to ensure the security of personal information.

• Administrative measures: Establishing and implementing internal management plans, regular employee training
• Technical measures: Access control for personal information systems, operation of intrusion prevention systems, application of encryption technology
• Physical measures: Access control for server rooms, document storage areas, and similar facilities
• reCAPTCHA v3: Blocking spam and malicious access using Google's latest bot detection technology

8. Changes to This Privacy Policy

If this Privacy Policy is added to, deleted from, or revised due to changes in laws, policies, or security technology, we will notify users through a notice on the website at least 7 days before the changes take effect.

• Announcement date: May 25, 2026
• Effective date: May 25, 2026