Hankook Tire & Technology Co., Ltd. (hereinafter referred to as the "Company") places the utmost importance on the protection of users' personal information. This Privacy and Location Information Policy complies with relevant laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., the Personal Information Protection Act, and the Act on the Protection and Use of Location Information. Should the Company revise this Privacy and Location Information Policy, it shall provide notice in accordance with the methods prescribed by applicable laws and regulations.

• Chapter 1: Scope of Personal Information Collection

  • The Company collects only the personal information of users as specified in the "Purpose of Collection and Use of Personal Information" section of this Privacy and Location Information Policy, which constitutes the minimum information necessary for service provision through fair and lawful means. Furthermore, the Company shall not deny users access to basic services on the grounds that they have not provided information designated as optional.

  • The Company does not, in principle, collect sensitive personal information that may significantly infringe upon users' fundamental human rights (information concerning ideology, beliefs, membership or withdrawal from labor unions or political parties, political views, health, sexual life, place of origin and domicile of origin, criminal records, etc.). However, exceptions may be made when the collection of such personal information is explicitly mandated by law or directly related to service provision and the user has provided consent.

• Chapter 2: Purpose of Collection and Use of Personal Information

  • In order to provide high-quality services, the Company processes minimal personal information of users, and the collected personal information is utilized for the following purposes:

    Collection Channel	Category	Collection Purpose	Type	Items Collected	Retention Period
    HK ID Management System	Internal Account	To enable access to calendar and various other information provided by this system through employee number, name, department name, and email (company) information of employees who have joined the Company	Mandatory	Employee number, name, department name, email (company)	Until withdrawal of consent due to resignation

    Users may refuse automatic collection; however, refusal of collection may result in difficulties in the Company's provision of services.

• Chapter 3: Processing and Retention Period of Personal Information

  • The Company processes personal information within the retention and use period prescribed by law or the retention and use period consented to by the data subject at the time of collection, and destroys such information without delay once the purpose of use has been achieved.

    Consignee	Content of Consigned Work
    Hankook Networks Co., Ltd.	Data storage and backup, system operation server provision, system operation and maintenance/repair

    When entering into consignment contracts, the Company clearly stipulates matters such as strict compliance with instructions related to personal information protection, prohibition of matters concerning personal information, and assumption of liability in the event of incidents, and maintains such contract contents in written and electronic form. The Company supervises whether the consignee processes personal information securely. Should such entities change, the Company shall announce the names of the changed entities on the Privacy and Location Information Policy screen.

• Chapter 4: Procedures and Methods for Destruction of Personal Information

  • The Company shall, in principle, destroy personal information without delay once the retention period has expired or the purpose of processing has been achieved.

  • In the case of electronic files, the Company shall completely delete them using technical methods to ensure they cannot be recovered or reproduced. In the case of other records, printed materials, written documents, etc., the Company shall destroy them by shredding or incineration.

• Chapter 5: Technical and Managerial Measures for Personal Information Protection

  • Technical Measures

    The Company securely protects users' personal information through security functions in accordance with relevant laws and regulations and internal policies. The Company takes measures to prevent damage caused by computer viruses through the use of anti-virus programs. Anti-virus programs are updated regularly, and in the event of sudden emergence of viruses, vaccines are applied immediately upon availability to prevent infringement of personal information. The Company encrypts and stores users' passwords, and employs security devices capable of safely transmitting personal information over networks. The Company utilizes devices that block intrusions from outside to prevent leakage of users' personal information due to hacking, etc., and monitors for intrusions 24 hours a day, 365 days a year.

  • Managerial Measures

    The Company strictly limits employees handling personal information to those who perform personal information management duties and those for whom handling of personal information is unavoidable in the course of business, and emphasizes compliance with the Privacy and Location Information Policy through regular training of relevant employees.

• Chapter 6: Rights and Obligations of Users and Methods of Exercise Thereof

  • Users may request access to, correction, deletion, and suspension of processing of their personal information.

  • Such requests may be made through the personal information management menu of the internal portal or through the department responsible for personal information protection.

• Chapter 7: Processing of Personal Location Information

  The Company securely manages users' personal location information in accordance with the Act on the Protection and Use of Location Information.

  • Purpose of Processing and Retention Period of Personal Location Information

    Collection Purpose	Items Collected	Retention Period
    To be specified	Location information	Until withdrawal of consent due to resignation

  • Legal Basis and Retention Period of Records Confirming Collection, Use, and Provision of Personal Location Information

    In accordance with Article 16, Paragraph 2 of the Act on the Protection and Use of Location Information, the Company automatically records and preserves records confirming the use and provision of location information, and retains such records for a minimum period of six months.

  • Procedures and Methods for Destruction of Personal Location Information

    Upon achieving the purpose of use or provision of personal location information, the Company shall securely destroy personal location information, excluding records confirming the use and provision of location information, in an irreversible manner. However, if retention is required under other laws or the member has separately consented to the retention of personal location information, such information may be retained for a maximum period of one year from the time of the member's consent.

  • Matters Concerning Provision of Personal Location Information to Third Parties and Notification Thereof

    The Company shall not provide personal location information to third parties without the prior consent of users. However, personal location information may be provided in cases where the user has directly consented or where an obligation to submit to the Company has arisen under relevant laws and regulations, in which case the Company shall immediately notify the personal location information subject of the recipient, date and time of provision, and purpose of provision on each occasion.

• Chapter 8: Person Responsible for Personal and Location Information Management and Consultation/Reporting

  • To protect users' personal and location information and handle complaints related to personal and location information, the Company has appointed a person responsible for personal and location information protection.

    Should you have any inquiries regarding your personal and location information, please contact the person responsible for personal and location information protection or the person in charge of personal and location information protection below.

    [Person Responsible for Personal and Location Information Protection]

    Department: Information Security Division

    Person in Charge: Ko Myung-soo

    Email: privacy@hankookn.com

    [Department in Charge of Personal and Location Information Protection]

    Department: Information Security Planning Team

    Email: privacy@hankookn.com

    [Person in Charge of Personal and Location Information Protection]

    Department: Hankook Networks Digital SI Team

    Persons in Charge of Personal Information Protection: Kim Chul-soo, Kim Da-seul

    Email: kimcharles@hankookn.com, daseul727@hankookn.com

  • For reporting or consultation regarding other personal information infringements, you may contact the following organizations:

    • Personal Information Infringement Report Center (https://privacy.kisa.or.kr, dial 118)

    • Supreme Prosecutors' Office Cyber Investigation Department (https://www.spo.go.kr, dial 1301)

    • National Police Agency Cyber Safety Bureau (https://cyberbureau.police.go.kr, dial 182)

    • Personal Information Dispute Mediation Committee (http://kopico.go.kr, 1833-6972)

• Chapter 9: Amendments to Privacy and Location Information Policy

  • This Privacy and Location Information Policy shall be effective as of January 1, 2026.

Hankook Tire & Technology Co., Ltd. (hereinafter referred to as the "Company") places the utmost importance on the protection of users' personal information. This Privacy Policy complies with relevant laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act. Should the Company revise this Privacy Policy, it shall provide notice in accordance with the methods prescribed by applicable laws and regulations.

• Chapter 1: Scope of Personal Information Collection

  • The Company collects only the personal information of users as specified in the "Purpose of Collection and Use of Personal Information" section of this Privacy Policy, which constitutes the minimum information necessary for service provision through fair and lawful means. Furthermore, the Company shall not deny users access to basic services on the grounds that they have not provided information designated as optional.

  • The Company does not, in principle, collect sensitive personal information that may significantly infringe upon users' fundamental human rights (information concerning ideology, beliefs, membership or withdrawal from labor unions or political parties, political views, health, sexual life, place of origin and domicile of origin, criminal records, etc.). However, exceptions may be made when the collection of such personal information is explicitly mandated by law or directly related to service provision and the user has provided consent.

• Chapter 2: Purpose of Collection and Use of Personal Information

  • In order to provide high-quality services, the Company processes minimal personal information of users, and the collected personal information is utilized for the following purposes:

    Collection Channel	Category	Collection Purpose	Type	Items Collected	Retention Period
    HK ID Management System	Internal Account	To enable access to calendar and various other information provided by this system through employee number, name, department name, and email (company) information of employees who have joined the Company	Mandatory	Employee number, name, department name, email (company)	Until withdrawal of consent due to resignation

    Users may refuse automatic collection; however, refusal of collection may result in difficulties in the Company's provision of services.

• Chapter 3: Processing and Retention Period of Personal Information

  • The Company processes personal information within the retention and use period prescribed by law or the retention and use period consented to by the data subject at the time of collection, and destroys such information without delay once the purpose of use has been achieved.

    Consignee	Content of Consigned Work
    Hankook Networks Co., Ltd.	Data storage and backup, system operation server provision, system operation and maintenance/repair

    When entering into consignment contracts, the Company clearly stipulates matters such as strict compliance with instructions related to personal information protection, prohibition of matters concerning personal information, and assumption of liability in the event of incidents, and maintains such contract contents in written and electronic form. The Company supervises whether the consignee processes personal information securely. Should such entities change, the Company shall announce the names of the changed entities on the Privacy Policy screen.

• Chapter 4: Procedures and Methods for Destruction of Personal Information

  • The Company shall, in principle, destroy personal information without delay once the retention period has expired or the purpose of processing has been achieved.

  • In the case of electronic files, the Company shall completely delete them using technical methods to ensure they cannot be recovered or reproduced. In the case of other records, printed materials, written documents, etc., the Company shall destroy them by shredding or incineration.

• Chapter 5: Technical and Managerial Measures for Personal Information Protection

  • Technical Measures

    The Company securely protects users' personal information through security functions in accordance with relevant laws and regulations and internal policies. The Company takes measures to prevent damage caused by computer viruses through the use of anti-virus programs. Anti-virus programs are updated regularly, and in the event of sudden emergence of viruses, vaccines are applied immediately upon availability to prevent infringement of personal information. The Company encrypts and stores users' passwords, and employs security devices capable of safely transmitting personal information over networks. The Company utilizes devices that block intrusions from outside to prevent leakage of users' personal information due to hacking, etc., and monitors for intrusions 24 hours a day, 365 days a year.

  • Managerial Measures

    The Company strictly limits employees handling personal information to those who perform personal information management duties and those for whom handling of personal information is unavoidable in the course of business, and emphasizes compliance with the Privacy Policy through regular training of relevant employees.

• Chapter 6: Rights and Obligations of Users and Methods of Exercise Thereof

  • Users may request access to, correction, deletion, and suspension of processing of their personal information.

  • Such requests may be made through the personal information management menu of the internal portal or through the department responsible for personal information protection.

• Chapter 7: Person Responsible for Personal Information Management and Consultation/Reporting

  • To protect users' personal information and handle complaints related to personal information, the Company has appointed a person responsible for personal information protection.

    Should you have any inquiries regarding your personal information, please contact the person responsible for personal (location) information protection or the person in charge of personal information protection below.

    [Person Responsible for Personal Information Protection]

    Department: Information Security Division

    Person in Charge: Ko Myung-soo

    Email: privacy@hankookn.com

    [Department in Charge of Personal Information Protection]

    Department: Information Security Planning Team

    Email: privacy@hankookn.com

    [Person in Charge of Personal (Location) Information Protection]

    Department: Hankook Networks Digital SI Team

    Persons in Charge of Personal Information Protection: Kim Chul-soo, Kim Da-seul

    Email: kimcharles@hankookn.com, daseul727@hankookn.com

  • For reporting or consultation regarding other personal information infringements, you may contact the following organizations:

    • Personal Information Infringement Report Center (https://privacy.kisa.or.kr, dial 118)

    • Supreme Prosecutors' Office Cyber Investigation Department (https://www.spo.go.kr, dial 1301)

    • National Police Agency Cyber Safety Bureau (https://cyberbureau.police.go.kr, dial 182)

    • Personal Information Dispute Mediation Committee (http://kopico.go.kr, 1833-6972)

• Chapter 8: Amendments to Privacy Policy

  • This Privacy Policy shall be effective as of January 1, 2026.