BGN Eye Clinic (hereinafter referred to as "the Clinic") highly values your privacy and complies with the Personal Information Protection Act.

Through the Privacy Policy, the Clinic informs you about how your personal information is used and what measures are taken to protect it. The order of the Privacy Policy is as follows:

1. Items and Methods of Collecting Personal Information

2. Purpose of Collecting and Using Personal Information

3. Retention and Use Period of Personal Information

4. Procedures and Methods for Destroying Personal Information

5. Provision and Sharing of Personal Information

6. Consignment of Collected Personal Information

7. Rights of Users and Legal Representatives and How to Exercise Them

8. Withdrawal of Consent/Method for Membership Cancellation

9. Installation/Operation of Automatic Collection Devices and Refusal of Personal Information

10. Person in Charge of Personal Information Management

11. Measures to Ensure the Security of Personal Information

12. Notification Obligation Due to Policy Changes

1. Items and Methods of Collecting Personal Information

The Clinic collects only the minimum necessary personal information required for service use during membership registration. There are mandatory and optional fields, but optional items like whether to receive emails do not affect service usage.

a. [Medical Information]

• Collected Items: Name, Date of Birth, Address, Contact Information, Medical Records ※ Retention of unique identification information and medical records is mandatory under the Medical Service Act (no additional consent required).

b. [Items Collected During Website Membership Registration]

• Mandatory Items: Name, ID, Password, Address, Contact Information (Phone Number, Mobile Number), Email Address

• Optional Items: Birthday, SMS reception preference, Email reception preference, Areas of Interest

• Information like service usage records, access logs, cookies, and IP address information may be automatically generated and collected during the service use process.

c. [Methods of Collecting Personal Information]

• The Clinic collects personal information through the website, written forms, fax, phone, consultation boards, and email.

2. Purpose of Collecting and Using Personal Information

The Clinic uses the collected personal information for the following purposes. All information provided by users is used only for these purposes, and if the purpose changes, prior consent will be sought.

a. [Medical Information]

• Provision of medical services for diagnosis and treatment, as well as administration services such as billing, payment, and refunds.

b. [Website Membership Information]

• Mandatory Information: Reservation, inquiry, and provision of membership services through the website, posting on online boards (1:1 consultations, private consultations, post-surgery consultations, reviews, etc.)

• Optional Information: Notifications of hospital news, disease information, surveys, issue handling, personalized services for individual members, statistical collection on service usage, and guidance on new services and information.

• Sensitive personal information that may infringe on users' basic human rights will not be collected.

3. Retention and Use Period of Personal Information

The Clinic destroys your personal information without delay once the purpose of collection or the purpose of provision has been achieved.

a. [Medical Information]

• Retention according to the medical record retention standards specified in the Medical Service Act.

b. [Website Membership Information]

• Upon membership cancellation or expulsion from membership. However, even after the purpose of collection or provision has been achieved, personal information may be retained if necessary under laws such as the Commercial Act.

• Records related to consumer complaints or dispute resolution: 3 years (Consumer Protection Act in Electronic Commerce)

• Records on the collection, processing, and use of credit information: 3 years (Credit Information Use and Protection Act)

• Records on identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)

• Records on visits: 3 months (Protection of Communications Secrets Act)

4. Procedures and Methods for Destroying Personal Information

The Clinic promptly destroys personal information after the purpose of collection and use has been achieved. The procedures and methods for destruction are as follows:

a. [Destruction Procedures]

• Information entered for membership registration, etc., is immediately destroyed after the purpose is achieved.

b. [Destruction Methods]

• Personal information stored in electronic file format is deleted using technical methods that make the records irrecoverable. Printed personal information is shredded or incinerated.

5. Provision and Sharing of Personal Information

The Clinic does not use your personal information beyond the scope notified in the "Purpose of Collecting and Using Personal Information" without your consent or provide it to others or other companies/institutions unless required by law.

• Submission of medical records to the Health Insurance Review & Assessment Service for medical fee claims under the National Health Insurance Act.

• Provision of information in a form that cannot identify specific individuals if necessary for statistical compilation or academic research.

• Submission to investigative agencies in accordance with legal procedures and methods.

6. Consignment of Collected Personal Information

The Clinic outsources the following tasks to fulfill services and ensures the safety of personal information through regulations in the consignment contract.

• Outsourced Company: The Hi Company Co., Ltd.

• Outsourced Tasks: Website maintenance, access records management, member management.

• Personal Information Items: Name, Address, Phone Number

• Retention and Use Period of Personal Information: Until the end of the consignment contract.

7. Rights of Users and Legal Representatives and How to Exercise Them

Membership registration for children under 14 years old is conducted through a separate form written in easy-to-understand language, and legal guardian consent is required when collecting personal information. The Clinic collects only the minimum information, such as the legal guardian's name and contact information, to obtain consent, which is done in accordance with the methods stipulated in the Privacy Policy.

A legal guardian can request the viewing, correction, or deletion of a child's personal information. If you wish to view, correct, or delete a child's personal information, you can do so by clicking on the "Edit Member Information" button and going through the legal guardian verification process. Alternatively, you can contact the person in charge of personal information protection via mail, phone, or fax, and necessary measures will be taken.

The Clinic does not provide or share information about children with third parties, and if a legal guardian requests the correction of errors, the use and provision of the relevant personal information will be suspended until the errors are corrected.

※ Personal information that is legally required to be retained cannot be modified or deleted upon request within the retention period.

8. Withdrawal of Consent/Method for Membership Cancellation

You may withdraw your consent to the collection, use, and provision of personal information at any time. Membership cancellation can be done by clicking on "Membership Cancellation" in My Page on the Clinic's website. The person in charge of personal information management will verify the cancellation request and complete the process within 10 days from the application date. You can also contact the person in charge via mail, phone, or fax, and your personal information will be promptly destroyed.

9. Installation/Operation of Automatic Collection Devices and Refusal of Personal Information

The Clinic uses "cookies" that store and retrieve your information from time to time. A cookie is a small text file sent to your browser by the server used to operate the Clinic's website, which is stored on your computer's hard disk. The Clinic uses cookies for the following purposes:

You have the option to allow or deny cookie installation. You can set options in your web browser to allow all cookies, require confirmation each time a cookie is stored, or refuse all cookies. If you refuse cookie installation, some services may be difficult to provide.

10. Person in Charge of Personal Information Management

To protect your personal information and handle complaints related to personal information, the Clinic has appointed the following person in charge of personal information management:

• Name: Seo-Yun Heo

• Department: BGN Eye Clinic

• Contact: 1600-5770

You can report any complaints related to personal information protection that arise while using the Clinic's services to the person in charge of personal information management. The Clinic will provide prompt and sufficient answers to users' reports.

If you need to report or consult about personal information infringement, please contact the following agencies:

• Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)

• Korea Information Security Agency (http://www.eprivacy.or.kr / (02) 580-0533~4)

• Supreme Prosecutors' Office Cyber Crime Investigation Division (http://www.spo.go.kr / (02) 3480-3573)

• National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)

11. Measures to Ensure the Security of Personal Information

The Clinic takes the following technical/administrative measures to ensure that personal information is not lost, stolen, leaked, altered, or damaged when handling users' personal information:

a. [Password Encryption]

• The password set during site registration is encrypted and stored/managed, ensuring that only the user knows it. Even for checking or changing personal information, only the user who knows the password can do so. However, if the user experiences difficulties with this, the person in charge of personal information protection may directly change the information after verifying the user's identity through mail, phone, fax, or email.

b. [Measures Against Hacking]

• The Clinic makes every effort to prevent the leakage or damage of personal information caused by hacking or computer viruses. Data is frequently backed up to prevent personal information from being damaged, and the latest antivirus programs are used to prevent the leakage or damage of users' personal information or data. Users' important personal information (e.g., resident registration number) is encrypted and stored, and encrypted communication is used to transmit personal information over the network securely. The Clinic uses intrusion prevention systems to control unauthorized access from the outside and strives to secure security by equipping all possible technical devices.

c. [Minimization and Education of Personnel Handling Personal Information]

• The Clinic limits the handling of personal information to the person in charge and assigns a separate password for this purpose, which is regularly updated. The Clinic regularly conducts training for the person in charge of personal information protection, emphasizing adherence to the Privacy Policy.

d. [Personal Information Protection Department]

• The Clinic ensures that personal information protection management is executed in accordance with the Privacy Policy through the Privacy Policy Review Board. The Clinic immediately takes corrective measures if any problems are detected.

12. Notification Obligation Due to Policy Changes

The Clinic notifies users through the website or email if there are any additions, deletions, or changes to the content of this Privacy Policy, and obtains prior consent if necessary.

• Announcement Date: April 1, 2016

• Effective Date: April 1, 2016

Consent Form for Providing Personal Information to Third Parties

[BGN Eye Clinic] complies with the Personal Information Protection Act and related legal provisions to protect users' personal information. Based on Article 17, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act, [BGN Eye Clinic] seeks your consent to provide your personal information to third parties to facilitate medical services.

1. Recipients of Personal Information:

   • Medinest Co., Ltd.

   • BGN Eye Hospital (Busan)

2. Purpose of Use by the Recipients:

   • To facilitate smooth medical treatment

3. Items of Personal Information Provided:

   • Personal details and medical records

4. Retention and Usage Period of Personal Information by the Recipients:

   • Until consent is withdrawn

5. Right to Refuse Consent and Potential Disadvantages of Refusal:

   • You have the right to refuse to consent to providing your personal information to third parties. However, refusal may limit your ability to receive medical services at BGN Eye Clinic (Jamsil).