Privacy Policy

1. The Company discloses this Policy through the Company's homepage first screen or a screen connected to the first screen so that users can easily check this Policy at any time.

2. When disclosing this Policy in accordance with Paragraph 1, the Company utilizes font size, color, etc. to make it easy for users to check this Policy.

The Company collects the following information for user membership registration for the Company's services.

2. When the Company revises this Policy in accordance with Paragraph 1, it shall notify through one or more of the following methods.

• Notification through the notice section on the first screen of the internet homepage operated by the Company or through a separate window
• Notification to users by means of written document, facsimile transmission, electronic mail, or similar methods
• The Company shall notify at least 7 days prior to the effective date of the revision of this Policy. However, in case of significant changes to user rights, it shall notify at least 30 days in advance.

The Company collects the following information for user membership registration for the Company's services.

• Required information: Email address, password, name, nickname, date of birth, and mobile phone number

The Company collects the following information for user identity verification.

• Required information: Mobile phone number, email address, name, date of birth, gender, personal identification values (CI, DI), mobile carrier, i-PIN information (when i-PIN is verified), and whether the person is a Korean national or a foreigner

The Company collects the following information for the consent of legal representatives when such consent is required.

• Required information: Guardian's name, guardian's date of birth, guardian's gender, whether the guardian is a Korean national or a foreigner, guardian's mobile phone number, guardian's mobile carrier information, guardian's i-PIN information (when i-PIN is verified), guardian's personal identification values (CI, DI), and relationship with the user

The Company collects the following information to provide payment services to users.

• Required information: Card number, card password, expiration date, 6-digit date of birth (yy/mm/dd), bank name, and account number

The Company collects the following information to issue cash receipts for users.

• Required information: Name of the cash receipt recipient, date of birth of the cash receipt recipient, address of the cash receipt recipient, mobile phone number, and cash receipt card number

The Company collects the following information to provide services to users.

• Required information: ID, email address, name, date of birth, and contact information

The Company collects the following information for statistical analysis of service usage and verification and analysis of improper use. (Improper use refers to acts such as repeatedly withdrawing membership and rejoining, repeatedly purchasing and canceling products, improperly receiving economic benefits such as discount coupons and event benefits provided by the Company, acts prohibited in the terms of use, identity theft, and other improper or illegal acts.)

• Required information: Service usage records, cookies, access location information, and device information

The Company collects users' personal information through the following methods.

• When users enter their personal information on the Company's homepage
• When users enter their personal information through services other than the Company's homepage, such as applications
• When users receive emails sent by the Company and enter personal information
• When users enter information during the process of using the Company's services, such as customer center consultations and activities on bulletin boards

The Company uses personal information in the following cases.

• When necessary for company operations, such as delivering notices
• For service improvement for users, such as responding to usage inquiries, handling complaints, etc.
• To provide the Company's services
• For restriction measures against members who violate laws and Company terms, prevention and sanctions against acts that interfere with the smooth operation of services, including improper use
• For developing new services
• For marketing purposes, such as event and event notifications
• For demographic analysis, analysis of service visits and usage records
• For forming relationships between users based on personal information and interests

• The Company retains and uses users' personal information for the period necessary to achieve the purpose of collecting and using personal information.
• Notwithstanding the preceding paragraph, the Company retains records of improper service use for up to 1 year from the time of membership withdrawal in accordance with internal policies to prevent fraudulent registration and use.

The Company retains and uses personal information as follows in accordance with relevant laws.

• Information retained and retention period under the Act on Consumer Protection in Electronic Commerce, etc.
• Records of contracts or subscription withdrawals: 5 years
• Records of payment and supply of goods: 5 years
• Records of consumer complaints or dispute handling: 3 years
• Records of labeling/advertising: 6 months
• Information retained and retention period under the Protection of Communications Secrets Act
• Records of contracts or subscription withdrawals: 5 years
• Information retained and retention period under the Electronic Financial Transactions Act
• Records of electronic financial transactions: 5 years
• Act on the Protection and Use of Location Information
• Records of personal location information: 6 months

In principle, the Company destroys the relevant information without delay when personal information is no longer needed, such as when the purpose of processing personal information has been achieved or the retention and usage period has expired.

• Information entered by users for membership registration, etc., is moved to a separate DB (or a separate document file in the case of paper) after the purpose of personal information processing has been achieved, and is stored for a certain period according to internal policies and other relevant laws (refer to retention and usage period) before being destroyed.
• The Company destroys personal information for which destruction reasons have occurred through an approval procedure by the personal information protection officer.

The Company deletes personal information stored in electronic file format using technical methods that prevent reproduction of records, and personal information printed on paper is destroyed by shredding with a shredder or through incineration.

• When the Company transmits advertising information for commercial purposes using electronic transmission media, it obtains the explicit prior consent of users. However, prior consent is not required in any of the following cases:
• When the Company collects contact information directly from the recipient through a transaction relationship for goods, etc., and intends to transmit advertising information for commercial purposes regarding goods of the same kind as those processed by the Company and traded with the recipient within 6 months from the date the transaction ended
• When a telemarketing seller under the "Door-to-Door Sales Act" verbally notifies the recipient of the source of personal information collection and makes telemarketing calls
• Notwithstanding the preceding paragraph, the Company does not transmit advertising information for commercial purposes if the recipient expresses an intention to refuse reception or withdraws prior consent, and notifies the result of processing the refusal of reception and withdrawal of reception consent.
• When the Company transmits advertising information for commercial purposes using electronic transmission media during the time from 9 p.m. to 8 a.m. the next day, it obtains separate prior consent from the recipient, notwithstanding Paragraph 1.
• When the Company transmits advertising information for commercial purposes using electronic transmission media, it specifically indicates the following matters in the advertising information.
• Company name and contact information
• Indication of matters related to expressing intention to refuse reception or withdraw reception consent
• When the Company transmits advertising information for commercial purposes using electronic transmission media, it does not take any of the following measures:
• Measures to avoid or obstruct the recipient's refusal of reception or withdrawal of reception consent
• Measures to automatically create the recipient's contact information, such as phone number or email address, by combining numbers, symbols, or characters
• Measures to automatically register phone numbers or email addresses for the purpose of transmitting advertising information for commercial purposes
• Various measures to hide the identity of the sender of advertising information or the source of advertising transmission
• Various measures to induce responses by deceiving recipients for the purpose of transmitting advertising information for commercial purposes

• Users must keep their personal information up to date, and the responsibility for problems arising from inaccurate information input by users lies with the users themselves.
• In the case of membership registration using another person's personal information, the user may lose user qualification or be punished under relevant personal information protection laws.
• Users are responsible for maintaining the security of their email addresses, passwords, etc., and may not transfer or lend them to third parties.

The Company takes necessary technical and managerial protection measures to ensure security to prevent personal information from being lost, stolen, leaked, altered, damaged, etc., when processing users' personal information.

Personal information that has been terminated or deleted at the request of users or legal representatives is processed according to what is specified in the 'Retention and Usage Period of Personal Information' collected by the Company, and cannot be viewed or used for other purposes.

• Personal information items that have been leaked, etc.
• Time when the leakage, etc., occurred
• Measures that users can take
• Countermeasures by the information and communications service provider, etc.
• Department and contact information where users can receive consultations, etc.

Users' passwords are stored and managed with one-way encryption, and confirmation and modification of personal information are only possible by the person who knows the password.

• The Company does its best to prevent users' personal information from being leaked or damaged due to intrusions into information and communication networks such as hacking and computer viruses.
• The Company uses the latest anti-virus programs to prevent users' personal information or data from being leaked or damaged.
• The Company does its best to ensure security by using intrusion blocking systems in preparation for any contingency.
• The Company ensures that personal information can be safely transmitted over networks through encrypted communication, etc., when collecting and possessing sensitive personal information.

The Company minimizes the number of personnel handling personal information and emphasizes compliance with laws and internal policies through administrative measures such as education for personal information processors.

When the Company becomes aware of the fact of loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, it shall notify the relevant users of all of the following matters without delay and report to the Korea Communications Commission or the Korea Internet & Security Agency.

• Personal information items that have been leaked, etc.
• Time when the leakage, etc., occurred
• Measures that users can take
• Countermeasures by the information and communications service provider, etc.
• Department and contact information where users can receive consultations, etc.

Notwithstanding the preceding Article, the Company may take measures to substitute the notification of the preceding Article by posting on the Company's homepage for at least 30 days if there is a legitimate reason such as not knowing the user's contact information.

• The Company does not enter into international contracts with contents that violate relevant laws and regulations such as the Personal Information Protection Act regarding users' personal information.
• The Company obtains the consent of users when it intends to provide (including viewing), process, or store (hereinafter referred to as "transfer") users' personal information overseas. However, the consent procedure for personal information processing and storage may not be required if all matters in each subparagraph of Paragraph 3 of this Article are disclosed in accordance with relevant laws and regulations such as the Personal Information Protection Act or notified to users by methods prescribed by Presidential Decree, such as email.
• In order to obtain consent in accordance with the main text of Paragraph 2 of this Article, the Company shall notify users of all of the following matters in advance.
• Personal information items to be transferred
• Country to which personal information is transferred, transfer time, and transfer method
• Name of the person receiving the personal information (in the case of a corporation, its name and contact information of the information management officer)
• Purpose of use of personal information and retention and usage period by the person receiving the personal information
• When the Company transfers personal information overseas after obtaining consent in accordance with the main text of Paragraph 2 of this Article, it takes protective measures in accordance with the Presidential Decree of the Personal Information Protection Act and other relevant laws and regulations.

• The Company uses automatic personal information collection devices (hereinafter referred to as "cookies") that store and periodically retrieve usage information to provide individualized customized services to users. Cookies are small amounts of information sent by the server (http) used to operate the website to the user's web browser (including PC and mobile) and may also be stored in the user's storage space.
• Users have the option regarding cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are stored, or refuse to store all cookies by setting options in the web browser.
• However, if you refuse to store cookies, some of the Company's services that require login may be difficult to use.

You can set cookie allowance, cookie blocking, etc. through web browser option settings.

• Edge: Settings menu in the upper right corner of the web browser > Cookies and site permissions > Manage and delete cookies and site data
• Chrome: Settings menu in the upper right corner of the web browser > Privacy and security > Cookies and other site data
• Whale: Settings menu in the upper right corner of the web browser > Privacy protection > Cookies and other site data

The Company designates relevant departments and personal information protection officers as follows to protect users' personal information and handle complaints related to personal information.

• Personal Information Protection Officer
• Name: Park Young-jin
• Position: COO
• Phone number: 010-7977-1101
• Email: info@fitculator.io
• The Company operates a dedicated department for personal information protection and does its best to immediately solve and correct problems if they are found by checking the implementation of the personal information processing policy and compliance of the person in charge.
• The data subject may request access to personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The Company will strive to ensure that the data subject's request for access to personal information is processed promptly.

• The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for infringement of personal information. For other reports and consultations on personal information infringement, please contact the following institutions.
• The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive remedies for infringement of personal information. For other reports and consultations on personal information infringement, please contact the following institutions.
• Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
• National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
• The Company guarantees the data subject's right to self-determination of personal information and strives for consultation and remedies for damages caused by personal information infringement. If you need to report or consult, please contact the department in charge mentioned in Paragraph 1.
• A person who has suffered infringement of rights or interests due to disposition or inaction by the head of a public institution regarding a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may request an administrative appeal in accordance with the Administrative Appeals Act.
• Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)