Privacy Policy

Ronfic Co., Ltd. (hereinafter referred to as the "Company") complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." (hereinafter referred to as the "Information and Communications Network Act"), the "Personal Information Protection Act," and other related regulations on personal information protection and has established a privacy policy for Ronfic APP to protect the rights and interests of users. Users have the right to refuse to consent to the collection of personal information, and there may be disadvantages in service provision in case of refusal of consent.

1. Items of personal information collected and methods of collection

a. Items of personal information collected

- The Company collects the following personal information for member registration, smooth customer consultation, and provision of various services.

① Member registration

[Required] Name, date of birth, gender, height, mobile phone number, ID, password

② Service use

[Required] Muscle exercise performance history, muscle strength test results

[Details] Maximum muscle strength, average muscle strength, movement speed, average power, exercise time, rest time, muscle function test results, muscle function test balance between left and right, joint range of motion, location information, etc.

③ Customer support

[Required] Email address

- In the process of using Ronfic app's services or handling business, information such as IP Address, cookies, service usage records, and improper usage records may be automatically generated and collected.

- For users of the relevant service who agree to additional collection of personal information during the process of additional services and event participation, additional information may be collected separately.

b. Collection methods of personal information

The Company collects personal information through the following methods:

- Input by the user during member registration on Ronfic APP

- Automatically generated and collected through Bluetooth communication linkage with Ronfic APP

- Automatically generated and collected during the service usage process and expanded through analysis

- Direct input of email address by the user during the inquiry process

2. Collection and Use Purposes of Personal Information and Consent to Provision

a. Service Provision

- Providing customized services such as purpose-specific exercise programs, feedback on exercise and physical ability changes, prevention of overtraining, and other contents provision

- Maintaining Bluetooth communication pairing between the company's product-integrated application and the user's mobile device

b. Member Management

- Confirming intention to join, verifying age, identifying users, confirming intention to withdraw from membership

- Protecting users and operating services by preventing acts that may impede the smooth operation of the service, notifying users of changes to terms and conditions, preserving records for dispute resolution and complaint handling, and so on

- Creating a safe service environment that users can use with peace of mind from a security, privacy, and safety perspective

c. Utilization for Development of New Services and Marketing Advertising

- Providing services and advertising based on statistical characteristics and new service development, verifying the effectiveness of the service, promoting new or popular products, providing event or advertising information and participation opportunities, grasping access frequency, and providing optimal services tailored to individual preferences through statistical analysis of user service usage

d. When collecting personal information and sensitive information that can identify an individual, the company informs users of relevant matters through terms and conditions and privacy policies, and treats user consent to personal information collection as given when they click the personal information provision and/or sensitive information provision consent button. However, when collecting personal information of children under 14 years of age, the company additionally requests the consent of their legal guardian.

3. Disclosure of Personal Information

The company uses users' personal information within the scope notified in "2. Collection and Use Purposes of Personal Information and Consent to Provision," and does not use or disclose users' personal information to external parties beyond the notified scope without prior consent from the user.

4. Outsourcing of Personal Information Processing and Third-Party Provision

a. The company may outsource the processing of personal information to other organizations for the purpose stated in "2. Collection and Use of Personal Information." In this case, the trustee must take appropriate measures to prevent personal information from being lost, stolen, leaked, altered, or damaged.

b. The company outsources the processing of personal information as follows in order to provide online services and ensures that the trustee can manage personal information safely in accordance with relevant laws and regulations.

○ Personal Information Processing Trustee and Outsourced Work Content

- Consignee: KT Corporation, Amazon Web Services Inc.

- Content of consignment: uCloud service

- Personal information retention period: until the user expresses a desire to delete their personal information or until the outsourcing contract is terminated

- Consignee: Piehealthcare Co., Ltd.

- Content of consignment: Integrated development of CRM service for personal training center / provision of data

- Personal information retention period: Until the user's personal information is deleted or the CRM service joint development / data provision contract is terminated

c. The company generally does not provide users' personal information to third parties without their separate consent, but makes exceptions in the following cases:

- When users have agreed to disclosure in advance

- When providing information in an unidentifiable form is necessary for statistical or academic research purposes

- When there is a request from an investigative agency in accordance with the procedures and methods prescribed by law for the purpose of investigation pursuant to relevant laws and regulations

- When it is necessary for public institutions to perform tasks prescribed by law within the scope deemed unavoidable

- When there are special provisions in other laws

5. Retention and Use Period of Personal Information

The company generally disposes of personal information immediately when the purpose of collecting and using personal information is achieved. However, the company may retain the following information for a specified period of time for the following reasons even if personal information is deleted immediately:

a. Reasons for Retaining Information under the Company's Internal Policy

- Illegitimate use record

- Reason for retention: prevention of illegitimate use

- Retention period: 1 year

b. Reasons for Retaining Information under Relevant Laws and Regulations

If there is a need to retain personal information for a certain period of time under the provisions of relevant laws and regulations such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, etc., the company will keep the personal information for the period prescribed by the relevant laws and regulations. In this case, the company will only use the information being kept for the purpose of retention, and the retention period is as follows:

- Records related to contracts or subscription withdrawal

- Basis for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.

- Preservation period: 5 years

- Records related to payment of fees and supply of goods, etc.

- Basis for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.

- Preservation period: 5 years

- Records related to consumer complaints or disputes

- Basis for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.

- Preservation period: 3 years

- Records related to display and advertisement

- Basis for preservation: Act on the Protection of Consumers in Electronic Commerce, etc.

- Preservation period: 6 months

- Website visit records

- Basis for preservation: Act on the Protection of Communications Secrets

- Preservation period: 3 months

6. Procedure and Method of Personal Information Destruction

Personal information of users is destroyed without delay once the purpose of collecting and using the information is achieved. The procedure and method of personal information destruction by the Company are as follows:

a. Procedure of Destruction

- Information collected through user's membership registration, service use, and customer support requests are transferred to a separate DB (or filing cabinet for paper-based documents) after the purpose is achieved, and are stored for a certain period of time according to the internal policy and relevant laws and regulations regarding information protection (refer to section 5 for the retention and use period of personal information) before being destroyed.

- Personal information is not used for any purpose other than the one for which it is retained unless required by law.

b. Method of Destruction

- Personal information printed on paper is destroyed by shredding or incineration.

- Personal information stored in electronic file form is deleted using technical methods that make it impossible to reproduce the records.

7. Separate Storage and Management of Personal Information for Dormant Accounts

The Company converts the accounts of users who have not used the service for the past 1 year into dormant accounts and separates and stores their personal information. If the user's account is converted into a dormant account and personal information is stored and managed separately, all services become unavailable, and a separate reinstatement process is required to use the services again.

- Personal information subject to separate storage and management: All personal information of users whose accounts have been converted into dormant accounts, including account information, personal information, and service usage history.

- Expiration date: The point in time when one year has passed from the date of separate storage and management.

8. Rights of Users and Legal Guardians and Their Exercise Methods

- Users and legal guardians can access and modify their own or their children under 14's personal information registered at any time, and can request withdrawal of consent.

- To access and modify personal information of a user or a child under 14, you can click on "Change Personal Information" (or "Modify Member Information") and go through the personal verification process. To withdraw consent (or to cancel membership), you can click on "Withdraw Membership".

- In addition, if you contact the personal information protection manager in writing, by phone, or by email, the manager will promptly take action after verifying your identity. (Refer to "10. Contact Information of Personal Information Protection Manager" for more information.)

- If a user requests correction of personal information errors, the company will not use or provide the relevant personal information until the correction is complete. If incorrect personal information has already been provided to a third party, the company will promptly notify the third party of the correction results and ensure that the correction is made.

- Personal information that has been terminated or deleted at the request of a user or legal guardian is processed in accordance with the "5. Retention and Use Period of Personal Information" and cannot be accessed or used for any other purpose.

9. Technical and Administrative Measures for the Protection of Personal Information

The Company is taking the following technical and administrative measures to ensure the safety of personal information in processing user information so that personal information is not lost, stolen, leaked, modified, or damaged.

a. Encryption of Personal Information

User passwords are encrypted and stored and managed so that only the user knows them, and personal information can be confirmed and changed only by the user who knows the password. In addition, phone numbers and dates of birth are all encrypted to prevent leakage and modification of personal information.

b. Measures to Prepare for Hacking, etc.

The Company is doing its best to prevent the leakage or damage of users' personal information due to hacking, computer viruses, etc. It regularly backs up data to prepare for damage to personal information, and uses the latest anti-virus programs to prevent users' personal information and data from being leaked or damaged. It also uses encrypted communication to safely transmit personal information over the network.

c. Minimization and Education of Personnel Handling Personal Information

The Company limits personnel handling personal information to those who are absolutely necessary for their job and assigns them separate passwords that are regularly updated. Through regular education for these personnel, the Company emphasizes compliance with the Personal Information Protection Policy.

10. Contact Information of Personal Information Protection Manager

Users may report any complaints related to personal information protection that arise from using the company's services to the personal information protection manager, and the company will provide a prompt and sufficient response to users' reports.

Personal Information Protection Manager

Name: KimJin Chan

Affiliation: Finance Team Position: Director

Phone: 051-637-6285 Email: elevenb@ronfic.com

If you need to report or consult about other personal information breaches, please contact the following organizations:

- Personal Information Breach Report Center (http://www.118.or.kr, phone 118)

- Korea Internet & Security Agency (http://www.eprivacy.or.kr, phone 02-580-0533~4)

- Supreme Prosecutor's Office, Cyber Investigation Department (http://www.spo.go.kr, phone 02-3480-2000)