Smart Caddie Privacy Policy

Golfzon Cloud Co., Ltd. (the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act (“PIPA”) to protect the personal information of data subjects and to promptly and smoothly handle any related complaints. This Privacy Policy applies to the Company’s website under the domain golfwith.golfzon.com and the Smart Caddie mobile and watch applications (the “App” or the “Service”).

Article 1 (Purposes of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of PIPA.
1. Membership Registration and Management for the Website and App
The Company processes personal information for the purposes of confirming the intent to register as a member, identifying and authenticating individuals in connection with providing membership services, maintaining and managing membership status, preventing fraudulent use of the Service, and confirming whether a legal representative has given consent when processing personal information of children under the age of 14.
2. Provision of Services
The Company processes personal information for the purposes of providing content and services. Details are as follows.
(1) Account Creation
To access golf records and App data, you must create a Smart Caddie account. Users may use their email address as the username for their Smart Caddie account and use it when logging in.
(2) When Visiting the Company Website
The Company collects industry-standard data from all users who visit the Company’s website (including general users without a Smart Caddie account). This includes log data automatically recorded in connection with a user’s visit, such as browser type, operating system, the URL of the referring page that led the user to the golfwith.golfzon.com site, on-site activity, and the IP address used to access the Company’s pages.
(3) App Data Synchronization
When the App is synchronized, data recorded in the App in connection with user activities is transmitted to the Company’s servers. After being stored, this data is used to provide the Smart Caddie service and is associated with the user’s account.
(4) Inquiries and Support Requests
Whenever users contact the Company with inquiries, questions, or support requests, the Company collects the user’s name and email address, along with any additional information provided by the user, for the purposes of customer support and service improvement.
(5) When Location Features Are Enabled
The Smart Caddie service includes features that require the collection of certain location data, such as GPS signals and device sensors (accelerometer, gyroscope, etc.). The Company collects such data only when the user enables location features, such as starting a golf record at a golf course.
3. Use for Marketing and Advertising
The Company processes personal information for the purposes of developing new services and providing customized services, providing event information and advertising information, and offering opportunities to participate.

Article 2 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the retention and use period prescribed by applicable laws, or within the retention and use period agreed to by the data subject when collecting the personal information.
2. The processing and retention periods are as follows.
(1) Member Information
a. Legal basis for collection: Consent of the data subject
b. Retention period: Until the member requests withdrawal (membership deletion)
c. Legal basis for retention: Consent of the data subject

Article 3 (Provision of Personal Information to Third Parties)

1. The Company processes personal information only within the scope stated in Article 1 (Purposes of Processing Personal Information), and provides personal information to third parties only in cases where it falls under Articles 17 and 18 of PIPA, such as with the data subject’s consent or where special provisions exist under law.
2. The Company entrusts personal information processing as follows. [Entrusted tasks / Service providers]
(1) Customer consultation: TCK
(2) Provision of field round record management services and recommendation services: Golfzon Co., Ltd.

Article 4 (Rights and Obligations of Data Subjects, Users, and Legal Representatives and How to Exercise Them)

1. Data subjects may exercise their rights to request access, correction, deletion, and suspension of processing of their personal information at any time.
2. Rights under Paragraph 1 may be exercised by submitting a request to the Company in writing, by email, by facsimile (FAX), etc., in accordance with Article 41(1) of the Enforcement Decree of PIPA, and the Company shall take action without delay.
3. Rights under Paragraph 1 may be exercised through a representative, such as a legal representative of the data subject or a person authorized by the data subject. In such cases, a power of attorney in the form set forth in Appendix Form No. 11 of the “Public Notice on Personal Information Processing Methods (Notice No. 2020-7)” must be submitted.
4. Requests for access to personal information and for suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of PIPA.
5. Requests for correction or deletion may not be granted if the relevant personal information is specified as subject to collection under other laws.
6. The Company verifies whether the requester is the data subject or a duly authorized representative when requests are made for access, correction, deletion, or suspension of processing.
7. Users may view or modify their personal information on the website at any time and may request withdrawal of consent for collection/use/provision or request termination of membership.
8. Pursuant to Article 38(2) of PIPA, for children under the age of 14, a legal representative is guaranteed the right to view, modify, delete, suspend processing of, and withdraw consent for the collection, use, and provision of the child’s personal information.

Article 5 (Rights of Guardians for Children Under 8, etc.)

1. If a person responsible for protection (a “Guardian”) of any of the following persons (collectively, “Children Under 8, etc.”) consents to the collection, use, or provision of the personal location information of such Children Under 8, etc. for the protection of their life or body, such consent shall be deemed to have been given by the person concerned.
(1) Children under 8 years of age
(2) Adult wards (persons under adult guardianship)
(3) Persons with mental disabilities under Article 2(2)2 of the Act on Welfare of Persons with Disabilities who fall under the category of severely disabled persons under Article 2(2) of the Act on Employment Promotion and Vocational Rehabilitation for Persons with Disabilities (limited to persons registered as disabled pursuant to Article 32 of the Act on Welfare of Persons with Disabilities)
2. The provisions of Article 4 of these Terms (Rights and Obligations of Data Subjects, Users, and Legal Representatives and How to Exercise Them) shall apply mutatis mutandis where a legal representative gives consent under Article 25(2) of the Act on the Protection and Use of Location Information, in which case “Customer” shall be deemed “Legal Representative.”
3. The provisions of Article 4 of these Terms shall also apply where a Guardian gives consent under Article 26(4) of the Act on the Protection and Use of Location Information, in which case “Customer” shall be deemed “Guardian.”
4. A Guardian who wishes to consent to the use or provision of personal location information for the protection of the life or body of Children Under 8, etc. shall submit to the Company a written consent form together with documents proving that the person is the Guardian.
5. If a Guardian consents to the use or provision of personal location information of Children Under 8, etc., the Guardian may exercise all rights of the personal location information subject.

Article 6 (Items of Personal Information Processed)

The Company processes the following items of personal information.
1. Collected items: ID, password, email address, first name, last name, gender, date of birth, paid service payment information (e.g., app market payment tokens), purchase history, country
2. Exercise and health information: Exercise information during a round (elapsed time, distance traveled, step count, cumulative altitude, maximum altitude, total calories, average heart rate, maximum heart rate, etc.)
3. Purpose of collection: Provision and management of Smart Caddie membership services
4. Retention period: Until withdrawal from Smart Caddie membership

Article 7 (Retention and Use Period of Records of Collection/Use/Provision of Personal Location Information)

1. The Company automatically records in the location information system the records verifying the collection, use, and provision of location information relating to customers pursuant to Article 16(2) of the Act on the Protection and Use of Location Information, and retains the related records for at least six (6) months after membership registration, and destroys them upon membership withdrawal.
2. Pursuant to Article 24(4) of the Act on the Protection and Use of Location Information, where a customer withdraws all or part of consent, the Company destroys without delay the collected personal location information and the records verifying the collection, use, and provision of location information (in the case of partial withdrawal of consent, limited to the records relating to the portion withdrawn).

Article 8 (Destruction of Personal Information)

1. The Company destroys personal information without delay when personal information becomes unnecessary due to the expiration of the retention period or achievement of the purpose of processing, etc.
2. Where personal information must continue to be retained pursuant to other laws even after the retention period agreed to by the data subject has expired or the purpose of processing has been achieved, the Company stores such personal information in a separate database (DB) or stores it in a different location.
3. Procedures and methods for destruction are as follows.
(1) Destruction procedure: The Company selects personal information for which grounds for destruction have arisen, and destroys such personal information with the approval of the Company’s Chief Privacy Officer.
(2) Destruction method: Information in electronic file format is destroyed using technical methods that prevent the records from being restored or reproduced. Personal information printed on paper is destroyed by shredding or incineration.

Article 9 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information.
1. Minimization and training of personnel handling personal information: The Company designates personnel who handle personal information, limits such handling to the responsible staff, and implements measures to manage personal information by minimizing the number of such personnel.
2. Restriction of access to personal information: The Company takes necessary measures to control access to personal information through the granting, modification, and revocation of access rights to the database systems that process personal information, and controls unauthorized external access by using intrusion prevention systems.

Article 10 (Matters Concerning the Installation/Operation and Refusal of Automatic Personal Information Collection Devices)

1. The Company uses “cookies” that store and retrieve usage information from time to time in order to provide personalized services to users.
2. A cookie is a small amount of information that a server (http) used to operate a website sends to the user’s computer browser, and it may be stored on the hard disk of the user’s PC.
(1) Purpose of using cookies: Cookies are used to identify users’ visits to and usage patterns of each service and website, popular search terms, whether secure access is used, etc., in order to provide users with optimized information.
(2) Installation/operation and refusal of cookies: Users may refuse to store cookies by setting options in the web browser menu: Tools > Internet Options > Privacy.
(3) If users refuse to store cookies, there may be difficulties in using personalized services.

Article 11 (Chief Privacy Officer)

1. The Company designates a Chief Privacy Officer as follows to oversee personal information processing and to handle complaints and provide remedies related to personal information processing.
Chief Privacy Officer
Name: Jae-won Lee
Contact: +82-2-3472-1954
※ You will be connected to the department in charge of personal information protection.
2. Data subjects may contact the Chief Privacy Officer and the responsible department regarding any inquiries, complaints, and remedies related to personal information protection that arise while using the Company’s service (or business). The Company will respond and handle such inquiries without delay.

Article 12 (Request for Access to Personal Information)

Data subjects may request access to personal information pursuant to Article 35 of PIPA from the department below.
Department for Receiving/Handling Requests for Access to Personal Information
Contact person: Gyeong-yeong Maeng
Contact: 070-8890-5754

Article 13 (Remedies for Infringement of Rights/Interests)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., in order to seek remedies for infringement of personal information. For other reports and consultations regarding personal information infringement, please contact the institutions below.
1. Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: (No area code) 1301 (www.spo.go.kr)
4. National Police Agency: (No area code) 182 (ecrm.cyber.go.kr)

Article 14 (Changes to the Privacy Policy)

This Privacy Policy applies from January 5, 2026.