Chapter 1 General Provisions

Article 1 (Purpose)

1. This Terms of Use Agreement aims to set forth the rights and obligations, terms of use, and other responsibilities between YELLOW BALLOON CITY BUS Co., Ltd. (hereinafter referred to as the "Company"), and users (hereinafter referred to as "Users") who use the services (hereinafter referred to as the "Services") provided by the Company through the online site (hereinafter referred to as the "Website") and application (hereinafter referred to as the "Application").

Article 2 (Definition of Terms)

1. The definitions of terms used in this Agreement are as follows:
   1. "Website" refers to the real-time electronic commerce system provided by the Company for the transaction of goods or services and the website (www.seoulcitytourbus.co.kr) operated for that purpose, which may be added or modified according to the Company's policies.
   2. "Application" refers to a program that allows users to use the services provided by the Company on their mobile devices by downloading and installing it on their devices.
   3. "Use" refers to a member or non-member who uses the services provided by the Company in accordance with these regulations.
   4. "Member" refers to a person who provides personal information to the Company and is granted membership status, who can continuously receive information from the Company and use the services provided by the Company. Anyone aged 14 or over can join as a member.
   5. "Non-member" refers to a person who uses the information and services provided by the Company without joining as a member.
   6. "Buyer" refers to a person who has made a purchase as an individual or on behalf of organization among "members" or "non-members" who have expressed their intention to purchase goods, etc.
   7. "Seller" refers to a person who has entered into a service contract with the Company for the purpose of selling products through the intermediary sales service provided by the Company.
   8. "Personal information" refers to information that can identify a specific individual, such as name, date of birth, email address, and phone number.
   9. "ID" refers to the alphanumeric characters entered and set directly by a member for his/her identification and service utilization within the Company's system.
   10. "Password" refers to the combination of alphanumeric and special characters that a member directly enters and sets in the Company's system to confirm his/her legitimate access and protect the member's information and transaction history, etc.
   11. "Direct sale product" refers to products sold directly through the website and application of the Company (including headquarters and branches), which are not linked with other vendors.
   12. "Intermediary sale product" refers to products sold in linkage with other sellers (vendors) through the website and application of the Company (including headquarters and branches) by intermediating between the seller (vendor) and the buyer.
   13. "Discount coupon" refers to an online/mobile discount coupon exclusive to the Company, which allows a discount on the purchase price by the amount or percentage indicated on the coupon when purchasing a product. The type and content of the discount coupon may vary according to the Company's policies.
   14. "Customer review" refers to posts such as text, images, videos, and evaluation scores that express a comprehensive evaluation of a purchased product.
   15. "Identity verification" refers to confirming whether a member is the rightful owner through methods such as mobile phone authentication.
   16. "Business day" refers to a day excluding Saturdays, Sundays, and legal holidays, on which the Company has provided services normally.
2. The meanings of terms not defined in paragraph 1 shall be governed by relevant laws and general transaction practices.

Article 3 (Disclosure, Effect, and Amendment of the Agreement)

1. The Company shall post the contents of this Agreement on the website and application where the Company's services are provided, so that users can be informed.
2. The Company may amend this Agreement within the scope not violating related laws and regulations, such as the Act on the Regulation of Terms and Conditions, Framework Act on Electronic Documents and Transactions, Digital Signature Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, and Act on the Consumer Protection in Electronic Commerce, etc., in case of reasonable grounds arising.
3. When the Company amends this Agreement, it shall notify the users of the effective date (hereinafter referred to as the "Effective Date") and the reason for the amendment from seven (7) days prior to the effective date to the day before the effective date on the website and application. However, in case of changes that are disadvantageous to users or significant, the Company shall notify the users individually from thirty (30) days prior to the effective date via email, SMS, etc. If it is difficult to individually notify due to users' unregistered, changed, or incorrect contact information, the notice on the website and application shall be deemed as individual notification.
4. Agreeing to this Agreement means agreeing to regularly visit the website and application operated by the Company to check for amendments to the Agreement. The Company shall not be held responsible for any damages incurred by users due to their unawareness of the amended Agreement.
5. The following cases shall be considered as users' consent to the amended Agreement:
   1. When users do not express their opposition to the amended Agreement by appropriate means until before the effective date of the amended Agreement; or
   2. When users use the service without special expression of intent after the effective date of the amended Agreement.
6. If a member expresses opposition to the amended Agreement before the effective date of the amended Agreement, the Company cannot apply the content of the amended Agreement, and in this case, the member may request withdrawal (termination of the service contract).
7. Users must exercise due diligence regarding amendments to the Agreement, and the Company shall not be held responsible for damages incurred by users due to being unaware of the amended Agreement.

Article 4 (Supplementary Rules to the Agreement)

1. Matters not specified in this Agreement shall be governed by the provisions of relevant laws and regulations, such as the Framework Act on Electronic Documents and Transactions, Digital Signature Act, and Act on the Consumer Protection in Electronic Commerce, etc., and standard terms and conditions of domestic and international travels.
2. The Company may establish specific provisions to be applied to specific services (hereinafter referred to as "Individual Terms") if necessary and announce them through the website and application.
3. The Company may establish detailed policies related to the use of services (hereinafter referred to as "Use Policies") and announce them through the website, application, etc.
4. If there are changes in individual terms or use policies, the Company shall announce the relevant changes through the website and application 7 days before the effective date of the changes.
5. Users should always pay attention to whether there are any changes in the content of individual terms or usage policies, and if there is a notice of changes, they should check them.

Chapter 2 Members and Services

Article 5 (Overview and Amendment of Services)

1. The services provided by the Company to users are as follows:
   1. Sales services for Yellow Balloon City Bus products;
   2. Advertising and promotional services operated by the Company; and
   3. Other services designated by the Company.
2. The Company may, if necessary, add, adjust, or modify the content of the services in the preceding paragraph as deemed appropriate.

Article 6 (Service Period and Suspension)

1. The use of the service is available 24 hours a day, 365 days a year, in principle, unless there are special disruptions due to the Company's business or technical reasons.
2. The service period for members extends from the approval date of membership by the Company until the member's withdrawal or loss of qualification.
3. The Company may suspend or restrict the provision of services under the following circumstances:
   1. Inevitable cases due to maintenance or construction work on facilities;
   2. If a telecommunication service provider specified in the Telecommunications Business Act suspends telecommunication services;
   3. Situations where there is an obstacle to normal service use due to national emergencies, power outages, equipment failures, or overwhelming service use, etc.; and
   4. On the dates or times determined by the Company as necessary, such as when the provision of products becomes impossible.

Article 7 (Membership Registration)

1. Users may apply for membership registration by completing the membership registration form provided by the Company and agreeing to the mandatory terms (Terms of Use, Personal Information Collection and Use).
2. The Company may not approve or may withdraw or cancel approval for membership registration in the following cases:
   1. If failing to provide required membership information;
   2. If the applicant is under the age of 14;
   3. If the user has previously lost membership qualification under this Agreement;
   4. If there is impersonation of others or false, omitted, or incorrectly entered information in the registration details: or
   5. If approval is not possible due to the user's fault or if the application is made in violation of other regulations.
3. The time of establishment of membership registration is the time when the Company's approval is posted on the relevant service screen or reaches the applicant through email or other methods designated by the Company.
4. The Company may postpone approval if there is no spare capacity in the service-related facilities or if there are technical or business issues.
5. In addition to mandatory items for membership registration (ID(email) and password), the Company may request additional information (e.g., gender, date of birth, recommending ID). The applicant for membership registration may refuse to provide such additional information. Additional information will only be used to provide beneficial information to members.
6. Checking the consent box on the registration screen by the member shall be deemed as a legal consent to the regulations set by the Company.
7. All information entered in the membership registration application form is considered to be true, and any disadvantages arising from incorrect entries or failure to modify changed information will be borne by the member.
8. If the Company deems it necessary to refuse the use of the service by a membership applicant based on reasonable judgment, the Company may refuse the membership application.

Article 8 (Membership Withdrawal and Loss of Qualification)

1. Members may request withdrawal from membership through the method specified by the Company, and the Company shall process the withdrawal immediately upon receiving the request. However, if the purchase contract process of the member is not completed at the time of withdrawal processing, the Company will process the withdrawal after the purchase contract is completed.
2. The Company may restrict or suspend membership without prior notice or suspend service use for a specified period if a member engages in any of the following acts. If a member who performs actions corresponding to each subparagraph is a buyer, the Company may take measures such as canceling or terminating the purchase contract, and the member may be liable to compensate for any direct or indirect damages incurred by the Company in relation to this.
   1. Using someone else's membership information;
   2. Intentionally interfering with the operation of the service;
   3. Providing information that differs from actual information during registration;
   4. Intentionally disseminating content that violates public order and morals;
   5. Using the service for purposes that undermine national interests or social public interests;
   6. Damaging or causing harm to the reputation of the Company or a third party;
   7. Death;
   8. Failing to fulfill obligations pursuant to Article 20(Member's Obligations and Company's Measures in Case of Violation) of this Agreement;
   9. Failing to pay the price of goods purchased using the services of the Company or other debts incurred by the use of services by the due date; or
   10. If fraudulent or illegal acts, such as improperly obtaining economic benefits through coupons provided by the "Company" and unauthorized use of member accounts, are detected in the process.
3. The effective date of membership withdrawal or loss of qualification under the preceding paragraph shall be as follows:
   1. Date of membership withdrawal or notification of loss of membership qualification by the Company; or
   2. In case of loss of qualification due to death, the date of death
4. If the Company intends to restrict the use of services for a member under paragraph 2, the Company shall notify the member in accordance with this Agreement, specifying the reason, date, and other relevant matters. However, this shall not apply if the Company deems it necessary to urgently suspend the use.
5. A member who has received a notice of use restriction under the preceding paragraph may file an objection to the use restriction notice.
6. The Company may temporarily postpone the suspension of use during the confirmation period upon a member's objection request, and the result will be notified to the member.
7. If the reason for the member's suspension is resolved, the suspension will be lifted immediately.

Article 9 (Change/Management of Member Information)

1. Members can view, change, and modify their member information through the personal information modification function provided on the Company's website and application.
2. If there are any changes to the information provided during membership registration, members must make the necessary modifications within a reasonable period. However, the ID cannot be changed.
3. Members are responsible for any damages caused by negligence in managing their information, unauthorized use, or failure to change the information, and the Company shall not be liable for any such damages.

Article 10 (Notification to Members)

1. When notifying members, the Company may use the email address or mobile phone number provided by the member. In this case, members may be responsible for communication costs (including data charges) related to the notification, depending on their communication environment or fee structure, etc.
2. If the Company needs to notify a large number of unspecified users, it may substitute individual notifications by posting the notice on the initial screen of the website and application for not less than 7 days. However, individual notifications shall be provided for matters that have a significant impact on the member's transactions.
3. In cases of notification under the preceding paragraph, the prior posting period may be shortened or omitted due to unavoidable circumstances.

Article 11 (Discount Coupons)

1. The Company may provide discount coupons to members in accordance with the policies established by the Company.
2. Detailed policies regarding discount coupons shall be governed by the detailed regulations on discount coupons posted on the Company's website and application. The Company shall not be liable for any damages caused by failure to verify such policies.
3. Discount coupons may have different conditions such as applicable items, eligible purchase amounts, total discount limits, and acceptable payment methods, and the Company shall not be liable for any losses or damages incurred by the buyer due to failure to verify such conditions in advance.
4. Discount coupons cannot be used or received after the expiration date.
5. Unless otherwise specified by the Company, members cannot sell or transfer discount coupons to others. If a member violates this, the Company may immediately revoke the coupon (including its expiration) or claim compensation for any losses incurred by the Company, or take measures to restrict or terminate the member's membership.
6. If individual policies for each discount coupon are separately specified on the detailed page (including event pages), those policies shall take precedence.

Article 12 (Application for Purchase and Conclusion of Contract)

1. A purchase contract is concluded when a user applies to purchase a product in accordance with the sales conditions of the product and the Company expresses its acceptance.
2. The Company may refuse acceptance of the purchase application under the preceding paragraph if any of the following apply:
   1. If there is false, missing, or incorrect information in the application;
   2. If the purchase application does not comply with current laws or the Company's regulations; or
   3. If a minor purchases a product without the consent of their legal representative.
3. Users can cancel or request changes to the purchased product, and in such cases, a separate cancellation fee may apply.
4. The Company provides methods for users to pay the purchase price.
5. Users who enter into a purchase contract are solely responsible for the information they provide and any consequences arising from it in relation to payment.
6. If a user fails to make payment within a certain period after entering into a purchase contract, the Company may cancel the contract without the user's consent.
7. The Company takes measures to allow users to confirm the contents of the purchase contract and provides guidance on cancellation methods and procedures.
8. The Company may verify the following regarding the purchase contract and may suspend the transaction until confirmation is complete or cancel transactions that cannot be confirmed:
   1. Whether the user has legitimate authorization to use the payment method used for payment; or
   2. Whether the user meets the eligibility criteria for purchasing.

Article 13 (Payment Methods)

1. Users who purchase products sold on the Company's website and application can pay the purchase price using one of the following methods determined by the Company:
   1. Card payment (prepaid card, debit card, credit card, etc.);
   2. Bank transfer (online bank transfer, virtual account), or
   3. Other payment methods determined by the Company.

Article 14 (Delivery and Returns)

1. Unless otherwise agreed, the Company shall take necessary measures such as order production and packaging to deliver the product to the buyer within seven (7) days from the date the buyer placed the order. In this case, the Company shall take appropriate measures to allow the buyer to confirm the supply process and progress of the product. For services such as the operation of the Yellow Balloon City Bus, the Company shall take a series of measures to ensure that the service proceeds smoothly.
2. The Company shall specify the delivery method, the party responsible for the delivery cost, and the delivery period for the product purchased by the buyer. If the Company exceeds the agreed delivery period, it shall compensate the user for any damages incurred. However, this does not apply if the Company can prove there was no intent or negligence. For services such as the operation of Yellow Balloon City Bus, the Company shall provide separate documentation such as a reservation confirmation screen for reserved products so that the buyer can be informed about the purchase and use of the aforementioned product.
3. Buyers who apply for the return of a product must return the product immediately. If the buyer does not return the product to the Company, it is considered that the buyer has withdrawn the intention to return the product.
4. The costs incurred for the return of the product shall be borne by the party at fault for the return. (e.g., in the case of a simple change of mind, it is the buyer's responsibility, and in the case of a product defect, it is the responsibility of the Company or seller, etc.)
5. If the product requested for exchange by the buyer is out of stock and cannot be exchanged, the return procedure shall be followed for the return and refund of the product.
6. Products for which the use period designated by the buyer at the time of purchase has expired cannot be returned or exchanged.
7. If there are separate regulations on each product's detailed page, the policy on the detailed page of the product shall take precedence.

Article 15 (Notification of Receipt Confirmation, Change and Cancellation of Purchase Application)

1. If the Company receives a purchase application from a user, it shall send a receipt confirmation notification to the user. Upon receiving the receipt confirmation notification, if there is any discrepancy with his/her intention expressed, the user may immediately request changes or cancellation of the purchase application. The Company must promptly process according to the user's request if there is a request from the user before providing the service. However, if payment has already been made, it shall be subject to the provisions regarding withdrawal of subscription, etc., under Article 17.
2. Products for which the use period designated by the buyer at the time of purchase has expired cannot be canceled.
3. Cancellation is subject to a cancellation penalty, and the time of receipt of the cancellation request shall be based on the time received during business hours.
4. If there are separate regulations on each product's detailed page, the policy on the detailed page of the product shall take precedence.
5. Minors or their legal representatives may cancel a minor's purchase in accordance with the Civil Act, but if the minor deceives the Company into believing that there is legal representative's consent, the cancellation is restricted.

Article 16 (Refund)

1. If the Company cannot deliver or provide the product purchased by the user due to reasons such as stockout, it shall promptly notify the user of the reason and take necessary measures for refund within three (3) business days from the date of receiving the payment if the payment for the product has been received in advance.
2. Refund processing shall be done after the Company has received and confirmed the return of the product by the buyer.
3. Products for which the use period designated by the buyer at the time of purchase has expired cannot be refunded.
4. If there are separate regulations on each product's detailed page, the policy on the detailed page of the product shall take precedence.

Article 17 (Withdrawal of Subscription, etc.)

1. Buyers who have entered into a purchase contract with the Company may withdraw their subscription until the day of product use such as boarding after receiving the confirmation of receipt. However, additional cancellation penalties notified at the time of purchase may apply.
2. Buyers cannot withdraw their subscription in the following cases if they have received the product:
   1. If the product is lost or damaged due to the buyer's fault. (However, if the packaging is damaged to check the contents of the product, withdrawal of subscription is possible.);
   2. If part of the product is missing (e.g., gifts);
   3. If the value of the product has significantly decreased due to the buyer's use or partial consumption;
   4. If the value of the product has significantly decreased to the extent that it is difficult to resell due to the passage of time; or
   5. If the packaging of reproducible products has been damaged (e.g., books, CDs, maps, etc.)
3. In the cases of 2, 3, and 5 of Paragraph 2, if the Company did not clearly indicate to the consumer in advance, in an easily accessible place, that withdrawal of subscription is restricted or did not provide a sample product, etc., withdrawal of subscription by the buyer is not restricted.

Article 18 (Effects of Withdrawal of Subscription, etc.)

1. If the Company receives the returned product from the user, it shall refund the amount already received for the product within three (3) business days. In this case, if the Company delays the refund to the user, it shall pay the user delayed interest calculated by multiplying the delayed interest rate prescribed in Article 21-3 of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce for the delayed period.
2. When refunding the above amount, if the user paid for the product with a credit card or electronic currency, the Company shall promptly request the business operator that provided the payment method to suspend or cancel the payment of the product.
3. The user shall bear the cost of returning the received product in case of withdrawal of subscription, etc. The Company shall not claim a penalty or damages from the user for withdrawal of subscription, etc. However, if the withdrawal of subscription is due to the product being different from the labelled or advertised content or the contract being unfulfilled, the Company shall bear the cost of returning the product.
4. If the user has paid the shipping fee when receiving the product, the Company shall clearly indicate who bears the cost when withdrawing the subscription for the user to easily understand.

Chapter 3 Responsibilities and Obligations

Article 19 (Company's Obligations)

1. The Company shall not engage in any acts prohibited by laws and this Agreement, and shall make its best efforts to continuously and stably provide services in accordance with the provisions of this Agreement.
2. The Company shall not engage in unfair labeling or advertising acts as defined by the Act on Fair Labeling and Advertising for the products, etc. provided through the website and application.
3. The Company shall strive to maintain the order of e-commerce and provide high-quality services through fair and sound operation of the website and application, as well as continuous research and development.

Article 20 (Member's Obligations and Company's Measures in Case of Violation)

1. Members must comply with relevant laws, provisions stipulated by the Company, and cautionary notices or instructions provided, and must not engage in any acts that disrupt the Company's normal operations.
2. Members shall be responsible for managing their own IDs and passwords, and under no circumstances should they allow third parties to use their IDs and passwords. The Company shall not be liable for any damages incurred due to the leakage, transfer, or lending of IDs and passwords without the Company's fault.
3. If members become aware that their IDs and passwords have been stolen or used by a third party, they must immediately notify the Company and follow the Company's instructions if provided.
4. Members must truthfully and faithfully fill out the membership application based on the facts at the time of registration, and if there are any changes to the information provided, they must promptly update it based on the facts. Members shall be responsible for all problems arising from their failure to update their information despite changes.
5. Members must not copy, replicate, or modify the information acquired during the process of service use without the prior consent of the Company, nor should they use it for any other commercial purposes.
6. In addition to the actions mentioned in the preceding paragraph, members must not engage in the following acts:
   1. Defaming other members or third parties and damaging their reputation;
   2. Illegitimately using other members' accounts and personal information;
   3. Infringing upon the copyrights or other rights of third parties;
   4. Distributing content that violates public order and morals to others;
   5. Posting advertising content unrelated to the subject matter or content that is associated with crimes;
   6. Using coupons or other services for illegitimate purposes or methods; or
   7. Engaging in actions deemed to violate other relevant laws.
7. The Company may restrict the use of members who engage in any acts corresponding to this Article without prior notice.

Article 21 (Prohibited Acts)

1. Users must not engage in acts that disrupt the Company's operations, such as abnormal use of the services provided by the Company or unauthorized access to the Company's systems.
2. Users must not use the services provided by the Company by impersonating others or using someone else's name, card information, or account information.
3. If a user violates this Article, the Company may take measures such as canceling or terminating the purchase contract with the user, and the user shall be liable for compensating the Company for all direct or indirect damages incurred.

Article 22 (Ownership and Use of Intellectual Property Rights)

1. Intellectual property rights to works created by the Company belong to the Company.
2. Members must not reproduce, transmit, publish, distribute, broadcast, or otherwise use for profit or provide to a third party, without the prior consent of the Company, any information obtained through the website and application for which intellectual property rights belong to the Company.
3. Users may post content such as customer reviews, photos, articles, information, (audio)visuals, opinions, or suggestions about the Company (hereinafter referred to "Posts") on the Company's service, and the intellectual property rights, including copyrights, to such posts shall remain with the user.
4. When users post posts on the Company's service, they grant the Company a license to use, store, modify, reproduce, publicly transmit, display, distribute, and otherwise use the posts within the scope necessary for exposing the posts in the Company's services. In some services, users may be provided with methods to access, modify, or delete provided content. Additionally, users may request limitations on the Company's use of provided content in some services.
5. Even if a user terminates the service contract, posts that have been stored, cached, or otherwise reproduced by third parties, combined with other users' posts, or registered on public bulletin boards will not be deleted.
6. The Company may delete or take temporary measures regarding posts posted or registered by users if it is deemed to fall under any of the following without prior notice, and the Company shall not be liable for any consequences. However, the Company is not obligated to review all posts, and if a user's rights are infringed upon by another user, they may request assistance with suspending the post through customer service.
   1. Content that defames other users or third parties or damages their reputation;
   2. Distributing or linking to content that violates public order or morality;
   3. Content that promotes illegal replication or hacking;
   4. Posting commercial advertisements or promotional content without prior approval from the Company;
   5. Soliciting monetary transactions between individuals;
   6. Content deemed to be associated with criminal activities;
   7. Content that infringes upon the Company's copyrights, third-party copyrights, or other rights;
   8. Content created by unauthorized use of another person's account information, name, etc., or content that unauthorizedly alters information entered by another person;
   9. Content expressing personal political judgments or religious beliefs that the Company deems unsuitable for the nature of the service;
   10. Content that goes against the purpose of posting, such as posting multiple copies of identical content; or
   11. Content that violates the posting principles established by the Company or does not match the nature of the location where the content is posted; or
   12. Other content deemed to violate related laws and regulations.

Article 23 (Changes, Collection, and Protection of Personal Information)

1. When collecting information from users, the Company only collects the minimum necessary information required for providing the service and fulfilling the contract.
2. The Company may collect and use additional information or provide it to third parties in accordance with the procedures prescribed by relevant laws related to personal information protection, in addition to the information directly provided by users in the process of using the service. In this case, the Company obtains necessary consent from the member according to relevant laws or complies with procedures prescribed by relevant laws. The responsibility lies with users to check the privacy policies of linked sites and third parties providing services for the processing of personal information, and the Company does not bear responsibility for this.
3. The Company makes efforts to protect the user's personal information in accordance with relevant laws, establishes policies for protecting personal information, and designates and announces a personal information protection manager.
4. The protection of the user's personal information follows the provisions of relevant laws and the personal information processing policy set by the Company.

Article 24 (Intermediary Service for Online Sales)

1. The Company operates and manages a system for facilitating transactions of goods between buyers and sellers as an intermediary for online sales, but does not represent buyers or sellers. The responsibility for transactions established between users and the responsibility for information provided by buyers are directly borne by the respective buyers.
2. The Company does not guarantee the existence or authenticity of sales or purchase intentions, the quality, completeness, stability, legality, non-infringement of rights of third parties of registered products, or the truthfulness or legality of information provided by buyers or sellers, including information linked URLs, in transactions between buyers and sellers through the website and application. However, if a registered product violates laws or clearly infringes on copyrights, or if a claimant alleges infringement and requests suspension or prevention of such infringement, the Company may delete, modify, or not display the relevant product until the dispute between the parties is resolved and the rights are clarified.
3. The Company develops and provides tools to enhance the safety and reliability of transactions between buyers and sellers. However, in the case of directly sold products by the Company, the Company assumes the position of the seller in relation to the buyer.

Article 25 (Relationship between Linking Company and Linked Company)

1. When a higher-level company and a lower-level company are connected through hyperlink methods (e.g., hyperlinks may include text, images, and animated images), the former is referred to as the linking company (website), and the latter is referred to as the linked company (website).
2. If the linking company explicitly states on its initial screen or at the time of linking that it does not guarantee transactions conducted by users for products independently provided by the linked company, it shall not be responsible for those transactions.

Article 26 (Disclaimer)

1. The Company shall be exempted from liability for providing services in the event of force majeure or circumstances equivalent to force majeure that prevent the provision of services.
2. The Company shall not be liable for service interruptions caused by users' faults.
3. The Company shall not be liable for any loss of expected profits incurred by members through the use of the service, nor shall it be liable for any damages resulting from materials obtained through the service.
4. The Company shall not be responsible for the accuracy or contents of the postings (reviews, etc.) posted by users.
5. The Company shall not be obligated to intervene in disputes between users or between users and third parties arising from the service, nor shall it be liable for any resulting damages.
6. Products sold through intermediary service are managed and operated under the responsibility of the seller, and the Company shall be exempt from any responsibility for defects or deficiencies in the products, excluding issues related to service operation as a mediator in e-commerce transactions. The responsibility for transactions established between buyers and sellers and related matters shall be directly borne by the seller and the buyer.
7. The Company shall not be obligated to monitor the contents and quality of goods or services advertised by third parties through the service screens or linked websites, nor shall it be liable for any consequences thereof.
8. The Company shall not be liable for damages arising from the following unless there is intentional or gross negligence on the part of the Company, its employees, or its agents:
   1. Damages arising from false or inaccurate user information;
   2. Personal damages incurred during access to or use of the service;
   3. Damages arising from illegal access to servers or illegal use of servers by third parties;
   4. Damages resulting from any illegal interference or disruption by third parties in transmission to or from the server;
   5. Damages caused by any viruses, spyware, and other malicious programs illegally transmitted, distributed, or made to be transmitted or distributed through the service by third parties;
   6. Damages due to errors, omissions, or destruction of transmitted data; or
   7. Various civil and criminal liabilities arising from defamation and other illegal activities occurring during the registration of member status information among members and the use of services by members.
9. If the characteristics of a product or the refund policy of the product provider take precedence over the Company's cancellation and refund policy, resulting in compensation different from the above 'consumer dispute resolution standards,' the Company shall not be held responsible for any such discrepancy.

Article 27 (Dispute Resolution)

1. The Company establishes and operates a compensation mechanism to reflect legitimate opinions or complaints raised by users and to compensate for damages.
2. The Company prioritizes the handling of complaints and opinions submitted by users. However, if prompt processing is difficult, the company immediately informs the user of the reasons and processing schedule.
3. In the event of an e-commerce dispute between the Company and a user, the Company may follow the mediation of a dispute mediation agency commissioned by the Fair Trade Commission or the mayor/governor.

Article 28 (Jurisdiction and Governing Law)

1. Matters not provided for in the regulations established by the Company or interpretations thereof shall be governed by relevant laws and commercial practices.
2. Any disputes related to regulations established by the Company shall be subject to the exclusive jurisdiction of the local court having jurisdiction over the address of the user at the time of filing, and if there is no address, the court having jurisdiction over the residence. However, if the address or residence of the user is not clear at the time of filing or in the case of foreign residents, the dispute shall be brought to the competent court under the Civil Procedure Act. Korean law shall apply to such litigation.

[Supplementary Provision]

This Terms of Use Agreement shall be effective from March 26, 2024.

YELLOW BALLOON CITY BUS Co., Ltd. (hereinafter referred to as the "Company") complies with the 「Personal Information Protection Act」 and related laws and regulations to protect the freedom and rights of data subjects, lawfully processing and securely managing personal information. In accordance with Article 30 of the 「Personal Information Protection Act」, the Company hereby establishes and discloses the privacy policy to guide data subjects on the procedures and standards for personal information processing and to promptly and smoothly handle related complaints.

This privacy policy will be effective from March 26, 2024.

Article 1 (Purpose and Items of Personal Information Collection and Use)

1. The Company processes personal information for the following purposes. The personal information processed will not be used for purposes other than the following, and if the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」.
   1. Website Membership Registration

      Purpose and Items of Personal Information Collection and Use

      Service	Purpose of Collection and Use	Items of Collection and Use
      Registration via email	Website membership registration and management, duplicate registration checking, membership service provision	Required	Identity verification information (CI, mobile phone number, date of birth), ID (e-mail), password, name (Korean/English), mobile phone number, date of birth, gender
      Registration via SNS account	User identification, statistics, account linkage, and CS support	Required	Naver User ID, e-mail Kakao Identity verification information (encrypted CI, name, date of birth, mobile phone number, gender), age group, membership number, Kakao account (e-mail) Apple Apple ID (email), name If the user agrees, the information will be provided by SNS.

   2. Product Consultation, Reservation, and Service Provision

      Purpose and Items of Personal Information Collection and Use

      Service	Purpose of Collection and Use	Items of Collection and Use
      Reservation of Yellow Balloon City Bus products	Consultation and reservation of Yellow Balloon City Bus products, customer management	Required	Name, mobile phone number, password, e-mail (for multilingual services)
      Payment / Settlement / Refund	Payment, settlement, and refund of Yellow Balloon City Bus products	Required	Name (Korean), date of birth, card information (card number, expiration date, first 2 digits of password) Required items to be collected additionally for each service - when requesting a refund: Bank name, account number, account holder
      Cash receipt	Issuance of cash receipts	Required	- For income deduction: mobile phone number, cash receipt card number - For proof of expenditure: mobile phone number, business registration number

   3. Others

      Purpose and Items of Personal Information Collection and Use

      Service	Purpose of collection and use	Items of Collection and Use
      Reservation confirmation for non-members	Product reservation inquiry by non-members	Required	Name (Korean/English), mobile phone number, password, e-mail (for multilingual services)
      Customized service & marketing	Utilization of marketing (analysis of service use, provision of personalized product/service benefit information, transmission of advertising information such as promotions and events)	Optional	Name, date of birth, gender, e-mail, mobile phone number, home phone, home address, occupation, marital status, wedding anniversary, country
      Automatically collected and generated information according to the use of the service	Identity verification and service use statistics, prevention of fraudulent use, provision of customized service and marketing information	Auto-generation	Access IP information, cookies, access logs, mobile device information (operating system and version, device identification information), payment records
      Privacy Request for Correction/Access/Deletion	Identity verification of the principal and agent	Required	ID (e-mail), name, mobile phone number, copy of ID card (resident registration number masking) Required items to be collected additionally -when applying for an agent: Power of attorney, certificate of relationship (certificate of family relationship, certificate of death)

Article 2 (Processing and Retention Period of Personal Information)

1. The Company processes and retains personal information within the period of retention and use of personal information as required by law or agreed upon when collecting personal information from the data subject.
2. The processing and retention periods for each category of personal information are as follows:
   1. Website membership registration: to be retained until completion of membership withdrawal (However, optional information will be retained until withdrawal of consent for receiving communications and completion of membership withdrawal).
   2. Product consultation and reservation: to be retained until the provision of service and according to retention periods required by relevant laws and regulations.
   3. Provision of product services: to be retained up to 5 years.

      Processing and Retention Period of Personal Information

      Basis for Retention (applicable law)	Items of Retention	Retention Period
      Act on the Consumer Protection in Electronic Commerce, etc.	Records on withdrawal of contract or subscription, etc.	5 years
      	Records on payment and supply of goods, etc.	5 years
      	Records of consumer complaints or dispute settlement	3 years
      	Records on labelling & advertisements	6 months

   4. Quotation inquiry: to be retained for 3 months after processing completion.
   5. Satisfaction survey: to be retained for 2 months after survey completion (However, in the case of a member, to be retained until completion of membership withdrawal).
   6. Satisfaction survey prize draw: to be destroyed immediately after winner selection (However, winner information will be retained for a maximum of 1 year).
   7. Customized service and marketing: to be retained until withdrawal of consent for receiving communications and completion of membership withdrawal.
   8. Application for correction/access/deletion of personal information: to be retained for 3 years from the application date.
   9. Computer communication, internet log records, access location tracking data: to be retained for 3 months (based on the Protection of Communications Secrets Act).
3. However, in the following cases, the information shall be retained until the end of the relevant reason:
   1. In case of investigation or inquiry due to violation of related laws and regulations: to be retained until the end of the investigation or inquiry.
   2. In case of remaining rights and obligations related to service use: to be retained until settlement of relevant rights and obligations.
   3. In case of provision of goods or services: to be retained until completion of supply of goods or services and payment settlement.

Article 3 (Provision of Personal Information to Third Parties)

1. The Company processes the personal information of the data subject within the scope specified for the purpose of processing personal information, and provides personal information to third parties only within the scope specified in Articles 17 and 18 of the 「Personal Information Protection Act」, such as consent of the data subject or special provisions of the law.
2. The Company may provide personal information to business partners for smooth service provision, obtaining consent from the data subject and providing only the necessary minimum information.

   Provision of Personal Information to Third Parties

   Recipient	Purpose of Use	Items Provided	Period of Retention and Use	Cross-border transfer or not	Grounds
   Naver	Reservation confirmation and accumulation of event points	Naver user's unique identifier, last 4 digits of mobile phone number, product reservation information	Until the purpose of use is achieved.	Cross-border transfers	Consent of the data subject
   Kakao	Reservation confirmation and cancellation, information on event, etc.	Mobile phone number	Until the purpose of use is achieved.	Cross-border transfers

3. In the event of emergencies such as disasters, infectious diseases, incidents or accidents causing urgent life or bodily risks, urgent property losses, etc., the Company may provide personal information to relevant agencies without the consent of the data subject.

   Provide personal information in the event of an emergency

   Category	Legal Basis	Recipient	Items Provided
   Disaster response	Disaster Safety Act	Central Countermeasures Headquarters or Regional Countermeasures Headquarters	Name, resident registration number, address and telephone number (including mobile phone number) The following information for identification of travel routes and search and rescue a. Information collected through CCTV; b. Specification of use of transportation cards; c. Date and time of use of credit cards, debit cards, and prepaid cards, and places of use; and d. The name and phone number of the medical institution on the prescription, and the date and time of the consultation on the medical record
   Prevention and control of infectious diseases	Infectious Diseases Control and Prevention Act	Korea Disease Control and Prevention Agency or cities and provinces nationwide	Name, resident registration number, address, and telephone number (including mobile phone number) Prescriptions and medical records in accordance with the 「Medical Care Act」 Immigration records for the period determined by the Commissioner of the Korea Disease Control and Prevention Agency The following information for identification of travel routes a. Specifications of use of credit cards, debit cards, and prepaid cards in accordance with the 「Specialized Credit Finance Business Act」; b. Specifications for the use of transportation cards in accordance with the 「Act on the Support and Promotion of Use of Public Transportation」; and c. Image information collected through other image information processing devices in accordance with the 「Personal Information Protection Act」
   Protecting people at risk of suicide	Act on the Prevention of Suicide and the Creation of Culture of Respect for Life	Police Stations Coast Guard Fire Stations	Name, resident registration number (date of birth if there is no resident registration number), address and telephone number (including mobile phone number), ID, e-mail address, and personal location information of the person receiving emergency assistance, etc.
   Processing of personal information of persons involved in crimes such as abduction and confinement	Personal Information Protection Act	Police Stations	CCTV and other video information

4. In such cases, the Company will provide only the minimum necessary personal information based on applicable laws and regulations, and will not provide information for purposes other than those specified.

Article 4 (Entrustment of Processing of Personal Information)

1. The Company entrusts personal information processing work for smooth operation as follows:

   Entrustment of Processing of Personal Information

   Entrusted Agency	Entrusted Work	Period of Retention and Use
   KG INICIS Co., Ltd.	Payment processing services, identity verification services	Until withdrawal of membership and termination of the entrustment contract
   Toss Payments Co., Ltd.	Payment processing services
   Kakao Enterprise Corp.	Smart message service (KakaoTalk, Alert Talk/Friend Talk, SMS/LMS/MMS delivery)
   NINETREE Co., Ltd.	Website operation and maintenance

2. When entering into entrustment contracts, the Company specifies in documents such as contracts the prohibition of personal information processing beyond the purpose of entrustment, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of entrusted agencies, and liabilities including compensation for damages, and supervises whether the entrusted agencies handle personal information safely according to Article 26 of the 「Personal Information Protection Act」.
3. In case of changes in the content of entrusted work or agencies, the Company will promptly disclose it through this privacy policy.

Article 5 (Transfer of Personal Information Overseas)

For the purpose of service provision and convenient service use by users, the Company transmits or manages users' information overseas as follows. If you wish to refuse the transfer of personal information overseas during the use of the service, please contact the responsible department at tbus@ybtour.co.kr. However, refusal to transfer overseas may result in service restrictions.

The details of the Company's transfer of personal information overseas are as follows:
AWS only performs the physical management of the server and does not have access to the personal information of users.

Article 6 (Procedure and Method of Personal Information Destruction)

1. The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period or the achievement of the processing purpose, etc.
2. If personal information must be retained according to other laws despite the expiration of the agreed-upon retention period from the data subject or the achievement of the processing purpose, the Company transfers the personal information to a separate database(DB) or retains it in a different location.
3. The procedure and method of personal information destruction are as follows:
   1. Destruction Procedure: The Company selects personal information for destruction when the reason for destruction arises and obtains approval from the Company's data protection officer to proceed with the destruction.
   2. Destruction Method: Personal information recorded or stored in electronic file format is irreversibly destroyed to prevent retrieval, while personal information recorded or stored on paper documents is shredded or incinerated.

Article 7 (Rights and Obligations of Information Subjects and Legal Representatives, and Methods of Exercising Rights)

1. Data subjects have the right to request access, correction, deletion, or suspension of processing of their personal information from the Company at any time.
2. Rights can be exercised by written request, electronic mail, facsimile transmission (FAX), etc., to the Company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly take action.
3. Rights may also be exercised through legal representatives or delegated agents of the data subject. In such cases, a power of attorney according to Annexed Form No. 11 of the "Guidelines for Personal Information Processing Methods" must be submitted.
4. The right of the data subject to request access and suspension of processing their personal information may be restricted according to Article 35(4) and Article 37(2) of the 「Personal Information Protection Act」.
5. Requests for correction and deletion of personal information cannot be made if the collection of such information is explicitly specified by other laws.
6. The Company verifies whether the requester of access, correction, deletion, or suspension of processing of personal information is the data subject or a legitimate representative.
7. Membership registration is only available to those aged 14 and above, and personal information of children under 14, who require the consent of a legal representative for the collection and use of personal information, is not collected, in principle.

Article 8 (Measures for Ensuring the Security of Personal Information)

1. The Company takes the following measures to ensure the security of personal information:
   1. Administrative Measures
      a. The Company designates specific employees to handle personal information and implements measures to manage personal information by restricting access to authorized personnel.
      b. Regular education on personal information protection is provided to personnel handling personal information.
      c. Internal management plans are established and implemented to ensure the secure handling of personal information.
   2. Technical Measures
      a. Personal information and passwords of users are encrypted for storage and management, ensuring that only the individual can access them. Important data is encrypted or locked using separate security features for files and transmitted data..
      b. Access records to personal information processing systems are stored and managed for a minimum of 2 years.
      c. Necessary measures are taken to control access to personal information by granting, modifying, and revoking access rights to databases handling personal information. Additionally, unauthorized access from external sources is controlled through the use of intrusion prevention systems.
      d. Security programs are installed, regularly updated, and checked to prevent leakage or damage of personal information due to hacking or computer viruses. Systems are installed in restricted access areas and technically/physically monitored and blocked from external access.
   3. Physical Measures
      a. Documents and auxiliary storage media, etc. containing personal information are stored in secure locations with locking devices.
      b. Separate physical storage locations for personal information are established and access controls are established and operated for them.
2. The company implements activities beyond what is stipulated by law, such as self-regulatory activities (regular improvement activities through voluntary inspections of personal information protection using the Personal Information Protection Portal), to ensure the security of personal information.

Article 9 (Installation, Operation, and Refusal Method of Automatic Personal Information Collection Devices)

1. The Company uses 'cookies' to store and retrieve usage information periodically to provide personalized services to users.
2. Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard drive.
   1. Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's PC hard drive.
   2. Users have the option to install, operate, or refuse cookies and can reject all cookie storage by configuring their web browser options.
      a. Internet Explorer: Top right of the web browser > Internet Options > Privacy > Advanced > Cookie Blocking Settings
      b. Microsoft Edge: Top right of the web browser > Settings > Cookies and Site Permissions > Select level under "Cookies and Stored Data"
      c. Chrome: Top right of the web browser > Settings > Privacy and Security > Cookies and Other Site Data > Select level under the "Cookies" section
   3. Refusing cookie storage may cause difficulties in using customized services and may affect the use of some services such as automatic website login.

Article 10 (Collection, Use, and Rejection of Behavioral Information)

1. The Company collects and utilizes behavioral information during the service usage process to provide optimized personalized services, benefits, and online customized advertisements to the data subjects.
2. The Company collects behavioral information as follows:

   Collection, Use, and Rejection of Behavioral Information

   Collection Methods	Purpose of Collection and Use	Items to be collected	Period of Retention and Use
   Automatically collected when users visit the website	Usage statistics and analysis, Provision of personalized product recommendation services (including advertisements) based on users' interests and tendencies	User's website visit history, service use history, search history, purchase (payment) history, advertising identifier	To be stored for 6 months from the date of collection

3. The Company only collects the minimum necessary behavioral information required for customized online advertisements. It does not collect sensitive behavioral information that may clearly infringe upon an individual's rights, interests, or privacy, such as thoughts, beliefs, family and kinship relationships, education, medical history, or other social activity records.
4. The Company does not collect behavioral information for personalized advertising purposes from online services with users known to be under 14 years of age or from online services primarily used by children under 14 years of age. Personal information of children under 14 is not collected as a general principle.
5. Data subjects can block or allow customized online advertisements all at once by changing cookie settings in web browsers. However, changing cookie settings may affect the use of some services such as automatic website login.

   Blocking/Allowing Customized Advertisements via Web Browser
   a. Internet Explorer: Top right of the web browser > Internet Options > Privacy > Advanced > Select Cookie Blocking or Allowing
   b. Microsoft Edge: Top right of the web browser > Settings > Privacy, Search, and Services > "Tracking prevention" section > Select whether to block and the level of “Tracking Prevention” Choose whether to always use "Strict" tracking prevention when searching with InPrivate > "Privacy" section > Choose whether to send "Do Not Track" requests.
   c. Chrome: Top right of the web browser > Settings > Privacy and Security > Cookies and Other Site Data > "Cookies" section > Choose whether to block third-party cookies and site data

6. Data subjects can contact the following contact point for inquiries, exercising the right to reject, filing complaints related to behavioral information.
   • Personal Information Protection Department

     Department

     Operations Team

     Contact

     (Phone) +82-2-2263-9002 / (Email) tbus@ybtour.co.kr

Article 11 (Linked Sites)

1. The Company may provide links to websites or materials of other companies to users. In this case, the Company does not have any control over external sites and materials, so it does not take responsibility for the truthfulness, usefulness, etc., of services or materials provided on the external websites, nor does it provide any guarantees.
2. The Company's personal information processing policy does not apply to linked sites other than the Company's official site. When clicking on links contained on the Company's website to navigate pages of other companies' websites, users should verify the policies of the visited sites.

Article 12 (Rights and Obligations of Users)

1. Users have the right to have their personal information protected and bear the obligation to refrain from infringing upon the information of others, such as through posts, as well as protect their own personal information. If users fail to fulfill their obligations and damages the information of others, they may be subject to punishment under the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.」.
2. The Company shall not be held responsible for issues arising from the user's negligence, such as sharing their ID and password or leaving their account logged in unattended. It is recommended that users securely manage their IDs and passwords and regularly change their passwords to protect their personal information.
3. Users are responsible for maintaining their personal information up to date, and any issues arising from incorrect information input are the responsibility of the user. If false information is used, such as unauthorized use of others' information, users may lose their membership status, face service restrictions, and be subject to punishment under relevant laws.

Article 13 (Personal Information Protection Manager and Request for Access to Personal Information)

1. The Company appoints a personal information protection manager who is responsible for overseeing personal information processing and handling complaints and remedies related to personal information processing.

   Personal Information Protection Manager

   Category	Name	Contact
   Personal Information Protection Manager	Job Title : General Manager Name : Hong Joon-pyo	Phone: +82-2-2263-9002 Email address: tbus@ybtour.co.kr

2. Data subjects may request access to their personal information through the personal information protection manager in accordance with Article 35 of the 「Personal Information Protection Act」. The Company will strive to promptly process data subject's requests for access to personal information.
3. Data subjects may inquire about all matters related to personal information protection, complaint handling, and damage relief arising from the use of the Company's services through the personal information protection manager. The Company will promptly respond to and handle data subject's inquiries.

Article 14 (Remedies for Violation of Data Subject's Rights)

1. Data subjects may seek remedy for personal information infringement by applying for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency, etc. For other reports or inquiries regarding personal information infringement, please contact the following institutions:
   1. Personal Information Dispute Mediation Committee: +82-1833-6972 (www.kopico.go.kr)
   2. Personal Information Infringement Reporting Center: +82-118 (privacy.kisa.or.kr)
   3. Supreme Prosecutors' Office: +82-1301 (www.spo.go.kr)
   4. National Police Agency: +82-182 (ecrm.cyber.go.kr)
2. The company ensures the data subject's right to self-determination of personal information and strives to provide consultation and remedy for personal information breaches. If reporting or consultation is necessary, please contact the responsible department below:
   • Customer Counseling and Reporting for Personal Information Protection

     Department

     Operations Team / General Manager: Hong Joon-pyo

     Contact

     (Phone) +82-2-2263-9002 / (Email) tbus@ybtour.co.kr

3. In accordance with the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the 「Personal Information Protection Act」, individuals who have suffered infringement of rights or interests caused by disposition or omission of public power by a public authority may file administrative appeals in accordance with the Administrative Appeals Act.

   Central Administrative Appeals Commission: +82-110 (www.simpan.go.kr)

Article 15 (Operation and Management of Video Information Processing Devices)

The Company operates and manages video information processing devices for the purpose of facility safety, fire prevention, crime prevention, and prevention of vehicle theft and damage in accordance with Article 25(1) of the 「Personal Information Protection Act」. For more details, please refer to the "Policy for Operation and Management of Video Information Processing Devices."

Article 16 (Changes to Privacy Policy)

1. In the event that the Company changes this Privacy Policy, it will specify the reason for the change and the effective date, and notify users on the service screen before the effective date. However, if there are significant changes affecting the rights or obligations of users, it will be notified through the "Notice" section on the website or mobile app.
2. This Privacy Policy shall be effective from March 26, 2024.