Effective Date: July 1, 2024

Anigma Technologies Inc. ("Company," "we," "us," or "our") is committed to protecting the personal information of users, physicians, and pharmacists ("data subjects") in compliance with the Personal Information Protection Act and other applicable laws.

This Privacy Policy explains how we collect, use, store, and protect personal information. By using our services, you agree to the terms outlined in this policy.

1. Purpose of Personal Information Processing

We process personal information for the following purposes:

Membership Registration

To verify user identity, manage membership status, respond to customer inquiries, conduct customer support (CS), facilitate smooth communication, analyze service usage, and prevent unauthorized activities.

Service Provision

We collect personal information to provide membership-based services, customized products and content, and conduct customer satisfaction surveys.

Advertising & Marketing

With user consent, we collect personal information for marketing purposes, promotional events, and customized service notifications.

2. Retention & Processing Period

1. We retain and process personal information within the period agreed upon at the time of collection or as required by law.

2. Retention periods for each category are as follows:

Membership Data

Service Data

The photo provided by the user is temporarily transmitted to a cloud server solely for analysis and virtual simulation services. All data transmitted is securely protected through encrypted communication protocols and is used only for the purpose of analysis and virtual simulation. It is not stored or retained separately in the software.

Face images are temporarily transmitted to the cloud server for processing and are deleted immediately after the simulation is complete. They are not stored on the device or any server thereafter.

Even after the primary retention period, personal information may be stored under certain circumstances, such as:

• Ongoing legal investigations related to service violations.

• Unresolved financial obligations related to service transactions.

• Fraud prevention records (retained for six months).

Under the Act on Consumer Protection in Electronic Commerce, the following records are retained:

• Ad & transaction records: 6 months.

• Contracts, payments, and product/service delivery records: 5 years.

• Customer complaints and dispute resolution records: 3 years.

Under the Communications Privacy Act, the following records are retained:

• Internet log data & access tracking data: 3 months.

3. Third-Party Data Sharing

1. We process personal information only within the scope outlined in Section 1 and do not provide it to third parties without user consent, except in cases permitted by law.

2. Personal information may be shared without consent in the following cases:

   • For statistical analysis, research, or public interest in a non-identifiable format.

   • When requested by a government agency under relevant laws.

   • When legally required by applicable regulations.

4. Rights of Data Subjects & Legal Guardians

1. Users can withdraw their consent to data collection and processing at any time by canceling their membership or submitting a request.

2. Users may request access, correction, deletion, or processing suspension of their data in accordance with Article 35 of the Personal Information Protection Act.

3. Requests can be submitted via email, mail, or other methods specified by the Company.

4. The Company will promptly respond to all requests after verifying the identity of the requester.

5. Users may authorize legal representatives to exercise their rights by submitting a power of attorney.

6. The right to access or modify data may be restricted by law in certain cases (e.g., tax records or mandatory retention under other statutes).

5. Data Destruction Procedures

1. The Company promptly destroys personal information when:

   • The retention period expires.

   • The purpose of processing is achieved.

2. Destruction methods:

   • Paper records: Shredding or incineration.

   • Electronic records: Permanent deletion via irreversible data erasure methods.

3. Data that must be retained under other legal obligations will be stored in a separate database (DB) or designated storage location.

4. Inactive Accounts:

   • Accounts that remain inactive for one year will be marked as dormant.

   • Users will receive a 30-day notification before dormancy status is applied.

   • Dormant accounts can be reactivated upon login with user consent.

6. Security Measures

The Company takes technical and administrative security measures to protect personal information, including:

Technical Measures

• Encryption: Password protection, encrypted file storage, and secure transmission protocols.

• Anti-virus Protection: Regular software updates to prevent unauthorized access.

• Firewall & Intrusion Prevention: Network security measures to block unauthorized traffic.

Administrative Measures

• Access Control: Limited access to personal data, restricted to designated personnel.

• Employee Training: Regular training on data protection and compliance.

7. Cookies & Tracking Technologies

The Company does not use cookies or other tracking technologies to store personal data.

8. Data Protection Officer

For inquiries regarding personal data protection, users may contact the designated Data Protection Officer (DPO):

The Company will address all inquiries promptly and appropriately.

9. Requests for Data Access & Modifications

Users may submit requests for data access, corrections, or processing suspension to the following department:

10. Remedies for Personal Data Violations

Users experiencing privacy violations may seek legal remedies through the following agencies:

• Korea Personal Information Dispute Mediation Committee: www.kopico.go.kr | ☎ 1833-6972

• Personal Information Infringement Report Center: privacy.kisa.or.kr | ☎ 118

• Supreme Prosecutors’ Office: www.spo.go.kr | ☎ 1301

• Cyber Bureau of the National Police Agency: cyberbureau.police.go.kr | ☎ 182

11. Anonymous Data Processing

1. The Company may anonymize collected data for statistical analysis, service improvements, and research.

2. Anonymized data cannot be used to identify individuals and is no longer subject to personal data protection laws.

12. Updates to this Privacy Policy

This Privacy Policy is effective as of July 1, 2024 and may be updated periodically.