'Alphagen' (hereinafter referred to as the "Company") protects the personal information and rights of customers who use the company-operated Internet site (Alphagen) (hereinafter referred to as the "Site") and makes efforts to smoothly deal with related grievances. In accordance with the relevant laws and regulations, we have the following privacy policy. When the company revises this privacy policy, it will be notified through a notice on the website (or individual notice).
Article 1. Purpose of collection and use of personal information
The company collects personal information for the following purposes. The collected personal information will not be used for purposes other than the following, and prior consent will be sought when the purpose of use is changed.

Handling civil affairs
The purpose of verifying the identity of the complainant, confirming complaints, contacting and notifying for factual investigation, and notifying processing results
service provision
Purpose of service provision, content provision, customized service provision, identity verification, age verification, other input, etc.
Utilization in marketing and advertising
Development of new services and provision of customized services, provision of event and advertising information and opportunities to participate, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency, statistics on member service use, etc.
Article 2. Items of personal information to be collected and method of collection
Items of personal information collected
① Form mail inquiry
[Required items] Name, email, mobile phone number

② Information automatically generated and collected during service use or work processing
[Required items] Access IP information, cookie, service use record, access log
[Optional items] Response record by item according to customer satisfaction survey
③ Other
When additional services and customized services are used, or when personal information that was not collected at the time of membership registration is additionally collected during the event application process, the company notifies the users of the relevant items and obtains their consent separately to process the work.
How personal information is collected
Collection online, such as membership registration through the homepage or bulletin board, collection offline, e-mail, event application, etc.
Provision from identity verification agencies or affiliates, etc.
Collection through generated information collection tool
Article 3. Retention and use period of personal information
1. When collecting personal information from users, the company retains and uses personal information within the agreed period. However, if there is a need to preserve it in accordance with the provisions of the relevant laws and regulations, it will be preserved in accordance with the relevant laws and regulations.
2. For members, the period of retention and use of personal information is from the time of signing the service use contract (when signing up for membership) to the termination of the service use contract (including withdrawal application and ex officio withdrawal). The company destroys the personal information of members who do not reuse it for the period defined by the law (one year), except when a separate period is set by other laws or there is a request from the customer. However, the fact that personal information will be destroyed, the expiration date of the period, and the items of the relevant personal information will be notified to the member 30 days before the expiration of the period by email, phone or similar method.
3. Personal information retention period according to relevant laws and regulations is as follows.

Record on display/advertisement: 6 months
Computer communication or Internet access data: 3 months
4. Even if there is no basis in the relevant laws and regulations, if it is necessary to prevent significant loss of the company or to keep it for crime or lawsuit, etc., it can be stored according to the company policy. However, only the minimum period and items to achieve the purpose are kept.

Membership information that has been disqualified according to the Terms of Use: 5 years
Article 4. Provision of personal information to third parties
1. In principle, the company does not provide users' personal information to the outside world. However, exceptions are made in cases where there are special provisions in the law as in each subparagraph below or when it is unavoidable to comply with legal obligations. When providing personal information to a third party for any other purpose, the company requests that the person receiving the personal information impose certain restrictions on the purpose and method of use so that the personal information is handled safely, or prepare necessary measures to ensure stability.
① When users agree in advance
② In case there are other laws and regulations such as the Information and Communications Network Act, Telecommunications Business Act, Credit Information Use and Protection Act, etc.
③ In the case of statistical writing, academic research, market research, information provision, and notice mailing, when it is provided in a form in which a specific individual cannot be identified
④ In the case where the data subject or his/her legal representative is unable to express his or her intention or cannot obtain prior consent due to unknown address, etc., and is necessary for the immediate benefit of the life, body, or property of the information subject or a third party
⑤ Cases that are necessary for the investigation of crimes, filing and maintenance of public prosecution, trial work of the court and execution of sentences, and where legal procedures have been followed
2. In the case of a third-party provider, it is processed through separate consent.
3. Withdrawal of consent to provision to a third party can be requested to Seoul Bright World Eye Clinic (02-3443-0880) or Busan Bright World Eye Clinic (051-805-1100), and will be immediately discarded upon withdrawal of consent.
Article 5. Personal information destruction procedure and method
The company destroys the personal information when the purpose of collection and use of personal information is achieved or the retention period expires. The destruction procedure and method are as follows. However, exceptions are made when the personal information must be preserved in accordance with other laws and regulations.
Destruction procedure
The information entered by the user is transferred to a separate database after the purpose is achieved (separate documents in the case of paper) and is stored for a certain period of time or immediately destroyed in accordance with internal policies and other related laws. At this time, the personal information transferred to the database will not be used for other purposes unless it is required by law.
expiration date
If the retention period of the user has elapsed, within 5 business days from the end of the retention period, when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the abolition of the service, or the termination of the business, the personal information is processed will destroy the personal information within 5 business days from the date it is recognized as unnecessary. If there is a refusal of the legal representative of a child under the age of 14 or consent is not confirmed, the personal information will be destroyed within 5 business days from the date of collection.
Destruction method
Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is shredded with a shredder or destroyed by incineration.
Article 6. Rights of users and legal representatives and how to exercise them
Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is shredded with a shredder or destroyed by incineration.
Article 6. Rights of users and legal representatives and how to exercise them
1. Users may withdraw their consent to the collection, use and provision of personal information to the company at any time. When consent is withdrawn, the company takes necessary measures such as destroying the collected personal information without delay.
2. The user may request the company to view, provide, or correct the following items pertaining to the user.
①User's personal information possessed by the company
② Current status of use of user personal information and provision to third parties
③ Current status of consent to the collection, use and provision of personal information to the company
3. If the user requests correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
4.Users can request the viewing of personal information to the following departments. We will make every effort to promptly process claims, such as access to users' personal information.


Table of contents of inquiry related to personal information access
Department in charge
Representative number 031-741-6002
email
Article 7. Matters concerning the installation, operation, and refusal of automatic personal information collection devices
1. The company uses cookies to store and retrieve user information from time to time in order to identify users, maintain members' log-in status, and provide customized services for each user. A cookie is a small amount of information that the website server transmits to the user's web browser and is stored on the user's computer hard disk.
2. Users have the option to install cookies. Users can accept/reject all cookies through the settings of their web browser, or have them go through confirmation whenever cookies are stored. However, if you refuse to save cookies, some services provided by the company, such as personalized services, may be difficult to use.
How to refuse cookie setting is as follows. (Based on Internet Explorer)
Select the web browser [Tools] menu [Internet Options] > select the [Privacy] tab > select the desired option in [Advanced]
Article 8. Measures to secure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act and Article 28 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the company takes the following technical/managerial and physical measures necessary to secure safety.

personal information processing
Minimization and Training of Employees We are implementing measures to manage personal information by designating employees who handle personal information and limiting them to those in charge.
Conduct regular self-audits
In order to ensure the safety of personal information processing, we conduct self-audits on a regular basis (once a quarter).
Establishment and execution of internal management plan
For the safe handling of personal information, an internal management plan is established and implemented.
Encryption of Personal Information
The user's personal information is stored and managed with the password encrypted, so that only the user can know it, and for important data, separate security functions such as encrypting files and transmission data or using a file lock function are used.
Technical measures against hacking, etc.

In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the company installs security programs, periodically checks updates, installs systems in areas where access from outside is controlled, and technically/physically monitors and blocks them.
Restriction of access to personal information
We take necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that handles personal information, and we control unauthorized access from outside by using an intrusion prevention system.
Storage of access records and prevention of forgery/falsification
Records of access to the personal information processing system are stored and managed for at least six months, and security functions are used to prevent forgery, alteration, theft, and loss of access records.
Use of locking device for document security
Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.
Access control for unauthorized persons
We set up a separate physical storage location for personal information and establish and operate access control procedures.
Personal information validity period system
The company destroys personal information after August 18, 2015 to protect the personal information of users who have not used the service for a long time (one year) in accordance with related laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. The company withdraws from membership 30 days prior to processing, we notify the relevant user via e-mail, etc.
Article 9. Personal Information Protection Officer
Users can inquire about personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service to the person in charge of personal information protection and the department in charge. The company will respond to and handle inquiries from users.

[Personal Information Protection Officer]
Name: Alphagen
Contact: 031-741-6002
Article 10. Remedy for Infringement of Rights and Interests
Users can inquire about damage relief and consultation for personal information infringement to the following organizations. (Please use it if you are not satisfied with our own personal information complaint handling and damage relief results, or if you need more detailed help.)

Comprehensive personal information protection support portal (operated by the Ministry of Public Administration and Security)
Website: http://www.privacy.go.kr
Phone number: 02-403-0073
Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
Website: http://privacy.kisa.or.kr
Phone number: (without area code) 118
Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
Website: http://www.kopico.go.kr
Phone number: 1833-6972
National Police Agency Cyber ​​Security Bureau
Website: http://cyberbureau.police.go.kr
Phone number: (without area code) 182
Article 11. Notice of Changes to Privacy Policy
This personal information processing policy may be changed according to government policies, laws and the company's needs, and in the case of addition, deletion or correction of contents, it will be notified in advance via website posting or e-mail 7 days before the implementation of the change. , If it is difficult to notify in advance, we will notify you as soon as possible. However, if important matters such as the purpose of collection and use of personal information and the subject of provision to third parties are added, deleted, or corrected, notice will be given 30 days in advance.

Announcement date: October 01, 2019
Effective Date: October 01, 2019

Addendum (Effective Date)
These terms and conditions are effective from October 01, 2019.