"Astron Co., Ltd. (hereinafter referred to as the ‘Company’) places great importance on protecting users’ personal information and complies with the “Act on Promotion of Information and Communications Network Utilization and Information Protection.”

• Through the personal information handling policy, the Company notifies you of the purpose and method of using the personal information provided by users and what measures are being taken to protect personal information.
• If the company revises the privacy policy, notice will be given individually or on the website (http://astronhealthcare.co.kr).
• If matters not specified in this policy are stipulated under the “Framework Act on Telecommunications,” “Telecommunications Business Act,” “Act on Consumer Protection in Electronic Commerce, etc.,” “Act on Regulation of Terms and Conditions,” “Framework Act on Electronic Documents and Electronic Commerce,” “Framework Act on Consumers,” and other relevant laws and regulations, we assure you that we will abide by these regulations.

Astron Co., Ltd.'s privacy policy includes the following"

1. 1. Items of personal information to be collected and method of collection
2. 2. Purpose of collection and use of personal information
3. 3. Retention and use period of personal information
4. 4. Personal information destruction procedure and method
5. 5. Provision of personal information to third parties
6. 6. Consignment of handling personal information
7. 7. Matters concerning cookies
8. 8. Personal information manager and contact information
9. 9. Duty of notice"

1. Items of personal information to be collected and method of collection

The Company collects the following personal information for product inquiries, consultations, and fraud prevention

• Required items: Company name, name, contact number, e-mail address, access log
• Optional: Information required by the company to provide a personalized service
• How to collect information: website (customer inquiry)

2. Purpose of collection and use of personal information

The Company uses the collected personal information for the following purposes:

• Fulfillment of contracts regarding the provision of services
• Member management
  Personal identification, prevention of fraudulent use by illegitimate members, processing of complaints such as handling complaints, delivery of notices
• Used for marketing and advertising
  Delivery of advertising information such as events, identification of access frequency, or statistics on service use

3. Retention and use period of personal information

In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is achieved.

① Reasons for retaining information according to the Company's internal policy

• Fraudulent use record
  • Reason for retention: prevention of fraudulent use
  • Retention period: 1 year

② Reasons for retaining information according to relevant laws and regulations

If it is necessary to preserve such information in accordance with the provisions of relevant laws and regulations, such as the “Commercial Act” and “Act on Consumer Protection in Electronic Commerce, etc.”, the Company will keep the information for a certain period of time as stipulated by the relevant laws and regulations. In this case, the Company uses the information it retains only for the purpose of the retention thereof, and the retention period is as follows.

• Website visit record: 3 months (Communications Secrets Protection Act)
• Records on identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)
• Records on contract or contract withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Record on display and advertisement: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)
• Records on consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

4. Personal information destruction procedure and method

In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows.

1) Destruction procedure

The information entered by the user for using the service, etc., is transferred to a separate database after the purpose is achieved (in the case of written documents, a separate document cabinet), stored for a certain period of time according to information protection reasons under the relevant laws (refer to the retention and use period of personal information), and then destroyed. Personal information transferred to a separate database will not be used for any purpose other than the reason for the retention thereof unless otherwise required by law.

2) Destruction method

• Personal information printed out in writing: shredded or incinerated
• Personal information stored in the form of electronic files: deleted using a technical method that prevents reproduction of records

5. Provision of personal information to third parties

The Company uses the user's personal information within the scope agreed upon in the “Purpose of collection and use of personal information” and will not use the user's personal information beyond the scope or provide it to third parties in principle without the user's prior consent. However, exceptions are made for the following cases

• When users agree in advance
• In accordance with the provisions of the law or in accordance with the procedures and methods set forth in the law for the purpose of investigation, if there is a request from an investigative agency"

6. Consignment of handling of personal information

The company does not entrust users' personal information to external companies (delivery, installation, after-sales service companies, etc.) without prior consent. When entrusting the handling of personal information of users for smooth business processing in the future, the person to whom personal information processing is entrusted (hereinafter referred to as the “consignee”) and the details of the business entrusted with personal information processing must be notified in advance.

7. Matters concerning the operation of cookies

The Company uses ‘cookies’ that frequently store and find user information. A cookie is a text file sent to your browser by the server used to run the website and stored on the user's computer hard disk. The company uses cookies for the following purposes

1. 1) Purpose of using cookies
   It is used to analyze the user's access frequency, number of visits, and visit time, to identify the user's preferences and interests, and to provide targeted marketing and personalized services through trace tracking and participation in various events. Users have the option to install cookies, and by setting options in the web browser, they can accept all cookies, confirm whenever a cookie is saved, or refuse to save all cookies.
2. 2) How to reject cookies
   Example settings (in the case of Internet Explorer): Tools (at the top of the web browser) > Internet Options > Personal information. However, if you refuse to install cookies, you may not be able to use all the features on the website.

8. Personal information manager and contact information

In order to protect customers' personal information and handle complaints related to personal information, the Company has designated the relevant department and personal information manager as follows.

1. 1) Users can report all personal information protection-related complaints that occur while using the Company's services to the person in charge of personal information management or the department in charge.
2. 2) The Company will provide prompt and sufficient answers to users' reports.
3. 3) If you need to report or receive consultation about other personal information infringement, please contact the following organizations:
   1. - Personal Dispute Mediation Committee (www.1336.or.kr/1336)
   2. - Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-580-0533~4)
   3. - Supreme Prosecutor’s Office Internet Crime Investigation Center (spo.go.kr/02-3480-3600)
   4. - National Police Agency Cyber Terror Response Center (www.ctrc.go.kr /02-392-0330)

9. Duty of notice

The current privacy policy is effective from February 03, 2023. If there is an addition, deletion, or modification of the content due to changes in laws, policies, or security technology, notification will be posted on the website at least 7 days prior to the revision.

This policy will be effective from February 03, 2023.