H Robotics Inc (hereinafter referred as “Company”) complies the statutory personal information protection regulations defined on the Laws for expediting the use of Information & Telecommunication Network and Information Protection, Privacy Act and USA’s HIPAA mandatory for the information and telecommunication service provider, and exerts the best efforts to protect the user’s rights and benefits by defining the privacy policy according to the related laws. This Privacy Policy shall apply to the rebless service and all related services of the Company. It contains the following details. The Company’s privacy policy may be changed according to the laws, public notice, terms and internal policies of the Company. Its revision shall be posted on the service page and noticed to the user. The user may reject the following points related to the collection, use, offer and consign the personal information when the user does not want. However, in case of rejection by the user, the user may not use whole or a part of the service. The user shall visit the homepage and check the privacy policy from time to time.

Article 1 (Purpose of Collection and Use of the Personal Information)

The Company processes the personal information for the following objectives. The processed personal information shall not be used except the following objectives, and the changes on the objectives shall be made after obtaining prior user’s consent.

  1. For member joining and management: We process the personal information for confirming the user’s intention of joining, self-identification, personal identification, joining and joining count limit, limitation on the user who violated the terms, restriction on the behavior against the service operation and illegal use of the service, civil petition such as complaint notice, grievance and conflict resolution.
  2. For the service provision and data analysis: The personal information will be processed for scientific study, statistics, technology development and data project related to Company’s service.
  3. Remote consulting service: The personal information will be processed for remote consulting service, customized exercise consulting, target establishment and management and health maintenance.
  4. Service quality improvement and management: The personal information will be processed for trouble shooting and service quality improvement.

Article 2 (Personal Information items to be Collected)

The Company will process the following personal information.

① In pursuant to medical institution member,
 1. For member joining and management
    - Essentially collected information: Name, e-mail address, date of birth and sex

 2. For the service quality improvement and management
    - Essentially collected information: Service use history, log information, contact IP information

② In pursuant to individual member
 1. For member joining and management
    Essentially collected information: Name, e-mail address and Photo(when you upload)

 2. For using data business and customized monitoring service provision
    Essentially collected information: Sex, stature, weight and date of birth

The following information to be collected may be sensitive information.
    Essentially collected information: Rehabilitation exercise name, state, set, mode, part, direction, speed, torsional force(torque), extension, flexion, frequency, time, minimum/maximum range of movement(ROM), main disease diagnosed/sub disease diagnosed, occurrence date, brain lesions grade, paralyzed part, MMT, MRS, infected part, medicine administered, patient note and secret note

 3. For the remote consulting service
    Essentially collected information: Remote consulting reservation information, remote consulting scene, consulting details, rehabilitation exercise name, state, set, mode, part, direction, speed, torsional force, extension, flexion, frequency, time and minimum/maximum range of movement(ROM)  4. For the service quality improvement and management
    Essentially collected information: Service use history, log information, contact IP information, rebless mac address, rebless serial No, mobile phone model

Article 3 (How to Collect Personal Information)

1. The Company shall collect the personal information with the following methods.

 (1) Direct collect from users at the member joining or self-identification process
 (2) Prior consent via web page, mail, fax and phone at the consulting through customer center

2. The Company will legally and fairly collect the minimum personal information required for entering and executing the service use agreement, inform the collection and use of the personal information and obtain the consent before collecting the information of personal identification.

Article 4 (Personal Information Processing and Keeping Time)

1. The Company shall process and keep within the terms according to the laws or agreed at collection from the information subject.
2. The terms for processing and keeping the personal information are as follows.

 (1) Member joining and management: Till withdrawal from the membership
 (2) Use for data business and service provision: Semi-permanently for the pseudonymous information or de-identified information and till withdrawal from the membership for the non-pseudonymous or identified information
 (3) Remote consulting service: 1 year or till withdrawal from membership from the date of terminating the remote consulting service
 (4) Service quality improvement and management: Till withdrawal from the membership

3. Notwithstanding the foregoing clause, the Company may keep the user information during the terms defined in the law at the necessity according to the regulations on the related laws such as the laws on consumer protection in electronic commercial trading. In this case, the Company shall separate the information to be kept and use it only for the purpose of such keeping.

Article 5 (Provision of Personal Information to Third Party)

1. The Company shall use the personal information within the scope noticed at Article 1 (Purpose of Collection and Use of the Personal Information), shall not use beyond the said range and shall not disclose the information in principle without receiving prior consent from the user. However, the Company may use or provide the personal information through paying attention for the following cases in accordance with the Privacy Act.

 (1) At the prior consent of the user
 (2) At the necessity of tariff settlement for the service
 (3) According to the regulations in the law
 (4) At the request of detective agency for investing purpose according to the procedures and methods define in the laws
 (5) In case of providing to the advertiser, sub-contractor and research agency for statistics making, academic study and market survey in the format not identifiable for the specific person

2. The Company provided the personal information to the third party as follows.

Recipient of
personal information
Purpose of provision
Items to be collected
Keeping time
Medical institutions
which serve
the rebless clinic
Patient management
(Individual member) Name, e-mail, date of birth, sex, stature,
weight, main disease diagnosed/sub disease diagnosed,
occurrence date, brain lesions grade, paralyzed part, MMT, MRS,
infected part, medicine administered, patient note, secret note,
rehabilitation exercise name, state, set, mode, part, direction, speed,
torsional force(torque), extension, flexion, frequency, time,
minimum/maximum range of movement(ROM),
remote consulting reservation information,
consulting details and remote consulting scene
1 year or till withdrawal
from membership from the date of
terminating the service
※ When the table is not fully visible, you can scroll horizontally to view it.

Article 6 (Consigning the Personal Information Handling)

1. For active processing, the Company consigns the affairs of personal information processing as follows. Consignee Details of affairs consigned None.
2. The Company shall immediately disclose the additions and changes on the details on the consigned affairs and consignee through this Privacy Policy.
3. The Company shall store the collected personal information and process on the Cloud Service based on AWS. The Company shall use the foreign server for guiding the countries, date, method, transferee, objective of transfer and terms of the personal information.

 (1) Information to be transferred
  - All personal information collected according to Article 2

 (2) Country, date and procedure of transfer
  - Country:
  - Date: Date of member joining
  - Procedure: Data moving via the network on AWS (Server located at global cloud region)

 (3) Transferee
  - Name: Amazon Web Services, Inc.
  - Contacts: AWS Support Console (amazon.com) / aws-korea-privacy@amazon.com

 (4) Objective of transfer
  - For active cloud service

 (5) Terms for keeping and use
  - Same with the terms for processing and keeping stipulated in Article 4

Article 7 (Rights of User and Legal Proxy)

1. The Company protects the user’s rights as follows.

 (1) The user may search and correct own personal information at any time
 (2) The user may request withdrawal of the consent on the personal information provision and termination of membership at any time.
 (3) The Company shall not use or provide the corresponding personal information till correction or deletion at the user’s request for view, certificate or correction. The Company shall take actions immediately at the necessity of correction or deletion such as the finding the error or exceeding the keeping time for the personal information.

2. The Company shall guarantee the following right for legal proxy of the children under 13.

 (1) The legal proxy may withdraw the consent on the collection, use or provision of the personal information of the children under 13, and request to view or correct the personal information of corresponding children. (Right for requesting the review, correction, deletion and suspension on the personal information processing of the children)
 (2) At the request of the legal proxy of the children user under 13, the Company may request the evidence for verifying the proxy relation to confirm whether the proxy person is legitimate proxy.

Article 8 (Matters regarding to Installation/Operation and Rejection of the Personal Information Automatic Collector)

1. The Company shall use the user’s ‘local storage’ and ‘cookie’ where the use information stored at internet site operated by the Company to provide the personalized and customized service. The cookie is the small information file transmitted from the website server to the user’s browser. It is saved into the hard disk on the computer. The website server will read the contents of cookie saved on the user’s computer, maintain the environment setting and provide the customized service when the user visits to the website. The cookie will help the user to contact and use the website conveniently when the user visits to the website.

 (1) The information collected from the local storage by the Company is limited to the e-mail, token for log-in, language setting, unique number and name and the other information is not collected. The information stored on the local storage is deleted totally except the language setting when the user logged out.
 (2) The information collected through cookie by the Company is whether the pop-up window checked or not. The information stored in the cookie is kept and deleted depending on the terms set by respective browser when the information is not deleted directly by the user.

2. How to reject the local storage setting: There is no additional rejection procedure because the local storage is fully deleted automatically except the language setting when the user logged out.
3. The user may reject the saving the cookie through the following setting procedures. However, the rejection of the saving the cookie may cause the inconvenience in site using.

*How to set
 Internet Explorer: Tool at the top of web browser> Internet option>General>Delete the internet use record
 Chrome : Menu for setting on the right of web browser > Tool > Delete the internet use record

Article 9 (Procedure and Method of Personal Information Scrapping)

1. The Company shall destroy the corresponding personal information immediately when the personal information becomes useless such as the expiry of keeping terms and accomplishment of the processing purpose.
2. The Company shall keep the corresponding personal information according to the laws at the necessity of keeping the personal information consistently according to other laws in spite of expiry of the keeping terms agreed by the information subject or accomplishment of the processing purpose.
3. The procedures and methods for destroying the personal information are as follows.

 (1) Destroying procedure: The Company shall destroy immediately the personal information when its purpose of collection and use is accomplished, in case of saving according to the related laws, the information shall be kept safely by moving to separate database for a certain period according to the internal regulations and related laws and destroyed immediately. At this time, the information moved to the database shall not be used other purposes except the cases according to the laws.
 (2) How to destroy: The personal information saved in electronic file shall be deleted with technically irrevocable methods and the personal information recorded or printed on the pater shall be smashed with spy killer or incinerating.

Article 10 (Technical and Managerial Actions for Personal Information Protection)


The Company seeks the following measures to acquire the safety for the personal information not to be stolen, disclosed, forged or damaged during handling the personal information.

(1) We take steps to secure Personal Information through administrative, technical, and physical safeguards designed to protect against the risk of accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Unfortunately, we cannot guarantee the security of information transmitted through the Internet, and where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential.
  (2) Technical measure: Network separation, password management, security program installation, manage the access right to the personal information processing system and access control system installation,etc.
 (3) Managerial measure: Establishment and execution of internal management plan, periodic education on the personal information handler, minimize the personal information handler and requesting the security agreement and etc.

Article 11 (Information on the Opinion Collection and Complaint Processing related to Personal Information)

The Company provides all procedures and methods to collect the users’ opinion and process the complaints related to the personal information protection. The user may report the claims through the phone and e-mail of the leader in charge and the clerk defined on Article 14 herein. The Company will answer rapidly and sufficiently to the matters reported by the users.

Article 12 (CHILDREN'S PRIVACY)

Our services are not intended for children under 18 years of age, and we do not knowingly collect or sell Personal Information from children under 18. If you are under 18, do not use or provide any information on the service sites or through any of its features. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete it. If you are the parent or guardian of a child under 18 years of age whom you believe might have provided us with their Personal Information, you may contact us using the below information to request that it be deleted.

Article 13 NOTICE TO CALIFORNIA RESIDENTS


If you are a California resident, certain Personal Information that we collect about you is subject to the California Consumer Privacy Act (CCPA). Please note that the CCPA does not apply to, among other things,
• Information that is lawfully made available from federal, state, or local government records;
• Consumer information that is deidentified or aggregated;
• Medical information governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 46) of Division 1) (CMIA) or protected health information that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services (HHS), Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Public Law 111-5); or
• A provider of health care governed by the CMIA or a covered entity governed by the privacy, security, and breach notification rules issued by HHS, established pursuant to HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information under CMIA/HIPAA/HITECH Act.
Collection of Personal Information – Currently and in the Preceding 12 Months.
We collect Personal Information as defined by the CCPA, which is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include de-identified or aggregate information; publicly-available information that is lawfully made available from federal, state, or local government records; and information covered by certain sector-specific privacy laws.

Article 14 (Department, Name and Contacts of the Leader and Clerk in Charge of Personal Information)


1. The Company makes the best for you to use the good information in safety. The leader in charge of the personal information will take responsibility on the accidents occurred against the information noticed to you.
2. The user is responsible for the security on the ID and password related to the personal information. The user shall use caution for the password not to be disclosed because the Company shall not ask the password directly to the user in any manners. Especially, pay more attention when connected on-line in public place.
3. The user has the right to request that we delete Personal Information about you that we have collected, subject to certain exceptions.
4. The Company designated the leader and clerk in charge of the personal information for collecting opinion and processing the claims. Their contacts are as follows.

[Leader for Personal Information Protection]
 Name: Choi Dong Min
 Dep’t / Position: CTO
 E-MAIL: dmc@hroboticsinc.com
 Phone +82(0)-32-710-4127

[Dep’t competent for claims related to request on viewing personal information]
 Name: Lee Eun Gyeol
 Dep’t / Position: SW Team/Researcher
 E-MAIL: eungyeol.lee@hroboticsinc.com
 Phone +82(0)-32-710-4127

Article 15 (Exceptions for applying the Privacy policy)


1. The Company may provide the link to the other company’s website or data to the user via website. In this case, the Company shall not have the enforcing power to the external site and data and the privacy policy is not applicable to the user’s collection of the personal information. Accordingly, be sure to check the privacy policy on the site visited newly in case of moving to other site by clicking the link contained in the Company.
2. Respond to law enforcement requests and court orders and legal process and carry out our legal and contractual obligations and enforce our rights.
3. Authenticate use, detect potential fraudulent use, and otherwise maintain the security of the Sites and safety of users.

Article 16 (Updating this Privacy Policy)


This Privacy Policy may be updated periodically to reflect changes in our privacy practices. It is your responsibility to review the Privacy Policy from time to time to view any such changes.

Article 17 (Right to Nondiscrimination)


The user has the right to be free from discriminatory treatment for exercising the privacy rights, including not being: denied goods or services; charged different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provided a different level or quality of goods or services; or suggested that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Article 18 (How to Rescue the Infringement on the Rights)

The user may ask to rescue and consult the damage from the personal information infringement to the following organizations. The following organizations are separate agencies with the Company. Please contact us for non-satisfaction on the rescue results and more details.

[For Korea]

1. Personal Information Infringement Report Center (Run by Korea Internet and Security Agency)
 Competent for: Report/Request for consulting the personal information infringement case
 Homepage: privacy.kisa.or.kr
 Phone: (Directly) 118
 Address: (58324) 3rd floor, Personal Information Infringement Report Center Jinheung gil 9(Bitgaram-dong 301-2), Naju City, Cheonnam, Korea

2. Executive secretariat in Personal Information Conflict Arbitration Committee
 Competent for: Request for personal information conflict and group conflict
 Homepage: www.kopico.go.kr
 Phone: 1833-6972
 Address: Seoul Government Building Sejong-ro 209, Jongno-gu, Seoul City, Korea (Personal Information Protection Committee)

3. Cyber Detective Department in Supreme Prosecutor’s Office: Local code+1301 (www.spo.go.kr)
4. Cyber Safety Bureau in Korean National Police Agency: Police Civil Petition Call Center 182 (www.netan.go.kr)

[For USA]

Federal Trade Commission
Address: 600 Pennsylvania Avenue, NW Washington, DC 20580
Tel. 1-877-ID-THEFT, 877-438-4338
email: cpo@ftc.gov
Website: https://www.ftc.gov/

[For other countries]

Country
URL
Country
URL
EU
www.edps.europa.eu/EDPSweb
Greece
www.dpa.gr
Austria
www.dsb.gv.at
Hungary
www.naih.hu
Belgium
www.privacycommission.be
Italy
www.garanteprivacy.it
Bulgaria
www.cpdp.bg
Latvia
www.dvi.gov.lv
Croatia
www.azop.hr
Lithuania
www.ada.lt
Cyprus
www.dataprotection.gov.cy
Luxembourg
ww.cnpd.lu
Czech Rep.
www.uoou.cz
Malta
www.dataprotection.gov.mt
Denmark
www.datatilsynet.dk
Netherlands
www.autoriteitpersoonsgegevens.nl/nl
Estonia
www.aki.ee
Poland
www.giodo.gov.pl
Finland
www.tietosuoja.fi
Portugal
www.cnpd.pt
France
www.cnil.fr
Romania
www.dataprotection.ro
Germany
www.bfdi.bund.de
Slovakia
www.dataprotection.gov.sk
Ireland
www.dataprotection.ie
※ When the table is not fully visible, you can scroll horizontally to view it.


Supplementary Rule

This policy shall be executed from May 1, 2021.