The purpose of this Privacy Policy (hereinafter referred to as "this Policy") is to protect the information (hereinafter referred to as "Personal Information") of individuals (hereinafter referred to as "Users" or "Individuals") who use the ETHU application or webpage (hereinafter referred to as "Company Services") provided by Ekonology Inc. (hereinafter referred to as "the Company"). This Policy is also established to comply with relevant laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Network Act") and to facilitate the prompt and smooth handling of grievances related to the protection of Users' Personal Information.
The Company may collect Users' Personal Information in accordance with relevant laws and this Policy and such collected Personal Information may be provided to third parties only with the consent of the individual. However the Company may provide collected Personal Information of Users to third parties without prior consent if lawfully required by regulations or laws.
1. The Company discloses this Policy on the first screen of the Company's website or a screen connected to the first screen so that Users can easily check this Policy at any time.
2. When disclosing this Policy pursuant to Paragraph 1 the Company ensures that Users can easily recognize this Policy by utilizing font size and color.
1. This Policy may be revised according to changes in relevant laws guidelines notifications or the policies or contents of the government or Company Services.
2. If the Company revises this Policy pursuant to Paragraph 1 it shall announce the revision through one or more of the following methods.
3. The Company shall announce the notice in Paragraph 2 at least 7 days prior to the effective date of the revised Policy. However if there are significant changes to User rights notice shall be given at least 30 days in advance.
The Company collects the following information for the User's membership registration for the Company Services.
The Company collects the following information for User identity verification.
If the consent of a legal representative is required the Company collects the following information for the consent of the legal representative.
The Company collects the following information to provide payment services to Users.
The Company collects the following information to issue cash receipts for Users.
The Company collects the following information to provide Company Services to Users.
The Company collects the following information for statistics and analysis regarding User's service usage and for checking and analyzing fraudulent use. (Fraudulent use refers to acts of receiving economic benefits such as discount coupons and event benefits provided by the Company illegally or expediently such as repeatedly rejoining after withdrawal or canceling purchases after buying products, acts prohibited by the Terms of Use, and illegal acts such as identity theft.)
The Company may collect and use sensitive information regarding the User's health such as oral health information.
4. The Company obtains separate consent for the collection and use of sensitive information and Users may refuse or withdraw consent.
5. The Company may use automated decision making or profiling techniques to provide customized reports and configure recommended content based on oral health information and usage patterns.
1. To protect the Personal Information of children under the age of 14 the Company allows membership registration and collects Personal Information only from Users aged 14 or older.
2. Notwithstanding Paragraph 1 if the User is a child under the age of 14 the Company may immediately destroy the Personal Information and take measures to restrict service usage.
The Company collects Users' Personal Information in the following ways.
The Company uses Personal Information in the following cases.
1. The Company retains and uses Personal Information during the period for achieving the purpose of collection and use of Personal Information. However sensitive information such as oral health information and service usage information shall be retained only for the period agreed upon by the User.
2. Notwithstanding the preceding paragraph the Company retains fraudulent service usage records for up to one year from the time of membership withdrawal to prevent fraudulent registration and use in accordance with internal policies.
The Company retains and uses Personal Information as follows in accordance with relevant laws.
In principle the Company destroys the information without delay when the Personal Information is no longer needed such as when the purpose of processing Personal Information is achieved or the retention and usage period has expired.
1. Information entered by the User for membership registration etc. is moved to a separate DB (or a separate document box in the case of paper) after the purpose of Personal Information processing is achieved and is destroyed after being stored for a certain period according to information protection reasons under internal policies and other relevant laws (refer to retention and usage period).
2. The Company destroys Personal Information for which a reason for destruction has occurred through the approval procedure of the Chief Privacy Officer.
The Company deletes Personal Information stored in electronic file format using technical methods that cannot reproduce the record and Personal Information output on paper is destroyed by shredding with a shredder or by incineration.
1. The Company obtains the User's explicit prior consent when transmitting advertising information for profit using electronic transmission media. However prior consent is not obtained in any of the following cases.
2. Notwithstanding the preceding paragraph if the recipient expresses an intention to refuse reception or withdraws prior consent the Company shall not transmit advertising information for profit and shall inform the result of processing the refusal of reception and withdrawal of consent.
3. If the Company transmits advertising information for profit using electronic transmission media from 9:00 PM to 8:00 AM the next day it shall obtain separate prior consent from the recipient notwithstanding Paragraph 1.
4. When transmitting advertising information for profit using electronic transmission media the Company specifically discloses the following matters in the advertising information.
5. When transmitting advertising information for profit using electronic transmission media the Company does not take any of the following measures.
6. The Company may transmit advertising information of third parties such as affiliated hospitals insurance companies and commerce partners only if the User consents and the consent to receive can be changed at any time.
7. Refusal of reception or withdrawal of consent can be applied for through My Page or the Customer Center and is processed immediately upon request.
1. Users and legal representatives may inquire or modify their registered Personal Information at any time and may request withdrawal of consent for Personal Information collection.
2. If Users and legal representatives wish to withdraw consent for the collection of their subscription information contact the Chief Privacy Officer or the person in charge via writing telephone or email and the Company will take action without delay.
1. Users may request the Company to correct errors in Personal Information through the method of the preceding article.
2. In the case of the preceding paragraph the Company will not use or provide Personal Information until the correction is completed and if incorrect Personal Information has already been provided to a third party the result of the correction will be notified to the third party without delay so that the correction can be made.
1. Users must keep their Personal Information up to date and Users are responsible for problems arising from their inaccurate information entry.
2. In the case of membership registration stealing another person's Personal Information the User may lose their qualification or be punished under relevant Personal Information protection laws.
3. Users are responsible for maintaining the security of their email address password etc. and cannot transfer or lend them to a third party.
In processing Users' Personal Information the Company is taking necessary technical and managerial protection measures to ensure safety so that Personal Information is not lost stolen leaked altered or damaged.
The Company processes Personal Information terminated or deleted at the request of the User or legal representative as specified in "Retention and Usage Period of Personal Information" collected by the Company and processes it so that it cannot be viewed or used for other purposes.
Users' passwords are stored and managed by one way encryption and confirmation or change of Personal Information is possible only by the person who knows the password.
1. The Company is doing its best to prevent leakage or damage of Users' Personal Information by hacking or computer viruses etc.
2. The Company uses the latest vaccine programs to prevent leakage or damage of Users' Personal Information or data.
3. The Company uses intrusion blocking systems to do its best for security in preparation for contingencies.
4. The Company ensures that sensitive Personal Information can be safely transmitted on the network through encrypted communication etc.
The Company limits the number of personnel handling Personal Information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for Personal Information handlers.
When the Company becomes aware of the loss theft or leakage (hereinafter referred to as "Leakage etc.") of Personal Information it shall notify the affected Users of all of the following matters without delay and report to the Korea Communications Commission or the Korea Internet & Security Agency.
Notwithstanding the preceding article if there is a justifiable reason such as not knowing the User's contact information the Company may replace the notification of the preceding article by posting it on the Company's website for 30 days or more.
1. The Company does not enter into international contracts containing matters that violate the Personal Information Protection Act and other relevant regulations regarding Users' Personal Information.
2. If the Company intends to provide (including cases where it is viewed) outsource processing or store (hereinafter referred to as "Transfer") Users' Personal Information abroad it obtains the User's consent in advance. However if all of the matters in each subparagraph of Paragraph 3 of this Article are disclosed in accordance with the Personal Information Protection Act and other relevant regulations or notified to Users by email or other methods prescribed by Presidential Decree the consent procedure for outsourcing Personal Information processing or storage may not be required.
3. If the Company intends to obtain consent pursuant to the main text of Paragraph 2 of this Article it shall notify Users of all of the following matters in advance.
4. If the Company transfers Personal Information abroad with consent pursuant to the main text of Paragraph 2 of this Article it takes protective measures as prescribed by relevant regulations such as the Presidential Decree of the Personal Information Protection Act.
1. The Company uses automatic personal information collection devices (hereinafter referred to as 'cookies') that store and retrieve usage information from time to time to provide individualized customized services to Users. Cookies are a small amount of information sent by the server (http) used to operate the website to the User's web browser (including PC and mobile) and may be stored in the User's storage space.
2. Users have the option to install cookies. Therefore Users can allow all cookies, check every time a cookie is stored, or refuse to store all cookies by setting options in the web browser.
3. However if the storage of cookies is refused there may be difficulties in using some of the Company's services that require login.
You can set to allow cookies, block cookies, etc. through web browser option settings.
1. The Company designates a related department and a Chief Privacy Officer as follows to protect Users' Personal Information and handle complaints related to Personal Information.
A. Chief Privacy Officer
B. Department in Charge of Personal Information Protection
1. Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc. to receive relief due to personal information infringement. For other reports and consultations on personal information infringement please contact the agencies below.
2. The Company guarantees the data subject's right to self determination of personal information and strives for consultation and damage relief due to personal information infringement. If reporting or consultation is needed please contact the department in charge in Paragraph 1.
3. A person whose rights or interests have been infringed due to a disposition or omission made by the head of a public institution regarding a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information etc.) of the Personal Information Protection Act may request an administrative appeal as prescribed by the Administrative Appeals Act.
Article 1 This Policy shall be effective from July 30, 2025.