RAUV FILM (hereinafter referred to as the 'Company') establishes and discloses the following privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related complaints promptly and smoothly.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.

Website membership registration and management
Personal information is processed for the purposes of confirming membership registration intent, identity verification and authentication for membership services, maintaining and managing membership, preventing unauthorized use of services, and various notifications.
Provision of goods or services
Personal information is processed for the purposes of product delivery, service provision, sending contracts and invoices, content delivery, customized service provision, and identity verification.
Grievance handling
Personal information is processed for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding, and notifying of processing results.

Article 2 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the retention and use period prescribed by law or within the retention and use period agreed upon when collecting personal information from the data subject.

② The processing and retention periods for each type of personal information are as follows.

Website reservation posts and customer management: 4 years from the contract date
(Basis: Considering the nature of filming services, including requests for video re-editing, after-sales service, and complaint handling. Comprehensively takes into account the 3-year retention of consumer complaint/dispute records and 5-year retention of contract/payment records under the Act on Consumer Protection in Electronic Commerce.)
However, in the following cases, until the relevant reason ceases to exist:
1. If an investigation or inquiry due to a violation of relevant laws is ongoing, until the conclusion of such investigation or inquiry
2. If claims and obligations under the wedding filming contract remain, until such claims and obligations are settled
Service provision: Until service delivery and settlement are completed
However, in the following cases, until the relevant period expires:
1. Retention periods under the Act on Consumer Protection in Electronic Commerce, etc.
  - Records of display and advertising: 6 months
  - Records of contracts or subscription withdrawal, payment, and supply of goods: 5 years
  - Records of consumer complaints or dispute resolution: 3 years

Article 3 (Provision of Personal Information to Third Parties)

① The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases falling under Article 17 of the Personal Information Protection Act, such as consent of the data subject or special provisions of law.

② The Company provides personal information to the minimum extent necessary with the consent of the data subject in the following cases for smooth service provision.

Recipients of personal information: Leme Photography (wedding snap photography partnership)
Purpose of use by recipients: Partner company customer management and reservation management, grievance resolution
Personal information items provided: Names of the wedding couple (Groom, Bride), mobile phone numbers (Groom, Bride), email, name of the person making the reservation, wedding-related information (venue, date, time)
Retention and use period by recipients: Until grievance handling is completed after the provision of partner products

Article 4 (Delegation of Personal Information Processing)

① The Company delegates personal information processing as follows for smooth handling of personal information tasks.

Delegate (Processor)	Delegated Tasks
Vercel Inc.	Website hosting and server operation
Amazon Web Services (AWS)	Encrypted storage of personal information and database operation
KG Inicis Co., Ltd.	Identity verification processing

② When entering into delegation contracts, the Company specifies in contractual documents matters such as prohibition of processing personal information beyond the purpose of the delegated work, technical and administrative protective measures, restrictions on re-delegation, supervision and oversight of the delegate, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the delegate processes personal information safely.

③ If the content of the delegated work or the delegate changes, the Company will disclose such changes without delay through this privacy policy.

Article 5 (Rights of Data Subjects and Legal Representatives and Methods of Exercising Such Rights)

① Data subjects may exercise the following rights related to the protection of personal information against the Company at any time.

Request to access personal information
Request for correction in case of errors, etc.
Request for deletion
Request to suspend processing

② The exercise of rights under Paragraph 1 may be made through written documents, telephone, email, etc. to the Company, and the Company will take action without delay.

③ If a data subject requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.

④ The exercise of rights under Paragraph 1 may also be made through an agent such as a legal representative of the data subject or a person delegated by the data subject.

⑤ Data subjects must not infringe upon the personal information or privacy of themselves or others processed by the Company in violation of the Personal Information Protection Act and other relevant laws.

Article 6 (Personal Information Items Processed)

The Company processes the following personal information items.

Provision of goods or services
Required items: Name, mobile phone number, email, name of the person making the reservation, names of the wedding couple (Groom, Bride), home address (for USB delivery)
Identity verification
Required items: Encrypted user identification value (CI), duplicate subscription verification information (DI), name, gender, date of birth, mobile phone number, telecommunications carrier, domestic/foreign status

Article 7 (Destruction of Personal Information)

① The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.

② If personal information must continue to be retained under other laws despite the expiration of the retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information shall be moved to a separate database (DB) or stored in a different location.

③ The procedures and methods for destroying personal information are as follows.

Destruction procedure
The Company selects personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the Company's Personal Information Protection Officer.
Destruction method
The Company destroys personal information recorded and stored in electronic file format in a manner that prevents the records from being reproduced, and destroys personal information recorded and stored on paper documents by shredding or incineration.

Article 8 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
Physical measures: Access control to server rooms, data storage rooms, etc.

Article 9 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

① The Company uses 'cookies' that store and retrieve usage information to provide individually customized services to users.

② Cookies are small pieces of information sent by the server (HTTP) operating the website to the user's computer browser and may be stored on the hard disk of the user's PC.

③ Data subjects may allow or block cookies through web browser option settings.

▶ Allowing/blocking cookies in web browsers

Chrome: Browser settings > Privacy and security > Clear browsing data
Edge: Browser settings > Cookies and site permissions > Manage and delete cookies and site data

▶ Allowing/blocking cookies in mobile browsers

Chrome: Mobile browser settings > Privacy and security > Clear browsing data
Safari: Mobile device settings > Safari > Advanced > Block All Cookies
Samsung Internet: Mobile browser settings > Browsing history > Clear browsing data

④ The Company may analyze and use access frequency, visit times, service usage records, etc. to provide optimized customized services and benefits to users during the course of service use.

Article 10 (Personal Information Protection Officer)

① The Company designates the following Personal Information Protection Officer to oversee all matters related to personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing.

▶ Personal Information Protection Officer

Name: Son Se-han
Title: Chief Director
Contact: rauvfilm@naver.com
※ This connects to the Personal Information Protection department.

▶ Personal Information Protection Manager

Name: Son Se-han
Title: Chief Director
Contact: rauvfilm@naver.com

② Data subjects may direct all inquiries, complaints, and requests for remedy related to personal information protection arising from the use of the Company's services (or business) to the Personal Information Protection Officer and the responsible department. The Company will respond to and process data subjects' inquiries without delay.

Article 11 (Request to Access Personal Information)

Data subjects may submit requests to access personal information pursuant to Article 35 of the Personal Information Protection Act to the following person in charge.

▶ Person in charge of receiving and processing personal information access requests

Name: Son Se-han
Title: Chief Director
Contact: rauvfilm@naver.com

Article 12 (Methods for Remedy of Rights Infringement)

Data subjects may contact the following organizations for remedy, consultation, and other matters related to personal information infringement.

Personal Information Dispute Mediation Committee: (no area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
Korean National Police Agency: (no area code) 182 (ecrm.police.go.kr/minwon/main)

Article 13 (Methods of Personal Information Collection)

The Company collects personal information through the following methods.

Website reservation form (online form)
Automatic collection through identity verification services

Article 14 (Enforcement and Amendment of the Privacy Policy)

① This privacy policy is effective as of March 11, 2026.

② Change History

Enacted on April 15, 2024 / Revised and effective on March 11, 2026