The company processes personal information for the following purposes. Personal information processed is not used for purposes other than the following and will be consulted in advance if the purpose of use is changed.

A. Membership and management

• The medical institution processes personal information for the purpose of identifying and authenticating members according to the member's intention to sign up, maintaining and managing members' qualifications according to the service provision of the member system.

B. Use in marketing and advertising

• Personal information is processed for the purpose of developing new services (products), providing customized services, identifying access frequency, or statistics on the members' service use.

During service use, information such as terminal information (OS, screen size, device ID), email, login ID, service use record, access logs, cookies, and IP address can be automatically generated and collected.

• 1) The company processes and retains personal information within the period of use and the period of personal information that is agreed upon when collecting personal information from the information subject or retention of personal information pursuant to the Act.
• 2) Personal information handling and retention period are as follows :
• Collects personal information regarding service visit records. Obtained for the purpose of use above, based on the Communications Secrets Protection Act from the date of agreement on use to <3 months>.It's used.

As the subject of personal information, the users can exercise the following rights :

1. The information subject may exercise his right to access personal information, to edit, delete, or request suspension of processing at any time.
2. The rights exercise pursuant to Article 1 of the Enforcement Decree of the Personal Information Protection Act may be conducted through written or electronic mail or transmission (FAX), and the company shall take action without delay.
3. The rights under paragraph 1 may be exercised through a representative, such as the legal representative of the information body or the person entrusted with it. In this case, you must submit a letter of attorney according to the form No. 11 of the Enforcement Rules of the Privacy Act.
4. The demand for the suspension of personal information reading and processing may be restricted by the right of the information subject under Article 35 paragraph 5 of the Privacy Act or Article 37 paragraph 2.
5. The request for the correction and deletion of personal information shall not be required if the personal information is specified as the object of collection under another Act.
6. The company verifies whether the person who made the request is a person or a legitimate agent, such as a request for access to the information subject's right, a request for correction or deletion, or a request for suspension of processing.

In principle, if the purpose of personal information processing is fulfilled, the personal information is destroyed without delay. The procedure, time period, and method of disposal are as follows.

• - Disposal procedure
• The information entered by the user is transferred to a separate database after achieving the purpose (separated documents in paper case) and is destroyed after being stored for a certain period of time or immediately in accordance with the internal policy and other related statutes. In this case, personal information transferred to the DB is not used for any other purpose unless it is subject to law.

• - Period of destruction
• The users' personal information shall be processed within five days from the end of the retention period when the personal information is expired, and when the personal information becomes unnecessary, such as the goal of personal information processing, the abolition of the relevant service, etc.

• - Destruction method
• Information in the form of electronic files uses a technical method in which recording cannot be played.
Personal information printed on the paper is shredded with a shredder or destroyed through incineration.

• 1) In order to provide individual customized services, the company uses 'cookie' by storing the information and calling it frequently.
• 2) Cookies are a small amount of information that the server used to run the website sends to the user's computer browser and are sometimes stored on the user's PC's hard disk.

• A. Purpose of Cookies: Used to provide optimized information to users by identifying visits, usage patterns, popular search terms, security access, etc. for each service and website visited by users.
• B. Install, operate, and reject cookies: Tools at the top of the web browser>Internet Options>Personal Information menu option settings can be used to deny cookies. C. If you refuse to save cookies, you may experience difficulties in using custom services.

• Personal Information Officer and Department
• Manager : Choi Joonho
• Tel : 070)4295-3092
• Fax : 02)6280-1092
• e-mail : hello@sircle.cc

In accordance with Article 29 of the Privacy Act, the company carries out technical, administrative and physical actions necessary for securing safety as follows :

1. Minimizing and educating personal information handling staff
   • We implement measures to manage personal information by appointing employees who handle personal information, limiting them to those in charge.
2. Encryption of personal information
   • The users' personal information is encrypted and stored and managed. Only you can know the important data, and the important data uses separate security functions such as encrypting and using file locking functions.
3. Storage of access records and prevention of tampering
   • Records accessed by the personal information processing system are kept and managed for at least six months, and the security function is used to prevent records of access from being corrupted, stolen, or lost.
4. Restrict access to personal information
   • We take necessary measures for controlling access to personal information through granting, changing and terminating access to the database system that handles personal information, and using the intrusion prevention system, we control unauthorized access from outside.