Healience Seonmaeul (henceforth referred as 'the company') believes protection of your personal information is paramount, and is adhering to Personal Information Protection Act. Through this article the company wishes to inform you about for what purpose and how the personal information you are providing us is being used, and what measures the company has placed to ensure protection of privacy.

1. The collected personal information and the collection method

A. The collected personal information

Firstly, the company is collecting the following information from you for the purposes of registration, smooth customer service, and applying for various services.

• Registration through the homepage - Name, ID verification code, date of birth, account name, password, mobile number, email address, home address, subscription to email and/or SMS notifications.
• Seonmaeul customer registration card - Name, age, gender, name and age of any accompanied persons, contact details (home phone number, mobile number, email address), home address, motor vehicle number
• Optional information - Phone number, date of birth, gender, marital status, date of anniversary (if married), registration channel

Secondly, some of the information we collect is generated during user interaction and/or business processing procedures.

- Service use history, visitation log, cookies, connected IP information

Thirdly, the following information may also be collected when you use the accommodation services using Healience Seonmaeul accounts, request delivery of a package or apply for an event.

- When the user consents to collection of the additional information.

Service name	Types of personal information collected
Consultation request	Name, email, phone number
Alliance application and inquiries	Name, contact details, email, business name
Accommodation service users	Name, e mail address, mobile number, phone number, address
VIP Stay	Name, Korean residence number, copy of Korean residence card, contact details, guardian's number and contact details, chronic disease, medical history, medication details, other important information to note
Village entrance agreement	Name, Korean residence number, address, guardian's name and contact details, signature on the consent to the agreements
Health services	body composition (BMI level, abdominal fat ratio, skeletal muscle mass, body fat mass, body fat ratio, basal metabolism)
For winners of events	name, account ID, address, and phone number to deliver the prize to
Talent donors	Name, phone number, address, email address
Company staff	Name, affiliation/company name, phone number, address, email
Delivery request	Name, phone number, mobile number, home address

Fourthly, the following information may be collected when you use charged services.

- Credit card use: Name of financial institution, card number
- Electronic transfer: Name of financial institution, account number
- Gift card use: Gift card number

B. Method of personal information collection

- Homepage, written document, fax, phone call, consultation post board, email, event entry, delivery request
- Provided by partnering companies
- Collected through information generation tools

2. Purpose and use of the collected information

A. Fulfillment of a contract, and calculation of fees with regard to the provision of services

- Content provision, customized service provision, purchase and fee payment, package delivery, issuance of bills, and charging of fees

B. Membership management

- Personal verification and identification required for membership-based service, prevention of unjustifiable and unauthorized use by members with ill intentions, and delivery of notifications

C. New service development, marketing, and advertisement

- Development of new services and provision of customized services, provision of services and advertising content based on statistical characteristics, provision of event-related and/or commercial information, and entry opportunities, identification of access frequency, and statistical analysis of customer use of the services

3.Disclosure of collected personal information

The company shares your personal information with our partners for the following purposes, and has established regulations to govern any transfer of information according to related law and subordinate statutes in order to ensure protection of privacy. The list of personal information processing organizations and their commissioned work are as follows.

The description of work commissioned to partners and the duration of the use of collected information.

- Until the deletion of the ids website or personal accounts in the system management or the termination of the consignment.

- Work related to distribution such as package or event prize delivery services

- The information is not stored separately as it is already retained by NICE Information Service Co., Ltd.

- Korean Cyber Payment system - Until the termination of the use of Moonjamoa's SMS sending network and SMS sender account, or the end of consignment.

- ids email sending network and email delivery

4. Period of Possession and Use of Personal Information

The company destroys all personal information without exception after the intended purpose and use have been fulfilled. However, if the retention of certain information is required by related law and subordinate statutes, we store the personal information according to the following guidelines for the defined period.

- Records of contract or subscription withdrawal

Basis of storage: Act on the Consumer Protection in Electronic Commerce, etc.
Period of storage: 5 years

- Records of payment and supply of financial goods

Basis of storage: Act on the Consumer Protection in Electronic Commerce, etc.
Period of storage: 5 years

- Records of consumer conflict resolution or complaint handling

Basis of storage: Act on the Consumer Protection in Electronic Commerce, etc.
Period of storage: 3 years

- Record of personal identification

Basis of storage: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Period of storage: 6 months

- Website visitation record

Basis of storage: Protection of Communications Secrets Act
Period of storage: 3 months

5. Destruction of personal information and the procedure

The company destroys all personal information without exception after the intended purpose and use have been fulfilled. The procedures and methods applied to destroy the information are as follows.

A. Procedures

- The information you produced for registration is transferred to a separate database (paper documents are stored in a cabinet) to be stored for a certain period of time (please refer to 'Period of Possession and Use of Personal Information' section) and is to be destroyed according to our internal policy and privacy protection related law and subordinate statutes.

- The transferred personal information in the database is not used for purposes outside the adherence to the related statutes.

6. Disclosure of personal information

The company, in principle, does not disclose personal information to outside bodies, however exceptions may apply in cases such as those below:

- When the user has consented to the disclosure
- When the disclosure is requested by an investigative body through due course and procedure based on the related law

7. User and Legal Agency Rights and Method of Practicing the Rights

• - Users or their legal agencies can always review, modify, or request deletion of the registered personal information about themselves or their children under 14 years of age.
• - To review or modify personal information for the user or children below 14 years of age, the user can click 'Change Personal Information' (or 'Change Account Information'), or click 'Delete the account' to delete the account (withdrawal of consent). After going through a personal identification process, the user can open, change or delete the account information. Or, the user can send a letter to or call our staff in charge of personal information management so the company can process the procedure for you without delay.
• - When the user requests correction of an error in the registered information, we do not share the information to a third party before the correction is complete. Also, in cases where the erroneous information was already shared with a third party, we will inform the third party of the correction without delay.
• - The company treats the information destroyed by a user or a legal agency's request according to the procedures described in the section "Period of Possession and Use of Personal Information", and does not allow viewing of the information for any other purpose.

8. Personal information collection mechanism's installation, management, and rejection

The company uses 'cookies' that constantly save and retrieve user information in order to provide personalized and customized service. A cookie is a very small text file that the server that is used to manage the website sends to the user's browser, and it is stored in the hard disk of the user's computer.

A. Purpose of the use of cookies

- To analyze the frequency and times of visits for members and non-members, and to identify the user's personal preferences, areas of interest, the level of event participation, and number of visits to provide targeted marketing and personalized services.

B. How to deactivate cookies

- The user can accept or deny the use of cookies. Therefore, the user can modify the configuration setting for their web browser to allow the use of all cookies, request confirmation whenever a cookie is to be saved, or refuse the use of cookies altogether.
- However, if you refuse the use of cookies altogether, you may experience difficulty in logging on to some of Naver's services that require log-on.
- How to set cookie installation options (Internet Explorer)

1. Select [Tools], then [Internet Options]
2. Select the [Privacy Tab]
3. Set the [Personal Information Treatment Level]

9. Technical and managerial measures for privacy protection

The company is considering the following technical/managerial measures when treating personal information to secure protection of personal information against loss, theft, leakage, distortion, or damage.

A. Minimization of staff handling personal information and their training

- We are restricting the number of staff who handle personal information, and have issued unique passwords that are updated regularly. Also, we always emphasizing compliance to personal information treatment policies through frequent training and education sessions.

B. Personal information encryption

- Users' personal information and passwords are stored and managed in an encrypted form. Only the user has knowledge of the information and the company has also placed extra protective procedures such as encrypting files and the transfer of important data files.

C. Technical solutions for hacking

- By establishing internal organization dedicated to the protection of personal information, the company checks the compliance to Healience's privacy policy and corrects any issues without delay.
   However, the company is not responsible for any problems occurring due to personal mistreatment of one's account ID, password, Korean residence number, etc. or due to online network-related problems.

D. Establishment of internal organization dedicated to privacy protection

- By establishing internal organization dedicated to the protection of personal information, the company checks the compliance to Healience's privacy policy and corrects any issues without delay.
   However, the company is not responsible for any problems occurring due to personal mistreatment of one's account ID, password, Korean residence number, etc. or due to online network-related problems.

10. Contact details for persons in charge of private information management

You may reach the company's staff or departments in charge of personal information management to report any inconveniences occurred during your interaction with our company's services. The company will do our best to provide prompt and sufficient solutions.

Persons in charge of information management and personal information
Name: Song In-soo	Name: Heo Jin-hyeok
Company: Healience
Title: CEO	Title: Manager
Phone: 1588-9983	Phone: 033-434-2772
Email: 9988234@healience.com	Email: reservation@healience.com

Please refer to the organizations below for issues regarding violation of privacy.

- Privacy violation reporting center (www.1336.or.kr/ 118)
- Information protection mark certification committee (www.eprivacy.or.kr/02-580-0533~4)
- Supreme Prosecutors' Office Internet Crime Investigation Center (http://icic.sppo.go.kr/02-3480-3600)
- The National Police Academy Anti Cyber Terrorist Center (www.ctrc.go.kr/02-392-0330)

11. Installation and management of visual information processing equipment

Healience is installs and runs visual information processing equipment as follows:
① Purpose and basis for installing visual information processing equipment: Healience facility safety, prevention of fire, crime prevention for visitors' safety
② Number of installed devices and their locations, scope of recording : Entrance to the gate, the guest rooms (end of each building) and lobby of each building (lawn and the roof gutter), parking lot (lawn), each lecture room (interior ceiling), other mechanical storeroom, 34 devices
③ Persons in charge, the departments and persons with authority to access the visual information:

Persons in charge of visual information treatment facility management
Name: Kang Bok-gu	Name: Yang Jae-jong
Department: Customer Safety Team	Department: Administration and Business Support Team
Title: Team Leader	Title: Team Leader
Phone: 033-434-8713	Phone: 033-434-2772
Email: skqhrrn@healience.com	Email: yjj@healience.com

④ Visual information recording time, the period and location of storage, and the processing method.
- Recording time: 24hours
- Storage duration: 30days from the original recording
- Location and processing method: Chudongjae 1st Floor lobby customer service team storage and processing
⑤ Visual information review method and location: Request to person in charge (Facility Team)
⑥ Procedure for a request for viewing visual information of other persons: The request has to be made through an application for personal video information viewing and identification. We allow viewing if the person making the request for information is also the subject of the recording, or if the life, body, or property of the person making the request for information is clearly at stake.
⑦ Technical, managerial and physical measures to protect the visual information: Established internal managerial plan, restriction on access and authority, safe storage of the visual information, application of transmission technology, processing records and distortion/alteration prevention measures, storage facility and locker purchase.
⑧ Performing the installation and management of visual information equipment The company is using an outside provider's service to install and manage our visual information facilities, and has established internal policy and regulations to ensure safe treatment of personal information according to related law.

Person in charge of the contracted company
Oreum eng, CEO, Cho Wan-hee 02)3274-1171

12. Installation and management of visual information processing facilities

Please note this "Healience Privacy Policy" does not apply to any information collecting activities done on websites whose links are provided by Healience. Also, please refer to "Healience Mobile Privacy Policy" for privacy policy in regard to Healience mobile services.

13. Responsibility of notification

The current privacy policy has been revised as of 1st of August, 2015, and any change from thereon will be announced on the homepage at least 7 days prior to the revision. However, for any changes in regard to user rights such as personal information collection and use and disclosure to third parties, notification will be posted at least 30 days prior to the revision.

- Announcement date: 21 July 2015.
- Effective date: 1 August 2015