Personal Information Processing Policy

HnB Genomics (hereinafter referred to as the "Company") values the personal information of H&B Genomics users (hereinafter referred to as "users"), complies with the personal information protection regulations under related laws such as the Personal Information Protection Act, and establishes a personal information processing policy in accordance with related laws and regulations to protect the rights and interests of users.

This privacy policy applies to the use of services provided by the company and contains the following.

When the company revises its personal information processing policy, it announces it through a notice on its website.

* This policy will take effect on March 1, 2022.

1. Purpose of processing personal information

The company uses the collected personal information for the following purposes.

The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act will be implemented.

a. Finding Biomarker Candidates

b. Provide healthcare services and secure data

c. Provide genetic testing services

2. Provision of personal information to a third party

The company provides personal information to a third party through the consent of the data subject as follows, and in principle, it does not provide it to a third party without the consent of the data subject.

- Person who receives personal information: Osang Healthcare

- Purpose of Use of Personal Information by Recipients: Development of Diagnostic Kit

- Personal information items provided: Analysis information of NGS experiment results

- Period of possession and use of the recipient: Immediately after the purpose of use is achieved

3. the destruction of personal information

In principle, the company destroys the user's personal information without delay after the purpose of collecting and using it has been achieved. The procedure and method of destruction are as follows.

• Destruction procedure: The information entered by the member for membership registration will be transferred to a separate DB after the purpose is achieved (a separate document box in the case of paper) and stored for a certain period of time in accordance with the internal policy and other related laws and regulations (refer to the retention and use period) before being destroyed. Personal information transferred to a separate DB shall not be used for any purpose other than being retained unless it is by law.

• How to destroy: Personal information stored in electronic file format is deleted using a technical method that cannot be reproduced. In addition, personal information printed on paper is crushed with a shredder or destroyed through incineration.

However, if the user obtains a separate consent for the period of personal information storage, or if the law imposes an obligation to store personal information for a certain period of time, personal information is stored safely during that period.

4. Consignment processing organization and consignment of personal information

The company entrusts some of the necessary tasks to external companies, and regulates and manages the matters necessary for the entrusted company to safely process personal information.

a. Trustees: Tyroscope

b. Details of consignment: Finding biomarker candidates

5. Rights and methods of exercise of users and legal representatives

a. Inquiry and correction of personal information

Users and legal representatives may inquire or correct the registered personal information of themselves or children under the age of 14 at any time. If a correction is requested for an error in personal information of a user or a child under the age of 14, the personal information shall not be used or provided until the correction is completed. The company processes personal information canceled or deleted at the request of the user as specified in the "Period of Retention and Use of Personal Information Collected by the Company" and processes it so that it cannot be viewed or used for other purposes.

b. Withdrawal of consent to the provision of personal information (withdrawal of membership)

Users can withdraw their consent to collect, use, and provide personal information at any time through membership registration.

• How to withdraw consent to the provision of personal information (withdrawal of membership)

You can withdraw (withdraw) at any time by email (info@hnbgenomics.co .k) or by telephone (070-8028-8676).

c. Processing of long-term unused members

• Long-term unused members refer to members who do not have a record of use for one year after final access.

• If the member is not accessed by the relevant date after notification of deletion through e-mail or text message for a certain period of time, the member withdrawal (account deletion) process will proceed.

• Deleted personal information cannot be recovered.

6. Information about the person in charge of personal information protection and the person in charge

The company designates the person in charge of personal information protection and the person in charge as follows for users' personal information inquiries and complaints.

Role	Name	Affiliation	Position	Tel.	Email
Protection Officer(CPO)	JeongHan Hong	Research and Development Office	CEO	070-8028-8676	jeonghan.hong@hnbgenomics.co.kr
Protection Officer	JeongHye Ye	Strategic Planning Office	Head of department	070-8028-8676	jhye@hnbgenomics.co.kr

If you need to report or consult on other personal information infringement, you can contact the following institution.

- Personal Information Infringement Reporting Center (privacy.kisa.or.kr / No. 118)

- Cyber Investigation Division of the Supreme Prosecutors' Office (www.spo.go.kr / No country code 1301)

- Cyber Investigation Bureau of the National Police Agency (police.go.kr / No country code 182)

7. Denied installation and operation of automatic collection devices for personal information

The company operates a "cookie" that stores and finds users' information from time to time. A cookie is a tiny text file that the server used to run the website sends to the user's browser and is stored on the user's computer's hard disk.

a. To use cookies

It is used to temporarily store login information for a user's order. The user has the option to install cookies. Thus, the user can allow all cookies by setting options in a web browser, go through confirmation each time a cookie is saved, or refuse to save all cookies.

b. To reject cookie settings

By selecting the option of the web browser you use, you can allow all cookies, go through confirmation every time you save them, or deny all cookies.

• For Internet Explorer

"Tools" menu at the top of the web browser > "Internet Options" menu > "Privacy" tab > Direct Settings

• For Edge

Set from the "Other(...)" menu > "Settings" menu > "View Advanced Settings" button > "Cookie" item at the top of the web browser

• In the case of Chrome

Select Web browser top right edge icon > select "Settings" > select "Show Advanced Settings" at the bottom of the screen > Set directly on the "Contents Settings" button > Cookie section in the Privacy section, but if the user refuses to install the cookies, it may be difficult to provide the service.

8. Items of personal information to be processed

a. Finding Biomarker Candidates

- Required items: Name (English initials), date of birth, gender, height, weight, blood pressure, pulse, medical history, blood test values (Free T4, TSH, Anti-microsomal Ab, Anti-TSH-receptor Ab, CTX, P1NP, 25-Vitamin D, HbA1C, Glucose), DXA test result values, diet information, exercise information, sleep information, blood

b. Provide healthcare services and secure data

- Mandatory items: name, date of birth, ID, password, address, phone number, e-mail address, credit card number, bank account information - Selection information: Gender, nickname, photo, gender, marital status, occupation, field of interest, past purchase details, body information (height, weight, etc.), interview information (normal lifestyle habits such as drinking and smoking), health information (body temperature, blood pressure, blood sugar, meal status/type/calorie, exercise status/type/time, etc.)

c. Provide genetic testing services

- Mandatory items: name, date of birth, gender, address, phone number, specimen (spherical epithelial cells)

9. Matters concerning measures to ensure the safety of personal information

The company does its best to safely manage users' personal information and protects personal information beyond the level required by the Personal Information Protection Act.

We are establishing and implementing an internal management plan for personal information protection.

We establish an internal management plan for personal information, including matters related to the composition and operation of a personal information protection organization, such as the designation of a person in charge of personal information protection, and check whether the internal management plan is well implemented every year.

We are taking measures to control access to personal information and restrict access rights.

In order to block illegal access to personal information, standards for granting, changing, and cancelling access rights to personal information processing systems have been established and implemented, and intrusion prevention systems and intrusion detection systems have been installed and operated. In addition, we are reducing the possibility of personal information leakage by minimizing the number of employees who process personal information.

We are taking encryption measures to safely store and transmit personal information.

Passwords and unique identification information that the law requires encryption are encrypted and stored. In addition, personal information is transmitted and received safely on the network through encryption communication.

We are taking measures to store personal information access records and prevent forgery and alteration.

The personal information handler keeps and manages the records of access to the personal information processing system, regularly checks the access records to prevent misuse, abuse, loss, forgery, and alteration of personal information, and keeps the access records safe so that the personal information handler's access records are not forged, altered, stolen, or lost.

We are installing and updating security programs for personal information.

Data is backed up from time to time in preparation for damage to personal information, and the latest vaccine program is used to prevent leakage or damage of users' personal information or data.

We are taking physical measures to safely store personal information.

In order to prevent leakage or damage of members' personal information due to hacking or computer viruses, the system is installed in an area where access is controlled from the outside, and access control procedures are established and operated.

We run an organization dedicated to personal information protection.

The company always takes technical and administrative protection measures in the department dedicated to personal information protection so that employees of the company can properly comply with user privacy obligations.

10. obligation to notify prior to amendment

In the event of addition, deletion, or revision of the contents of this personal information processing policy, it will be notified in advance through "Notices" at least 7 days before the revision. However, when significant changes in user rights occur, such as items of collected personal information and changes in the purpose of use, it will be notified at least 30 days in advance, and user consent may be obtained again if necessary.

- Date of Public Notice: March 1, 2022

- Effective Date: March 1, 2022

Search Products

Personal Information Processing Policy

Personal Information Processing Policy

오늘 본 상품

BalanState ::: HnBGenomics inc. Information

CALL CENTER

BANK INFO

Notice Board

COMPANY