Data Protection Policy

This policy sets out how Sinric (hereinafter, "the Company"), handles the personal data of its employees, customers, suppliers and other third parties.

This policy is intended to ensure that we:

• Comply with data protection law and follow good practice
• Protect the rights of team members, customers and partners
• Are transparent about how we store and process individuals’ data;
• Are protected from the risks of a data breach.

In this context, the Company regards proper management of the protection of personal data to be a fundamental element in its business activities.

The Company herein sets forth its Personal Data Protection Policy and, in addition to pledging to comply with laws and other norms pertaining to personal data protection, shall put in place its own rules and systems tailored to the Company's corporate philosophy and the nature of its business.

All executives and employees of the Company shall abide by the Personal Data Protection Management System (encompassing the Personal Data Protection Policy as well as in-house systems, rules and regulations for personal data protection) devised in accordance with the Personal Data Protection Policy, and shall make thoroughgoing efforts to protect personal data.

• Respect for Individuals and Their Personal Data
  The Company shall obtain personal data by appropriate methods. Except where provided by laws and regulations, etc., the Company uses personal data within the scope of the purposes of use specified. The Company shall not utilize an individual’s personal data beyond the scope necessary for the attainment of the said purposes of use, and shall take measures to ensure that this principal is observed. Except where provided by laws and regulations, the Company shall not provide personal data and personal identification data to a third party without prior consent from the individual.
• Personal Data Protection System
  The Company shall assign managers to oversee the protection and management of personal data and shall establish a Personal Data Protection System that clearly defines the roles and responsibilities of all Company personnel in protecting personal data.
• Safeguarding of Personal Data
  The Company shall implement and oversee all preventive and remedial measures necessary to prevent leakage, loss or damage of personal data in its possession.
  Should the processing of personal data be outsourced to a third party, the Company shall conclude an agreement with that third party requiring the protection of personal data and shall instruct and supervise the third party to ensure that the personal data is handled properly.
• Compliance with Laws, Government Guidelines and other Regulations on Personal Data Protection
  The Company shall comply with all laws, government guidelines and other regulations governing the protection of personal data.
• Complaints and Inquiries
  The Company shall establish a Personal Data Inquiry Desk to respond to complaints and inquiries on the handling of personal data and on the Personal Data Protection Management System, and this Desk shall respond to such complaints and inquiries in an appropriate and timely manner.
• Ongoing Improvement of Personal Data Protection Management System
  The Company shall continually review and improve its Personal Data Protection Management System in line with changes in its business operations as well as changes in the legal, social, and IT environments in which it conducts its business operations.

Jan 15, 2022