The Company collects and uses the minimum necessary personal information for the purposes of managing membership and authentication including confirmation of membership intent, identity verification, maintenance and management of membership status, and prevention of fraudulent use.

Personal information is processed for the provision and operation of services including the AI fundus image interpretation solution, medical data analysis, platform operation, provision of interpretation results requested by medical institution members, and the collection and processing of service fees based on usage.

Personal information is also processed for handling customer inquiries and complaints, delivering notices, and providing service related information.

Where optional consent is provided, personal information may be used for marketing and promotional purposes including providing information on new services, personalized services, events, and advertisements.

Personal information is further processed for security and incident prevention purposes including prevention of illegal activities, monitoring of account theft and hacking, and maintaining a secure service environment.

During membership registration and service use the Company may process personal information including name, email address used as an identifier, password, phone number, and position or affiliation. For medical institution members and corporate members copies of certificates, licenses, or business registration documents may be processed. Information such as job title, region, and other data for personalized services is processed only when voluntarily provided.

For medical institution members the Company may process information related to the medical institution including institution name, address, phone number, medical institution registration certificate, and medical license. Information necessary for providing fundus image interpretation requested by medical institution members may also be processed.

During service use certain information may be automatically generated and collected including IP address, access logs, cookies, device information such as browser type and operating system, visit dates, service usage records, and user activity records.

The Company retains and uses personal information until the purposes of collection and use have been achieved. Where retention is required by applicable laws the Company retains the information for the legally mandated period.

In accordance with laws related to consumer protection records relating to contracts, withdrawals, payments, supply of services, and consumer complaints or dispute resolution are retained for the periods specified by law.

Personal information is destroyed without delay after the purpose has been achieved except where retention is required under internal policies or other applicable laws including those related to medical records.

The Company does not provide personal information to third parties in principle. Exceptions apply where prior consent has been obtained from the member or where disclosure is required by applicable laws.

Where AI interpretation is conducted at the request of a medical institution member patient information may be received by the Company solely for interpretation purposes and is strictly managed in accordance with applicable laws including the Medical Act and the Personal Information Protection Act.

If personal information is to be provided to a third party the Company specifies the recipient, purpose, items provided, and retention period and obtains the member’s consent in advance.

The Company may outsource certain tasks to external professional service providers for the purpose of improving service quality and operational efficiency.

When outsourcing personal information processing the Company informs members of the outsourced party and the details of the outsourced work and ensures through contractual arrangements that personal information is managed securely.

Personal information is destroyed when the purpose of processing has been achieved including membership withdrawal or contract termination or when the retention period has expired.

Electronic files containing personal information are destroyed using technical methods that prevent recovery or reproduction.

Members may exercise their rights to access, correct, delete, or request suspension of processing of their personal information at any time.

Such rights may be exercised through the member information modification menu or by contacting customer support and the Company takes necessary actions without delay in accordance with applicable laws.

Requests for deletion may be restricted where retention of certain personal information is required by law.

The Company manages access rights to systems processing personal information in a systematic manner and prevents unauthorized external access.

Key personal information including passwords and medical data is stored and transmitted in encrypted form.

The Company implements measures to prevent hacking and security breaches including the installation of firewalls, intrusion prevention and detection systems, security programs, and regular vulnerability inspections.

Access logs of personnel handling personal information are retained and managed for a certain period in accordance with applicable laws.

Physical documents and storage media containing personal information are stored in secure locations equipped with locking mechanisms.

The Company conducts internal training and regular security inspections for employees handling personal information.

The Company may use cookies to improve service convenience.

Information regarding the purpose of cookies, collected data, retention period, and methods of rejection is provided through a separate cookie policy.

Members may refuse the storage of cookies through browser settings although refusal may result in limitations or inconvenience in using the service.

The Company designates a personal information protection officer to oversee personal information processing and to handle complaints and remedies related to personal information.

The personal information protection officer is Hyeji Ahn who serves as Administrative Director and may be contacted at 82 02 2001 1963.

Personal information related tasks are handled by the designated department within the Company.

Members may seek consultation or remedies for personal information infringement through relevant institutions in the Republic of Korea.

The Company may amend this Privacy Policy and will announce the effective date and key changes in advance through website notices.

The announcement date and effective date of this Privacy Policy are January 21 2025.