Privacy Policy

SNBSOFT Co., Ltd. (the “Company”) establishes and discloses this Privacy Policy as follows in order to protect users’ personal information and to promptly and smoothly handle any related grievances, in compliance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable laws and regulations.

In operating the KoMedi service, the Company collects only the minimum information necessary at the time it is required, and uses the collected information only within the scope disclosed to users. In addition, the Company does not use or disclose users’ personal information beyond the disclosed scope without prior consent from the user.

Article 1 (Items of Personal Information Collected and Purposes of Processing)

The Company processes personal information for the following purposes. Personal information being processed shall not be used for any purpose other than those set forth below, and if the purpose of use changes, the Company shall take necessary measures in accordance with applicable laws and regulations.

* If a user provides another person’s information, the user must obtain the prior consent of the relevant data subject.

Category	Purpose of Collection	Items Collected
Membership Registration	User identification and account management	Name, email address (ID), password, nationality, contact information
Consultation and Reservation	Support for medical/beauty service reservations	Gender, date of birth, preferred date of visit, sensitive information (medical history, surgery history, consultation photos, etc.)
Reservation on Behalf of Another Person	Support for proxy reservation services	Name, gender, date of birth, and health condition information of the person for whom the reservation is made
Automatically Collected Information	Service improvement and prevention of fraudulent use	IP address, cookies, service usage records, access logs, device information

Article 2 (Retention and Processing Period of Personal Information)

The Company shall destroy personal information without delay once the purpose of collection and use has been achieved. However, where retention is required under applicable laws, such information shall be retained as follows:

• Membership Information: Until withdrawal of membership
• Reservation and Consultation Information: Until the purpose of use has been achieved (Consultation request info is retained for 1 year from collection)

Article 3 (Provision of Personal Information to Third Parties)

The Company does not provide personal information to external parties without the user’s prior consent, except where required by law or for investigative purposes. Any provision arising on third-party websites accessed through links within KoMedi shall not be governed by this Policy.

Article 4 (Entrustment of Personal Information Processing)

The Company entrusts certain tasks for smooth service provision:

• Data storage and server management: ncloud
• Notification and messaging: Kakao and SMS messaging service providers
• Customer consultation and management: CRM and customer service solution providers

Article 5 (Rights of Data Subjects and Methods of Exercise)

Users may request access to, correction of, deletion of, or suspension of processing of their personal information at any time through account settings or customer service.

Article 6 (Procedures and Methods for Destruction of Personal Information)

Personal information is destroyed using technical methods that render records irrecoverable. Paper documents are shredded or incinerated.

Article 7 (Measures to Ensure the Security of Personal Information)

The Company implements encryption, security programs, access right management, and regular employee training to prevent leakage or hacking.

Article 8 (Personal Information Protection Officer)

Article 9 (Amendment of the Privacy Policy)

This Privacy Policy shall take effect on the effective date set forth below.