Privacy Policy
Privacy Policy
Privacy Policy
Article 1 (Purpose)
In order to protect the Personal Information (hereinafter referred to as the "Personal Information") of individual(s) (hereinafter referred to as the "User(s)" or "Individual(s)") using the services that the Company intends to provide (hereinafter referred to as the "Service"), OBELAB (hereinafter referred to as the "Company") establishes the privacy policy (hereinafter referred to as the "Policy") as follows, comply with relevant laws such as the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the " Information and Communications Network Act "), and to promptly and smoothly deal with the Personal Information protection of the User.
Article 2 (Principles of Personal Information Processing)
In accordance with laws and regulations related to Personal Information and this Policy, the Company may collect Personal Information of the Users, and the collected Personal Information may be provided to a third party only with the consent of the individual. Provided that if legally compelled to do so by the provisions of laws and regulations, the Company may provide the collected Personal Information of the User to a third party without the consent of the individual in advance.
Article 3 (Disclosure of this Policy)
The Company discloses this Policy through the settings screen so that the Users can easily check this Policy at any time.
In the event that the Company discloses this Policy in accordance with Paragraph 1, the Company shall use font size, color, etc., so that the Users can easily check this Policy.
Article 4 (Changes to this Policy)
This Policy may be amended in accordance with Personal Information-related laws, guidelines, notices, or changes in government or service policies or contents.
In the event that the Company amends this Policy pursuant to Paragraph 1, it will be notified in one or more of the following ways:
Method of notifying the notice section of the first screen of the Internet homepage operated by the Company or through a separate window; or
Method of notifying users in writing, sending imitation, e-mail or similar manner.
The Company shall notify the notice of Paragraph 2 at least 7 days prior to the effective date of the amendment to this Policy. Provided that if there is a significant change in the User's rights, we will notify you at least 30 days in advance.
Article 5 (Information for Membership Registration)
The Company collects the following information in order to register for the Company's services:
Required information for individual registration: email address and password
Social membership registration required information - Facebook: User ID, email address - Google: User ID, email address - Apple: User ID
Optional information collected: nickname, date of birth, gender, height, and weight
Article 6 (Information for Identity Verification)
The Company collects the following information to verify the identity of the Users:
Required information for individual Members: email address
Social login member required information - Facebook: email address - Google: email address - Apple: User ID
Article 7 (Other Information Collected)
The Company collects information as follows:
Purpose of collection: Exercise guidance and scheduling
Information collected: GPS information, CLOMP measurement data
Article 8 (Method of Collecting Personal Information)
The Company collects the Users' Personal Information in the following ways:
Method in which the Users enter their Personal Information through services other than the website provided by the Company, such as applications.
Format for collecting CLOMP measurement data through exercise.
Article 9 (Use of Personal Information)
The Company uses Personal Information in the following cases:
To provide the Company's services;
For demographic analysis, analysis of service visit and usage history;
To form a relationship between the Users based on Personal Information and interests; or
To prevent and sanction acts that interfere with the smooth operation of the service, including restriction of use of members who violate laws and Company terms and conditions, and illegal use.
In the event that the information is used for purposes other than those specified in this Policy, the Company will ask for the User's consent.
[Appendix <1> Select ‘Legitimate Processing of Personal Information according to the Application of GDPR’]
Article 10 (Consignment of Personal Information)
In order to provide smooth services and handle effective work, the Company entrusts the processing of Personal Information as follows:
Entrusting Amazon Web Services, Inc. (https://aws.amazon.com/compliance/contact) with the processing of Personal Information for the period of use of Personal Information for the purpose of storing Personal Information.
Article 11 (Period of Retention and Use of Personal Information)
The Company retains and uses the User's Personal Information for a period of time to achieve the purpose of collecting and using the Personal Information.
Notwithstanding the preceding paragraph, the Company shall keep records of fraudulent use of the service for up to one year from the time of withdrawal of membership in order to prevent fraudulent registration and use.
Article 12 (Period of Retention and Use of Personal Information in Accordance with Laws and Regulations)
The Company retains and uses Personal Information as follows in accordance with relevant laws and regulations:
Retained information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
Records on contract or withdrawal of subscription: 5 years
Records on payment and supply of goods, etc.: 5 years
Records on consumer complaints or dispute resolution: 3 years
Records on display and advertisement: 6 months
Retained information and retention period in accordance with the Protection of Communications Secrets Act
Website log data: 3 months
Retained information and retention period in accordance with the Electronic Financial Transactions Act
Records on electronic financial transactions: 5 years
Act on the Protection and Use of Location Information
Records on personal location information: 6 months
Article 13 (Principle of Destruction of Personal Information)
In principle, the Company destroys the information without delay when the Personal Information is not necessary, such as the achievement of the purpose of processing the User's Personal Information or the expiration of the retention/use period.
Article 14 (Personal Information Processing of Non-Service Users)
In principle, the Company notifies the User in advance of the Personal Information of the Users who have not used the Company's services for one year and destroys the Personal Information or stores it separately.
The Company will keep the Personal Information of the Users who have not used it for a long time separately and securely, and the notification of such Users will be sent to the e-mail address at least 30 days prior to the date of separate storage.
The Users who have not used the website for a long time may log in to the website (hereinafter referred to as the “Mobile App') in the case that the User wishes to continue using the Service before the Company separates the non-user DB.
The Users who have not used the website for a long time may restore their account with the User's consent when logging in to the website.
The Company destroys Personal Information without delay after storing it separately for 4 years.
Article 15 (Procedure for Destruction of Personal Information)
The information entered by the User for membership registration, etc., is transferred to a separate DB (separate filing cabinet in the case of paper) after the purpose of Personal Information processing is achieved, and is destroyed after being stored for a certain period of time according to the reasons for information protection according to the internal policy and other relevant laws and regulations (refer to the period of retention and use).
The Company destroys Personal Information for which the reason for destruction occurs after the approval procedure of the person in charge of Personal Information protection.
Article 16 (Method of Destruction of Personal Information)
The Company deletes Personal Information stored in the form of an electronic file using a technical method that makes it impossible to reproduce the record, and destroys Personal Information printed on paper by shredding it with a shredder or incineration.
Article 17 (Obligations of Users)
Users shall keep their Personal Information up-to-date, and they are responsible for any problems caused by inaccurate information entered by the Users.
In the event that the User sign up for membership by stealing other people's Personal Information, the User may lose the user qualification or be punished according to the relevant Personal Information protection laws and regulations.
The User is responsible for maintaining the security of your e-mail address, password, etc., and may not transfer or lend them to any third party.
Article 18 (User's Rights)
As the subject of information, the User or legal representative may exercise the following rights in relation to the collection, use, and sharing of Personal Information by the Company:
Right to access Personal Information;
Correction or deletion of Personal Information;
Temporary suspension of the processing of Personal Information; and
Request to withdraw consent previously provided.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
[Appendix <2> Select ‘User’s Rights according to the Application of GDPR’]
Article 19 (Management of Personal Information by the Company)
The Company takes the following technical and managerial protection measures to ensure the safety of Personal Information so that it is not lost, stolen, leaked, altered, or damaged in the processing of the Users' Personal Information.
Article 20 (Processing of Deleted Data)
The Company handles Personal Information that has been canceled or deleted at the request of the User or legal representative as specified in the "Period of Retention and Use of Personal Information" collected by the Company and does not allow it to be viewed or used for any other purpose.
Article 21 (Encryption of Passwords)
The User's password is stored and managed with one-way encryption, and the Personal Information can only be checked or changed by the person who knows the password.
Article 22 (Measures against Hacking)
The Company is doing its best to prevent the Users' Personal Information from being leaked or damaged by intrusion into information and communication networks such as hacking and computer viruses.
The Company uses the latest vaccine programs to prevent leakage or damage of the Users' Personal Information or data.
The Company is doing its best to secure it by using an intrusion prevention system in case of emergency.
The Company enables the safe transmission of sensitive Personal Information (if it is collected and retained) over the network through encrypted communication, etc.
Article 23 (Minimization of Personal Information Processing and Education)
The Company limits the number of people in charge of processing Personal Information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for Personal Information processors.
Article 24 (Measures for Leakage of Personal Information)
When the Company learns of the loss, theft, or leakage of Personal Information (hereinafter referred to as "Leakage, etc."), the Company shall notify the User of all of the following matters without delay and report it to the Korea Communications Commission or the Korea Internet & Security Agency.
Items of Personal Information that have been Leaked, etc.
When the leak occurred
Action available to the Users
Measures to respond to information and communication service providers, etc.
Departments and contact information where the Users can receive consultations, etc.
Article 25 (Exceptions to Measures for Leakage of Personal Information)
In the event that there is a justifiable reason, such as the User's contact information is not known, the Company may take measures to replace the notice in the preceding article by posting it on the Company's application for at least 30 days.
Article 26 (Designation of the Company's Chief Privacy Officer)
In order to protect the Users' Personal Information and handle complaints related to Personal Information, the Company has designated the relevant department and the person in charge of Personal Information protection as follows.
Personal Information Protection Officer
Name: KISU YUN
Phone: 070-4814-3762
Email address: ksyun@obelab.com
Article 27 (Miscellaneous)
[Appendix <3> Select ‘Data Overseas Transfer']
[Appendix <4> Select 'Third-Party Sites and Services']
[Appendix <5> Select ‘Guidance to Californians’]
[Appendix <6> Select ‘Guidance to Korean Residents’]
Addendum
Article 1 This Policy shall be effective on December 22, 2023.
Privacy Policy Addendum
<1> Legitimate Processing of Personal Information according to the Application of GDPR
The Company will lawfully process the User's Personal Information only in the following cases:
• In the case that the User consents to the processing of his/her Personal Information
• In the case that it is necessary for the User to take action at the request of the User for the performance of the contract or before the execution of the contract
- Membership management, identity verification, etc.
- Fulfillment of the contract regarding the provision of services required by the User, payment of fees and settlement of fees, etc.
• In the case that the processing is necessary for compliance with legal obligations applicable to the Company
- Compliance with applicable laws, regulations, legal process and governmental requests
• In the case that the processing is necessary to protect the vital interests of you or another natural person
- Detect, prevent and respond to fraud, abuse, security risks and technical problems that may harm you or other natural persons
• In the case that the processing is necessary for the performance of a duty in the public interest or in the exercise of official authority vested in the Company
• In the case that the processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party (except in cases where the interests of the User requesting the protection of Personal Information or fundamental rights and freedoms override such interests, especially if the User is a child)
<2> User’s Rights according to the Application of GDPR
The User or legal representative may exercise the following rights in relation to the collection, use, and sharing of the company's personal information as the subject of information.:
• Right of access to Personal Information
- The Users or their legal representatives may access the information and request confirmation of records of information collection, use, and sharing in accordance with applicable laws.
• Right to correction of Personal Information
- The Users or their legal representatives may request correction of inaccurate or incomplete information.
• Right to erasure of Personal Information
- The Users or their legal representatives may request the deletion of information due to the achievement of the purpose or withdrawal of consent.
• Right to restriction of processing of Personal Information
- The Users or their legal representatives may request restriction of information processing if there is a dispute over the accuracy of the information or the legality of the information processing, or if it is necessary to preserve the information.
• Right to portability of your Personal Information
- The Users or their legal representatives may request the provision or transfer of information.
• Right to object
- The Users or their legal representatives may request the suspension of the processing of information for direct marketing, the processing of information pursuant to legitimate interests or the exercise of official duties and authority, and the processing of information for research and statistical purposes.
• The right to object to automated individual decision-making, including profiling.
- The Users or their legal representatives may request the cessation of automated data processing, including profiling, which has a legal effect or has a significant impact on his/her data.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
<3> Data Overseas Transfer
Since the Company operates on a global scale, the Company may provide your Personal Information to companies or third parties located in other countries for the purposes set forth in this Privacy Policy. In the event that the Personal Information is transferred, retained, or processed, the Company takes reasonable steps to protect Personal Information.
In addition, in the event of using or disclosing Personal Information obtained from the European Union or Switzerland, we will comply with the US-EU Privacy Shield Convention, the Swiss-US Privacy Shield Convention, use standard contractual clauses approved by the European Commission, or take other measures within EU regulations to ensure adequate safeguards, or obtain your consent.
<4> Third-Party Sites and Services
The Company's websites, products, services, etc., may contain links to third party websites, products, services, etc. The Policy of linked third-party sites may cover our policies. Accordingly, the Users should additionally review the Policy of linked third-party sites.
<5> Guidance to Californians
In the event that the User lives in California, certain rights may be added. The Company takes the necessary precautions to protect the Personal Information of its members in order to comply with the California Online Privacy Protection Act.
In the event that Personal Information is leaked, the User may request confirmation of information leakage. In addition, all Users of the Company's website can change their information at any time by accessing their personal account and using the Edit Information menu. In addition, the Company does not track visitors to its website.
The Company also don't use "Do Not Track" signals. The Company does not collect personally identifiable information through advertising services and provide it to third parties without the consent of the Users.
Article 1 (Purpose)
In order to protect the Personal Information (hereinafter referred to as the "Personal Information") of individual(s) (hereinafter referred to as the "User(s)" or "Individual(s)") using the services that the Company intends to provide (hereinafter referred to as the "Service"), OBELAB (hereinafter referred to as the "Company") establishes the privacy policy (hereinafter referred to as the "Policy") as follows, comply with relevant laws such as the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the " Information and Communications Network Act "), and to promptly and smoothly deal with the Personal Information protection of the User.
Article 2 (Principles of Personal Information Processing)
In accordance with laws and regulations related to Personal Information and this Policy, the Company may collect Personal Information of the Users, and the collected Personal Information may be provided to a third party only with the consent of the individual. Provided that if legally compelled to do so by the provisions of laws and regulations, the Company may provide the collected Personal Information of the User to a third party without the consent of the individual in advance.
Article 3 (Disclosure of this Policy)
The Company discloses this Policy through the settings screen so that the Users can easily check this Policy at any time.
In the event that the Company discloses this Policy in accordance with Paragraph 1, the Company shall use font size, color, etc., so that the Users can easily check this Policy.
Article 4 (Changes to this Policy)
This Policy may be amended in accordance with Personal Information-related laws, guidelines, notices, or changes in government or service policies or contents.
In the event that the Company amends this Policy pursuant to Paragraph 1, it will be notified in one or more of the following ways:
Method of notifying the notice section of the first screen of the Internet homepage operated by the Company or through a separate window; or
Method of notifying users in writing, sending imitation, e-mail or similar manner.
The Company shall notify the notice of Paragraph 2 at least 7 days prior to the effective date of the amendment to this Policy. Provided that if there is a significant change in the User's rights, we will notify you at least 30 days in advance.
Article 5 (Information for Membership Registration)
The Company collects the following information in order to register for the Company's services:
Required information for individual registration: email address and password
Social membership registration required information - Facebook: User ID, email address - Google: User ID, email address - Apple: User ID
Optional information collected: nickname, date of birth, gender, height, and weight
Article 6 (Information for Identity Verification)
The Company collects the following information to verify the identity of the Users:
Required information for individual Members: email address
Social login member required information - Facebook: email address - Google: email address - Apple: User ID
Article 7 (Other Information Collected)
The Company collects information as follows:
Purpose of collection: Exercise guidance and scheduling
Information collected: GPS information, CLOMP measurement data
Article 8 (Method of Collecting Personal Information)
The Company collects the Users' Personal Information in the following ways:
Method in which the Users enter their Personal Information through services other than the website provided by the Company, such as applications.
Format for collecting CLOMP measurement data through exercise.
Article 9 (Use of Personal Information)
The Company uses Personal Information in the following cases:
To provide the Company's services;
For demographic analysis, analysis of service visit and usage history;
To form a relationship between the Users based on Personal Information and interests; or
To prevent and sanction acts that interfere with the smooth operation of the service, including restriction of use of members who violate laws and Company terms and conditions, and illegal use.
In the event that the information is used for purposes other than those specified in this Policy, the Company will ask for the User's consent.
[Appendix <1> Select ‘Legitimate Processing of Personal Information according to the Application of GDPR’]
Article 10 (Consignment of Personal Information)
In order to provide smooth services and handle effective work, the Company entrusts the processing of Personal Information as follows:
Entrusting Amazon Web Services, Inc. (https://aws.amazon.com/compliance/contact) with the processing of Personal Information for the period of use of Personal Information for the purpose of storing Personal Information.
Article 11 (Period of Retention and Use of Personal Information)
The Company retains and uses the User's Personal Information for a period of time to achieve the purpose of collecting and using the Personal Information.
Notwithstanding the preceding paragraph, the Company shall keep records of fraudulent use of the service for up to one year from the time of withdrawal of membership in order to prevent fraudulent registration and use.
Article 12 (Period of Retention and Use of Personal Information in Accordance with Laws and Regulations)
The Company retains and uses Personal Information as follows in accordance with relevant laws and regulations:
Retained information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
Records on contract or withdrawal of subscription: 5 years
Records on payment and supply of goods, etc.: 5 years
Records on consumer complaints or dispute resolution: 3 years
Records on display and advertisement: 6 months
Retained information and retention period in accordance with the Protection of Communications Secrets Act
Website log data: 3 months
Retained information and retention period in accordance with the Electronic Financial Transactions Act
Records on electronic financial transactions: 5 years
Act on the Protection and Use of Location Information
Records on personal location information: 6 months
Article 13 (Principle of Destruction of Personal Information)
In principle, the Company destroys the information without delay when the Personal Information is not necessary, such as the achievement of the purpose of processing the User's Personal Information or the expiration of the retention/use period.
Article 14 (Personal Information Processing of Non-Service Users)
In principle, the Company notifies the User in advance of the Personal Information of the Users who have not used the Company's services for one year and destroys the Personal Information or stores it separately.
The Company will keep the Personal Information of the Users who have not used it for a long time separately and securely, and the notification of such Users will be sent to the e-mail address at least 30 days prior to the date of separate storage.
The Users who have not used the website for a long time may log in to the website (hereinafter referred to as the “Mobile App') in the case that the User wishes to continue using the Service before the Company separates the non-user DB.
The Users who have not used the website for a long time may restore their account with the User's consent when logging in to the website.
The Company destroys Personal Information without delay after storing it separately for 4 years.
Article 15 (Procedure for Destruction of Personal Information)
The information entered by the User for membership registration, etc., is transferred to a separate DB (separate filing cabinet in the case of paper) after the purpose of Personal Information processing is achieved, and is destroyed after being stored for a certain period of time according to the reasons for information protection according to the internal policy and other relevant laws and regulations (refer to the period of retention and use).
The Company destroys Personal Information for which the reason for destruction occurs after the approval procedure of the person in charge of Personal Information protection.
Article 16 (Method of Destruction of Personal Information)
The Company deletes Personal Information stored in the form of an electronic file using a technical method that makes it impossible to reproduce the record, and destroys Personal Information printed on paper by shredding it with a shredder or incineration.
Article 17 (Obligations of Users)
Users shall keep their Personal Information up-to-date, and they are responsible for any problems caused by inaccurate information entered by the Users.
In the event that the User sign up for membership by stealing other people's Personal Information, the User may lose the user qualification or be punished according to the relevant Personal Information protection laws and regulations.
The User is responsible for maintaining the security of your e-mail address, password, etc., and may not transfer or lend them to any third party.
Article 18 (User's Rights)
As the subject of information, the User or legal representative may exercise the following rights in relation to the collection, use, and sharing of Personal Information by the Company:
Right to access Personal Information;
Correction or deletion of Personal Information;
Temporary suspension of the processing of Personal Information; and
Request to withdraw consent previously provided.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
[Appendix <2> Select ‘User’s Rights according to the Application of GDPR’]
Article 19 (Management of Personal Information by the Company)
The Company takes the following technical and managerial protection measures to ensure the safety of Personal Information so that it is not lost, stolen, leaked, altered, or damaged in the processing of the Users' Personal Information.
Article 20 (Processing of Deleted Data)
The Company handles Personal Information that has been canceled or deleted at the request of the User or legal representative as specified in the "Period of Retention and Use of Personal Information" collected by the Company and does not allow it to be viewed or used for any other purpose.
Article 21 (Encryption of Passwords)
The User's password is stored and managed with one-way encryption, and the Personal Information can only be checked or changed by the person who knows the password.
Article 22 (Measures against Hacking)
The Company is doing its best to prevent the Users' Personal Information from being leaked or damaged by intrusion into information and communication networks such as hacking and computer viruses.
The Company uses the latest vaccine programs to prevent leakage or damage of the Users' Personal Information or data.
The Company is doing its best to secure it by using an intrusion prevention system in case of emergency.
The Company enables the safe transmission of sensitive Personal Information (if it is collected and retained) over the network through encrypted communication, etc.
Article 23 (Minimization of Personal Information Processing and Education)
The Company limits the number of people in charge of processing Personal Information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for Personal Information processors.
Article 24 (Measures for Leakage of Personal Information)
When the Company learns of the loss, theft, or leakage of Personal Information (hereinafter referred to as "Leakage, etc."), the Company shall notify the User of all of the following matters without delay and report it to the Korea Communications Commission or the Korea Internet & Security Agency.
Items of Personal Information that have been Leaked, etc.
When the leak occurred
Action available to the Users
Measures to respond to information and communication service providers, etc.
Departments and contact information where the Users can receive consultations, etc.
Article 25 (Exceptions to Measures for Leakage of Personal Information)
In the event that there is a justifiable reason, such as the User's contact information is not known, the Company may take measures to replace the notice in the preceding article by posting it on the Company's application for at least 30 days.
Article 26 (Designation of the Company's Chief Privacy Officer)
In order to protect the Users' Personal Information and handle complaints related to Personal Information, the Company has designated the relevant department and the person in charge of Personal Information protection as follows.
Personal Information Protection Officer
Name: KISU YUN
Phone: 070-4814-3762
Email address: ksyun@obelab.com
Article 27 (Miscellaneous)
[Appendix <3> Select ‘Data Overseas Transfer']
[Appendix <4> Select 'Third-Party Sites and Services']
[Appendix <5> Select ‘Guidance to Californians’]
[Appendix <6> Select ‘Guidance to Korean Residents’]
Addendum
Article 1 This Policy shall be effective on December 22, 2023.
Privacy Policy Addendum
<1> Legitimate Processing of Personal Information according to the Application of GDPR
The Company will lawfully process the User's Personal Information only in the following cases:
• In the case that the User consents to the processing of his/her Personal Information
• In the case that it is necessary for the User to take action at the request of the User for the performance of the contract or before the execution of the contract
- Membership management, identity verification, etc.
- Fulfillment of the contract regarding the provision of services required by the User, payment of fees and settlement of fees, etc.
• In the case that the processing is necessary for compliance with legal obligations applicable to the Company
- Compliance with applicable laws, regulations, legal process and governmental requests
• In the case that the processing is necessary to protect the vital interests of you or another natural person
- Detect, prevent and respond to fraud, abuse, security risks and technical problems that may harm you or other natural persons
• In the case that the processing is necessary for the performance of a duty in the public interest or in the exercise of official authority vested in the Company
• In the case that the processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party (except in cases where the interests of the User requesting the protection of Personal Information or fundamental rights and freedoms override such interests, especially if the User is a child)
<2> User’s Rights according to the Application of GDPR
The User or legal representative may exercise the following rights in relation to the collection, use, and sharing of the company's personal information as the subject of information.:
• Right of access to Personal Information
- The Users or their legal representatives may access the information and request confirmation of records of information collection, use, and sharing in accordance with applicable laws.
• Right to correction of Personal Information
- The Users or their legal representatives may request correction of inaccurate or incomplete information.
• Right to erasure of Personal Information
- The Users or their legal representatives may request the deletion of information due to the achievement of the purpose or withdrawal of consent.
• Right to restriction of processing of Personal Information
- The Users or their legal representatives may request restriction of information processing if there is a dispute over the accuracy of the information or the legality of the information processing, or if it is necessary to preserve the information.
• Right to portability of your Personal Information
- The Users or their legal representatives may request the provision or transfer of information.
• Right to object
- The Users or their legal representatives may request the suspension of the processing of information for direct marketing, the processing of information pursuant to legitimate interests or the exercise of official duties and authority, and the processing of information for research and statistical purposes.
• The right to object to automated individual decision-making, including profiling.
- The Users or their legal representatives may request the cessation of automated data processing, including profiling, which has a legal effect or has a significant impact on his/her data.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
<3> Data Overseas Transfer
Since the Company operates on a global scale, the Company may provide your Personal Information to companies or third parties located in other countries for the purposes set forth in this Privacy Policy. In the event that the Personal Information is transferred, retained, or processed, the Company takes reasonable steps to protect Personal Information.
In addition, in the event of using or disclosing Personal Information obtained from the European Union or Switzerland, we will comply with the US-EU Privacy Shield Convention, the Swiss-US Privacy Shield Convention, use standard contractual clauses approved by the European Commission, or take other measures within EU regulations to ensure adequate safeguards, or obtain your consent.
<4> Third-Party Sites and Services
The Company's websites, products, services, etc., may contain links to third party websites, products, services, etc. The Policy of linked third-party sites may cover our policies. Accordingly, the Users should additionally review the Policy of linked third-party sites.
<5> Guidance to Californians
In the event that the User lives in California, certain rights may be added. The Company takes the necessary precautions to protect the Personal Information of its members in order to comply with the California Online Privacy Protection Act.
In the event that Personal Information is leaked, the User may request confirmation of information leakage. In addition, all Users of the Company's website can change their information at any time by accessing their personal account and using the Edit Information menu. In addition, the Company does not track visitors to its website.
The Company also don't use "Do Not Track" signals. The Company does not collect personally identifiable information through advertising services and provide it to third parties without the consent of the Users.
Article 1 (Purpose)
In order to protect the Personal Information (hereinafter referred to as the "Personal Information") of individual(s) (hereinafter referred to as the "User(s)" or "Individual(s)") using the services that the Company intends to provide (hereinafter referred to as the "Service"), OBELAB (hereinafter referred to as the "Company") establishes the privacy policy (hereinafter referred to as the "Policy") as follows, comply with relevant laws such as the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the " Information and Communications Network Act "), and to promptly and smoothly deal with the Personal Information protection of the User.
Article 2 (Principles of Personal Information Processing)
In accordance with laws and regulations related to Personal Information and this Policy, the Company may collect Personal Information of the Users, and the collected Personal Information may be provided to a third party only with the consent of the individual. Provided that if legally compelled to do so by the provisions of laws and regulations, the Company may provide the collected Personal Information of the User to a third party without the consent of the individual in advance.
Article 3 (Disclosure of this Policy)
The Company discloses this Policy through the settings screen so that the Users can easily check this Policy at any time.
In the event that the Company discloses this Policy in accordance with Paragraph 1, the Company shall use font size, color, etc., so that the Users can easily check this Policy.
Article 4 (Changes to this Policy)
This Policy may be amended in accordance with Personal Information-related laws, guidelines, notices, or changes in government or service policies or contents.
In the event that the Company amends this Policy pursuant to Paragraph 1, it will be notified in one or more of the following ways:
Method of notifying the notice section of the first screen of the Internet homepage operated by the Company or through a separate window; or
Method of notifying users in writing, sending imitation, e-mail or similar manner.
The Company shall notify the notice of Paragraph 2 at least 7 days prior to the effective date of the amendment to this Policy. Provided that if there is a significant change in the User's rights, we will notify you at least 30 days in advance.
Article 5 (Information for Membership Registration)
The Company collects the following information in order to register for the Company's services:
Required information for individual registration: email address and password
Social membership registration required information - Facebook: User ID, email address - Google: User ID, email address - Apple: User ID
Optional information collected: nickname, date of birth, gender, height, and weight
Article 6 (Information for Identity Verification)
The Company collects the following information to verify the identity of the Users:
Required information for individual Members: email address
Social login member required information - Facebook: email address - Google: email address - Apple: User ID
Article 7 (Other Information Collected)
The Company collects information as follows:
Purpose of collection: Exercise guidance and scheduling
Information collected: GPS information, CLOMP measurement data
Article 8 (Method of Collecting Personal Information)
The Company collects the Users' Personal Information in the following ways:
Method in which the Users enter their Personal Information through services other than the website provided by the Company, such as applications.
Format for collecting CLOMP measurement data through exercise.
Article 9 (Use of Personal Information)
The Company uses Personal Information in the following cases:
To provide the Company's services;
For demographic analysis, analysis of service visit and usage history;
To form a relationship between the Users based on Personal Information and interests; or
To prevent and sanction acts that interfere with the smooth operation of the service, including restriction of use of members who violate laws and Company terms and conditions, and illegal use.
In the event that the information is used for purposes other than those specified in this Policy, the Company will ask for the User's consent.
[Appendix <1> Select ‘Legitimate Processing of Personal Information according to the Application of GDPR’]
Article 10 (Consignment of Personal Information)
In order to provide smooth services and handle effective work, the Company entrusts the processing of Personal Information as follows:
Entrusting Amazon Web Services, Inc. (https://aws.amazon.com/compliance/contact) with the processing of Personal Information for the period of use of Personal Information for the purpose of storing Personal Information.
Article 11 (Period of Retention and Use of Personal Information)
The Company retains and uses the User's Personal Information for a period of time to achieve the purpose of collecting and using the Personal Information.
Notwithstanding the preceding paragraph, the Company shall keep records of fraudulent use of the service for up to one year from the time of withdrawal of membership in order to prevent fraudulent registration and use.
Article 12 (Period of Retention and Use of Personal Information in Accordance with Laws and Regulations)
The Company retains and uses Personal Information as follows in accordance with relevant laws and regulations:
Retained information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
Records on contract or withdrawal of subscription: 5 years
Records on payment and supply of goods, etc.: 5 years
Records on consumer complaints or dispute resolution: 3 years
Records on display and advertisement: 6 months
Retained information and retention period in accordance with the Protection of Communications Secrets Act
Website log data: 3 months
Retained information and retention period in accordance with the Electronic Financial Transactions Act
Records on electronic financial transactions: 5 years
Act on the Protection and Use of Location Information
Records on personal location information: 6 months
Article 13 (Principle of Destruction of Personal Information)
In principle, the Company destroys the information without delay when the Personal Information is not necessary, such as the achievement of the purpose of processing the User's Personal Information or the expiration of the retention/use period.
Article 14 (Personal Information Processing of Non-Service Users)
In principle, the Company notifies the User in advance of the Personal Information of the Users who have not used the Company's services for one year and destroys the Personal Information or stores it separately.
The Company will keep the Personal Information of the Users who have not used it for a long time separately and securely, and the notification of such Users will be sent to the e-mail address at least 30 days prior to the date of separate storage.
The Users who have not used the website for a long time may log in to the website (hereinafter referred to as the “Mobile App') in the case that the User wishes to continue using the Service before the Company separates the non-user DB.
The Users who have not used the website for a long time may restore their account with the User's consent when logging in to the website.
The Company destroys Personal Information without delay after storing it separately for 4 years.
Article 15 (Procedure for Destruction of Personal Information)
The information entered by the User for membership registration, etc., is transferred to a separate DB (separate filing cabinet in the case of paper) after the purpose of Personal Information processing is achieved, and is destroyed after being stored for a certain period of time according to the reasons for information protection according to the internal policy and other relevant laws and regulations (refer to the period of retention and use).
The Company destroys Personal Information for which the reason for destruction occurs after the approval procedure of the person in charge of Personal Information protection.
Article 16 (Method of Destruction of Personal Information)
The Company deletes Personal Information stored in the form of an electronic file using a technical method that makes it impossible to reproduce the record, and destroys Personal Information printed on paper by shredding it with a shredder or incineration.
Article 17 (Obligations of Users)
Users shall keep their Personal Information up-to-date, and they are responsible for any problems caused by inaccurate information entered by the Users.
In the event that the User sign up for membership by stealing other people's Personal Information, the User may lose the user qualification or be punished according to the relevant Personal Information protection laws and regulations.
The User is responsible for maintaining the security of your e-mail address, password, etc., and may not transfer or lend them to any third party.
Article 18 (User's Rights)
As the subject of information, the User or legal representative may exercise the following rights in relation to the collection, use, and sharing of Personal Information by the Company:
Right to access Personal Information;
Correction or deletion of Personal Information;
Temporary suspension of the processing of Personal Information; and
Request to withdraw consent previously provided.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
[Appendix <2> Select ‘User’s Rights according to the Application of GDPR’]
Article 19 (Management of Personal Information by the Company)
The Company takes the following technical and managerial protection measures to ensure the safety of Personal Information so that it is not lost, stolen, leaked, altered, or damaged in the processing of the Users' Personal Information.
Article 20 (Processing of Deleted Data)
The Company handles Personal Information that has been canceled or deleted at the request of the User or legal representative as specified in the "Period of Retention and Use of Personal Information" collected by the Company and does not allow it to be viewed or used for any other purpose.
Article 21 (Encryption of Passwords)
The User's password is stored and managed with one-way encryption, and the Personal Information can only be checked or changed by the person who knows the password.
Article 22 (Measures against Hacking)
The Company is doing its best to prevent the Users' Personal Information from being leaked or damaged by intrusion into information and communication networks such as hacking and computer viruses.
The Company uses the latest vaccine programs to prevent leakage or damage of the Users' Personal Information or data.
The Company is doing its best to secure it by using an intrusion prevention system in case of emergency.
The Company enables the safe transmission of sensitive Personal Information (if it is collected and retained) over the network through encrypted communication, etc.
Article 23 (Minimization of Personal Information Processing and Education)
The Company limits the number of people in charge of processing Personal Information to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training for Personal Information processors.
Article 24 (Measures for Leakage of Personal Information)
When the Company learns of the loss, theft, or leakage of Personal Information (hereinafter referred to as "Leakage, etc."), the Company shall notify the User of all of the following matters without delay and report it to the Korea Communications Commission or the Korea Internet & Security Agency.
Items of Personal Information that have been Leaked, etc.
When the leak occurred
Action available to the Users
Measures to respond to information and communication service providers, etc.
Departments and contact information where the Users can receive consultations, etc.
Article 25 (Exceptions to Measures for Leakage of Personal Information)
In the event that there is a justifiable reason, such as the User's contact information is not known, the Company may take measures to replace the notice in the preceding article by posting it on the Company's application for at least 30 days.
Article 26 (Designation of the Company's Chief Privacy Officer)
In order to protect the Users' Personal Information and handle complaints related to Personal Information, the Company has designated the relevant department and the person in charge of Personal Information protection as follows.
Personal Information Protection Officer
Name: KISU YUN
Phone: 070-4814-3762
Email address: ksyun@obelab.com
Article 27 (Miscellaneous)
[Appendix <3> Select ‘Data Overseas Transfer']
[Appendix <4> Select 'Third-Party Sites and Services']
[Appendix <5> Select ‘Guidance to Californians’]
[Appendix <6> Select ‘Guidance to Korean Residents’]
Addendum
Article 1 This Policy shall be effective on December 22, 2023.
Privacy Policy Addendum
<1> Legitimate Processing of Personal Information according to the Application of GDPR
The Company will lawfully process the User's Personal Information only in the following cases:
• In the case that the User consents to the processing of his/her Personal Information
• In the case that it is necessary for the User to take action at the request of the User for the performance of the contract or before the execution of the contract
- Membership management, identity verification, etc.
- Fulfillment of the contract regarding the provision of services required by the User, payment of fees and settlement of fees, etc.
• In the case that the processing is necessary for compliance with legal obligations applicable to the Company
- Compliance with applicable laws, regulations, legal process and governmental requests
• In the case that the processing is necessary to protect the vital interests of you or another natural person
- Detect, prevent and respond to fraud, abuse, security risks and technical problems that may harm you or other natural persons
• In the case that the processing is necessary for the performance of a duty in the public interest or in the exercise of official authority vested in the Company
• In the case that the processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party (except in cases where the interests of the User requesting the protection of Personal Information or fundamental rights and freedoms override such interests, especially if the User is a child)
<2> User’s Rights according to the Application of GDPR
The User or legal representative may exercise the following rights in relation to the collection, use, and sharing of the company's personal information as the subject of information.:
• Right of access to Personal Information
- The Users or their legal representatives may access the information and request confirmation of records of information collection, use, and sharing in accordance with applicable laws.
• Right to correction of Personal Information
- The Users or their legal representatives may request correction of inaccurate or incomplete information.
• Right to erasure of Personal Information
- The Users or their legal representatives may request the deletion of information due to the achievement of the purpose or withdrawal of consent.
• Right to restriction of processing of Personal Information
- The Users or their legal representatives may request restriction of information processing if there is a dispute over the accuracy of the information or the legality of the information processing, or if it is necessary to preserve the information.
• Right to portability of your Personal Information
- The Users or their legal representatives may request the provision or transfer of information.
• Right to object
- The Users or their legal representatives may request the suspension of the processing of information for direct marketing, the processing of information pursuant to legitimate interests or the exercise of official duties and authority, and the processing of information for research and statistical purposes.
• The right to object to automated individual decision-making, including profiling.
- The Users or their legal representatives may request the cessation of automated data processing, including profiling, which has a legal effect or has a significant impact on his/her data.
To this end, if you use the 'Edit Member Information' menu on the web page or contact the Company (or the person in charge of Personal Information management or its agent) in writing, by phone or e-mail, we will take action without delay. Provided that the Company may refuse such a request only if there is a valid reason specified in the law or an equivalent reason.
<3> Data Overseas Transfer
Since the Company operates on a global scale, the Company may provide your Personal Information to companies or third parties located in other countries for the purposes set forth in this Privacy Policy. In the event that the Personal Information is transferred, retained, or processed, the Company takes reasonable steps to protect Personal Information.
In addition, in the event of using or disclosing Personal Information obtained from the European Union or Switzerland, we will comply with the US-EU Privacy Shield Convention, the Swiss-US Privacy Shield Convention, use standard contractual clauses approved by the European Commission, or take other measures within EU regulations to ensure adequate safeguards, or obtain your consent.
<4> Third-Party Sites and Services
The Company's websites, products, services, etc., may contain links to third party websites, products, services, etc. The Policy of linked third-party sites may cover our policies. Accordingly, the Users should additionally review the Policy of linked third-party sites.
<5> Guidance to Californians
In the event that the User lives in California, certain rights may be added. The Company takes the necessary precautions to protect the Personal Information of its members in order to comply with the California Online Privacy Protection Act.
In the event that Personal Information is leaked, the User may request confirmation of information leakage. In addition, all Users of the Company's website can change their information at any time by accessing their personal account and using the Edit Information menu. In addition, the Company does not track visitors to its website.
The Company also don't use "Do Not Track" signals. The Company does not collect personally identifiable information through advertising services and provide it to third parties without the consent of the Users.