“M3 Mobile Co., Ltd.” (hereinafter referred to as the “Company”) complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Personal Information Protection Act, and has established the following Privacy Policy to protect customers’ personal information and rights and to handle related complaints smoothly.

 

 

Items of Personal Information Collected and Methods of Collection

The Company collects data to provide customers with products and services and to operate its business. Some data are provided directly by you when creating an M3 Mobile account, making inquiries on the website, providing or maintaining equipment, or contacting M3 Mobile for support or other services. The Company also automatically receives certain data when you interact with M3 Mobile’s products or services—such as through the use of technologies like cookies, or through software-generated error reports, usage data, or location information.

The data collected by “M3 Mobile Co., Ltd.” may include the following:

Items of Personal Information Collected

• Name and contact information

• Usage data

• Cookies

 

 

Purpose of Collection and Use of Personal Information

Name and contact information
Collected to confirm inquiry details, provide responses, and contact users via phone or email for follow-up guidance.

Usage data
M3 Mobile collects data on how users and devices interact with its products and services. For example, the Company collects the following:

Product usage data: Information about feature usage, site activity, performance, purchase history, and visited web pages.

Device data: Data about device operation, configuration, performance, and past usage. This may include the product key, operating system, applications, software installed on the device, IP address, MAC address, authentication credentials, region, and language settings. M3 Mobile complies with the Google API Services User Data Policy, including the Limited Use requirements.

Error reports and performance data: Information used to diagnose and improve the Company’s products. These reports may contain details such as error type and severity, related software/hardware information, device status, and contextual data at the time of error.

Support data: When requesting support, incidental access to device data may occur. Devices returned for repair should have all data deleted in advance. The Company may record relevant hardware, software, and other details to track performance and improve products.

Cookies
The website may collect certain types of data, including IP addresses, browsing data, server information, session duration, user preferences, and access credentials for specific areas. Cookies are used to facilitate document downloads, traffic analysis, and other business purposes. Browsers can be configured to block, reject, remove, or disable cookies. However, disabling cookies may limit access to certain functions such as downloads and user profile settings. Cookies may also be used to analyze visit frequency and duration for marketing analysis.

 

 

Installation, Operation, and Rejection of Cookies

Users have the right to choose whether to accept cookies. You may allow all cookies, receive confirmation each time a cookie is stored, or reject all cookies through your browser settings.

• In Internet Explorer:

• Go to “Tools > Internet Options > Privacy” and set to disable automatic cookie processing. Note: Refusing cookies may cause difficulties in using certain services.

 

 

Retention and Use Period of Personal Information

The Company retains personal information only for as long as necessary to fulfill the purpose of collection and use. As of the 1st of each month, information older than one month is automatically deleted.

 

 

Destruction Procedure and Method of Personal Information

The Company promptly destroys personal information once the purpose of collection and use has been fulfilled. The destruction procedure and methods are as follows:

Destruction Procedure

• Information entered by customers for registration, etc., is transferred to a separate database (or stored separately for paper documents) after its purpose has been achieved and will be destroyed after a certain period according to internal policy and related laws.

• The information will not be used for purposes other than those required by law.

Destruction Method

• Paper documents are shredded or incinerated.

• Electronic files are deleted using technical methods that prevent recovery.

 

 

Provision and Sharing of Personal Information

The Company processes personal information only within the scope of the purposes specified in this Privacy Policy and does not provide it to third parties without prior consent. However, exceptions apply in the following cases:

• When prior consent has been obtained from the customer.

• When required by law or by a request from an investigative agency in accordance with legal procedures.

 

 

Provision of Personal Information by Entrusted Business

The Company does not provide customers’ personal information to third parties without consent. However, to achieve the purposes stated in this policy, personal information may be provided to trusted partners for delegated business tasks, upon obtaining customer consent.

 

 

Rights of Data Subjects and Exercise Methods

Customers, as data subjects, have the following rights regarding their personal information and may exercise them at any time.

• Request to view personal information

• Request correction of errors

• Request deletion

• Request suspension of processing

 

Requests may be made in writing, by email, or by fax, in accordance with the form prescribed in Annex No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take prompt action.

• When a data subject requests correction or deletion, the Company will not use or provide the personal information until the correction or deletion is completed.

• A legal representative or delegated agent may exercise these rights on behalf of the data subject by submitting a power of attorney in the form prescribed in Annex No. 11 of the Enforcement Rules of the Personal Information Protection Act.

 

 

Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, managerial, and physical measures to ensure the security of personal information:

Minimization and training of personnel handling personal information

Only designated and limited staff handle personal information, and management measures are in place to protect it.

Establishment and implementation of internal management plans

Internal management plans are established and implemented to ensure the secure processing of personal information.

Access restriction to personal information

Access rights to databases are granted, changed, or revoked as needed to ensure access control. Firewalls are also used to block unauthorized external access.

 

 

Personal Information Protection Officer and Remedies for Infringement

The Company designates the following personal information protection officers responsible for overseeing the handling of personal information and addressing related complaints and damages.

• Personal Information Manager

  - Name: Jae-yun Han / APP Team

  - Contact: +82-2-2022-1344 / Email : jaeyun.han@m3mobile.co.kr

• Personal Information Protection Officer

  - Name: Hye-Ryung Yoon / Marketing Team

  - Contact: +82-2-2022-1341 / Email: hyoon@m3mobile.co.kr

 

Customers may contact the above officers for all privacy-related inquiries, complaints, or damage reports that occur while using M3 Mobile’s services. The Company will respond promptly. For further consultation, you may contact the following organizations:

• Personal Dispute Mediation Committee (https://www.kopico.go.kr / 1833-6972)

• Personal Information Protection Commission (https://www.pipc.go.kr / 02-2100-3025)

• Supreme Prosecutors’ Office Cybercrime Investigation Center (www.spo.go.kr / 02-3480-3600)

 

 

Obligation to Notify of Policy Changes

This Privacy Policy shall take effect from the effective date below. If there are additions, deletions, or modifications due to changes in laws or policies, notice will be provided at least seven (7) days prior to implementation.

• Date of Notice: November 24, 2025

• Effective Date: December 01, 2025