1. Purpose of collection and use of personal information

The company collects personal information for the following purposes. The collected personal information is not used for purposes other than the following purposes, and prior consent will be sought when the purpose of use is changed.

Homepage membership registration and management

For purposes such as confirmation of intention to sign up as a member, verification of identification according to the provision of membership services, maintenance of membership qualifications, prevention of illegal use of services, notification of various notices, etc.

Civil affairs processing

The purpose of confirming the identity of the complainant, confirming the complaints, contacting for fact-finding, and notifying the result of processing

Service provided

Service provision, content provision, customized service provision, identity authentication, age authentication, and other input

Use in marketing and advertising

For the purpose of developing new services and providing customized services, providing event and advertising information and opportunities to participate, providing services according to demographic characteristics and posting advertisements, verifying the validity of services, identifying access frequencies, or statistics on members' use of services

2. Items of personal information to be collected and methods of collection

Items of personal information to be collected

① Membership registration

[Required items] Name, date of birth, email, ID, password, mobile phone number

When signing up for Naver Simple Membership
[Required items] User unique identifier, name, email, password
[Additional items] Date of birth, mobile phone number

※ The information provided from Naver is used only during the membership registration stage, and if membership registration is not in progress, it will be immediately destroyed. (We store personal information only if the customer agrees through the membership registration process.)

② Information automatically generated and collected during service use or business processing

[Required items] Connection IP information, cookies, service usage records, access logs, usage suspension records
[Optional items] Response record for each item by customer satisfaction survey

③ Other

• When using additional services and customized services, or when collecting additional personal information that was not collected when registering as a member during the event application process, the company notifies the users of the item and processes the work with separate consent.

How to collect personal information

• Online collection such as membership registration through the homepage and consultation bulletin board, offline collection through telephone, written form application within the headquarters, etc., collection through e-mail, event application, etc.
• Provided by identity verification organizations or affiliates
• Collection through generated information collection tool

3. Retention and use period of personal information

• 1.When collecting personal information from users, we retain and use personal information within the period of consent. However, if there is a need to preserve it in accordance with the provisions of relevant laws and regulations, it will be preserved in accordance with the relevant laws and regulations.
• 2.In the case of members, the period of retention and use of personal information is from the time of signing the service use contract (when signing up for membership) to the termination of the service use contract (including withdrawal application and direct withdrawal). The Company destroys personal information of members that are not reused for the period (1 year) defined by the law, except when a separate period is set by other laws or requested by the customer. However, the fact that personal information is destroyed 30 days before the expiration of the period, the expiration date of the period, and the items of the personal information are notified to the member by email, phone or similar methods.
• 3.The retention period of personal information according to related laws is as follows.
  • <Retention information/retention period>
    Records on display/advertisement: 6 months
    Computer communication or Internet access data: 3 months
• 4.Even if there is no basis for the relevant laws and regulations, it can be kept in accordance with the company's policy when it is necessary to prevent serious losses for the company or to keep it for crimes or lawsuits. However, only the minimum period and items are kept to achieve that purpose.
  • <Retention information/retention period>>
    Member information whose qualifications are lost according to the terms of use: 5 years

4. Provision of personal information to a third party

• 1.In principle, we do not provide users' personal information to the outside. However, exceptions are made in cases where there are special regulations in the law as in each of the following subparagraphs or in cases where it is inevitable to comply with legal obligations. When providing personal information to a third party for any purpose other than the purpose, we request that the recipient of personal information impose certain restrictions on the purpose of use and method of use so that the personal information is safely processed, or to take necessary measures to ensure stability.
  • ①When users agree in advance
  • ②If there is a regulation based on other laws and regulations in the Information and Communication Network Act, the Telecommunications Business Act, the Use and Protection of Credit Information Act, etc.
  • ③In the case of statistical writing, academic research, market research, information provision, and notification e-mail sending in a form in which a specific individual cannot be identified
  • ④When the information subject or its legal representative is in a state where it is not possible to express his or her intention, or when prior consent cannot be obtained due to unknown address, etc., and is necessary for the immediate benefit of life, body, or property of the information subject or a third party
  • ⑤Cases necessary for investigation, prosecution and maintenance of crimes, court trials and execution of punishment, and legal procedures
• 2.If a third-party provider occurs, it is proceeded with separate consent.
• 3.The withdrawal of consent provided by a third party can be requested to the Seoul Bright World Ophthalmology Clinic (02-3443-0880) or Busan BalGeunSeSagn Ophthalmology Clinic (051-805-1100), and will be immediately discarded when the consent is withdrawn.

5. Personal information destruction procedure and method

We destroy personal information when the purpose of collection and use of personal information is achieved or the retention period expires. The destruction procedure and method are as follows. However, there are exceptions in cases where the personal information must be preserved under other laws.

Destruction procedure

The information entered by the user is transferred to a separate database after the purpose is achieved (separate documents in the case of paper) and stored for a certain period of time or immediately destroyed in accordance with internal policies and other related laws. At this time, the personal information transferred to the database is not used for other purposes unless it is in accordance with the law.

Expiration date

The personal information of users shall be processed within 5 business days from the end of the retention period, if the relevant retention period has elapsed, when the personal information becomes unnecessary, such as achieving the purpose of processing personal information, the abolition of the service, or the end of the business. The personal information will be destroyed within 5 business days from the date it is recognized as unnecessary. If there is a refusal by the legal representative for a child under the age of 14 or if the intention to consent is not confirmed, the personal information will be destroyed within 5 business days from the date of collection.

Method of destruction

Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.

6. Rights of users and legal representatives and how to exercise them

• 1.The user may withdraw his/her consent to the collection, use, and provision of personal information at any time. Upon withdrawal of consent, the company takes necessary measures, such as destroying the collected personal information without delay.
• 2.The user may request the company to view, provide, and correct the following matters concerning him/her.
  • ①User's personal information held by the company
  • ②Status of use of user personal information and provision of third party
  • ③Current status of consent to the Company for collection, use, and provision of personal information
• 3.If the user requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
• 4.The user can make a request for access to personal information to the following departments. We will endeavor to expedite the processing of claims such as accessing users' personal information.
• <Inquiries regarding access to personal information>

  Inquiries regarding access to personal information

  Department in charge	Seoul/ Busan BalGeunSeSang Eye Clinic Customer Satisfaction Center
  Representative number	Seoul BalGeunSeSang Eye Clinic (02-3443-0880), Busan BalGeunSeSang Eye Clinic (051-805-1100)
  Email	iloveeye@iloveeye.com

7. Matters concerning the installation, operation and rejection of automatic personal information collection devices

• 1.We use cookies that store and retrieve user information from time to time to identify users, maintain the member's login status, and provide personalized services for each user. Cookies are small amounts of information that a website server sends to a user's web browser and are stored on the user's computer hard disk.
• 2.The user has the option of installing cookies. The user can allow/reject all cookies through the settings of the web browser, or check each time a cookie is saved. However, if you refuse to store cookies, some services provided by the company, such as personalized services, may be difficult to use.
  • The method of rejecting cookie setting is as follows. (Based on Internet Explorer)
    Select [Internet Options] in the web browser [Tools] menu>select the [Personal Information] tab> select the desired option in [Advanced]

8. Measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act and Article 28 of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc., the Company takes technical, administrative and physical measures necessary to ensure safety as follows.

Personal information processing

Minimization of Employees and Training We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.

Conduct regular self-audit

In order to secure the safety of personal information processing, we conduct our own audit on a regular basis (quarterly).

Establishment and implementation of internal management plan

We have established and implemented an internal management plan for the safe processing of personal information.

Encryption of personal information

The user's personal information is encrypted and stored and managed, so only the person can know it, and for important data, separate security functions such as encrypting files and transmission data or using a file lock function are used.

Technical measures against hacking, etc.

In order to prevent leakage and damage of personal information due to hacking or computer viruses, we install a security program, perform periodic update checks, install a system in an area where access is controlled from outside, and monitor and block technical/physical.

Restricted access to personal information

We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from outside.

Storage of access records and prevention of forgery and alteration

The records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent forgery, alteration, theft and loss of access records.

Use of locking device for document security

Documents containing personal information and auxiliary storage media are stored in a safe place with a lock.

Access control for unauthorized persons

A separate physical storage place for storing personal information is established and access control procedures are established and operated.

Personal information validity period system

The company destroys personal information after August 18, 2015 in order to protect personal information of users who do not service for a long time (one year) in accordance with related laws such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. 30 days prior to processing, the relevant information will be notified to the user through e-mail.

9. Personal Information Protection Officer

Users can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's services. The company will respond and handle your inquiries.

[Personal Information Protection Officer]

Name: Kim Jin-woo

Department: PR Marketing Team

Position: Team Leader

Contact: 02-3443-0880, iloveeye@iloveeye.com

[Person in charge of personal information protection]

Name: Jang Jin-hee

Department: PR Marketing Team

Position: Vice Chief

Contact: 02-3443-0880, iloveeye@iloveeye.com

10. Remedy for infringement of rights and interests

Users can inquire about damage relief, consultation, etc. for personal information infringement to the following organizations. (Please use this if you are not satisfied with our own personal information complaint handling, damage relief results, or if you need more detailed help)

Personal information protection comprehensive support portal (operated by the Ministry of Public Administration and Security)

• Homepage: http://www.privacy.go.kr
• Phone number: 02-403-0073

Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

• Homepage: http://privacy.kisa.or.kr
• Phone number: (without area code) 118

Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)

• Homepage: http://www.kopico.go.kr
• Phone number: 1833-6972

National Police Agency Cyber ​​Security Bureau

• Homepage: http://cyberbureau.police.go.kr
• Phone number: (without area code) 182

11. Notice of changes to the privacy policy

This personal information processing policy may be changed according to the government's policies, laws and regulations, and the company's needs, and if there is any addition, deletion, or correction of the content, it shall be notified in advance through the website posting or e-mail, etc. 7 days before the implementation of the change. , If advance notice is difficult, we will notify you as soon as possible. However, if important matters such as the purpose of collection and use of personal information and the object of provision to a third party are added, deleted, or corrected, we will notify you 30 days in advance.

12. Consignment of handling personal information

• 1.In order to provide smoother services to users, the Company entrusts the following personal information processing related work to an external specialized company.

  Consignment of handling personal information

  Contents of work entrusted to the consignee
  Point-nix	medical fee claim, storage, and refund
  Sungmin Networks	service
  Frameout	member management, delivery of advertising information such as events

• 2.When signing a consignment contract, we shall specify in documents such as contracts and other responsibilities related to the prohibition of processing personal information, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, compensation for damages, etc. Manages and supervises the safe handling of personal information.
• 3.If the contents of the consignment business or the consignment company change, we will notify the user of the change through this privacy policy and proceed with the consent process.

13. Agreement to receive marketing information

According to Article 22, Paragraph 4 of the Personal Information Protection Act, you can use the service even if you do not specify optional information.

• 1.Use for marketing and advertising
  For the purpose of developing new services and providing customized services, providing event and advertising information and opportunities to participate, providing services according to demographic characteristics and posting advertisements, verifying the validity of services, identifying access frequencies, or statistics on member service use. We process personal information.
• 2.In operating the service, we may provide various information to Seoul and Busan Bright World Eyes and members through service screens, phone calls, emails, SMS, etc. It is provided regardless.

  Use for marketing and advertising

  Category	Purpose	Collection item	Retention period
  Optional	member-only events/discount benefits and event information Provide customized service for members New service development and marketing utilization	name, date of birth, email	Mobile phone number Up to 60 days after membership withdrawal or Until the service agreement is withdrawn