GYMTOC Privacy Policy WELLPEACH (hereinafter referred to as the "Company") complies with the relevant laws and regulations, such as the Personal Information Protection Act and the Act on Promotion of Information and Communication Network Utilization and Information Protection, which information service providers must adhere to regarding personal information protection. The Company has established a privacy policy to do its best to protect the rights and interests of users. The privacy policy applies to the use of the services provided by the company and related services (hereinafter referred to as "Services") and includes the following contents. Additionally, the company informs users about how their personal information is collected and used, as well as the measures taken by the company to protect personal information. Users may refuse consent regarding matters related to the collection, use, provision, and delegation of personal information. However, if the user refuses consent, they will be notified that they may not be able to use all or part of the services. 1. Purpose of Collection and Use of Personal Information Personal information refers to information about an individual that can identify the individual, including but not limited to, information such as date of birth, gender, name, mobile phone number, and personal identification key. The company utilizes the collected personal information for the following purposes: a. Service provision and fee settlement - Providing basic and specialized functions of the service, customized service provision, providing services based on demographic characteristics, item purchase and payment, notification services b. User management - Verification of identity for service use, user verification and identification related to service provision, prevention of misuse and unauthorized use by fraudulent members, confirmation of intent to join, confirmation of intent to withdraw, record keeping for self-verification and dispute resolution, complaint processing, notification of important information c. Utilization in the development of new services, advertising, and marketing - Development of new services and provision of customized services, provision of services and advertising based on demographic characteristics, confirmation of service effectiveness, provision of event and advertising information, opportunities for participation, understanding access frequency, statistical analysis of service use 2. Items and Methods of Collecting Personal Information a. Items of personal information collected 1) The company may collect the following information during self-authentication for optimized service provision: - Date of birth, gender, name, mobile phone number, personal identification key 2) The following information may be collected during the process of using the service or business processing: - Nickname, region, introduction, profile picture, photos uploaded by the user, messages written by the user, content created by the user, service usage records, access logs, records of misuse, payment records b. Methods of collecting personal information The company collects personal information through the following methods: - Website, application, written forms, fax, phone, consultation board, email, event participation - Provided by affiliated companies - Collection through information collection tools 3. Provision and Sharing of Personal Information The company uses and provides personal information within the scope notified in the "Purpose of Collection and Use of Personal Information" and does not use or disclose it beyond that scope without the user's prior consent. However, it may use or provide personal information in the following cases: a. When the user has given prior consent - The company informs the user of the partner providing or collecting information, what information is needed, how long it will be stored, and obtains consent. If the user does not agree, no additional information will be collected or disclosed. b. When there are special regulations in the law or when requested by an investigative agency for investigation purposes according to the procedures and methods prescribed by the law 4. Retention and Use Period of Personal Information User personal information is generally destroyed without delay when the purpose of collecting and using personal information is achieved. However, the following information is retained and used for the reasons stated below, and is only used for the purpose of retention: a. Records related to contracts or withdrawal requests - Retention reason: Act on Consumer Protection in Electronic Commerce, etc. - Retention period: 5 years b. Records of payment and supply of goods, etc. - Retention reason: Act on Consumer Protection in Electronic Commerce, etc. - Retention period: 5 years c. Records of consumer complaints or dispute resolution - Retention reason: Act on Consumer Protection in Electronic Commerce, etc. - Retention period: 3 years d. Access logs - Retention reason: Telecommunications Privacy Act - Retention period: 3 months e. Information held according to the company's internal policy - Retention item: Records of misuse - Retention reason: Prevention of misuse - Retention period: 1 year 5. Personal Information Destruction Procedure and Method User personal information is transferred to a separate database after the purpose of collecting and using personal information is achieved, stored for a certain period according to internal policies and other relevant laws, and then destroyed. However, personal information of users who have not used the service for one year is separately stored for 1 year according to the Information and Communication Network Act. a. Destruction procedure - Information provided by users during service usage is transferred to a separate database after the purpose is achieved, stored for a certain period according to internal policies, and then destroyed. Unless otherwise provided by law, information that has been transferred to a separate database is not used or disclosed for purposes other than retention. b. Destruction method - Personal information on paper is destroyed by shredding or incinerating, and personal information stored in electronic file format is deleted using technical methods that cannot reproduce the records. 6. Rights of Users and Legal Representatives and How to Exercise Them Users and legal representatives can view or modify their registered personal information at any time. In addition, users can request termination of the service by using the "Withdrawal" option in the application settings. To view and modify personal information of users and legal representatives, click "Delete Account" through the platform operator or app store operator. If users want to confirm personal information that the company does not have, they should verify their identity by checking the membership information and providing personal information through the platform operator or app store operator. If users or legal representatives request correction of errors in personal information, the company will not use or provide the personal information until the correction is completed. Personal information that has been terminated or deleted at the request of users or legal representatives is processed according to the method specified in "4. Retention and Use Period of Personal Information." 7. Outsourcing of Personal Information Processing The company outsources the handling of personal information to external companies for professional customer support and service provision. When entering into an outsourcing agreement, the company clearly stipulates protection-related instructions, non-disclosure of personal information, and responsibilities in the event of accidents, etc., to ensure the safety of personal information. - Outsourced tasks: In-app purchases - Retention and use period: Until withdrawal or termination of outsourcing agreement - Outsourced tasks: Operation of web services and information storage - Retention and use period: Until withdrawal or termination of outsourcing agreement 8. Installation/Operation and Refusal of Personal Information Automatic Collection Devices a. The company uses cookies to store and retrieve information about users to provide personalized and customized services . Cookies are very small text files sent by the server operating the website to the user's browser, stored on the user's computer's hard disk. When the user visits the website again, the website server reads the contents of the cookies stored on the user's hard disk to maintain the user's environment settings and provide customized services. b. Cookies do not actively or automatically collect information to identify individuals, and users can refuse or delete these cookies at any time. However, if users refuse to store cookies, they may not be able to use all or part of the services. c. How to specify whether to allow the installation of cookies (for Internet Explorer): Select "Tools" menu ⇒ Click "Internet Options" ⇒ Click "Privacy" tab ⇒ Set the privacy level 9. Contact Information for Personal Information Management For all inquiries, complaints, advice, and other matters related to personal information protection during the use of the service, please contact the personal information protection officer and the relevant department. WELLPEACH is committed to listening to user feedback and providing prompt and sufficient responses. [Personal Information Management Officer] - Name: KIMDONGMIN - Affiliation and Position: CEO - Email: wellpeachmarket@gmail.com - Contact: 010-3996-4987 If you need to report or consult about other privacy breaches, please contact the following organizations: - Privacy Complaint Center (privacy.kisa.or.kr / 118 without area code) - Cyber Investigation Department, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code) - Cyber Safety Bureau, National Police Agency (www.ctrc.go.kr / 182 without area code) [Supplementary Provisions] 1. If the company changes the privacy policy, it will notify users through the service at least 7 days before the effective date, along with the reasons for the change and the effective date. However, if there is a change in important matters related to user rights or obligations, the company will notify at least 30 days in advance. 2. If the company notifies the user of the changes and the user does not express their intention to refuse until the effective date of the change, it is considered that the user has agreed to the changes. 3. Even if the user agrees to the changes, if the company collects additional personal information or provides it to a third party, the company will go through a separate consent process. This privacy policy is effective from August 15, 2021.