Privacy Policy

SELVAS Healthcare, Inc. (the “Company” or “We”) complies with the Personal Information Protection Act of Korea (the “Privacy Act”) and other applicable laws, and lawfully processes and safely maintain personal information you have provided. This Privacy Policy aims to inform our members of the procedures and standards pertinent to our processing of the personal information you have provided, and we establish our privacy policy as follows to resolve any privacy issues in a timely and seamless manner. 

We reserve the right to change or amend any part of this Web Policy at any time and without prior notice. However, details of these updates are made available on this webpage at the earliest opportunity. We advise checking this webpage from time to time to make sure that you agree with any changes or amendments.

The Company controls and operates our services from its headquarters sitting in the Republic of Korea. If you use our services from outside of the Republic of Korea, you are entirely responsible for compliance with applicable local laws.

A. Purposes of Collection and Use of Personal Information

The Company shall process the personal information you have provided in the following manner. The personal information collected shall not be utilized for any purposes other than those specified below. In the event of any changes to such purposes, the Company shall take appropriate measures, including obtaining a separate consent in accordance with Article 18 of the Privacy Act.

1) Membership Sign-Ups and Management

• For Measured Member
  • Purposes of Collection
    • Ensure the member’s desire of membership sign-up, identification of the member to provide the  membership services, membership care and management, prevention of misuse of the membership services, parental consent on collection of information of the children under 14 years old, various notices, complaint resolution, retention of the records for dispute resolution, and collection of statistical information about use of the membership services.
  • Collected Information
    • Required: Name, ID, Password, Email, Gender, Height, Date of Birth and Mobile Phone Number
• For Manager Member
  • Purposes of Collection
    • Ensure the member’s desire of membership sign-up, identification of the member to provide the membership services, membership care and management, prevention of misuse of the membership services, parental consent on collection of information of the children under 14 years old, various notices, complaint resolution, retention of the records for dispute resolution, and collection of statistical information about use of the membership services.
  • Collected Information
    • Required: Name, ID, Password, Email, Gender, Height, Date of Birth and Mobile Phone Number
    • Optional: Information to be provided by businesses including without limitation trade name, tax identification number or business registration number, country, address of the business place

2) Services of Body Composition Test and Analysis

• Purposes of Collection
  • Providing services of storing, accessing and notification of the results of body composition test; analysis of the body composition results and other health-related information; and customized consulting
• Collected Information
  • Name, ID, Weight, Height, Age, Gender, Results of Body Composition Test (including without limitation Body Fat Mass, Muscle Mass, Skeletal Muscle Mass, Total Body Water, intracellular Water, Extracellular Water, Minerals, Protein, Body Fat Mass, Body Fat Percentage, Body Mass Index (BMI), Abdominal Obesity Rate, Visceral Fat Level, Visceral Fat Area, Visceral Fat Mass, Subcutaneous Fat Mass, Body Age, Comprehensive Score, Body Shape, Extracellular Water Ratio, Basal Metabolic Rate, Daily Energy Requirement, Percentile of Child Growth, Impedance, Phase Angle), Analysis of Test Results and other Health-Related Information

3) Customer Questions and Answers

• Purposes of Collection
  • Customer Q&A; Improvement of quality of customer services
  • Email, mobile phone number

4) Service Development and Use for Marketing and Advertisement Purposes

• Purposes of Collection
  • Providing member-tailored services; Advertisements using statistical data; Information of the event and event sign-up opportunity; and statistical analysis to increase the revenue and improve the marketing performance. 
• Collected Information
  • Email, mobile phone number, information generated and collected during the course of service use. 

5) Automatic Collection due to Service Use

• Purposes of Collection
  • Tracking access traffic and statistics for service improvement and development of new services.
• Collected Information
  • OS, Browser type, Browsing history of websites and app services, IP address, Cookie, and Device Identification information

The Company gathers personal information submitted by members during sign-up (including membership registration via social media platforms), modification of member information, utilization of the ACCUNIQ test device, provision of services, input or correction of member information, and customer service inquiries via fax, mail, telephone, and other means of data collection.

When registering as a member using social media platforms such as Kakao, Google, or Baidu, the Company only collects the minimum amount of personal information necessary from third parties. The personal information collected by the Company is categorized as required or optional items:

• Social Media Platform
  • Google, Facebook, Instagram, twitter
• Collected Information
  • Required: Name, Gender, Mobile Phone Number, Kakao account
  • Optional: Age Range, Date of Birth, Nickname, Profile Picture
• Purchase of Collection
  • Membership registration and service provision

B. Personal Information Use and Retention Period

The Company retains your personal information for the period of time that you have consented to for the use and retention of such information, or as permitted by applicable laws and regulations. 

The following specifies the specific details regarding the use and retention period of your personal information:

• Membership Sign-Up and Management: Until the membership termination date. 
• Body Composition Test and Analysis Services: Until the member’s removal request.
• Customer questions and answers: One (1) year from the date of question.
• Use of Service Development and Marketing/Advertisement: Until the date of the membership termination or withdrawal of consent to use of personal information for marketing purposes.

Notwithstanding Article B, the retention period for the following information is as follows:

1. Purpose of Collection and Retention of Personal Information and Retention Period Pursuant to the Company’s Policy
   • Collected and Retained Information: ID, Email, Mobile Phone Number
   • Grounds for Retention: To prevent misuse of services and confusion  
   • Retention Period: Three (3) months after the membership termination
2. Retention Period under Applicable Laws
   • Recorded Information of Contracting and Withdrawal of Offer etc. 
     • Applicable Law: Act on the Consumer Protection in Electronic Commerce
     • Retention Period: Five (5) Years
   • Recorded Information of Payment and Supply of Goods etc. 
     • Applicable Law: Act on the Consumer Protection in Electronic Commerce
     • Retention Period: Five (5) Years
   • Recorded Information of Consumer’s Complaints and Dispute Resolutions
     • Applicable Law: Act on the Consumer Protection in Electronic Commerce
     • Retention Period: Three (3) Years
   • Recorded Information of Member’s Self-Identification
     • Applicable Law: Act on Promotion of Information and Communications Network Utilization and Information
     • Retention Period: Six (6) Months
   • Service Use History, Access Log, and IP Address 
     • Applicable Law: Protection of Communications Secrets Act
     • Retention Period: Three (3) Months
   • Books and Supporting Documents regarding Transactions under Tax Laws
     • Applicable Law: Framework Act on National Taxes, Corporate Tax Act, and Income Tax Act
     • Retention Period: Five (5) Years

C. Destruction Process and Method of Personal Information

The Company shall, in principle, expeditiously destroy any personal information in its possession once the purposes of collection and use of such personal information have been achieved, or when the retention period has expired. The process and method of destruction are as follows:

• Destruction Process
  • The personal information collected for the purpose of membership sign-up and other related activities shall be transferred to a separate database (or a separate cabinet in the case of paper documents), and such information shall be destroyed after being stored for a certain period in accordance with the Company's internal policy and applicable laws.
  • Such information transferred to a separate database will not be used for other purposes than those under applicable laws. 
• Destruction Method
  • Personal information printed in papers will be shredded or be burned to be destroyed.
  • Personal information in an electronic file format will be erased by using a technical method rendering such information unrestorable. 

D. Collection of Personal Information from Children under 14 Years Old

The Company shall collect personal information from children under the age of 14 only with the consent of their legal representative, to the extent that such information is reasonably necessary to render its services.

• Required Items: Name, relationship, gender, contact information, duplicated information

The Company may request the information of the legal representative of children under the age of 14 when collecting the child's personal information, and may use one of the following methods to confirm that a legitimate legal representative has given consent: 

• Sending a text message to the legal representative’s mobile phone that the personal information manager has confirmed his or her consent to collection of personal information of children under 14 years old after the legal representative has checked the box marked “consent” on the website presenting the consent statement. 
• Requesting the legal representative’s check or credit card’s information after the legal representative has checked the box marked “consent” on the website presenting the consent statement.
• Identifying the legal representative through mobile self-authentication services legal representative has checked the box marked “consent” on the website presenting the consent statement
• Receiving the signed or sealed consent statement after delivering a consent statement by personal delivery, mailing service or fax to the legal representative for his or her sign or seal. 
• Receiving the email representing the legal representative’s consent after sending an email containing a consent statement. 
• Obtaining the legal representative’s consent by phone following orally presenting a consent statement or introducing the website etc. where he or she may read a consent statement. 
• Presenting a consent statement and ensuring the legal representative’s consent through any other method compatible to the methods above. 

E. Transfer of Personal Information to Third Party

The Company shall process personal information collected from its members solely for the purposes stated in Article A of this agreement. The Company will transfer such personal information to a third party only with the member's explicit consent, or to the extent permitted by applicable laws in accordance with Article 17 and 18 of the Privacy Act.  

In the following cases, the Company will transfer personal information to a third party upon the member’s consent to the extent it is reasonably necessary to render seamless services to its members.

• Third Party Transferee
  • Manager Member
• Purpose of Transfer
  • Access to, correction, modification, adding, deletion of test information
  • Analysis of body composition based on the tested data
  • Tailored consulting based on the tested data
• Transferred Information
  • Name, ID, weight, height, age, gender, body composition test results (including without limitation Body Fat Mass, Muscle Mass, Skeletal Muscle Mass, Total Body Water, intracellular Water, Extracellular Water, Minerals, Protein, Body Fat Mass, Body Fat Percentage, Body Mass Index (BMI), Abdominal Obesity Rate, Visceral Fat Level, Visceral Fat Area, Visceral Fat Mass, Subcutaneous Fat Mass, Body Age, Comprehensive Score, Body Shape, Extracellular Water Ratio, Basal Metabolic Rate, Daily Energy Requirement, Percentile of Child Growth, Impedance, Phase Angle), result analysis data and other health-related information.
• Retention Period for Use
  • Until the date of completion of services unless otherwise stipulated under applicable laws. 

The Company reserves the right to disclose personal information to relevant authorities without obtaining the member’s consent, in situations where it is mandated by applicable laws, or when an emergency arises, such as accidents, threats to life, bodily harm, or the immediate loss of property. 

F. Entrustment of Processing of Personal Information

The Company includes the provisions required under Article 26 of the Privacy Act in the entrustment agreement or other relevant document, which include, without limitation, the prohibition of processing personal information for purposes other than performing the entrusted work, implementation of technical and administrative protection measures, prohibition of re-entrustment, management, and supervision of the entrustee, and liability for damages. The Company further ensures that the entrustee securely processes the personal information. 

The Company will immediately disclose such information in this privacy policy in case of change of the entrustee or the nature or scope of the entrusted work. 

G. Overseas Transfer of Personal Information

The Company has assigned the processing of collected or generated personal information to Amazon Web Services, Inc. ("AWS"), an overseas company, in order to provide members with state-of-the-art technologies and ensure stable service provision. AWS may physically manage the servers that store the entrusted personal information but is prohibited from accessing such information. 

• Entrustee: Amazon Web Services, Inc. (safeharbor@amazon.com)
• Transferred Information: ID, email, password, body composition test results: weight, height, age, gender, including without limitation Body Fat Mass, Muscle Mass, Skeletal Muscle Mass, Total Body Water, intracellular Water, Extracellular Water, Minerals, Protein, Body Fat Mass, Body Fat Percentage, Body Mass Index (BMI), Abdominal Obesity Rate, Visceral Fat Level, Visceral Fat Area, Visceral Fat Mass, Subcutaneous Fat Mass, Body Age, Comprehensive Score, Body Shape, Extracellular Water Ratio, Basal Metabolic Rate, Daily Energy Requirement, Percentile of Child Growth, Impedance, Phase Angle
• Transferred Country: United States
• Transfer Date and Method: Remote transfer through network as of the date of initiating services
• Period for Use and Retention: Until the date of any changes to the cloud services

H. Rights and Obligations of User and the Exercise Method

The user and the legal representative of the user under the age of 14 (hereinafter collectively referred to as “user” in this Article) may access the personal information by submitting a request form to access their personal information or that of the user under the age of 14 (in which case only the legal representative may request) handled by the Company. The Company will respond to the request within 10 days from the date of receipt unless there is a special reason to extend the period. In case of refusal or delay of the request, the Company will provide an explanation to the requester. The Company may restrict or refuse the request and provide a reason in the following cases:

• If access is prohibited or restricted by law; and 
• If there is a risk of harming another person’s life or body, or unreasonably infringing another person’s property and interests.  

The user, upon reviewing their personal information, may submit a request to the Company to rectify or erase any inaccurate or unverifiable personal information. However, if such personal information is identified as a required subject of collection under other applicable laws, the user may not request its deletion. 

The user may exercise their rights against the Company in writing or through email or fax, in accordance with Article 41, Section 1 of the Enforcement Decree of the Privacy Act. Upon receipt of such request, the Company shall promptly respond to and act upon the request in accordance with applicable laws and regulations.

• In accordance with the Ordinance of Personal Information Processing ((#2007-7), Attachment #11), the rights under this policy may be exercised by the legal representative of the personal information owner or by a person authorized by the owner to act on their behalf. To exercise these rights, the personal information owner must provide the authorized person with a power of attorney using the template provided in the Ordinance. 
• The rights of the owner of personal information to request access to his or her personal information or suspension of processing of his or her personal information may be restricted under Article 35, Section 4 and Article 37, Section 2 of the Privacy Act. 
• The owner of personal information may not request deletion of his or her personal information if such information is required to be collected under other applicable laws. 
• The Company will ensure that such person is the owner of personal information or his or her legitimate legal representative when the owner of personal information requests access to, correction or deletion of, or suspension of processing of his or her personal information. 
• The owner of personal information and/or his or her legal representatives may any time access, set publicly available or confidential, correct or delete the collected personal information of children under 14 years old. 

I. Security Measures for Personal Information 

The Company implements technical, administrative, and physical measures to ensure the security of personal information as required under Article 29 of the Privacy Act.

• Minimum number of employees handling personal information and training such employees: The Company establishes privacy policy by designating the employee(s) handling personal information and allowing such employees only to engage in privacy-related work. 
• Conducting Periodic Self-Audit: The Company conducts periodic self-audit on a quarterly basis to ensure security in connection with processing of personal information. 
• Establishing and Administering Internal Management Plan: The Company establishes and administers the internal management plan to ensure safe processing of personal information.
• Encryption of Personal Information: As the password is stored and managed by using encryption, only the owner of the personal information associated with such password may access his or her password and important data is managed by using a separate security measure such as encryption of file or transferred data or file locking. 
• Restrictions on Access to Personal Information: The Company implements measures necessary to restrict access to personal information by granting, modifying, or removing the right to access database system processing personal information and controls unauthorized access from a third party to database system processing personal information.
• Storing Access Log and Prevention of Access Log Forging/Injection: The Company stores and manage access log to personal information processing system at least for 6 months and uses security measures to prevent forgery, theft, or loss of access log. 
• Security Measures against Hacking: The Company is employing its best efforts to safeguard personal information from being divulged or damaged due to hacking, computer viruses, and similar threats. To mitigate damages to the collected personal information, the Company frequently backs up such information, prevents personal information from being leaked or damaged, and enables the secure transmission of personal information through the network by using encrypted transmission. Additionally, the Company employs an invasion blocking system to prevent and control unauthorized access, and makes every effort to implement all feasible technological measures to ensure system security.  

J. Accept/Enable, and Disable Measures for Automatic Collection of Personal Information

The Company uses cookies that store and frequently retrieve user data in order to provide tailored services to users.  
Cookies refer to small data sent by the server (http) used for operating a website to a computer browser and are stored in the user’s computer hard disk.  

• Purpose of Using Cookies: To provide optimized information to users by identifying the services used by users, the websites visited and used by users, popular search key words, secured connection etc.  
• Users may disable cookies by setting disabling option – on your computer, select the “Tools” menu, select “Internet Options,” and Select “Privacy” tab. 
• User may experience trouble in using tailored services if disabling cookies. 

K. Pseudonymization

The Company engages in the pseudonymization of collected personal information for the purpose of preventing the association of such information with a specific individual. This practice is implemented for various purposes, including statistical analysis, scientific studies, and the preservation of records for public use. 

Statistical Analysis according to Various Criteria including without limitation Gender and Generation

• Purpose of Pseudonymization
  • Body composition ranking comparison service
  • Statistical Analysis, User Patter and Frequency Analysis and Improvement of Service Quality    
• Personal Information subject to Pseudonymization
  • ID, Weight, Height, Age, Gender, Results of Body Composition Test (including without limitation Body Fat Mass, Muscle Mass, Skeletal Muscle Mass, Total Body Water, intracellular Water, Extracellular Water, Minerals, Protein, Body Fat Mass, Body Fat Percentage, Body Mass Index (BMI), Abdominal Obesity Rate, Visceral Fat Level, Visceral Fat Area, Visceral Fat Mass, Subcutaneous Fat Mass, Body Age, Comprehensive Score, Body Shape, Extracellular Water Ratio, Basal Metabolic Rate, Daily Energy Requirement, Percentile of Child Growth, Impedance, Phase Angle)
• Retention Period for Use
  • Until the date of completion of statistical data analysis

In compliance with Article 28-4 of the Privacy Act, which outlines the Obligation of Taking Security Measures for Pseudonymized Information, the Company implements the necessary technical, administrative, and physical measures to ensure the security of pseudonymized information. Such measures include the following:

• Administering Measures: Establishment and Execution of Internal Management Plan, Periodic Employee Training
• Technical Measures: Control of the authority to access personal information processing system, establishment of access control system, encryption of personal identifying information, and installment of security programs.
• Physical Measures: Restrictions on access to computer room, data storage, etc.  

L. Chief Privacy Officer 

The Company designate the following person as the chief privacy officer to be in charge of privacy matters and resolve and remedy complaint from the owner of personal information:

Chief Privacy Officer

• Contact Information: privacy@accuniq.com

The owner of personal information may direct to the Chief Privacy Officer any inquiries and complaints to be resolved and remedied arising during the course of using services of the Company. 

In accordance with Article 35 of the Privacy Act, the owner of personal information may request access to their personal information by submitting a request to the Chief Privacy Officer. The Company is committed to promptly processing such requests for access to personal information. 

M. Remedies

The owner of personal information who has suffered a breach may seek redress by requesting consultation services or dispute resolution from the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center under the Korea Internet & Security Agency, or other relevant authorities. For reporting a data breach or seeking consultation regarding such a breach, please contact the following authorities:

• Personal Information Dispute Mediation Committee (http://www.kopico.go.kr /1833-6972)
• KISA Personal Information Infringement Report Center (https://privacy.kisa.or.kr/118)
• Supreme Prosecutor’s Office (https://www.spo.go.kr/1301)
• Korean National Police Agency Cyber Bureau (https://cyberbureau.police.go.kr/182)

N. Rights of residents outside the Republic of Korea

California Consumer Privacy Act (CCPA)

• If you are a resident of California, you have the right to access the personal information we hold about you, to port it to a new service, and to ask that your personal information be corrected, updated, or erased. If you would like to exercise these rights, please contact us at privacy@accuniq.com.
• If you are a resident of California, the United States, you can request and obtain, once a calendar year free of charge, personal information that we shared/disclosed with other third parties, including businesses for direct marketing purposes. The personal information would include the categories of user information, as well as the names and addresses of those businesses with which we shared user information for the immediately prior calendar year. To submit a request, contact us at privacy@accuniq.com.

General Data Protection Regulation (GDPR)

• If you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
• Your consent;
  • The performance of the contract between you and the Site; Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms
• If you are a resident of the EEA, you have the right to access the personal information we hold about you, to port it to a new service, and to ask that your personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact us at privacy@accuniq.com

If you are a resident outside of the Republic of Korea who is not covered by the CCPA or GDPR, consider adding privacy laws regarding how our privacy policy relates to you and your local residents and businesses.

Schedule

This privacy policy will come into force on February 1, 2023.
This privacy policy will be published on the mobile app and the official website, if necessary, by email at least seven (7) days before the effective date of new privacy policy if this privacy policy should be added, deleted, or otherwise modified due to changes of applicable laws, policies, or security technologies.