You can refuse to collect and use your personal information (see above). However, if you do not agree to the terms of service (collection & usage of personal information), you will not be able to gain access to some of our services.

SEERS Technology Co., Ltd (from now on referred to as ‘Company’) established and disclosed the following personal information handling/processing policy to protect the personal information of the data subjects and handle personal information-related grievances quickly and effectively under Article 30 of the Personal Information Protection Act.
○ This Personal Information Processing/Handling Policy will be effective December 1, 2022.

Article 1 (Purpose of Processing/Handling of Personal Information)

The company shall process and handle the user's personal information for the following purposes. All personal information SHALL NOT be used for any purpose other than the next. Suppose the meaning of the use is changed/modified. In that case, necessary measures will be implemented under Article 18 of the Personal Information Protection Act (i.e., obtaining separate consent from the users/members, etc.)

1. Provision of Services via the Official Website
• Answering questions & inquiries
• Responding to and handling demo applications

2. Handling of User Complaints/Inquiries: The users’/members’ personal information shall be processed and handled to respond to user inquiries related to solutions/products/etc., identification of complainants, confirmation of inquiries/complaints, contact/notification for fact-finding purposes, notification of handling results, etc.

3. Talent Recruitment: Identification/Verification of the applicant’s identity (academic background, experience, etc.), handling of basic tasks required to recruit new employees (signing employment contracts, etc.), and other recruitment-related tasks.

4. Media Activities: Distribution of press releases, interviews, etc.

5. Implementation of Legal & Administrative Obligations: Carrying out clinical research under relevant laws/regulations (i.e., Medical Service Act, Medical Devices Act, Bioethics and Safety Act, fulfillment of the obligation to report side effects and related data, fulfillment of the obligation to report consultation/lecturing activities under the Code of Fair Competition on Medical Device Transactions, reporting and payment of various taxes (i.e., corporate tax, VAT, etc.), implementation of different legal and administrative obligations that are imposed on the company under relevant statutes, regulations, etc., (i.e., issuance of receipts, tax invoices, orders from administrative agencies, public institutions, related agencies, etc.)

Meanwhile, under the Personal Information Protection Act, the company can use and provide personal information to the extent where it is reasonably related to the original purpose of the collection of personal data after considering various factors (i.e., whether the usage/provision of personal data can lead to negative results for the person who provided the information, whether sufficient measures have been implemented to protect the safety of the personal information, etc.) Specific factors that must be considered before using/providing personal information are as follows:

• Articles of the Personal Information Protection Act and other related regulations/statutes • Purpose of using/providing personal information • Methods that are used for the usage/provision of personal information • Personal information items that will be used/provided • Whether it is relevant to the original purpose of the collection • Whether it is possible to predict the additional use or provision of personal information considering general handling practices or the situational circumstances in which the personal data has been collected • Whether it unfairly infringes or violates the interests of the information subject • Whether sufficient measures have been taken to secure a reasonable level of safety required to protect the collected personal information (i.e., encryption, etc.)

Article 2 (Processing & Retention Period of Personal Information)

1. When the company collects personal information from the information subject, the collected personal data shall be handled and retained only within the individual information retention/usage period that has been agreed upon.
2. The handling/retention period of each type of personal information is as follows:
• Provision of services via a website
! Answering & Handling Inquiries: 3 years from the date of submission of the question/inquiry
! Responding & Handling Demonstration Applications: 3 years from the date of the demonstration application
• Handling of Complaints: 3 years from the date of the complaint/affair
• Recruitment: 1 year from the date when the recruitment/employment is confirmed
• Media Activities: 3 years from the date of collection
• Implementation/Performance of Legal & Administrative Obligations: Until the obligation is successfully carried out

3. In addition, in the case where the personal information must be protected under relevant laws/regulations (i.e., Commercial Act, Protection of Communications Secrets Act, etc.), the company shall retain the personal information for the retention/usage period that is specified in the relevant laws/regulations.

• Important/Confidential Documents on the Operation of the Company
! Basis: Commercial Act
! Retention Period: 10 years

• Website Visit History/Record
! Basis: Protection of Communications Secrets Act
! Retention Period: 3 months

Article 3 (Provision of Personal Information to a Third Party)

In principle, the company will only process/handle the users' personal information within the scope specified in Article 1 of this document. It shall not use it beyond the original scope or provide it to a third party without the prior consent of the information subject. However, exceptions may be made in the following cases:
• If the information subject has agreed in advance to provide/disclose their information to a third party
• When personal information is required or permitted by law/regulation/etc.

Article 4 (Entrustment of Personal Information Processing)

1. The company will process/handle the information of patients that the patients entered during service use to provide demonstrations.
2. The company will retain and process/handle patient information stored in the system only during the service provision period.
3. You can also check the users' information processing/handling status related to service provision in the Privacy Policy for each service.

Article 5 (Rights & Obligations of the Information Subject and their Legal Representative and Exercise Methods)

1. The information subject may exercise their rights to protect their personal information (see below) against the company at any time. However, the exercising of ownership may be limited/restricted in cases where the such request goes against the obligations prescribed by relevant laws and regulations:
• Request to access personal information
• Request correction in case of errors, etc.
• Request to delete personal information
• Request to suspend the processing/handling of personal information
• Exercising the right to withdraw consent

2. The exercise of rights under the paragraph above (Article 5-(1)) can be carried out by sending a written request (Form #8 of the Enforcement Rules of the Personal Information Protection Act) to the company via mail, e-mail, or fax. Upon request, the company shall take immediate action. However, you can exercise the right to withdraw your consent like you have used to express your support.
• Address: 5F, Tower B, 246, Hwangsaeul-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
• E-mail: contact@SEERStech.com
• Fax No.: 031-8023-9812

3. If the information subject requests correction (of errors) or deletion of their personal information, the company will not use (or provide) the personal information until the correction/deletion is completed.

4. The information subject can exercise their right prescribed in Article 5-(1) of this document through an agent (i.e., legal representative, etc.). In this case, they must submit a power of attorney (Form #11 of the Enforcement Rules of the Personal Information Protection Act).

5. If the information subject (or their representative) exercises their right prescribed in Article 5-(1), the company shall confirm whether the person who made the request is the person concerned or a legitimate agent.

Article 6 (Items of Personal Information to be Processed)

1. The company will process/handle the following types of personal information.
• Processing of Inquiries: Name, Phone No., E-mail Address, Affiliation, Country (Nationality), Inquiry Content
• Response & Handling of Demo Applications: Name, Phone No., E-mail Address, Affiliation, Country/Region, Application History/Details, Inquiry Content
• Recruitment: Name, Phone No., E-mail Address, Resume, Portfolio, and Other types of information that the applicant has given consent

2. The company shall collect the personal information above through the following methods/processes.
• Collected during the service application process that is taken place at the website
• Collected through the job application sent/submitted by the applicants
• Collected in reporting/handling complaints/inquiries about the side effects of previously sold medical devices.

Article 7 (Procedure & Method Used for the Destruction of Personal Information)

1. When the personal information is no longer necessary (i.e., expiration of retention period, achievement of the purpose of personal information processing/handling, etc.), the company shall destroy the personal information without delay.
2. In the case where the personal information collected from the information subject must be retained due to other relevant laws/regulations, the personal information shall be transferred to a separate database (DB) or stored in a different storage location. The personal data shall be destroyed immediately after the expiration of the retention period.
3. The procedures and methods for destroying personal information are as follows:
• Electronic files: Technical methods that eliminate the possibility of data recovery/playback.
• Data printed on paper: Physical methods such as grinding or incineration.

Article 8 (Measures to Ensure the Safety of Personal Information)

The company is taking the following measures to ensure the safety of the user’s personal information:
1. Regular Self-Audit: The company is conducting a regular (once a quarter) self-audit to ensure the stability and security of handling personal information.
2. Minimization & Training of Employees who Handle Personal Information: The company is implementing security measures by minimizing the number of personnel who handle personal information.
3. Establishment & Implementation of Internal Management Plan: A different internal management plan is established and implemented for the safe processing/handling of personal information.
4. Technical Countermeasures against Hacking and other Security Threats: To prevent the leakage/damage of personal information due to hacking and other security threats, the company has installed a security program and is carrying out updates & inspections on a regular basis. The system is also installed in an area with restricted access from the outside and is monitored/blocked using multiple technical measures.
5. Encryption of Personal Information: The personal information of all users is encrypted, stored, and managed thoroughly. The company has also implemented a separate security system/measure for critical data (i.e., encryption of files/data, introducing a file locking system/feature, etc.)
6. Storage of Access Records & Prevention of Data Forgery: Access logs to the Personal Information Processing/Handling System are stored for at least one year. However, when the personal information for more than 50,000 information subjects is added, or handling of unique identification and sensitive information is required, the information shall be stored and managed for at least two years. Also, the company is using a special security feature to prevent the forgery, theft, and loss of access logs/records.
7. Restricted Access to Personal Information: The company is taking necessary measures to restrict and control access to personal information via granting, changing, or removing access to the Personal Information Processing/Handling DB System. The company also uses an Intrusion Prevention System to restrict unauthorized access from external sources.
8. Use of a Lock System for Document Security: Documents that include personal information, auxiliary storage media, etc., are stored safely and protected with a particular lock.
9. Access Control for Unauthorized Personnel: All personal information is stored in a physically separated area/location, and a strict access control system is established and operated to ensure high security.

Article 9 (Matters Concerning the Installation & Operation of Devices used for the Automatic Collection of Personal Information and Rejection)

1. The company will use a ‘cookie’ that includes various information subject information to provide customized services to the users who use our services.
2. ‘Cookies’ refer to a unit of data that the server (HTTP), which is used to operate the website, sends to the user’s computer browser and is sometimes stored on the user’s PC (hard disk).
• Purpose of Cookies: Cookies provide optimized information to the users by identifying/classifying various types of data (services visited, websites visited, popular search terms, etc.)
• Installation, Operation, and Rejection of Cookies: Users can refuse to save cookies on their PC at the settings (Tools > Internet Options > Privacy)
• However, you cannot use specific types of services if you refuse to save cookies.
3. Therefore, the information subject changes the settings to decide whether they will allow all cookies, go through a separate confirmation process whenever a cookie is saved, or refuse all cookies.

Article 10 (Person in Charge of Handling Personal Information)

The company is responsible for the processing/handling of personal information and shall designate a personal information manager (see below) to address complaints and grievances related to personal information issues.
• Personal Information Manager
Name: KANG Dae-yeop
Affiliation/Position: Executive Director, Head of Business HQ
Phone No., E-mail Address 031-8023-9811 / david.kang@seerstech.com
The information subject can contact the personal information manager and the department in charge of handling personal information to consult about matters/issues related to the collection/processing/handling of personal information. The company will promptly answer all questions/inquiries from the information subject.

Article 11 (Remedies for the Infringement of the Rights & Interests of the Information Subject)

If the information subject is willing to receive support after the occurrence of a personal information/suitable infringement case, they may contact the following institutions/agencies for help or consultation. (Personal Information Dispute Mediation Committee, KISA Personal Information Infringement Report Center, etc.)
1. Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
2. KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office of the Republic of Korea: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)
Any individual who has had their rights (or interests) infringed due to a disposition or omission made by the head of a public institution may request an administrative trial as prescribed in the Administrative Appeals Act under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act
※ For more information on administrative trials, please visit the official website of the Administrative Appeals Commission (www.simpan.go.kr)

Article 12 (Matters Concerning Third-Party Links)

The company’s official homepage can contain links to third-party websites, plug-ins, and other applications. If the information subject clicks the link or decides to connect to the link, the third party may collect or use the personal information of the information subject.

The company has no control over third-party websites, plug-ins, or applications. It is NOT responsible for any events that may occur due to the handling/processing of the information subject’s personal information by third parties.

Article 13 (Modification of Privacy Policy)

1. This Personal Information Processing/Handling Policy will be effective December 1, 2022.
2. You can check the previous versions of this document at the link below.