Privacy Policy

Innomax, in accordance with the Personal Information Protection Act, has the following policy in place to protect users' personal information and rights and to smoothly handle any grievances related to personal information.

Innomax services (hereinafter referred to as "services") consider the protection of your personal information very important and comply with the personal information protection regulations under the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.' and the 'Personal Information Protection Act'. We also inform you through this privacy policy about how your personal information is used and protected. Special attention is given to sensitive health information.

The "services" will notify any changes to the privacy policy through the "services."

Table of Contents

Article 1. Items of personal information collected and purpose of use
Article 2. Consent to the collection of personal information
Article 3. Methods of collecting personal information
Article 4. Use and provision of collected personal information to third parties
Article 5. Access, correction, and withdrawal of consent (withdrawal of membership)
Article 6. Retention and use period of personal information
Article 7. Procedures and methods of destroying personal information
Article 8. User rights and obligations
Article 9. Notification or communication method of the privacy policy
Article 10. Technical and managerial measures for personal information protection
Article 11. Personal information management officer and person in charge
Article 12. Protection of children's personal information
Article 13. Transmission of advertising information
Article 14. Changes to the privacy policy

Article 1. Items of personal information collected and purpose of use

The "services" collect the following personal information items. The personal information being processed will not be used for any purpose other than the following purposes unless separate consent is obtained or there are special regulations in other laws according to Article 18 of the Personal Information Protection Act.

• Collected items: email, name, date of birth, gender
  • Purpose of use: identity verification and data provision for service use
  • Retention period: until membership withdrawal

• Collected items: blood glucose level
  • Purpose of use: analysis of blood glucose level fluctuations and correlation study of diagnostic device measurement values
  • Retention period: retained excluding personal information, until membership withdrawal

• Collected items: diagnostic scan data
  • Purpose of use: correlation study between data obtained through diagnostic scans and blood glucose levels
  • Retention period: retained excluding personal information, until membership withdrawal

Article 2. Consent to the collection of personal information

1. The "services" provide information about "collection and use of personal information" before membership registration and login, and by registering or logging in, it is considered that the user has agreed to the collection and use of personal information.

2. Users have the right to refuse consent to the collection and use of personal information, and there is no disadvantage for refusing consent. However, service use may be impossible, or there may be restrictions on service provision according to the purpose of service use.

Article 3. Methods of collecting personal information

1. The "services" collect personal information by directly receiving input from users or through methods such as automatic generation during the service use process.

2. "Optional collected information" is collected through user authorization.

Article 4. Use and provision of collected personal information to third parties

The "services" use personal information within the scope notified in the terms of service and this privacy policy, and do not use or provide it to third parties beyond this scope without the user's consent. However, the following cases may use or provide personal information with caution.

1. Provision of information due to sale, merger, etc.
   • In the event of transfer of all or part of the business, merger, inheritance, etc., we will notify users to ensure their rights related to personal information are protected.
   • The "services" do not use or provide personal information beyond the scope notified to users at the time of collection or specified in the terms of service. However, the following exceptions apply:
     • When personal information is necessary for the performance of a contract related to the provision of "services" and it is difficult to obtain ordinary consent due to economic/technical reasons
     • When necessary for billing for services
     • When there are special provisions in laws such as the Telecommunications Secret Protection Act, the Basic National Tax Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Financial Real Name Transaction and Secret Protection Act, the Act on the Use and Protection of Credit Information, the Basic Telecommunications Act, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, the Criminal Procedure Act, etc.

2. Even in cases where there are special legal provisions, such as administrative or investigative purposes by administrative agencies or investigative agencies, personal information will not be provided unconditionally but will be provided according to legal procedures, such as warrants or documents signed by the agency head.

Article 5. Access, correction, and withdrawal of consent (withdrawal of membership)

1. Innomax retains and uses your personal information from the date of service registration until the period during which services are provided.

2. If a user requests membership withdrawal or withdraws consent to the collection and use of personal information, or if the purpose of collection and use is achieved or the retention period ends, or if there are reasons such as business closure, the personal information will be destroyed without delay.

3. The "services" respond sincerely to user requests for access, proof, or correction of personal information, and if it is found that the information is erroneous or the retention period has expired, it will be corrected or deleted without delay.

4. Users can withdraw consent to the collection, use, and provision of personal information at any time through email (innomax.dev@gmail.com).

Article 6. Retention and use period of personal information

1. Users can view or correct their personal information at any time. To view or correct personal information, contact us via email (innomax.dev@gmail.com).

2. Personal information may be retained for a certain period if necessary for litigation, dispute resolution, or other needs.

3. Personal information will be retained according to relevant laws and regulations, such as the Commercial Act, the Basic National Tax Act, the Telecommunications Secret Protection Act, the Act on the Consumer Protection in Electronic Commerce, the Act on the Use and Protection of Credit Information, etc. During the retention period, the information will only be used for the purpose of retention and the retention periods are as follows:
   • Important business documents and account books: 10 years for important documents / 5 years for account books (Commercial Act)
   • Transaction records and evidence: 5 years (Basic National Tax Act, Corporate Tax Act, Value-Added Tax Act, etc.)
   • Records of display/advertising: 6 months (Act on the Consumer Protection in Electronic Commerce)
   • Records of contracts or withdrawal of offers: 5 years (Act on the Consumer Protection in Electronic Commerce)
   • Records of payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce)
   • Records of consumer complaints or disputes: 3 years (Act on the Consumer Protection in Electronic Commerce)
   • Records of the collection/use of credit information: 3 years (Act on the Use and Protection of Credit Information)

Article 7. Procedures and methods of destroying personal information

The "services" destroy collected personal information without delay after the purpose of use is achieved. The procedures, methods, and timing of destruction are as follows:

1. Destruction procedures and timing
   • Personal information entered for service registration, etc., will be deleted or destroyed after the purpose of use is achieved or the retention period ends according to internal policies and related laws.
   • Generally, personal information collected at the time of service registration and managed in electronic file format is deleted immediately upon membership withdrawal.
   • However, if users are notified and individual consent is obtained, the information will be retained for the agreed retention period and then deleted. If there is a need to retain personal information according to relevant laws, it will be retained for the period specified by those laws and then deleted.

2. Destruction methods
   • Personal information recorded on paper is destroyed by shredding, incineration, or chemical dissolution.
   • Personal information stored in electronic file format is deleted using technical methods that make the records unrecoverable.

Article 8. User rights and obligations

1. Users are responsible for keeping their personal information accurate and up-to-date to prevent accidents.

2. Users are responsible for any accidents that occur due to inaccurate information input, and membership may be lost if false information or information of others is used.

3. Users have the right to protect their personal information and the obligation to protect themselves and not infringe on others' information.

4. Users should be careful to prevent their personal information from being leaked and should not damage others' personal information.

5. If these responsibilities are not met and others' information is damaged, users may be punished under the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'

Article 9. Notification or Communication Method of the Privacy Policy

1. If the "services" need to obtain users' consent to use or provide personal information beyond the scope notified at the time of collection or specified in the terms of service and this privacy policy, users will be individually notified by written, electronic mail, or phone.

2. When personal information is entrusted to others for collection, storage, processing, use, provision, management, or destruction, users will be notified through the terms of service, the website privacy policy, etc.

3. If the "services" transfer all or part of their business or merge or inherit, thereby transferring their rights and obligations, users will be individually notified by written or electronic mail, and a notice will be posted on the "services" for more than 30 days to ensure identification.

4. However, if the user's contact information is unknown without fault or if there are legitimate reasons such as natural disasters, notification through the "services" will suffice.

Article 10. Technical and managerial measures for personal information protection

The "services" have implemented technical and managerial measures to protect users' personal information.

1. Access restriction to personal information

   Necessary measures are taken to control access to personal information through the granting, changing, and revocation of access rights to database systems that process personal information, and unauthorized access from outside is controlled using intrusion prevention systems.

Article 11. Personal information management officer and person in charge

1. Innomax strives to ensure that users can use the services safely and is responsible for any accidents contrary to the notices provided to users. The person responsible for personal information management and the person in charge are as follows:
   • Personal information management officer and person in charge: Taeho Oh
   • Email: innomax.dev@gmail.com

Article 12. Protection of children's personal information

The "services" do not target children under the age of 14 (hereinafter referred to as "children"). The "services" do not knowingly collect personal information from children.
If it is found that children have provided personal information, it will be immediately deleted from the servers. If you are a parent or guardian and are aware that your child has provided personal information, please contact the personal information management officer to take the necessary steps.

Article 13. Transmission of advertising information

The "services" do not send advertising information for profit purposes without prior consent from users.

Article 14. Changes to the privacy policy

This privacy policy is effective from the implementation date and any additions, deletions, or corrections due to changes in laws and policies will be notified through the notice 7 days before the changes take effect.

Notice date of privacy policy: July 5, 2024

Effective date of privacy policy: July 5, 2024

© 2024 Innomax