Vely B Clinic ::: Skin Laser/Botox/Filler/Hair Removal/Obesity Control(the ‘Clinic’) places great importance on the protection of privacy information on the Internet and is committed to doing its best to ensure that the privacy information provided by users is protected while using the Clinic.

Accordingly, the Clinic has established the Privacy Information Policies based on relevant regulations that telecommunications service providers must comply with, such as the Act on the Protection of Communications Secrets, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization.

The Privacy Information Policies may be revised as needed due to changes in government laws and guidelines or internal policy changes at the Clinic. The Clinic will promptly reflect any changes in the Privacy Information Policies on the front page of its website.

Through the Privacy Information Policies, users will understand how their collected privacy information is used, for what purposes it is used, and how it is securely protected.

[The order of the Privacy Information Policies is as follows:]

1. Items of privacy information collected and methods of collection

The Clinic collects only the minimal privacy information necessary for using the service during the registration process.
The privacy information items collected by the Clinic are listed below.
There are required and optional items, and the optional items do not limit the use of the service if not provided.

A. Items collected for medical treatment:

• Required items: Name, resident registration number, address, phone number, mobile phone number, email address, foreign registration number (for foreigners only)
• Health information: Medical history, family history, and other personal information deemed necessary by the medical staff to provide medical services
※ According to the Medical Service Act, identification information and medical information must be retained by law.
(Separate consent will not be obtained for the collection of medical information.)

B. Items collected when registering for membership on the website

• Required items: ID, password, name, mobile phone number, email address
• Optional items: SMS subscription, email subscription
• Sensitive information: Past medical history, surgical history, interested areas of surgery
During the process of using the service or while handling service provision tasks, the following information may be automatically generated and collected:
• Service usage records, access logs, cookies, access IP information

C. Items collected when making payments

• Name of credit card company, credit card number, and other payment information when paying with a credit card

D. How to collect privacy information

• Privacy information is collected in the following manner:
Website (membership registration, surgical cost consultation, KakaoTalk consultation, real-time consultation, online booking, online counseling, and live reviews, etc.), written forms, fax, telephone, email

2. Purpose of collection and use of privacy information

The Clinic uses the privacy information collected for the following purposes.
All information provided by users will not be used for purposes other than those necessary for the following, and prior consent will be sought if the purposes of use are changed:

•Provision of medical services for diagnosis and treatment;
•Information for medical billing, payment and refunds;
•Sending statements and items related to examination;
•Minimal analytical data necessary for education, research, and medical services;
•Basic information for online commissioned tests and clinical trial reviews;
•Provision of health contents and clinical research information;
•Providing membership services for appointment, appointment inquiries, etc. on the website;
•Statistics on service usage;
•Communication channel for delivering notices, handling complaints, etc.;
•Information for processing responses to online inquiries;
•Providing information on new services and events;
•Information for developing new services and providing personalized services;
•Collection of consumer harming information in accordance with Article 54 of the Consumer Basic Act; and
•Provision of services for surveys, events, etc.

3. Provision and sharing of privacy information

The Clinic will not use your privacy information beyond the scope disclosed in the "Purpose of Collection and Use of Privacy Information" or provide it to any third party or other companies or institutions, except in cases where you have given consent or as required by relevant laws and regulations. However, the following cases are exceptions:
- If users have agreed to disclosure in advance;
- If required by law or in response to requests from investigative agencies, following the procedures and methods specified by law for investigation purposes; and
- If necessary for statistical purposes, academic research, or market research, and provided in a form that cannot identify specific individuals.

4. Entrusting Privacy Information Processing (Handling)

The Clinic entrusts the processing (handling) of privacy information to external specialized companies as follows to provide better services, enhance customer convenience, and ensure smooth business operations:

Entrusted Company	Contents of Entrusted Services	Entrusted Privacy Information	Retention Period of Privacy Information
Cross M	Website Development and Operation	Name, Email, Phone Number	Until the end of entrustment contract
Vely B Holdings Inc.	Website Development and Operation	Name, Email, Phone Number	Until the end of entrustment contract

5. Period of retention and use of privacy information

The Clinic will promptly dispose of your privacy information when the purpose of collection or the purpose for which it was provided has been achieved:

• For membership registration information: When you withdraw from membership or are expelled from membership, or if more than one year has passed since your last login date (in accordance with Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection and Article 16 of the Enforcement Decree);
• If collected for surveys, events, etc.: When the relevant survey or event has ended;
• If collected for medical purposes: Retained in accordance with the period specified in Article 15 of the Enforcement Rules of the Medical Law regarding "Retention of Medical Records" (Patient register: 5 years, Medical records: 10 years) (Retained items: Name, address, medical information);
• Records related to consumer complaints or disputes: Retained for 3 years (according to the Act on Consumer Protection in Electronic Commerce, etc.);
• For information related to the collection/processing and use of credit information: Retained for 3 years in accordance with the Credit Information Use and Protection Act (Retained items: Credit card company name, card number, etc. of card payment approval information);
• Records on identification: Retained for 6 months (in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection); and
• Records of visits: Retained for 3 months (according to the Protection of Communications Secrets Act).

If it is necessary to retain any privacy information even after the purpose of collection or the purpose for which it was provided has been achieved in accordance with relevant laws and regulations such as the Commercial Act, your personal information may be retained.

6. Procedures and methods for destroying privacy information

The Clinic will immediately destroy privacy information once the purpose of collection and use has been achieved. The destruction procedure and method are as follows:

A. Procedure

Any information entered by the user for membership registration and other purposes will be immediately destroyed after the purpose is achieved in accordance with the following destruction methods.

B. Deadline

User’s privacy information will be destroyed within 5 days from the end of the retention period if the retention period has expired. If the purpose of processing privacy information has been achieved, or if the service has been discontinued or the business has ended, the information will be destroyed within 5 days from the date it is deemed unnecessary for processing.

C. Destruction Method

Privacy information stored in electronic file formats will be deleted using technical methods that prevent its restoration.
Privacy information printed on paper will be destroyed by shredding or incineration.

7. Rights of users and legal representatives and how to exercise them

The Clinic will respond sincerely to users’ requests to view, edit, or delete privacy information and will process these requests without delay. To protect privacy information, privacy information cannot be viewed, edited, and deleted through methods other than in-person visits, such as telephone, mail, or fax.

A. Viewing Privacy Information

Users may request to view their privacy information by visiting the Clinic, and the Clinic will respond promptly to such requests.

B. Editing/Deleting Privacy Information

• If a user requests editing or deleting privacy information, the Clinic will promptly edit or delete the information if it is deemed necessary due to errors in the privacy information. The Clinic may request supporting documents necessary to verify the information for editing/deleting. Until editing is completed, the Clinic will not use or provide the relevant privacy information. Additionally, if incorrect privacy information has already been provided to a third party, the Clinic will promptly notify the third party of the updated information to ensure that all information is up to date.
• When a user requests to view, edit, or delete privacy information, the Clinic will verify their identity by requesting a form of identification such as a resident registration card, passport, or driver's license.
• If a user’s representative visits to request to view, edit, or delete privacy information, the Clinic will verify whether the representative is legitimate by checking the user’s power of attorney and consent form, as well as the representative's form of identification.
• If the Clinic has a valid reason to refuse the request to view, edit, or delete all or part of the privacy information, we will notify the user and explain the reason:
- If viewing or editing privacy information may be restricted;
- If there is a significant concern that it may harm the life, body, property, or rights of the individual or a third party;
- If there is a significant concern that it may disrupt the service provider’s operations;
- If it leads of violation of laws and regulations, etc.
- Membership registration of children under 14 years old (hereinafter referred to as "children") is conducted through a separate form, and parental consent is required at the time of collecting privacy information.
- The Clinic collects minimal information from the child, such as the name and contact information of legal guardian, in order to obtain consent from the legal guardian, and consent is obtained in accordance with the methods specified in the Privacy Information Handling Policies.
- Users and legal guardians can exercise their rights regarding privacy information by contacting the Clinic via the Internet, phone, or in writing, and the Clinic will take necessary actions without delay.
※ Privacy information that is to be retained by law cannot be edited or deleted during the retention period, even if a request is made.

8. How to withdraw consent / membership withdrawal

You can withdraw your consent for the collection, use, and provision of privacy information at any time during the membership registration process.
To withdraw your consent (cancel your membership), you can click on "Cancel Membership" on the website and go through the identification verification process to cancel your membership yourself, or you can contact the person in charge of privacy information, and we will take necessary actions, including promptly deletion of your privacy information.

9. Installation/operation of systems for automatic collection of privacy information and matters regarding refusal

We use "cookies" to store and frequently retrieve information about users in order to provide customized services. Cookies are small amounts of information sent by a website to the user's computer web browser, which may be stored on the PC's hard drive.

A. Purpose of using cookies

• Cookies identify the user's computer, but do not individually identify each user. We use these cookies to understand the usage patterns, visits, and number of users, in order to provide more convenient services.
• Users can adjust their web browser settings to choose whether to accept cookies. This means they can accept all cookies, receive notifications when a cookie is being installed, or reject all cookies.
• However, users must allow cookies to log in and access our services after connecting to our website.

B. Installing/Operating or rejecting cookies

• Users have the option to choose whether to accept cookies. Therefore, users can configure their web browser settings to allow all cookies, confirm each time a cookie is saved, or reject the storage of all cookies.
• To refuse to store cookies, users can select options on their web browser to either allow all cookies, require confirmation each time a cookie is stored, or reject all cookies.
• Example of settings
• Internet Explorer: Tools on the top menu bar of web browser > Internet Options > Privacy Information > Settings
• Chrome: Settings on the right side of web browser > Advanced Settings on the bottom > Privacy Information Contents Settings > Cookies
• However, if users refuse to store cookies, they may encounter difficulties when using certain services that require logging in on our website.

10. Operation and management of video information processing systems

[Minimization and Training of Personnel Handling Privacy Information]

We minimize the number of personnel handling privacy information and conduct regular training.

[Regular Self-Inspection]

We conduct regular self-inspection at least once a year to ensure the security of privacy information handling.

[Establishment and Implementation of Internal Management Plans]

We establish and implement internal management plans for the safe handling of privacy information.

[Encryption of Privacy Information]

The passwords of users' privacy information are encrypted and stored to ensure that they are known only by individual members. Additionally, sensitive information is protected using separate security functions, such as encryption of files and transmission data.

[Technical Measures Against Hacking]

To prevent privacy information breaches and damage caused by hacking or computer viruses, we install security programs and conduct regular updates and inspections. Our systems are installed in areas with restricted access, and we implement technical and physical surveillance and blocking measures.

[Access Restrictions to Privacy Information]

We take necessary measures to control access to privacy information by granting, changing, and revoking access rights to the database systems that process privacy information. We also utilize intrusion prevention systems to control unauthorized access from external sources.

[Access Control for Unauthorized Persons]

We maintain a separate physical storage location for privacy information systems and have established and operated access control procedures for it.

11. Measures to ensure the safety of privacy information

We operate and manage video surveillance systems as follows:

[Grounds for Installation and Purpose]

To ensure patient and facility safety, as well as to prevent fires and criminal activities.

[Number of Units, Location, and Coverage]

Number of Cameras: A total of 6 units
Installation Location and Coverage: Lobby, hallways, consultation rooms, treatment rooms, recovery rooms, etc.

Installation Location	Coverage	Number of Units
Total		6 units
Gwangju Branch	Desks, hallways, powder rooms, treatment rooms, consultation rooms, management rooms, practice rooms, laser rooms, lifting rooms	6

[Manager]

Manager: Jung Ho Choi / Phone: 010-9974-9141 / Email: velybclinic@gmail.com

[Length of Recording and Handling Video Information]

Length of Recording: 24 hours
Handling: We record and manage the use of privacy video information for purposes other than intended, provide it to third parties, handle deletion requests, and ensure that it is permanently deleted in a manner that cannot be restored once the retention period expires (for printed materials, this involves shredding or incineration).

[Actions for Information Providers’ Requests to View Privacy Video Information]

You may request to view or confirm the existence of privacy video information at any time from the operator of the video information processing device. However, this is limited to privacy video information where you are depicted and information that is clearly necessary for the urgent benefit of your life, body, or property.
Despite a request to view privacy video information, access may be denied in the following cases:
- If the privacy video information has been destroyed after the retention period has expired;
- If there are valid reasons to refuse the request for access of information providers.

[Technical, Managerial, and Physical Measures for the Protection of Video Information]

The video information processed by the Clinic is securely managed through encryption and other protective measures. Additionally, as a managerial strategy to protect privacy video information, we implement differential access rights to privacy information. To prevent unauthorized alteration or manipulation of privacy video information, we log and manage details such as the time of creation, the purpose of viewing, the viewers, and the time of viewing.

11. Privacy information management officer

To protect your privacy information and address any complaints related to it, the Clinic has designated a Privacy Information Management Officer as follows:

[Privacy information management officer]

A. Privacy information management officer
- Name : Jung Ho Choi
- Phone : 010-8305-8397
- Email : velyb@velyb.kr

B. Customer service officer
- Department and Officer : Jung Ho Choi, Planning•PR
- Phone : 010-9974-9141
- Email : velybclinic@gmail.com

C. Website services
-Department : Planning•PR
-Name : Jung Ho Choi
- Phone : 010-9974-9141
- Email : velybclinic@gmail.com

You can report any privacy information protection-related complaints that arise while using our services to the privacy information management officer. The Clinic will respond promptly and provide sufficient answers to your reports.
If you need to report or consult about other privacy breaches, please contact the following authorities:

Privacy Dispute Arbitration Board (http://www.1336.or.kr / 1336)
Supreme Prosecutors’ Office, Cyber Crime Investigation (http://www.spo.go.kr / (02) 3480-3573)
Police Agency Cyber Terrorism Response Center (http://www.ctrc.go.kr / (02) 392-0330)

12. Obligation to notify changes to policies

The Privacy Information Handling Policies was established on October 25, 2018, and in the event of any additions, deletions, or modifications due to changes in laws, policies, or security technologies, we will post a notification on the website to provide the reasons for and details of the changes at least 7 days before the revised policies take effect.

Date of Notice : October 25, 2018
Effect Date : October 25, 2018