The Company collects personal information entered and provided by the information subject directly at the time of membership registration or events, for member management, information provision, marketing utilization, etc.

Items of information to be processed: name, contact information, e-mail address

The Company does not collect information from children under the age of 19 and may take steps to verify that the person is not under the age of 19 when signing up for membership.

The Company uses the collected personal information for the following purposes.

- Membership Management

- Provide event information

- Use for marketing and advertising (guidance through SNS, e-mail, etc., delivery of advertising information)

In principle, the Company destroys the information without delay when the purpose of collecting and using personal information is achieved or when the member withdraws. However, if it is necessary to keep it for reasons according to company policy or reasons prescribed by laws and regulations as follows, the information will be retained. Such information will be destroyed immediately after storage for the period stipulated by the following and related laws and regulations, and will not be used for reasons other than the purpose specified below or laws and regulations even during the storage period.

Retention of information in accordance with company policies

- Reason: Management of the activity history of the information subject - Period: 2 years from the last time the data subject accessed the website

Retention of information for reasons stipulated by relevant laws and regulations

- Category: Books and supporting documents for all transactions prescribed by tax law / Applicable Laws: Framework Act on National Taxes / Retention period: 5 years - Category: Service visit record, access log, access IP / Applicable Laws: Protection of Communications Secrets Act / Retention period: 3 months

In principle, the Company destroys the information without delay after achieving the purpose of collecting and using personal information or after the retention period has elapsed. The destruction procedure and method are as follows.

Destruction Procedure

Regarding the collected personal information, after the purpose of collecting and using personal information is achieved or the retention period has elapsed, the information will be destroyed without delay. However, information that must be kept in accordance with this personal information processing and related laws and regulations will be stored for the period prescribed by laws and regulations and then destroyed. In this case, the personal data will be kept separately from other personal data being processed.

Destruction method

Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.

The Company entrusts the processing of personal information to an external professional company as follows for the performance of the service. Consignment of personal information processing is made for each outsourcing company only if it is necessary for the performance of each individual service.

When outsourcing the processing of personal information, in order to ensure the safety of personal information protection, we clearly stipulate the observance of instructions related to personal information protection, confidentiality of personal information, prohibition of provision to third parties and liability in case of accident, consignment period, return or destruction of personal information after the end of processing, etc., and supervise the outsourced company to safely process personal information.

Consignment

• Name of the outsourced company: ExpandK Co., Ltd.

• Contents of the outsourced work: Collection of personal information, sending of events and advertising information

The Company does not provide personal information to a third party unless the contents are notified and consent is obtained from the information subject. However, if it is necessary to submit or provide personal information in accordance with relevant laws and regulations, etc., it may be provided to a third party without the consent of the information subject.

Since the Company is headquartered in Australia, overseas transfer of personal information occurs when collecting personal information based on the use of this service. Matters related to overseas transfers are as follows.

Matters concerning overseas transfers

• Items of personal information to be transferred: Same as items of personal information to be collected.

• The country to which personal information is transferred, the timing and method of transfer: Australia. At the time of collection of personal information on the Darling Downs Wagyu website, it will be transferred to overseas data centers.

• Name and contact information of the person receiving personal information:

AACo Privacy Officer

Level 1, Tower A, Gasworks Plaza

76 Skyring Terrace

Newstead QLD 4006

AUSTRALIA

E-mail: privacy@aaco.com.au

• Purpose of use and retention period of personal information of the person receiving personal information: Same as the item of personal information to be collected.

The information subject and legal representative may view or correct the registered personal information of the information subject at any time. If you request to view, correct, or delete personal information, please contact the Privacy Officer by e-mail, and we will take action without delay after going through the identity verification process.

If the information subject requests correction of errors in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the correction can be made.

The Company takes the following technical, administrative, and physical measures to ensure safety.

Establishment and implementation of internal management plan

• The Company establishes and implements an internal management plan for the safe processing of personal information.

• The Company checks the implementation of personal information protection measures and the compliance of the person in charge through the in-house personal information protection organization, etc., and takes immediate corrective measures when a problem is found.

Installation and operation of access control devices

• The Company uses an intrusion prevention system to control unauthorized access from the outside, and strives to have all possible technical devices to ensure security in other systems.

Measures to prevent falsification and alteration of access records

• The Company keeps and manages records of access to the personal information processing system and uses security functions to prevent forgery or alteration of access records.

Encryption of personal information

• The personal information of the information subject is protected by a password, and the file and transmission data are encrypted, stored and managed, and important data is protected through a separate security function.

Countermeasures against hacking

• The Company uses vaccine programs to take measures to prevent damage caused by computer viruses. The vaccine program is updated periodically, and if a virus suddenly appears, the vaccine is provided as soon as it is released to prevent infringement of personal information.

• The Company adopts a security device (SSL) that can safely transmit personal information on the network using an encryption algorithm.

• In preparation for external intrusion such as hacking, each server uses an intrusion prevention system and a vulnerability analysis system to ensure security.

• Personal information and general data are not stored in a mixed manner, but are stored separately through a separate server.

The Company designates a department in charge of personal information protection and a person in charge of personal information protection to protect the personal information of information subjects and handle complaints related to personal information.

The contact information of the Chief Privacy Officer is as follows.

Chief Privacy Officer

- Title: AACo Privacy Officer

- E-mail: privacy@aaco.com.au

The information subject may report all complaints related to personal information protection that occur while using the Company's services to the Chief Privacy Officer or the department in charge. The Company will provide prompt and sufficient answers to the information subject's reports. If you need to report or consult about other personal information infringements, please contact the following organizations.

- Anti-Corruption&CivilRightsCommission Personal Information Protection Commission: 044-200-7130 (sgeum@korea.kr)

- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

- National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

- Supreme Prosecutors’ Office Cyber Crime Division: 1301 (www.spo.go.kr)

- Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-550-9531~2)

If the Company changes this Privacy Policy, we will notify you so that you can check the contents. The information subject can check the changes to the Company's Privacy Policy.

This Privacy Policy shall be effective as of 13 April 2023.