Rotonda Co Ltd. (hereinafter referred to as 'the Company') complies with the Personal Information Protection Act and other relevant laws to protect the freedom and rights of users of the Burrito Swap service. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company has established and disclosed the following personal information processing policy to guide users through the procedures and standards for processing personal information and to promptly and efficiently address related grievances.

Article 1 (Purpose of Processing Personal Information)

Since the Burrito Swap service utilizes a decentralized, non-custodial blockchain wallet owned by the user, it does not collect, use, store, or process the user's personal information due to the inherent characteristics of decentralized blockchain technology.

Article 2 (Processing and Retention Period of Personal Information)

The Burrito Swap service does not collect, use, store, or process the user's personal information.

Article 3 (Items of Personal Information Processed)

The Burrito Swap service does not collect, use, store, or process the user's personal information."

Article 4 (Procedures and Methods for Destroying Personal Information)

1. The Burrito Swap service does not collect, use, store, or process the user's personal information.
2. In the event that temporary processing of personal information, which was not intended or anticipated, occurs for the purpose of providing services, the personal information will be safely stored according to the law for the period consented to by the information subject or for the period mandated by law. Once these conditions are met, the information will be destroyed in a manner that prevents its recovery.
3. If unintended or unexpected processing of personal information occurs as described in Paragraph 2, and separate consent is obtained from the information subject, the information will be transferred to a separate database (DB) or stored in a different location once the retention period consented to has expired or the processing purpose has been achieved, unless the law requires continued preservation.
4. When it becomes necessary to destroy personal information, the destruction procedures and methods are as follows:
   1. When destroying personal information, the information to be destroyed will be selected based on the expiration of the retention period, achievement of the processing purpose, or other reasons for destruction. The destruction will be carried out following the procedure of system automatic deletion or approval from the personal information protection officer.
   2. The methods of destruction are as follows:
      • Personal information stored in electronic file format will be permanently deleted so that the records cannot be restored (if permanent deletion is extremely difficult due to technical characteristics, the personal information will be anonymized and measures will be taken to prevent restoration).
      • Personal information recorded or stored on paper documents and other recording media will be shredded or incinerated.

Article 5 (Measures to Ensure the Security of Personal Information)

The Burrito Swap service does not collect, use, store, or process users' personal information. However, to provide a smooth and secure service, the company has established and implemented policies that ensure security equivalent to personal information protection.

1. Administrative Measures
   • Establishment and Implementation of an Internal Management Plan: To securely process personal information, a personal information protection officer is designated, and an internal management plan is established and implemented.
   • Minimization and Training of Personal Information Handling Staff: The staff handling personal information is minimized and designated, and information protection training and inspections are conducted for these staff members.
2. Technical Measures
   • Technical Measures Against Hacking, etc.: To prevent users' personal information from being leaked or damaged by hacking or computer viruses, security programs are installed, and regular inspections and updates with the latest patches are conducted to manage security safely.
   • Management of Access Rights to Personal Information Processing Systems: Access control measures are established and operated through granting, changing, and deleting access rights to systems that process personal information. Unauthorized access from outside is controlled using an intrusion prevention system.
   • Encryption of Personal Information: Important personal information, such as user passwords, is stored and managed by applying secure encryption algorithms.
3. Physical Measures
   • Designation and Operation of Protected Areas: The company designates and manages places such as computer rooms that handle important information as protected areas.
   • Access Control for Unauthorized Persons: Access control procedures for protected areas are established and operated to prevent the leakage and damage of service-related information.

Article 6 (Rights and Obligations of Users and Legal Representatives and Methods of Exercise)

1. The Burrito Swap service does not collect, use, store, or process users' personal information. However, if temporary processing of personal information, which was not intended or anticipated, occurs for the purpose of providing services, users have the right to request access, correction, deletion, or suspension of processing of their personal information at any time. However, in accordance with relevant laws such as Article 35(4), Article 36(1), and Article 37(2) of the Personal Information Protection Act, the exercise of these rights may be restricted.
2. Users can exercise their rights via email, phone, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
3. The rights under Paragraph 1 can be exercised through the user's legal representative or an authorized agent. In this case, a power of attorney form in accordance with Form No. 11 of the "Public Notice on the Methods of Processing Personal Information (No. 2020-7)" must be submitted.
4. When requesting correction or deletion of personal information, if other laws specify that the personal information must be collected, the deletion cannot be requested.
5. The company verifies whether the person making the request for access, correction, deletion, or suspension of processing is the user themselves or a legitimate representative.

Article 7 (Personal Information Protection Officer and Request for Access to Personal Information)

1. The Burrito Swap service does not collect, use, store, or process users' personal information. However, to handle any grievances related to personal information that users might unexpectedly encounter, the company has designated a Personal Information Protection Officer as follows.
   • Personal Information Protection Officer
     Name: Kwan Soo Lee
     Phone Number : 02-6956-2504
     Email : kslee@burritowallet.com
2. Users may request access to their personal information in accordance with Article 35 of the Personal Information Protection Act by contacting the person in charge below. The company will strive to process these access requests promptly.
   • Customer Service Representative
     Name: Gwan Hee Lee
     Email: help@burritowallet.com
3. Users can direct all inquiries, complaints, and requests for damage relief related to personal information protection, arising from the use of the company's services, to the Personal Information Protection Officer and the Customer Service Representative. The company will respond to and handle users' inquiries.

Article 8 (Remedies for Infringement of Rights)

Although the Burrito Swap service does not collect, use, store, or process users' personal information, we guide users to apply for dispute resolution or consultation through the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., to remedy any unexpected personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following organizations:

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)

Article 9 (Changes to the Privacy Policy)

1. This privacy policy will be effective from June 21, 2024.
2. Previous privacy policies can be found at the top of the document.