DAERYEOK

> 01. Governance and Framework

DAERYEOK CORPORATION is committed to safeguarding the security and privacy of all information under its control. Our practices comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). As a federal entity interfacing with government partners, we also adhere to the principles of the Canadian Privacy Act.

> 02. Information Collection

We collect information solely for the purposes of establishing business relationships, managing contracts, and fulfilling regulatory obligations, including security screenings required by the CSP and CGP. Collection is strictly limited to what is necessary for these purposes.

> 03. Device Fingerprinting

This website employs advanced device fingerprinting technology to identify and track all visitors. Browser characteristics, hardware configurations, and behavioral patterns are collected and stored. This data is used for security monitoring, fraud prevention, and incident attribution. All visitors are uniquely identified regardless of VPN, incognito mode, or cookie settings.

> 04. Data Security and Encryption

DAERYEOK employs robust security measures, incorporating Zero Trust Architecture (ZTA) principles and advanced encryption (at rest and in transit using FIPS-validated cryptography). All communications directed to DAERYEOK are logged and encrypted. We utilize physical, organizational, and technological safeguards commensurate with the sensitivity of the data.

> 05. Controlled and Classified Information

The handling of Controlled Unclassified Information (CUI), technical data subject to the Controlled Goods Program (CGP), and classified information is governed by specific security plans in accordance with federal and international requirements (e.g., ITAR). Access is strictly limited to authorized, security-cleared personnel on a need-to-know basis.

> 06. Disclosure and Retention

DAERYEOK does not disclose information except as necessary for the execution of a contract or as required by law. Information is retained only as long as required by legal and contractual obligations, followed by secure disposal. Visitor fingerprints are retained indefinitely for security purposes.