The Korea Chamber of Commerce and Industry (Chairman: Chey Tae-won, Business Registration Number: 104-82-03590, hereinafter referred to as the “KCCI”) operates the APEC CEO Summit Korea 2025 Website. All personal information handled by the Website is collected, retained, processed, and deleted in accordance with applicable laws or within the consent of the data subjects. In addition, this Privacy Policy is established to protect the personal information and rights of data subjects and to promptly and smoothly handle any complaints related hereto.

Article 1 (Purpose of Personal Information Processing)

1. The KCCI processes personal information for the following purposes. The personal information being processed shall not be used for any purposes other than those specified below. If the purposes of use are changed, the KCCI shall take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
   1. Provision of Services
      - Personal information is processed for purposes such as identifying individuals and participating companies for the use of services provided by the KCCI, handling matters related to the “Mailing Service Application,” providing various notices and event information, and managing statistical information (including statistics and analysis of usage records).
   2. Registration and Disclosure of Personal Information Files
      - In accordance with Article 32 of the Personal Information Protection Act, the purposes of processing, retention periods, and items of personal information files registered and disclosed are as follows.

      Name of Personal Information File	Legal Basis / Purpose of Processing	Items of Personal Information Recorded in the Personal Information File	Retention Period
      APEC CEO Summit Korea 2025 Member Information	Consent of the Data Subject / Operation of the CEO Summit Event and Provision of Services	Name, gender, nationality, email address, mobile phone number, company name, job title, member economy, resident registration number (for Korean nationals), passport information, and profile image	Until withdrawal of consent or completion of the event (with certain exceptions allowing for extended retention periods under specific circumstances)

   3. Security Purposes
      - In accordance with Article 35(2) of the Enforcement Decree of the Presidential Security Act, certain personal information may be processed for security purposes to ensure the safe management and operation of the event.

Article 2 (Processing and Retention Period of Personal Information)

1. The KCCI processes personal information within the period permitted by applicable laws or within the retention and use period agreed to by the data subject at the time of collection.
2. The processing and retention periods for each category of personal information are as follows:
   1. Operation of the CEO Summit event and provision of services: Until withdrawal of consent or completion of the event.
   2. However, in the following cases, personal information shall be retained until the relevant circumstance is resolved:
      1. If an investigation or inquiry related to a violation of applicable laws is ongoing: Until the conclusion of the investigation or inquiry.
      2. If any debts or claims arising from the use of the Website remain: Until the settlement of such debts or claims.
      3. Statistical information: Until three (3) months after the preparation of statistics.
      4. Promotional email information: Until twelve (12) months after the sending of the promotional email.

Article 3 (Entrustment of Personal Information Processing)

1. The KCCI entrusts the processing of personal information to third parties as follows in order to ensure the efficient handling of personal information tasks.
2. When entering into an entrustment agreement, the KCCI specifies, in contracts or other documents, matters concerning the prohibition of personal information processing for purposes other than the performance of the entrusted tasks, the implementation of technical and managerial protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act. The KCCI also supervises the trustee to ensure that personal information is processed safely.
3. In the event of any changes to the details of the entrusted tasks or the trustee, the KCCI shall promptly disclose such changes through this Privacy Policy.

   Trustee	Entrusted Task	Entrustment Period	Country
   MEGAZONE DIGITAL	Development and operation of systems for service provision	Until the termination of the entrustment agreement	Korea
   SPEAENCE	Identification of individuals and participating companies for event operation, operation of mailing services	Until the termination of the entrustment agreement	Korea
   Sponsor and co-organizer companies	Management of registered events for operational purposes	Until the termination of the entrustment agreement	Korea and others

Article 4 (Rights and Obligations of Data Subjects and Their Legal Representatives, and Methods of Exercise)

1. A data subject (or, in the case of a person under the age of 14, their legal representative) may exercise the following rights related to personal information protection against the KCCI at any time.
   1. Request to access personal information
   2. Request to correct errors, if any
   3. Request to delete personal information
   4. Request to suspend processing of personal information
2. The rights set forth in Paragraph 1 may be exercised through written documents, telephone, email, fax, or other means. The KCCI shall take prompt action in response to such requests.
3. Where a data subject requests the correction or deletion of personal information due to errors or other reasons, the KCCI shall not use or provide the relevant personal information until the correction or deletion is completed.
4. The rights set forth in Paragraph 1 may also be exercised through a legal representative of the data subject or an authorized agent. In such cases, a power of attorney in the form prescribed in Annex Form No. 11 of the Notification on Personal Information Processing Methods must be submitted.
5. Requests to access or suspend the processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
6. Requests for the correction or deletion of personal information may not be granted if the collection of such personal information is explicitly required by other applicable laws.
7. When a data subject exercises the right to request access, correction, deletion, or suspension of processing, the KCCI shall verify whether the requesting party is the data subject or a duly authorized representative.
8. Users are encouraged to provide and maintain accurate and up-to-date personal information in order to prevent unforeseen accidents.
9. Users have not only the right to have their personal information protected but also the obligation to protect themselves and not to infringe upon the personal information of others. Users must take care to prevent the leakage of their own personal information and must not damage or infringe upon the personal information of others, including information contained in postings. If a user fails to fulfil these responsibilities and subsequently infringes upon the personal information or dignity of others, the user may be subject to penalties under applicable laws and regulations.

Article 5 (Items of Personal Information Processed)

1. The KCCI collects the following items of personal information.

   No.	Type of Work	Items of Personal Information
   1	Registration and Verification	Required items: name, gender, nationality, email address, mobile phone number, company name, job title, member economy, resident registration number (for Korean nationals), passport information, profile image
   2	Others	Automatically collected during service use: IP Address, Cookies, Date and Time of Visit, Service Usage Records

2. The KCCI uses personal information for the following purposes:
   1. Identification of individuals and organizations for service use
   2. Delivery of various notifications and event-related information, including handling of “mailing service subscriptions”
   3. Management of statistical data (usage records and analysis)
3. The KCCI processes what it refers to as “unique identification information,” defined by Article 24(1) of the Personal Information Protection Act and Article 19 of its Enforcement Decree, including resident registration numbers, passport numbers, driver’s license numbers, and alien registration numbers, as follows:
   1. Collection and use of such information required for compliance in transaction and payment services
   2. Collection and use for security purposes in accordance with Article 35(2) of the Enforcement Decree of the Presidential Security Act.

Article 6 (Destruction of Personal Information)

1. The KCCI shall promptly destroy personal information without delay when the retention period has expired, the purpose of processing has been achieved, or the personal information otherwise becomes unnecessary. However, if the continued preservation of personal information is required by other applicable laws, such personal information shall be stored separately in a different database (DB) or preserved in a different storage location.
2. The procedures and methods for the destruction of personal information are as follows.
   1. Destruction of Personal Information: Personal information whose retention period has expired shall be destroyed without delay from the end date.
   2. Destruction of Personal Information Files: When the purpose of processing has been achieved, the relevant service is discontinued, or the business is terminated, and the personal information file becomes unnecessary, the file shall be destroyed without delay from the date it is recognized that processing is no longer required.
   3. Destruction Procedures: The KCCI selects the personal information subject to destruction upon the occurrence of a destruction reason and destroys it with the approval of the person in charge of personal information protection for each relevant sector.
   4. Destruction Methods: Personal information recorded and stored in electronic file format shall be destroyed in a manner that renders the records irrecoverable, and personal information recorded and stored in paper documents shall be shredded or incinerated.

Article 7 (Measures to Ensure the Security of Personal Information)

1. The KCCI implements the following measures to ensure the security of personal information.
   1. Administrative Measures: Establishment and implementation of internal management plans, and regular training of employees.
   2. Technical Measures: Management of access rights to personal information processing systems, encryption including the installation of access control systems and similar measures, and installation of security programs.

Article 8 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

1. The KCCI may install and operate cookies to store user information and retrieve it periodically in order to provide individual services and convenience to users.
2. Data subjects can configure their web browser settings to allow or block cookies. However, refusing to store cookies may result in difficulties in using personalized services.
   1. Cookie Allowance / Blocking on Web Browsers
      1. Chrome: Web browser settings > Privacy and Security > Clear browsing data
      2. Edge: Web browser settings > Cookies and site permissions > Manage and delete cookies and site data
   2. Cookies Allowance / Blocking on Mobile Browsers
      1. Chrome: Mobile browser settings > Privacy and Security > Clear browsing data
      2. Safari: Mobile device settings > Safari > Advanced > Block all cookies
      3. Samsung Internet: Mobile browser settings > Browsing history > Clear browsing data

Article 9 (Personal Information Protection Officer)

1. The KCCI has designated a Personal Information Protection Officer as outlined below, who is responsible for overseeing personal information processing and addressing complaints and damages related to personal information processing.
   1. Chief Personal Information Protection Officer: Dongmin Park, Senior Executive Director / APEC CEO Summit Secretariat
   2. Personal Information Protection Sector Head: Seongwoo Lee, Executive Director / APEC Business Bridge Center
   3. Personal Information Protection Sector Contact Person: Jongchul Yoo, Center Director / APEC Business Bridge Center/2025apecabac@korcham.net
2. You may contact the Personal Information Protection Officer and the relevant department for inquiries, complaints, and resolution of damages related to personal information protection. The KCCI will promptly respond to and address inquiries from data subjects.

Article 10 (Request for Access to Personal Information)

1. Data subjects may submit a request for access to personal information under Article 35 of the Personal Information Protection Act to the department listed below. The KCCI will make efforts to process such requests promptly.
   1. Department for Receiving and Processing Personal Information Access Requests: APEC Business Bridge Center – 39, Sejong-daero, Jung-gu, Seoul (Namdaemunno 4 ga)
   2. Contact Person: Jongchul You
   3. Contact Information: 2025apecabac@korcham.net / +82-2-6050-3681, 3686

Article 11 (Methods of Remedy for Infringement of Rights)

Data subjects may contact the following organizations for consultation or to seek remedy for damages caused by personal information infringement:

1. Personal Information Infringement Report Center: (No area code) 118 (http://privacy.kisa.or.kr)
2. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
3. Supreme Prosecutors' Office: (No area code) 1301 (http://spo.go.kr)
4. National Police Agency: (No area code) 182 (cyberbureau.police.go.kr)

Article 12 (Changes to the Privacy Policy)

1. This Privacy Policy is effective from May 1, 2025.