In order to protect the freedom and rights of personal information subjects in connection with the “Solo Leveling : UNLIMITED” service, OTHERWORLD (hereinafter referred to as the “Company”) complies with the Personal Information Protection Act and related laws and regulations to legally process and safely manage personal information. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company has established and disclosed the following personal information processing policy to inform personal information subjects of the procedures and standards for processing personal information and to promptly and smoothly handle grievances in this regard.

The Company processes personal information for the following purposes. Personal information processed shall not be used for any purpose other than the following purposes, and in the event the purpose of use is changed, the Company intends to perform all necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 1.1 Subscription and Management of Members Confirming intent to subscribe as member of ‘SoloLeveling : UNLIMITED’, identifying and certifying identity in order to provide membership services, maintaining and managing membership qualifications, preventing unauthorized use of services, and providing various notices and notifications. 1.2 Provision of Goods or Services Providing ‘SoloLeveling : UNLIMITED’ services, providing content, and providing event information. 1.3 Provision of Event Information Providing information on various events and advertisements

2.1 The Company processes and retains personal information within the processing and retention period of personal information in accordance with the laws and regulations or the processing and retention period of personal information agreed upon when collecting personal information from users. 2.2 The processing and retention period for each personal information are as follows: 2.2.1 Membership registration and management: Until withdrawal from the business/organization website However, in the case of the following reasons, until the end of such reasons: 1) In the case of an ongoing investigation or inquiry for violation of relevant laws, until the end of the investigation or inquiry 2) In the event of any remaining creditor-debtor relationship resulting from the use of the website, it will continue until the settlement of the relevant creditor-debtor relationship. 2.2.2 Provision of goods or services: Until the completion of the provision of goods or services 2.2.3 Provision of Event Information: Until the end of the event 2.3 Notwithstanding Clause 2.2.2, the Company may process and retain personal information until the end of the relevant reason in the following cases. However, if the processing and retention period of personal information is different, the longest period shall apply. 2.3.1 In the case of the reasons stipulated by the relevant laws and regulations in each of the following, until the end of the relevant period: Classification: Login history Legal basis: Protection of Communications Secrets Act Retention period: 3 months 2.3.2 In the case of an ongoing investigation or inquiry for violation of related laws, until the end of such investigation or inquiry 2.3.3 In the case of an ongoing legal dispute procedure such as a lawsuit between the user and the Company, until the finalization of the procedure 2.4 The Company stores and manages the personal information of users who do not use it for a period of one year (one year) separately from the personal information of other users, except in cases where other laws stipulate a separate period or at the request of the user. However, no later than 30 days before the expiration of the period, the Company notifies the user of the fact that the personal information is stored and managed separately, the expiration date of the period, and the items of the personal information by e-mail.

3.1 The Company processes the personal information of users only within the scope specified in Article 1 (Purpose of Processing Personal Information) of the Privacy Policy, and provides personal information to third parties only in cases falling under Articles 17 (Provision of Personal Information) and 18 (Restriction on Use and Provision of Personal Information for Other Purposes) of the Personal Information Protection Act, such as the consent of the personal information subject, special provisions of the law, or unavoidable circumstance to comply with legal obligations. 3.2 The Company provides the following personal information to third parties with the prior consent of the user. The recipients are subject to change without notice depending on the nature of the affiliated service and the contract

4.1 The Company collects the following personal information items. 4.1.1 Subscription and Management of Members Required: Cryptoasset wallet address, email Retention & Use Period : Until membership withdrawal 4.1.2 Provision of Goods or Services Required: Cryptoasset wallet address, email Retention & Use Period : Until membership withdrawal 4.1.3 Provision of Event Information Optional: Email Retention & Use Period : Until membership withdrawal

5.1 The Company processes the personal information of the information subject only within the scope specified for the purpose of processing the personal information, and provides the personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the personal information subject or special provisions of the law, and otherwise does not provide the personal information of the personal information subject to any third party. 5.2 In order to provide a smooth service, the Company obtains the consent of the personal information subject in the following cases and provides it only to the minimum extent necessary. Recipient: Stibee Co., Ltd. Purpose of provision: Sending emails Item to be provided: Email address Retention & Use Period : Until membership withdrawal or termination of consignment contract 5.3 The Company may provide personal information to related organizations without the consent of the personal information subject in the event of an emergency situation such as a disaster, infectious disease, an incident or accident that poses an imminent danger to life or body, or an imminent loss of property.

6.1 The Company destroys personal information without delay when it becomes unnecessary, such as the expiration of the retention period of personal information or the achievement of the purpose of processing. 6.2 In the case of personal information that is obligated to be retained in accordance with laws and regulations even though the retention period of personal information has passed or the purpose of processing the information has been achieved, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location. 6.3 The procedures and methods for destroying personal information are as follows: 6.3.1 Destruction Procedure The Company selects the personal information of which the reason for destruction has occurred and destroys it with the approval of the personal information protection manager of the Company. 6.3.2 Destruction Method The Company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in hard copy by shredding or incinerating it.

7.1 The personal information subject may exercise the right to view, correct or delete personal information or suspend the processing thereof at any time against OTHERWORLD. ※ Requests for access to personal information about children under the age of 14 must be made directly by a legal representative, and personal information subjects who are minors over the age of 14 may exercise their rights in relation to the personal information of the personal information subject by himself/herself or through a legal representative 7.2 The exercise of rights may be made in writing, e-mail, facsimile transmission (FAX), etc. to OTHERWORLD in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and OTHERWORLD will take action without delay. 7.3 The exercise of rights may also be made through an agent, such as the legal representative of the personal information subject or a person who has been delegated. In this case, a power of attorney must be submitted in the form of Attachment No. 11 to the “Notice on Processing Method of Personal Information (No. 2020-7)”. 7.4 Requests for access to personal information and suspension of processing may restrict the rights of the personal information subject pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act. 7.5 Requests for correction or deletion of personal information cannot be made if the personal information is specified as the object of collection under other laws. 7.6 In the event of a request for access, correction or deletion of personal information, or suspension of processing thereof in accordance with the rights of the personal information subject, OTHERWORLD shall verify that the person making the request is the personal information subject or a legitimate representative.

The Company takes the following measures to ensure the safety of personal information: 8.1 Administrative measures: Minimization and training of personnel processing personal information The Company has established and implemented an internal management plan for the safe management of personal information processed by the Company. 8.2 Technical measures: Technical measures against hacking, etc. In order to prevent leakage and damage of personal information due to hacking or computer viruses, security programs are installed and periodically updated and inspected.

9.1 The Company uses ‘cookies’ that store and retrieve usage information from time to time to provide individually customized services to users. 9.2 A cookie is a small amount of information sent by the server (http) used to operate the website to the user’s computer browser and is also stored on the hard disk of the user’s PC computer. 9.2.1 Purpose of use of cookies: Cookies are used to identify the type of webpage visited and used by the user, whether or not the user has a secure connection, etc. 9.2.2 Installation, operation and rejection of cookies: The storage of cookies can be rejected the storage of cookies by setting the options in the Tools>Internet Options>Privacy Menu at the top of the web browser. 9.2.3 Rejection of cookies may cause difficulties in using the customized service.

10.1 The Company collects and uses behavioral information in the process of using the service to provide services customized and benefits optimized, online advertisements customized, etc. for the personal information subject. 10.2 The Company collects behavioral information as follows: - Items of behavioral information to be collected: User’s service usage records - Method of collecting behavioral information: Automatic collection when the user visits or runs the website - Purpose of collecting behavioral information: to provide personalized product recommendation services (including advertisements) based on the user’s interests and inclinations - Retention and use period of information and subsequent processing method thereof: Retention for up to one year and then destruction 10.3 The personal information subject may block or allow online customized advertisements in bulk by changing the cookie settings of the web browser. However, changing the cookie settings may affect the use of some services, such as automatic login to the website. Blocking/Allowing Personalized Ads via Web Browser 10.3.1 Microsoft Edge - In Edge, click the top-right “...” sign, then click Settings. - Click “Privacy, search, and services” on the left side of the settings page, then select whether and at what level you want to “Do Not Track” in the “Do Not Track” section. - Always select “Strict” in “Do Not Track” section when searching in InPrivate. - In the “Privacy” section below, select whether to “Send ‘Do Not Track’ requests” 10.3.2 Chrome - In Chrome, click the top right ‘⋮’ sign (customize and control chrome), then click Settings. - Click “Advanced” at the bottom of the Settings page, and then click Content settings in the “Privacy” section. - In the Cookies section, check the box for “Block third-party cookies and site data”. 10.4 The personal information subject may contact the following for inquiries regarding behavioral information, exercising the right of rejection, and filing a damage report.

11.1 The Company designates the person in charge of personal information protection as follows to take overall responsibility for the processing of personal information and to handle complaints and damage relief of personal information subjects related to the processing of personal information. Personal Information Protection Manager Name: Mike Position: CEO E-mail: privacy@otherworld.network ※ The department in charge of personal information protection will be connected. Personal Information Protection Department Department Name: Development team Person in charge: Freddie E-mail: privacy@otherworld.network 11.2 The personal information subject may contact the person and department in charge of personal information protection for all personal information protection-related inquiries, complaints, damage relief, etc. that occurred while using the Company’s services (or business). The Company will respond to and handle inquiries from the personal information subject without delay.

The personal information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following departments. The Company will endeavor to promptly process the personal information subject’s request for access to personal information. Personal Information Access Request Reception and Processing Department: Department Name: Development team Person in charge: Freddie E-mail: privacy@otherworld.network

13.1 The personal information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee orThe Korea Internet & Security Agency's Personal Information Infringement Report Center in order to receive relief due to personal information infringement. In addition, please contact the following organizations for other personal information infringement reports and consultations. 13.1.1 Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr) 13.1.2 Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr) 13.1.3 Supreme Prosecutors’ Office: (without area code) 1301 (www.spo.go.kr) 13.1.4 National Police Agency: (without area code) 182 (ecrm.cyber.go.kr) 13.2 OTHERWORLD endeavors to ensure the information subject's right to self-determination of personal information and to provide counseling and damage relief due to personal information infringement, and if you need to report or consult, please contact the personal information department. 13.3 A person whose rights or interests have been infringed by an action or omission made by the head of a public institution in response to a request pursuant to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act. Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

14.1 This Privacy Policy shall take effect as of <month> <day>, 2023 14.2 The previous Privacy Policy can be found below.