Portzone Inc. (hereinafter referred to as the "Company") establishes and discloses the following Privacy Policy in order to protect the personal information of the information subject (user) and to handle grievances related thereto promptly and smoothly in accordance with Article 30 of the 『Personal Information Protection Act』.

This policy applies when using the Puffzone service (hereinafter referred to as the "Service") provided by the Company.

The Company processes personal information for the following purposes. processed personal information is not used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the 『Personal Information Protection Act』.

• Membership Registration and Management: Confirmation of intent to join membership, identification/authentication according to membership service provision, maintenance/management of membership qualification, identity verification according to the implementation of the limited identity verification system, prevention of illegal use of service, restriction on use by minors under 19 (age verification), preservation of records for various notices/notifications, grievance handling, and dispute mediation

• Provision of Goods or Services: Provision of location information of smoking areas/smoking-allowed stores/e-cigarette shops, provision of store pickup reservation service and management of reservation details, provision of customized information based on user location, registration and provision of contents (reports, reviews, modification suggestions, etc.)

• Use for New Service Development and Marketing/Advertising: Development of new services (products) and provision of customized services, provision of event and advertising information and participation opportunities, verification of service validity, identification of access frequency, or statistics on member's service use

• Use of Pseudonymized Information: Personal information collected may be pseudonymized and used so that specific individuals cannot be identified for statistics generation, scientific research, public interest record preservation, etc.

The Company collects the minimum amount of personal information necessary to provide the service.

(1) Collected Items

• Membership Registration (Required): Social Login Identifier (Google/Apple), Email, Nickname, Gender, Age Group, Smoking Type (Purpose: Member identification, Age verification, Customized service provision)

• Service Usage (Optional): Mobile Phone Number (Purpose: Pickup reservation, Event winning notification, Customer response)

• Location-Based Service (Required/Optional): GPS-based location information, access point information (Purpose: Finding nearby stores/smoking areas, Route guidance, Location reporting)

• Pickup Reservation (Required): Booker's Name (Nickname), Contact Information, Scheduled Visit Date and Time, Reservation Store Information, Requests (Purpose: Reservation reception and confirmation, No-Show prevention, Store delivery)

• Automatically Collected Items: IP address, cookies, MAC address, service usage records, visit records, bad usage records, device information, advertising identifier (ADID/IDFA), app installation information (Purpose: Service usage analysis, security enhancement, error analysis, customized advertisement provision)

※ Even if the user does not agree to the collection and use of optional items, the core functions of the service can be used, but the use of some functions may be restricted.

(2) Collection Method

• Direct input by the user during membership registration and service usage

• Provision from affiliates (Social Login: Google, Apple)

• Automatic collection through generation information collection tools

① The Company processes and retains personal information within the personal information retention and use period according to laws regarding personal information retention and use period agreed upon when collecting personal information from the information subject.

② In principle, member information is retained and used until the member withdraws. However, in the case of the following reasons, it is retained until the end of the relevant reason or the period specified by law.

• Reasons for Information Retention by Company Internal Policy

- Prevention of illegal use and restriction on re-registration: Retained for 6 months after membership withdrawal

- Service Usage Restriction (Sanction) Record: Retained for 1 year after membership withdrawal

• Reasons for Information Retention by Relevant Laws

- Records on contract or withdrawal of subscription, etc.: 5 years

- Records on payment and supply of goods, etc.: 5 years

- Records on consumer complaints or dispute handling: 3 years

- Records on labeling and advertising: 6 months

- Login records (Protection of Communications Secrets Act): 3 months

- Location information usage confirmation data: 6 months

① The Company processes the information subject's personal information only within the specified scope, and provides it to third parties only when there is consent from the information subject or special provisions of the law.

② The Company provides personal information to third parties as follows.

• Recipient: Reserved Store (Store Owner)

• Purpose of Provision: Confirmation of pickup reservation and product preparation, User identification

• Provided Items: Nickname, Contact Information (including Safe Number), Visit Date and Time, Requests

• Retention and Use Period: Until service provision is completed and disputes are resolved

③ The Company may provide personal information to relevant agencies without the consent of the information subject in case of emergency such as disaster or infectious disease.

① The Company entrusts personal information processing tasks as follows for smooth business processing.

• AWS: Cloud Server Operation and Data Storage

• Google, Naver: Map API Integration and Location Information Processing

• Naver: Sending reservation notifications and authentication texts

② When concluding an entrustment contract, the Company specifies in documents matters regarding the prohibition of personal information processing other than the purpose of performing entrusted work, security measures, etc., in accordance with relevant laws and supervises them.

① The information subject may exercise rights such as requesting access, correction, deletion, and suspension of processing of personal information against the Company at any time.

② The exercise of rights can be done through writing, email, etc., and the Company will take action without delay.

③ Right to refuse automated decisions and request explanation: The information subject may refuse or request an explanation if an automated decision by a system applying artificial intelligence technology affects their rights.

④ Right to request transmission of personal information: The information subject may request the transmission of their personal information to themselves or another institution.

① This Service restricts registration and use by minors under the age of 19 in accordance with relevant laws.

② The Company does not collect personal information of minors in principle, and destroys collected information without delay if identified as a minor.

① The Company destroys the personal information without delay when the personal information becomes unnecessary.

② Destruction Procedure: Inspect the personal information for destruction and destroy it with the approval of the protection manager.

③ Destruction Method: Electronic files are deleted so that they cannot be reproduced, and paper documents are shredded or incinerated.

The Company takes administrative (establishment of internal management plan), technical (access authority management, encryption), and physical (access control) measures to ensure the safety of personal information.

① Users must be careful not to include information that can identify individuals, such as other people's faces or vehicle numbers, in their posts.

② The Company may mask or delete information immediately upon discovery if there is a concern about infringement of third-party personal information.

Name: Kim Minseok (CTO)

Contact: cto@portzone.co.kr

You may apply for dispute resolution or consultation through the Personal Information Dispute Mediation Committee (1833-6972), Personal Information Infringement Report Center (118), etc.

This Privacy Policy applies from January 19, 2026. Changes will be notified from 7 days before enforcement (30 days before for unfavorable changes).