This Privacy Policy (the "Policy") explains the way of treatment of the information which is

provided or collected in the websites on which this Policy is posted. In addition the Policy also

explains the information which is provided or collected in the course of using the applications of

the Company which exist in the websites or platforms of other company.

Through this Policy, the Company regards personal information of the users as important and

inform them of the purpose and method of Company's using the personal information provided

by the users and the measures taken by the Company for protection of those personal

information.

This Policy will be effective on the 12th day of March, 2023 and, in case of modification thereof,

the Company will make public notice of it through posting it on the bulletin board of Company's

application or individual notice through sending mails, fax or e-mails).

1. Information to be collected and method of collection

(1) Personal information items to be collected

Personal information items to be collected by the Company are as follows:

• Information provided by the users

The Company may collect the information directly provided by the users.

[Option to select 'personal information items' in Appendix <1-1> of Personal Privacy Policy]

If you do not agree to use marketing information, the collected personal information when

signing up for membership will not be used exclusively for advertising information.

• Information collected while the users use services

Besides of information directly provided by the users, the Company may collect information in the

course that the users use the service provided by the Company.

[Option to select 'personal information items' in Appendix <1-2> of Personal Privacy Policy]

(2) Method of collection

The Company collects the information of users in a way of the followings:

[Option to select 'method of collection' in Appendix <2>of Personal Privacy Policy]

2. Use of collected information

The Company uses the collected information of users for the following purposes:

[Option to select 'use of collected information' in Appendix <3>of Personal Privacy Policy]

The Company agrees that it will obtain consent from the users, if the Company desires to use the

information other than those expressly stated in this Policy.

3. Sharing collected information

Except for the following cases, the Company will not share personal information with a 3rd party:

• when the Company shares the information with its affiliates, partners and service providers;

[Option to select 'sharing of collected information' in Appendix <4-1>of Personal Privacy Policy]

• when the users consent the sharing in advance;

[Option to select 'sharing of collected information' in Appendix <4-2>of Personal Privacy Policy]

• when the sharing is required by the laws

- if required to be disclosed by the laws and regulations; or

- if required to be disclosed by the investigative agencies for detecting crimes in

accordance with the procedure and method as prescribed in the laws and regulations

4. Cookies, Beacons and Similar Technologies

The Company may collect collective and impersonal information through 'cookies' or 'web beacons'.

Cookies are very small text files to be sent to the browser of the users by the server used for

operation of the websites of the Company and will be stored in hard-disks of the users' computer.

Web beacon is a small quantity of code which exists on the websites and e-mails. By using web

beacons, we may know whether a user has interacted with certain webs or the contents of email.

These functions are used for evaluating, improving services and setting-up users' experiences so

that much improved services can be provided by the Company to the users.

The items of cookies to be collected by the Company and the purpose of such collection are as

follows:

It is used to provide optimized information to users by identifying the type of visit and use of

each service and website visited by the user, popular search terms, security access, etc.

The users have an option for cookie installation. So, they may either allow all cookies by setting

option in web browser, make each cookie checked whenever it is saved, or refuses all cookies to

be saved: Provided that, if the user rejects the installation of cookies, it may be difficult for that

user to use the parts of services provided by the Company.

5. Users' right to access and option

The users or their legal representatives, as main agents of the information, may exercise the

following options regarding the collection, use and sharing of personal information by the Company:

• exercise right to access to personal information;

• make corrections or deletion;

• make temporary suspension of treatment of personal information; or

• request the withdrawal of their consent provided before

If, in order to exercise the above options, you, as an user, use the menu of 'amendment of member

information of webpage or contact the Company by using representative telephone or sending a

document or e-mails, or using telephone to the responsible department (or person in charge of

management of personal information), the Company will take measures without delay: Provided

that the Company may reject the request of you only to the extent that there exists either proper

cause as prescribed in the laws or equivalent cause.

6. Security

The Company regards the security of personal information of uses as very important. The company

constructs the following security measures to protect the users' personal information from any

unauthorized access, release, use or modification

[Option to select 'security measures' in Appendix <5>of Personal Privacy Policy]

7. Protection of personal information of children

In principle, the Company does not collect any information from the children under 13 or equivalent

minimum age as prescribed in the laws in relevant jurisdiction. The website, products and services

of the Company are the ones to be provided to ordinary people, in principle. The website or

application of the Company has function to do age limit so that children cannot use it and the

Company does not intentionally collect any personal information from children through that

function.

8. Modification of Privacy Protection Policy

The Company has the right to amend or modify this Policy from time to time and, in such case, the

Company will make a public notice of it through bulletin board of its application (or through

individual notice such as written document, fax or e-mail) and obtain consent from the users if

required by relevant laws.

9. Others

[Option to select 'data transmission' in Appendix <6> of Personal Privacy Policy]

[Option to select 'sites and service of 3rd party' in Appendix <7> of Personal Privacy Policy]

[Option to select 'guidelines for residents in California' in Appendix <8> of Personal Privacy

Policy]

[Option to select 'guidelines for residents in Korea' in Appendix <9> of Personal Privacy Policy]

10. Responsible department of Company

The Company designates the following department and person in charge of personal

information in order to protect personal information of customers and deal with complaints

from customers:

▶ Manager responsible for protecting personal information

• Name: Kyungdong Kim

• Position: representative

• Contact: kd.kim@allink.io

▶ Personal Information Protection department

• Name: Mihye chu

• Dept: Management, Planning

• Contact: mh.chu@allink.io

The latest update date: March, 2023

Appendix of Privacy Policy

<1-1> Items of personal information

Title of service

Items to be collected

Donut Wallet

∘ Required Information: Name, telephone number

∘ Optional items1: App push reception consent, location

information collection consent consent

∘ Optional items2: Information generated/collected in the course of

service use or business processing: Service usage records, access

logs, cookies, access IP information, payment records, suspension

records, terminal manufacturer, model name, OS version

information, push reception records, and purchase records.

∘ Optional items3: Mobile phone number if you agree to use

marketing information

<1-2> Items of personal information

Lists

Items to be collected

Equipment

information

∘ Equipment identifier, operation system, hardware version,

equipment set-up and telephone number

Log information

∘ Log data, use time, search word input by users, internet protocol

address and cookie

<2> Method of collection

• Donut Wallet application

<3> Use of collected information

• Member management and identification

• To detect and deter unauthorized or fraudulent use of or abuse of the Service

• Performance of contract and service fee settlement regarding provision of services demanded by

the users

• Improvement of existing services and development of new services

• Making notice of function of company sites or applications or matters on policy change

• With your permission, allow other users to connect with you

• To make statistics on member’s service usage, to provide services and place advertisements based

on statistical characteristics

• To provide information on promotional events as well as opportunity to participate

• To comply with applicable laws or legal obligation

• Use of information with prior consent of the users (for example, utilization of marketing

advertisement)

<4-1> Sharing of collected information

∘ When the Company's affiliates, partners and service providers carry out services such as bill

payment, execution of orders, products delivery and dispute resolution (including disputes on

payment and delivery) for and on behalf of the Company

<4-2> Sharing of collected information

∘ when the user selects to be provided by the information of products and services of certain

companies by sharing his or her personal information with those companies

∘ when the user selects to allow his or her personal information to be shared with the sites or

platform of other companies such as social networking sites

∘ other cases where the user gives prior consent for sharing his or her personal information

<5> Security measures

• Encryption of personal information

- Transmit users' personal information by using encrypted communication zone

- Store important information such as passwords after encrypting it

• Countermeasures against hacking

- Install a system in the zone the external access to which is controlled so as to prevent

leakage or damage of users' personal information by hacking or computer virus

• Establish and execute internal management plan

• Install and operate access control system

• Take measures to prevent forging or alteration of access record

<6> Data transmission

Considering it engages in global businesses, the Company may provide the users' personal

information to the companies located in other countries for the purpose as expressly stated in this

Policy. For the places where the personal information is transmitted, retained or processed, the

Company takes reasonable measures for protecting that personal information.

In addition, when the personal information obtained from the European Union is used or disclosed,

the Company may have to comply with safe harbor principle as required by the Commerce

Department of USA, take other measures or obtain consent from users so far as those complies

with the regulations of EU so as to use a standardized agreement provision approved by executing

organizations of EU or securing proper safe measures.

<7> 3rd party's sites and services

The website, product or service of the Company may include the links to the ones of a 3rd party

and the privacy protection policy of the site of 3rd party may be different. Thus, it is required for

the users to check additionally that policy of a 3rd party site linked to the site of the Company.

<8> Guide for users residing in California

If the user resides in California, certain rights may be given. The Company prepares preventive

measures necessary for protecting personal information of members so that the Company can

comply with online privacy protection laws of California.

In case of leakage of personal information, a user may request the Company to check the leakage.

In addition, all the users in the website of the Company, can modify their information at any time

by using the menu for changing information by connecting their personal account.

Moreover, the Company does not trace the visitors of its website nor use any signals for 'tracing

prevent'. The Company will not collect and provide any personal identification information through

ad services without consent of users.

<9> Guide for users residing in Korea

The Company guides several additional matters to be disclosed as required by the information

network laws and personal information protection laws in the Republic of Korea as follows:

(1) Information collected

The items collected by the Company are as follows:

Title of service

Items to be collected

Donut Wallet

∘ Required Information: Name, telephone number

∘ Optional items1: App push reception consent, location

information collection consent consent

∘ Optional items2: Information generated/collected in the course of

service use or business processing: Service usage records, access

logs, cookies, access IP information, payment records, suspension

records, terminal manufacturer, model name, OS version

information, push reception records, and purchase records.

∘ Optional items3: Mobile phone number if you agree to use

marketing information

In the course of using services, the information as described below may be created and

collected:

∘ Information of devices (equipment/device identifier, operation system, hardware version,

equipment set-up and telephone number)

∘ Log information (Log data, use time, search word input by users, internet protocol address,

cookie and web beacon)

(2) Commission for collected personal information

For carrying out services, the Company commissions external professional companies

(subcontractors) to process personal information as follows. This commissioned works for processing

personal information is carried out by each subcontractor and service only if necessary for providing

that service.

In commissioning process of personal information, in order to secure safety of personal information ,

the Company supervises and ensure to expressly state in the agreement with subcontractors so that

those subcontractors will safely process personal information by strictly complying with directions

regarding personal information protection, keeping personal information secret, not disclosing it to

a 3rd party and being liable for accidents and returning or destructing personal information upon

termination of the commission or process.

(3) Details of provision of personal information to 3rd party

Allink Co., Ltd. processes personal information only within the scope specified in Article 1 (Purpose

of Processing Personal Information) and provides personal information to 3rd parties only if it

corresponds under Articles 17 and 18 of the Personal Information Protection Act, such as consent

of the data subject and special provisions of the law.

(4) Period for retention and use of personal information

In principle, the Company destructs personal information of users without delay when: the purpose

of its collection and use has been achieved; the legal or management needs are satisfied; or users

request: Provided that, if it is required to retain the information by relevant laws and regulations,

the Company will retain member information for certain period as designated by relevant laws and

regulations. The information to be retained as required by relevant laws and regulations are as

follows:

∘ Record regarding contract or withdrawal of subscription: 5 years (The Act on Consumer

Protection in Electronic Commerce)

∘ Record on payment and supply of goods: 5 years (The Act on Consumer Protection in Electronic

Commerce)

∘ Record on consumer complaint or dispute treatment: 3 years (The Act on Consumer Protection

in Electronic Commerce)

∘ Record on collection/process, and use of credit information: 3 years (The Act on Use and

Protection of Credit Information)

∘ Record on sign/advertisement: 6 months(The Act on Consumer Protection in Electronic

Commerce)

∘ Log record of users such as internet/data detecting the place of user connection: 3 months(The

Protection of Communications Secrets Act)

∘ Other data for checking communication facts: 12 months (The Protection of Communications

Secrets Act)

(5) Procedure and method of destruction of personal information

In principle, the Company destructs the information immediately after the purposes of its collection

and use have been achieved without delay: Provided that, if any information is to be retained as

required by relevant laws and regulations, the Company retain it for the period as required by those

laws and regulations before destruction and, in such event, the personal information which is stored

and managed separately will never be used for other purposes. The Company destructs: hard copies

of personal information by shredding with a pulverizer or incinerating it; and delete personal

information stored in the form of electric file by using technological method making that

information not restored.

(6) Technical, managerial and physical measures for protection of personal information

In order to prevent the loss, theft, leakage, alteration or damage of personal information of the

users, the Company takes technical, managerial and physical measures for securing safety as follows:

Items

Examples

Technical

measures

∘ Utilize security servers for transmitting encryption of personal

information

∘ Take measures of encryption for confidential information

∘ Install and operate access control devices and equipments

∘ Establish and execute internal management plan

Managerial

measures

∘ Appoint a staff responsible for protecting personal information

∘ Provide education and training for staffs treating personal

information

∘ Establish and execute internal management plan

∘ Establish rules for writing passwords which is hard to be estimated

∘ Ensure safe storage of record of access to personal information

processing system

∘ Classify the level of authority to access to personal information

processing system

Physical measures

∘ Establish and operate the procedure for access control for the

facilities for storing personal information

∘ Store documents and backing storage containing personal

information in safe places which have locking device

(7) Matters concerning the collection, use, provision, refusal, etc. of behavioral information

Allink Co., Ltd. does not collect, use, or provide behavioral information for online customized

advertisements.

(8) Staff responsible for managing personal information

The staff of the Company responsible for managing personal information is as follows:

• Name of staff responsible for managing personal information:

• Name: Kyungdong Kim

• Position: representative

• Contact: kd.kim@allink.io

The date of latest update: March, 2023