Privacy Policy

Provisional translation. This English version is provided for reference. In case of any discrepancy, the Korean version shall prevail.

Hansol Energyon Co., Ltd. (hereinafter "the Company") values the personal information of its customers and strives to comply with the Personal Information Protection Act of the Republic of Korea and other applicable laws. Through this Privacy Policy, the Company informs users of the purposes and methods by which their personal information is processed, as well as the measures taken to protect such information.

Article 1 (Purpose of Personal Information Processing)

The Company processes personal information solely for the purpose of "customer inquiries and responses." Personal information will not be used for any purpose other than that stated, and where the purpose changes, the Company will obtain separate consent or take other measures as required under Article 18 of the Personal Information Protection Act.

Article 2 (Categories of Personal Information Processed)

The Company provides information through its website without requiring a separate membership registration. The minimum personal information necessary for customer inquiries and responses is collected and processed solely via email.

Article 3 (Period of Processing and Retention)

The Company processes and retains personal information within the period required by applicable laws or the period to which the data subject has consented.

• Inquiries: 1 year from the date of email receipt

Article 4 (Procedure and Method of Destruction)

When personal information becomes unnecessary — for example, upon expiration of the retention period or fulfillment of the processing purpose — the Company destroys the information without delay.

• Procedure: After the purposes of collection and use are achieved, personal information is stored for a designated period (see retention period above) before being destroyed.
• Method: Personal information printed on paper is destroyed by shredding or incineration. Personal information stored in electronic file form is deleted using technical methods that prevent recovery.

Article 5 (Provision of Personal Information to Third Parties)

The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing) and provides it to third parties only in the following cases.

• When separate consent has been obtained from the user
• When required by law, or when requested by investigative agencies pursuant to procedures and methods prescribed by law for investigative purposes
• When provided in a form that cannot identify specific individuals, for purposes of statistical compilation, academic research, or market research

Article 6 (Outsourcing of Personal Information Processing)

The Company does not outsource the processing of personal information to external parties without the consent of the user. Should outsourcing become necessary in the future, the Company will notify users of the outsourcing party and the scope of work, and obtain prior consent where necessary.

Article 7 (Rights of the Data Subject and How to Exercise Them)

Data subjects may exercise the following rights regarding their personal information at any time.

• Request to access personal information
• Request to correct any errors
• Request to delete
• Request to suspend processing
• Withdrawal of consent

Requests submitted by phone or email will be processed without delay after identity verification. However, the Company may refuse such requests where prohibited or restricted by law, or where there is a risk of harming the life or body of another person, or unjustly infringing on another person's property or other interests.

Article 8 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

The Company does not operate devices, such as cookies, that automatically generate or collect personal information of data subjects.

Article 9 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

• Administrative measures: Establishment and implementation of an internal management plan, and regular staff training
• Technical measures: Access rights management for the personal information processing system, installation of access control systems, and installation and updates of security software
• Physical measures: Access control for server rooms and data storage facilities

Article 10 (Complaint Services Regarding Personal Information)

To protect customers' personal information and handle related complaints, the Company has designated the following department and Personal Information Protection Officer.

Customer Service Department

Department	Department Name
Phone	+82-43-219-3000

Personal Information Protection Officer

Name	Officer Name
Title	Title

Personal Information Protection Manager

Name	Officer Name
Title	Title
Department	Department Name
Phone	Direct Phone
Email	Officer Email

For reports or consultations regarding personal information infringement, please contact the following organizations.

• Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
• Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
• Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301)
• National Police Agency Cybercrime Reporting System (ecrm.police.go.kr / 182)

Article 11 (Changes to this Privacy Policy)

This Privacy Policy is effective as of June 1, 2026. In the event of additions, deletions, or amendments due to changes in laws, policies, or security technologies, the Company will notify users through announcements on its website at least 7 days before the changes take effect.