1. Definition of Terms in the Privacy Policy
1) Personal Information: Information that can identify an individual, such as name, resident registration number, or other data (including information that cannot identify an individual alone but can be easily combined with other information to identify an individual).
2) User: A person who accesses GMEBIO's website (https://gmebio.co.kr/) and uses the services provided by the Company according to this policy.
2. Consent to Collection of Personal Information
The Company provides a procedure for users to click either the "Agree" button or the "Disagree" button regarding the privacy policy or terms of use. If the user expresses consent, it is considered as agreement to the collection of personal information.
3. Items of Personal Information Collected and Collection Methods
1) To facilitate customer inquiries and provide various services, the Company collects the following personal information:
a. Online Inquiries, Responses, Customer Consultations: Name, email, mobile phone number
b. Newsletter Subscription and Dispatch: Name, email
c. IP Address: Cookies, visit time, service usage records
2) Collection Methods: The Company collects personal information through:
a. Website consultation boards, phone, email
4. Protection of Children's Personal Information
If the Company collects personal information from children under the age of 14, it will obtain consent from the child's legal representative. The legal representative can request to view, correct, or withdraw consent for the child's personal information, and the Company will take necessary actions promptly.
5. Purpose of Collecting and Using Personal Information
1) Provision of services
a. Use and consultation of various contents provided to users
b. Handling complaints, notifications
2) Service development, marketing, and advertising
a. Delivery of promotional information and prizes from events
b. Development of new services and tailored advertisements
c. Analysis of service usage and user statistics
6. Retention and Disposal of Personal Information
The Company retains and uses personal information only for the duration necessary. Personal information will be disposed of promptly when the purpose of collection and use is achieved, the retention period expires, or in the event of business closure. However, the following information will be retained for specific periods:
1) Consumer protection in e-commerce: 3 years
2) Records of consumer complaints or disputes: 3 years
7. Procedure and Method for Disposal of Personal Information
The Company promptly disposes of personal information when its purpose is achieved. The procedures and methods are as follows:
1) Procedure: Information is stored for a period according to internal policies and legal requirements before being deleted or disposed of.
2) Method: Electronic files are deleted using technology that renders them unrecoverable. Paper documents are shredded or incinerated.
8. Provision and Sharing of Personal Information with Third Parties
The Company uses personal information within the scope specified in Section 4 and does not provide it to external parties without user consent.
[Provision to Third Parties]
To provide better services, we may provide or share your personal information with third parties. When doing so, we will inform you in advance through email or written notice about who the third parties are, what personal information is being provided or shared, why the information needs to be provided or shared, and how it will be protected and managed. Consent will be obtained either through individual notification or as part of the terms and conditions during the inquiry process. If you do not agree, we will not provide or share your personal information with third parties. Any changes to or termination of third-party sharing relationships will also be communicated to you through the same process, and consent will be sought as required.
Exceptions include:
1) When users have agreed to disclose their personal information
2) As required by law or in response to law enforcement requests
9. Outsourcing of Personal Information Processing
The Company may outsource personal information processing for service improvement and ensures safe management through contracts. Details of the outsourced tasks or changes will be disclosed through updates to this privacy policy.
10. User Rights and How to Exercise Them
Users can access, correct, or request deletion of their personal information at any time. For inquiries or cancellations, users can contact the personal information manager via written request, phone, or email. The Company will promptly correct any inaccuracies and notify third parties if needed.
11. Cookie Installation/Operation and Refusal
Cookies are small pieces of information sent from the website server to the user's computer, which include information about the visited website and user personal information necessary for service provision. Users can refuse to receive cookies or set their web browser to warn them about cookie reception. The company may send cookies to users' computers if deemed necessary for web service utilization.
1) Purpose of Using Cookies: To provide differentiated information based on individual interests, to identify users' preferences and interests by analyzing access frequency or usage time for target marketing, to track the information users have shown interest in to offer personalized services, to consider service improvements by analyzing users' habits, and to be collected and used through bulletin board posts.
2) Cookie Installation/Operation and Refusal:
a. Users have the choice to accept or refuse cookies by configuring their web browser settings to allow all cookies, confirm each time cookies are saved, or reject all cookies.
b. However, refusing to save cookies may result in difficulties accessing some of the company's services.
c. Cookie Setting Methods:
Firefox: Firefox Cookie Settings
Chrome: Chrome Cookie Settings
Internet Explorer: Internet Explorer Cookie Settings
Safari: Safari Cookie Settings
12. Technical and Managerial Protection Measures for Personal Information
The company implements the following technical and managerial measures to ensure that users' personal information is not lost, stolen, leaked, altered, or damaged:
1) Technical Measures:
a. Personal information is strictly protected. Users are advised to close their web browser after using a PC to prevent information from being exposed. To this end, the company recommends closing the web browser after using the PC. This procedure is especially important if you share a PC with others or use it in public places (such as offices, schools, libraries, internet cafes, etc.) to prevent the exposure of personal information to others.
b. The company uses antivirus programs to prevent damage from hacking or computer viruses. Regular backups are made to prevent data loss, and the latest antivirus programs are used to protect data from leakage or damage. Encryption communication is employed to securely transmit personal information over networks. Intrusion prevention systems are used to control unauthorized access, and all possible technical measures are taken to ensure system security.
2) Managerial Measures:
a. Access to personal information is restricted to designated employees, who are given unique passwords that are regularly updated. Employees are trained regularly on new security technologies and personal information protection duties to ensure compliance with the company’s policies.
b. The company is not responsible for issues arising from users’ negligence or internet-related problems that lead to the exposure of personal information.
13. Contact Information for Personal Information Management
Users can report any personal information protection-related issues to the Personal Information Management Officer or department. The responsible person will respond promptly and diligently to any inquiries regarding personal information.
Personal Information Management Officer:
Name: Jaekwang Yoo
Contact: gmebio@gmebio.co.kr
14. Remedies for Infringement of Rights
If you need to report or consult about personal information breaches, please contact the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency (KISA). If you suffer financial or psychological damages due to personal information breaches, you may apply for dispute resolution with the KISA Personal Information Dispute Mediation Committee.
Personal Information Infringement Reporting Center: http://www.cyberprivacy.or.kr, Phone: 1336
Personal Information Dispute Mediation Committee: http://www.kopico.or.kr, Phone: 1336
Privacy Mark Certification Committee: http://www.privacymark.or.kr, Phone: 02-580-0533
Supreme Prosecutors' Office Internet Crime Investigation Center: http://www.spo.go.kr, Phone: 02-3480-3600
Cyber Terror Response Center, National Police Agency: http://www.ctrc.go.kr, Phone: 02-392-0330
National Police Agency: http://www.police.go.kr
15. Obligation to Notify Changes to the Privacy Policy
If there are any additions, deletions, or modifications to this privacy policy, notice will be provided at least 7 days prior through 'Announcements'. However, for significant changes affecting users' rights, such as changes in personal information collection items or purposes, notice will be given at least 30 days in advance, and consent may be sought again if necessary.
Announcement Date: September 1, 2024
Effective Date: September 1, 2024
