GC Wellbeing

GC Wellbeing (hereinafter referred to as the “Company”) complies with the provisions on protection of personal information under relevant laws and regulations, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act. The Company is doing its best to protect user rights and interests through establishment of privacy policy in accordance with relevant laws and regulations.

Article 1 (Personal Information Items)

1. Who collects and uses personal information: The personal information collected through this website is directly received and managed by the Company, which is responsible for management of that information following collection.
2. Information to be collected <Customer Inquiry> <Partnership> InquiryCustomer’s name, e-mail address, mobile phone number, password
3. Collection method: Through this website
4. Right to not agree to the collection of personal information and disadvantages that may arise due to failure to agree You have the right to not consent to the provision of your personal information as below. However, since this information is essential for use of the customer inquiry and hotline services, the Company will be unable to respond effectively to customer inquiries or provide hotline reports and notification of the outcomes. Such services may therefore be unavailable.

Article 2 (Purpose for Processing Personal Information)

The Company processes personal information for the following, and only the following, purposes. If the purpose for use changes, the Company shall obtain separate consent from users before any such additional use is made. Other steps shall be taken in accordance with relevant laws.

- Purpose: confirmation of complaints, contact for fact-finding, and notification of processing results

Article 3 (Period for Processing and Retention)

In principle, users' personal information is destroyed without delay once the purpose for its collection and use is achieved.

- However, the following information shall be retained for the specified reason(s) and period: Customer inquiries, partnership inquiries: One (1) year from the time when the customer inquiry or partnership inquiry has been handled.

Article 4 (Provision of Personal Information to Third Parties)

The Company processes your personal information only within the scope specified in Article 2 (Purpose for Processing Personal Information) of this document, and provides your personal information to third parties only when it is required to provide the information to its affiliates for handling complaints. Also, the consent is obtained when it is required to provide the information as prescribed by law.

Article 5 (Consignment of Personal Information)

The Company shall not consign handling of your personal information to a third party without your consent or notification.

Article 6 (Your Rights and Obligations and Method to Exercise Your Rights)

1. You have the following rights related to protection of your personal information at any time:
   • ① Right to view your personal information held by the Company;
   • ② Right to request that the Company correct any errors, etc. in your personal information;
   • ③ Right to request deletion of your personal information.
2. The rights in Paragraph ① above can be exercised in writing, via e-mail, fax, etc. in accordance with Appendix 8 of the Enforcement Decree of the Personal Information Protection Act, after which the Company shall take action without delay.
3. If you request correction or deletion of your personal information, the Company will neither use nor provide your personal information until the correction or deletion is completed.
4. The rights in Paragraph ① above may be exercised through your legal representative or other person authorized by you to act as your agent. In this case, you shall submit power of attorney authorization naming that person, as outlined in Appendix 11 of the Enforcement Decree of the Personal Information Protection Act.

Article 7 (Destruction of Personal Information)

1. The Company destroys personal information without delay once that personal information becomes unnecessary, such as expiration of the retention period or when the purpose for processing has been achieved.
2. The procedure for and method of destruction are as follows:
   • ① Procedure: In principle, personal information shall be destroyed without delay once the purpose for processing has been achieved. In exceptional cases, it shall be destroyed after being stored for a certain period according to internal policy. The personal information stored will not be used for any other purpose except as required by law.
   • ② Method: Personal information stored in the form of an electronic file is deleted using a technical method that makes reproduction impossible. Personal information printed on paper is destroyed by shredding or incineration.

Article 8 (Measures to Ensure Safety of Personal Information)

The Company is taking the following measures to ensure safety of personal information.

• ① Administrative measures: Establishment and implementation of internal policy on protecting personal information
• ② Technical measures: Measures necessary in accordance with relevant laws and regulations such as management of access rights to the personal information processing system, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
• ③ Physical measures: Controlling access to computer rooms, data storage rooms, etc.

Article 9 (Technical and Administrative Measures for Protection of Personal Information)

In handling your personal information, the Company is taking the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged.

• ① Countermeasures against hacking: The Company is doing its best to prevent personal information from being leaked or damaged by hacking or computer viruses. It uses the latest anti-virus programs to prevent leakage or damage to your personal information or data, and ensures that personal information is safely transmitted over its network through the use of encryption, etc. An intrusion prevention system is also used to control unauthorized access from outside. In addition, the Company continually seeks to deploy all possible technical devices to increase the security of its systems.
• ② Education and training for those handling personal information: The Company constantly emphasizes the importance of compliance with the personal information handling policy through frequent training and education for those in charge of handling personal information.

Article 10 (Guidelines for Withdrawal of Consent for the Collection & Use of Personal Information)

1. You may view and modify your personal information registered with the Company at any time through the Company's website. You may also request deletion of your personal information via e-mail to the administrator.
2. You may request, via e-mail, etc., that the administrator withdraw your consent to the collection, use and provision of personal information at any time
3. The Company has designated the person in charge of personal information protection as follows to protect your personal information and to handle complaints related to personal information.

Article 11 (Persons Responsible for Protecting Personal Information)

The Company is responsible for overall handling of personal information, and has designated persons to be in charge of protecting personal information, handling complaints and addressing damages related to personal information.

Article 12 (Remedy for Infringement of Rights)

You may inquire about relief for damages and consulting related to infringement of your personal information rights to the following organization.

- Personal Information Infringement Report Center (operated by Korea Internet & Security Agency): privacy.kisa.or.kr / (without area code) 118