Privacy & Cookie Policy

SurplusGLOBAL, Inc. (“Company”) is committed to protect our users’ personal information and also to

comply with the relevant privacy laws. This privacy policy describes exactly how and why the

Company collects and uses personal information from its users. Additional measures are then taken

to protect their personal information. Through notices on individual notices, the Company will

inform users if there are any changes to its privacy policy.

The Company’s privacy policy specifies the following:

1. Processing Personal Information

2. Purpose of Processing Personal Information

3. Sharing Personal Information with Third Parties

4. Retention of Collected Information

5. International transfer of personal information

6. Procedure and Methods for the Disposal of Personal Information

7. Cookies: Installation, Operation and Refusal

8. Security Measures

9. User’s Rights and Rights of User’s Legal Representative

10. Data Protection Officer

11. Notification

By using this website/service, users consent to the collection and use of the information as described

here. If the Company decides to make changes to this privacy policy, the Company will post the changes

on this site so that users will always know what information the Company collects, and how the Company

uses it.

From time to time, as may be required by applicable law, the Company may also seek users’ explicit consent

to process certain data and information collected on this website or volunteered by users.

There may be discrepancy in languages as this policy has been translated from Korean. Should there be any

concerns regarding correct interpretation of this privacy policy, please contact the Company at policy@surplusglobal.com

for further information.

This policy takes effect on May.15.2019.



1. Processing Personal Information

a. Information Processed

To serve users better and understand users’ needs and interests, the Company processes the content and other

information users provide during visiting sessions, including when users sign up for additional information, register

an enquiry. This can include information in or about the content users provide, such as the date user enquiry has

been registered. Company also processes information about how users use the Company’s Website, such as the types

of content users view or engage with or the frequency and duration of user’s activities.

a) Information users provide during visiting sessions

- Required information: Email address, Name, Contact Number

- Optional Information: Company name, Contact Number, User’s Department

* Depending on the service, additional information may be required.

b) Information collected during visiting sessions

- User’s Activity log

- Information based on User’s IP address

* For more information, please see [8. Cookies: Installation, Operation and Refusal]

c) Refusal to consent : users have the right to refuse to collection of information. However,

if the user refuse to consent, the Company will be unable to respond to the enquiry registered.

b. Method of Collection

The Company collects personal information through the following means:

I) When users sign up for additional information, register for Newsletter

II) During visiting sessions, when users use the Company’s Website

2. Purpose of Processing Personal Information

The information the Company collects to understand user’s needs and interests helps Company

deliver a consistent and personalized experience. The Company shall use such information only

as described in this Privacy Policy and/or in the way the Company specifies at the time of collection.

The Company will not subsequently change the way a user’s personal data is used without the user’s

consent, as required by applicable law. Unless otherwise stated at the time of collection, the Company

will use the user’s personal data only in the following ways:

- To respond to and manage customer inquiries concerning services/products.

- To provide feedback on and manage company-related inquiries concerning investment, career opportunities,

website management, and reports on wrongful practices, security reports and Executive Briefing Center.

3. Sharing Personal Information with Third Parties

In principle, the Company does not disclose any of the personal information collected; however, the following

are exceptions:

- If the user has given consent to disclose information in advance; or

- The Company may also use or disclose Marketing Information as we believe to be necessary or appropriate:

(a) under applicable law, including laws outside your country of residence; (b) to comply with legal process;

(c) to respond to requests from public and government authorities, including public and government authorities

outside your country of residence, for national security and/or law enforcement purposes; (d) to enforce our terms

and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety

or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the

damages that we may sustain.

Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of

all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings),

the Company may transfer Marketing Information to the relevant third party.

4. Retention of Collected Information

The Company shall immediately destroy users’ personal information when it is no longer needed for the purpose

which it was collected and used. However, the Company may retain the information below for a certain period of

time for the following reasons:

(1) Retention of information in accordance with the Company's policies:

- Retained items: email address, name, user’s company (department or store), user’s position at user’s company

- Reason for retention: To manage users’ activity history

- Retention period: 3 year from the user’s last access to the website

5. International transfer of personal information

The Company may transfer users’ personal information to South Korea and Australia in order to better facilitate

the Service. By using this website or providing any personal information to the Company, users consent to the transfer,

processing, and storage of such information outside of user’s country of residence where data protection standards

may be different.

6. Procedure and Methods for the Destruction of Personal Information

In accordance with the Company’s retention policy expressed in article 4 of this privacy policy, the Company destroys

the information by implementing below procedure and destruction method:

a. Destruction Procedure

The information customers provided will be stored for a certain period of time and then destroyed of as soon as

the purposes of collecting the information are fulfilled under the Company’s policy (see Retention Period of

Personal Information).

The said information will not be used for purposes other than retention unless required by law.

b. Destruction Method

The personal information printed in paper will be shredded or burned.

The personal information stored in electronic files will be deleted using the technical methods that prevent

retrieval of such data.

7. Cookies: Installation, Operation and Refusal

Company may install and manage automated tools such as "cookies" that automatically gather, store, and find

information strictly necessary for Service Cookies are very small text files that the server uses to operate the Company's

website are sent to the browser of customer, which are then stored in the customer’s computer hard disk.

a. The Company uses cookies for the following purposes.

(I) Remember Customer Log-in ID and customers’ preference to “do not show pop-ups".

(II) The Customer has a right to block or allow cookies. The customer can manage settings in the web browser to

allow all cookies, allow cookies after confirmation, or block all cookies.

b. How to "Block Cookies"

Setting Method (for Internet Explorer, Chrome): Go to Tools  Internet Options  Privacy.

However, customers may experience difficulties using certain services after blocking the cookies.

To reject cookie settings, users can select the web browser option to allow all cookies, to check cookies whenever

saved, or to reject them all.

Setting Method (for internet explorer)

Go to Tools > Internet Option > Personal Information on the top of the web browser

However, when the Customer rejects cookie installation, there may be difficulties in service provision.

c. Below are list of cookies employed, and they are only active for visiting sessions

Below are list of cookies employed, and they are only active for visiting sessions

8. Security Measures

The Company takes the following technical, administrative, and physical measures needed to ensure security:

Establishment and Execution of Internal Management Plan

The Company establishes an internal management plan and executes it to protect personal information.

Reducing and Training Personal for the Handling of Information

The Company appoints and reduces the number of employees who handle personal information, and implements

measures to manage personal information more efficiently.

Restrictions on Access to Personal Information

The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing,

and removing the access to database system where personal information is handled. The Company also deploys and uses

an intrusion prevention system to control unauthorized access.

Keeping Access Records and Preventing Tampering

The Company retains records of access to the personal information handling system (e.g. web log and summary data) for

at least 6 months and uses security features to prevent tampering, theft and any loss of access records.

Technical Measures against Hackers

To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has

installed security software that has regular updates and monitoring. In addition, the Company has also installed a system

in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic

monitoring and the detection of any attempts to, for example, make illegal changes to information.

Unauthorized Access Monitoring

To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has

installed security software and implements regular updates and monitoring. In addition, the Company has also installed

a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network

traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

9. User’s Rights and Rights of User’s Legal Representative

Users and their legal representatives can access or edit their personal information provided to the Company at any time.

Once a request to access, edit or delete personal information is made to the Privacy Officer by phone or by e-mail, the

officer will immediately confirm the requester’s identity and take appropriate action.

If the user requests for correction of an error in his/her personal information, the information will not be used or provided

until the correction has been completed. In addition, if false personal information has already been provided to a third party,

the Company will immediately notify the third party, so that corrections can be made immediately. Personal information that

is cancelled or deleted, from the request of the user or their legal representative, will be handled in accordance with the Company

policy described in “Retention of Personal Information”. This information will not be accessed or used for any other purpose.

10. Data Protection Officer

The Company appoints the following department and officers to protect personal information and handles complaints relating

to personal information.

Privacy Officer

- Name : Chief Privacy Officer Arthur Kim

- Telephone : +82-31-728-1470

Data Protection Officer

- Name : Principal Specialist Arthur Kim

- Telephone : +82-31-728-1470

Users can file complaints related to privacy and security issues that may arise from their use of the Company’s services to the Chief

Data Protection Officer. The Company will promptly provide satisfactory answers to users’ complaints.

11. Notification

The Company shall notify users promptly when additions, deletions or changes are made to this Privacy Policy via notice board.

In the event of a security breach caused by hacking or computer virus, the Company shall immediately notify all users affected.