Evov Therapeutics Co.,Ltd. (hereinafter referred to as "the Company") has established and disclosed this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of the users and to address any related concerns promptly and effectively.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the purposes stated below and personal information will not be used for any other purposes. In the event of a change in purpose, the Company will take necessary steps, including obtaining separate consent from the users, in accordance with Article 18 of the Personal Information Protection Act.
1. Website User Account Creation and Management
This includes verifying account creation intentions, providing users services, identifying and authenticating users, maintaining and managing account status, verifying identity under the restricted identification system, preventing fraudulent use, confirming consent from legal representatives for children under 14, and handling notifications and complaints.
2. Provision of Goods or Services
This includes product delivery, service provision, sending contracts and invoices, providing content, offering personalized services, verifying identity and age, processing payments and settlements, and handling debt collection.
3. Response to Complaints
This includes verifying the identity of complainants, confirming the issues raised, contacting and notifying for investigation, and notifying about the results of the handling process.
Article 2 (Processing and Retention Period)
① The Company processes and retains personal information within the periods specified by law or within the period of consent provided by the users.
② The period of processing and retaining personal information is as follows:
1. Website User Account Creation and Management: Retained until the user withdraws from the business/organization website.
However, the retention period extends if:
1) there is an ongoing investigation or inquiry due to violation of applicable laws (the period extends until the investigation concludes); or
2) there is an outstanding debt from website usage (the period extends until the debt is settled).
2. Provision of Goods or Services: Retained until the completion of product delivery, service provision, payment, and settlement.
However, the retention period extends in accordance with the following laws:
1) Records related to consumer protection under the Act on the Consumer Protection in Electronic Commerce
- Advertisement and promotion records: 6 months
- Records of contracts, order cancellations, payments, and product supply: 5 years
- Records of consumer complaints or dispute handling: 3 years
2) Records related to communication under Article 41 of the Protection of Communications Secrets Act
- User communication data (dates, start/end times, numbers, user log, location tracking): 1 year
- Computer communication, Internet logs, connection point tracking: 3 months
Article 3 (Outsourcing of Personal Information Processing)
① The Company outsources certain personal information processing works to third parties for efficient operation:
- Outsourced entity (Processor): Cafe24 Co., Ltd.
- Works related to shopping mall hosting services, mobile app services, marketing, and affiliate services, along with messaging services (e.g., notification, chat, text messages)
- Outsourced entity (Processor): Cafe24 Co., Ltd.
- Works related to payment and escrow services
- Outsourced entity (Processor): CJ Logistics
- Works related to product delivery services
② The Company ensures that the outsourcing contract complies with the Personal Information Protection Act, including prohibiting the use of personal information for purposes other than providing services, implementing technical and administrative safeguards, restricting subcontracting, and ensuring responsibility for damage compensation.
③ Any changes to the outsourced works or entities will be promptly disclosed through this Privacy Policy.
Article 4 (Rights of Users and Legal Representatives)
① The users may exercise the following rights at any time with respect to their personal information for:
1. access to their personal information
2. correcting inaccurate information
3. deleting their personal information
4. opting out from processing
② The rights specified above may be exercised via written requests, phone, email, or fax, and the Company will respond to their requests promptly.
③ If a request for correction or deletion is made, the Company will not use or provide the personal information until their request is resolved completely.
④ The rights specified above may also be exercised through a legal representative or authorized agent, provided a power of attorney is submitted according to the Form 11 included in the Enforcement Rules to Personal Information Protection Act.
⑤ The users must not violate the Personal Information Protection Act and other relevant laws, or infringe upon the personal information or privacy of themselves or others processed by the Company.
Article 5 (Types of Personal Information Processed)
The Company processes the following personal information items:
1. Website User Account Creation and Management
Required: name, ID, password, address, mobile phone number, email, company name, business registration number, representative’s name
Optional: nursing facility number
2. Provision of Goods or Services
Required: name, ID, password, address, mobile phone number, email, company name, business registration number, representative’s name, other payment information
Optional: nursing facility number
3. The following information may be collected automatically while using the internet service:
IP address, cookies, MAC address, service usage records, visit history, and records of inappropriate use.
Article 6 (Destruction of Personal Information)
① The Company will destroy personal information without delay once the retention period expires, the purpose of processing is fulfilled, or it is no longer needed.
② If there is a legal obligation to retain personal information, even when the retention period expires or the purpose of processing is fulfilled, it will be moved to a separate database or stored in another location.
③ The procedure and method for destroying personal information are as follows:
1. Procedures for destroying personal information
The Company selects personal information to be destroyed, and approval is obtained from the Chief Privacy Officer before proceeding.
2. Method of destroying personal information
Electronic files are destroyed beyond recovery using techniques including low-level formatting, and paper documents are shredded or incinerated.
Article 7 (Information Security Measures)
The Company takes the following measures to ensure the security of personal information:
1. Administrative measures: Implementation of internal security plans, regular employee training
2. Technical measures: Management of access to personal information systems, installation of access control systems, encryption of sensitive information, installation of security programs
3. Physical measures: Access control to computer rooms and data storage areas
Article 8 (Installation and Operation of Automatic Personal Information Collection Devices and Rejection)
① The Company uses cookies to store and periodically retrieve usage information in order to provide personalized services to users.
② Cookies are small pieces of data sent from a website's server (HTTP) to a user's browser and may be stored on the user's computer hard drive.
A. Purpose of use: Cookies are used to analyze the user's visit and usage patterns across services and websites, including popular search terms and security access, to provide personalized and optimized information.
B. Installation, operation, and rejection: Cookies can be rejected by adjusting the settings in the "Privacy" menu under "Tools > Internet Options" in the web browser.
C. Rejecting cookies may affect the personalized services provided to the users.
Article 9 (Chief Privacy Officer)
① The Company has designated a Personal Information Protection Officer to oversee privacy-related tasks and address complaints and compensation for damages.
▶ Chief Privacy Officer
Name: Park Byeong-guk
Job Title: CEO
Contact Info.: +82 10-8589-1407, official@evovtherapeutics.com
*You will be directed to the Privacy Team.
▶ Privacy Protection Team
Representative: Park Byeong-guk
Contact Info.: +82 10-8589-1407, official@evovtherapeutics.com
② Users may contact the company's Chief Privacy Officer or designated department for any inquiries, complaints, or concerns regarding privacy protection related to the use of the company's services (or business). The company will promptly respond to and address these inquiries.
Article 10 (Access to Personal Information)
Users may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the department listed below. The company will promptly respond to these requests.
▶ Department Handling Access to Personal Information
Representative: Park Byeong-guk
Contact Info.: +82 10-8589-1407, official@evovtherapeutics.com
Article 11 (Remedies for Privacy Violations)
Users may contact the following organization for assistance with privacy violations, including seeking remedies or consultation:
▶ Privacy Violation Reporting Center (Korea Internet & Security Agency)
- Responsibilities: Reporting and consultation on privacy violations
- Website: privacy.kisa.or.kr
- TEL: 118 (no area code required)
- Address: 3F, Privacy Violation Report Center, 9, Jinheung-gil, Naju-si, Jeonnam, 58324, South Korea
▶ Personal Information Dispute Mediation Committee
- Responsibilities: Personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- TEL: 1833-6972 (no area code required)
- Address: 4F, Government Seoul Office, 209 Sejong-daero, Jongno-gu, Seoul, 03171, South Korea
▶ Supreme Prosecutors' Office Cybercrime Investigation Division: +82-2-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: 182 (http://cyberbureau.police.go.kr)
Article 12 (Implementation and Amendment of Privacy Policy)
This Privacy Policy is effective from October 10, 2024.
