Privacy

Terms of Service and Privacy Policy

Article 1 (Purpose)
These terms and conditions provide for the services (hereinafter collectively referred to as “Services”) provided on the website operated by Panaxtos Co., Ltd. (hereinafter referred to as “Company”) with one member ID and password. The purpose is to stipulate the rights, obligations and responsibilities of the company and users when signing up and using each site.

Article 2 (Definition)
① “User” refers to a member or non-member who accesses or visits the site and receives all services provided by the company in accordance with these terms and conditions.
② “Member” refers to a person who provides personal information to the company and agrees to the personal information handling policy and This refers to a person who has registered as a member after agreeing to the Terms of Use and who continues to use the service.
③ “Non-member” refers to a person who uses the services provided by the company without registering as a member.

Article 3 (Effectiveness and Revision of Terms and Conditions)
① These Terms and Conditions are stated in the Terms and Conditions on the site. It takes effect on all members who agree and apply for membership.
② If necessary for service operation, the Company may revise these Terms and Conditions to the extent that they do not violate relevant laws. In addition, the effect of the terms and conditions after revision also applies to members before the revision.
③ When revising the terms and conditions, the company shall notify members through methods such as online notice or e-mail 7 days prior to the date of application and apply them. It takes effect from this day. However, when an urgent revision of the terms and conditions is required due to a serious reason, the terms and conditions may be revised immediately, and in this case, the reason for the significant change in terms and conditions will be announced.
④ If a member does not agree to the revision of the terms and conditions, he or she may stop using the service and withdraw. If you continue to use the service even after the terms and conditions have been revised, you are deemed to have agreed to the change in the terms and conditions.

Article 4 (Rules other than the terms and conditions)
① The company shall not provide any information on individual services other than the terms and conditions. You can set detailed details, and the details will be announced through the service usage guide and separate terms and conditions.
② If matters not specified in these Terms and Conditions are stipulated in relevant laws and regulations, such regulations shall apply.

Article 5 (Membership Registration)
① The site is open only to those aged 12 or older. You can apply for membership by entering your personal information after agreeing to the established terms of use and personal information handling policy. You become a member when the company gives permission.
② All information entered in the membership application form must be identical to the actual information, and members who enter information that is not identical to the actual information or that is different from the facts will not receive legal protection.
③ The site is subject to Paragraph 1. Among users who have applied to become members, approval may be refused or canceled in the following cases:
- If it is not your real name
- If it is not your resident registration number
- When false information is provided at the time of application.
- When applying for the purpose of undermining social order and order.
- Framework Act on Telecommunications, Telecommunications Business Act, Information and Communications Code of Ethics, If an act is committed that is prohibited by the Information and Communications Ethics Committee deliberation regulations, the Program Protection Act, and other related laws and terms and conditions
- If it is determined that registering as a member will significantly impede the site's technology.

Article 6 (Member’s Obligations)
① Members must enter actual membership information, and if there are any changes, they must immediately correct the changes.
② Members must not use the ID or personal information of someone other than their own.
③ Members must comply with the provisions of the Terms and Conditions and related laws and assume all responsibility arising from careless management of ID, password, and personal information.
④ Members must comply with the provisions of the Terms and Conditions and relevant laws and regulations and assume all responsibility arising from careless management of ID, password, and personal information.
④ Members must comply with the provisions of the Terms and Conditions and related laws and regulations. You must check regularly to see if your information has been stolen, and if you discover the possibility of theft or illegal use, you must report it to the company without delay.
⑤ Members must assume all responsibility arising from failure to terminate the service properly (failure to log out) after using the service, and members must not use the services provided by the company using methods other than official methods recognized by the company.< br />⑥ If a bug or defect in the service is discovered while using the service, the member must report it to the company without delay and must not abuse it.

Article 7 (Company’s Obligations)
① The Company does not engage in any acts prohibited by the relevant laws and these Terms and Conditions.
② The Company strives to provide continuous and stable services.
③ The Company does not respond to opinions raised by members using the service. If the complaint is deemed justified, it will be processed immediately. However, if immediate processing is not possible, the member must be notified of the reason and processing schedule.

Article 8 (Withdrawal of Membership)
① Members may apply for termination of the service agreement through the withdrawal menu at any time, and the “Company” must process this immediately.
② The Company immediately deletes the personal information of withdrawn members and blocks membership with the same ID. For this purpose, only the ID is recorded.
③ A withdrawn member cannot re-register with the same ID and must re-register with a new ID.
④ In the following cases, the company may force withdrawal or stop using the service without prior notice.
- If false information is provided when applying for membership
- Another person's ID or password , In case of theft of resident registration number, etc.
- In case of infringement of intellectual property rights of the company, other members or third parties
- In case of conduct that harms social well-being, order, and morals
- If you take an action that damages the reputation of another person or the company or puts you at a disadvantage
- If you take an action that may cause a disruption to the information and communications network
- If you engage in a commercial activity using the service without the company's permission
- If points operated and managed by the company are acquired in a manner not permitted by the company
- Basic Telecommunications Act, Telecommunications Business Act, Information and Communications Code of Ethics, Information and Communications Ethics Committee Deliberation Regulations, Program Protection Act, and In case of engaging in an act prohibited by other related laws and terms and conditions

Article 9 (Notice to members)
① When the company notifies a member, the notification is sent to the e-mail address that the member entered in the service. If the e-mail address is false or the member cannot confirm, or the company that manages the e-mail address entered by the member If the e-mail is not sent properly due to a problem, the company is not responsible for the obligation to notify.
② In the case of notification to an unspecified number of members, the company posts it on the service for more than one week and the member posts it. The company is not responsible for any damage resulting from failure to confirm the notice.
③ The company may deliver information or advertisements that it deems useful to members via e-mail, and if members do not wish to receive this information, they may refuse to receive it through the personal information management menu. However, even if you have declined to receive e-mail, if there are announcements that members must be aware of, such as changes to membership terms and conditions, personal information handling policy, or other important business policies, e-mail may be sent regardless of refusal to receive e-mail.

Article 10 (Service Restrictions)
① The member bears any damages incurred by the member if he or she provides false information regarding his or her name, date of birth, address, contact information, or e-mail. In addition, the company will check the member's name and e-mail and, if the member's name and e-mail are not confirmed to be real, may cancel the service. Some or all of them may be restricted.
② If separate authentication is required for a member's use of the service, the company may request a separate authentication process prior to providing the service.
③ In the following cases: In any of the following cases, the company may restrict or suspend the member's use of the service without prior notice.
- If the member steals or falsely records the ID or resident registration number.
- In case of abnormal behavior or violation of regulations.
- If you cause discomfort or damage to the company or others by using abusive language on bulletin boards or other online spaces.
- If you abuse bugs or defects in the service.

Article 11 ( Attribution of copyright and restrictions on use)
① Copyrights and other intellectual property rights for works created by the Company belong to the Company, and members may use the service for profit by processing, copying, publishing, distributing, broadcasting, selling, or otherwise using the information obtained while using the service without the Company's prior consent. It must not be used for any other purpose or used or provided to a third party.
② The rights and responsibilities for posts written by members belong to the member who posted them, and the company may not use them for commercial purposes within the service without the consent of the member who posted them. can not use. However, if the company wishes to use a member's posting for publication, etc., it must obtain the member's consent in advance through procedures such as phone, mail, or e-mail.
③ The company may delete a post written by a member without prior notice if it falls under any of the following items through content, sentences, shapes, symbols, etc.
- Any post that slanders another member or the company or damages its reputation through slander. In case of content
- In case of content that violates public order and morals
- In case of content recognized as being linked to criminal acts
- Company's copyright, third party's copyright, etc. In case of content that infringes on rights
- In case of unconfirmed or false information
- In case of posting for the purpose of advertising
- In case of impersonating the operator or official of the company
- In case of postings that do not conform to the nature of the bulletin board
- In cases that are judged to be in violation of other relevant laws and regulations
④ Any losses or problems arising from posts and information posted by members are the individual responsibility of the member, and the company is not responsible for them.
⑤ Claims, lawsuits, lawsuits, lawsuits against the company by a third party due to a member's posts. If any other dispute arises, the member must bear the costs of resolving the dispute and handle the dispute for the company. If the company compensates a third party or causes damage to the company, the member must compensate the company.

Article 12 (Personal Information Handling Policy)
① The company protects members’ personal information, and the company announces the contents separately under the name of ‘Personal Information Handling Policy’ and follows it accordingly. We strive to protect members' personal information.

Article 13 (Compensation and Indemnification)
① The Company will not protect members unless there is intent or gross negligence on the part of the Company in relation to the use of free services. We are not responsible for compensation or compensation for any damage incurred.
② If the company suspends the service due to a natural disaster, emergency, or other unavoidable circumstances, the company is exempted from liability for any problems that arise to members due to the service interruption, and is not responsible for any disruption in service use due to reasons attributable to the member.
③ The Company is not responsible for guaranteeing or guaranteeing the suitability, accuracy, timeliness, or reliability of posts posted by members, and does not accept information obtained by members through services provided by the company or posts by other members posted on the service. When making necessary decisions regarding legal, medical, or other financial matters, we recommend that you consult with an expert in advance.
④ The company may engage in various advertising activities to members in order to operate the service. In this case, the company is not responsible for any damage caused to members by advertisers, not the company.
⑤ The company is not responsible for damage that occurs due to a member's use in violation of these terms and conditions or related laws, such as direct transactions, and for damage that occurs due to the member's obvious negligence, such as not knowing how to use the service, failing to confirm notices, or entering inaccurate information.

Article 14 (Dispute Resolution and Jurisdictional Court)
① The company shall report members’ inconveniences, complaints, and other opinions regarding personal information management, service use, etc. through the website, e-mail, and phone. , in writing, etc. are received and processed.
② If there is a dispute regarding personal information, the company and members may apply for mediation of the dispute to the Personal Information Dispute Mediation Committee for prompt and effective dispute resolution.
③ If a lawsuit is filed regarding a dispute arising from the use of the service, the court having jurisdiction over the location of the company's headquarters or a court under the Civil Procedure Act of the Republic of Korea shall be the competent court.

Supplementary Provisions
These provisions The Terms and Conditions will apply from June 13, 2022, and the previous Terms and Conditions will be replaced by these Terms and Conditions.

**1. Collection of Personal Information: Items and Methods**

**a. Items of Personal Information Collected**

1. The company collects the following minimal personal information as mandatory items for membership registration, smooth customer consultations, and various services at the time of initial service application:
- Mandatory items: Email, organization name, representative’s name, contact information, address, standard code of EEG medical device (UDI)
- Optional items: employees email, name

2. Information generated and collected automatically during service use or business processing may include:
- IP Address, cookies, visit time, service usage records

**b. Methods of Collecting Personal Information**

The company collects personal information through the following methods:
- Website, written forms, fax, phone, email
- Provision from partner companies

---

**2. Purpose of Processing Personal Information**

Panaxtos Co., Ltd. ('Panaxtos' at 'https://www.panaxtos.com') processes personal information for the following purposes. The processed personal information will not be used for purposes other than those stated, and any changes in the purpose of use will be notified in advance:

**a. Website Membership Registration and Management**

Personal information is processed to confirm membership registration intent, provide membership services, identify and authenticate members, maintain and manage membership status, prevent misuse of services, notify and communicate various matters, handle complaints, and retain records for dispute resolution.

**b. Handling Complaints**

Personal information is processed to verify the identity of complainants, confirm complaint details, contact and notify for fact-finding, and communicate processing results.

**c. Provision of Goods or Services**

Personal information is processed for the purpose of delivering goods, providing services, sending invoices, providing content, offering customized services, verifying identity, age verification, billing and settlement, and debt collection.

---

**3. Personal Information File Status**

**Retention and Use Period of Personal Information**

In principle, personal information is promptly destroyed once the purpose of collection and use is achieved. However, if there is a need to retain information according to laws such as the Commercial Act or the Act on Consumer Protection in Electronic Commerce, the company will retain member information for a certain period as required by the relevant laws. The retained information will be used only for the purpose of retention, and the retention periods are as follows:

- Records related to contracts or withdrawal of subscriptions:
- Retention reason: Act on Consumer Protection in Electronic Commerce
- Retention period: 5 years

- Records related to electronic financial transactions:
- Retention reason: Electronic Financial Transactions Act
- Retention period: 5 years

- Records related to consumer complaints or dispute resolution:
- Retention reason: Act on Consumer Protection in Electronic Commerce
- Retention period: 3 years

- Website visit records:
- Retention reason: Telecommunications Privacy Protection Act
- Retention period: 3 months

---

**4. Rights of the Data Subject, Their Obligations, and How to Exercise Them**

**a. Rights of the Data Subject**

Data subjects can exercise the following rights regarding their personal information with Panaxtos ('https://www.panaxtos.com'):

1. Request to view personal information
2. Request to correct any inaccuracies
3. Request to delete personal information
4. Request to halt processing

**b. Exercising Rights**

Rights under Paragraph 1 can be exercised in writing, by email, or by fax according to the format prescribed in the Enforcement Rules of the Personal Information Protection Act. Panaxtos will respond promptly to such requests.

**c. Correction or Deletion of Personal Information**

If a request for correction or deletion is made, Panaxtos will not use or provide the relevant personal information until the correction or deletion is completed.

**d. Exercising Rights through a Representative**

Rights under Paragraph 1 can also be exercised through a legal representative or an authorized agent. In such cases, a power of attorney form according to the Enforcement Rules of the Personal Information Protection Act must be submitted.

**e. Withdrawal of Consent**

Customers may withdraw consent for the collection, use, or provision of personal information at any time.

- Viewing or correcting personal information:
- Customers (or their legal representatives) can request access or correction of personal information by visiting the company directly, or by phone or email.
- When requesting access, valid identification documents (e.g., ID card, passport, driver’s license) must be provided. Representatives must present a power of attorney, proof of signature, and identification.

- Withdrawal of consent for collection, use, or provision:
- Customers may visit the company's branch with identification to agree or withdraw consent.

**f. Services for Children**

Panaxtos does not provide services to children under the age of 14.

---

**5. Items of Personal Information Processed**

Panaxtos processes the following items of personal information:
- Mandatory items: Purpose of processing personal information, personal information file status, processing and retention period, third-party provision details, processing delegation details
- Optional items: Department handling personal information access requests, methods for remedying rights infringements

---

**6. Disposal of Personal Information**

Panaxtos will promptly dispose of personal information once the purpose of processing is achieved. The procedures, timelines, and methods for disposal are as follows:

- Disposal Procedure:
- Information entered by users is moved to a separate database (or paper documents to a separate file) after achieving its purpose and is retained according to internal policies and relevant laws before being destroyed. Information in the database is not used for other purposes unless required by law.

- Disposal Time:
- Personal information will be disposed of immediately after the retention period ends or if it is deemed unnecessary due to the completion of the processing purpose, cessation of the service, or termination of the business.

- Disposal Method:
- Electronic files are destroyed using technical methods that prevent recovery.
- Paper documents are shredded or incinerated.

---

**7. Measures to Ensure the Security of Personal Information**

Panaxtos implements the following technical, managerial, and physical measures to ensure the security of personal information as required by Article 29 of the Personal Information Protection Act:

1. Minimization and Training of Personnel Handling Personal Information
2. Regular Internal Audits
3. Establishment and Implementation of Internal Management Plans
4. Encryption of Personal Information
5. Technical Measures Against Hacking and Computer Viruses
6. Access Restrictions to Personal Information

---

**8. Personal Information Protection Officer**

**a. Responsibilities**

Panaxtos is responsible for overall personal information processing and for handling complaints and remedying damages related to personal information. The designated Personal Information Protection Officer is:

**b. Contact Information**

- Personal Information Management Officer:
- Name: Kim Tae-ho
- Affiliation: Panaxtos
- Phone: (02) 2051-1380
- Position: Vice President
- Email: kth@panaxtos.com

- Personal Information Management Manager:
- Name: Yoon Yeo-il
- Affiliation: Personal Information Protection Team
- Phone: (02) 2051-1380
- Position: Manager
- Email: yeoily@panaxtos.com

**c. Roles of the Personal Information Management Officer**

- Establishing and implementing key guidelines/policies/systems for personal information protection
- Building internal control systems to prevent personal information leakage and misuse
- Conducting audits and inspections of personal information protection practices
- Developing and implementing training plans for personal information protection
- Creating and revising personal information handling policies
- Preventing and responding to personal information breaches
- Performing other necessary tasks for information protection

**d. Reporting and Consulting**

For issues related to personal information breaches, please contact the following organizations:

- Personal Information Breach Reporting Center (privacy.kisa.or.kr / 118)
- Supreme Prosecutors' Office Cyber Crime Investigation Unit (www.spo.go.kr / 02-3480-3571)
- Cyber Safety Bureau, National Police Agency (www.ctrc.go.kr / 182)

---

**10. Changes to the Privacy Policy**

This Privacy Policy applies from the effective date, and any additions, deletions, or amendments will be notified through the notice section at least 7 days before implementation.

---

**11. Privacy Policy Announcement**

- Privacy Policy Announcement Date: June 10, 2022
- Privacy Policy Effective Date: June 13, 2022

Entrustment of Personal Information Processing

**Article 1 (Purpose)**
This agreement is made between the applicant (hereinafter referred to as "the Applicant") and Panaxtos Co., Ltd. (hereinafter referred to as "Panaxtos") to entrust Panaxtos with the processing of the Applicant's personal information in relation to the NeuroHarmony (EEG) service. The purpose of this agreement is to set out the necessary provisions to ensure that Panaxtos performs the entrusted tasks diligently under its responsibility.

**Article 2 (Definitions)**
1. In this agreement, the following terms are defined as follows:
1. "Personal Information" refers to information about an identifiable living person, including name, date of birth, and any information that can identify the person either directly or indirectly when combined with other information.
2. "Processing" refers to any action performed on personal information, including collection, creation, linkage, integration, recording, storage, retention, processing, editing, retrieval, output, correction, restoration, use, provision, disclosure, destruction, or similar activities.
3. "Data Subject" refers to the individual who can be identified by the processed information.
4. Terms not specifically defined in this agreement shall be defined according to the "Personal Information Protection Act," its enforcement decrees and rules, the "Standard Personal Information Protection Guidelines" (Notification No. 2011-45 by the Ministry of the Interior and Safety), and the "Act on Promotion of Information and Communications Network Utilization and Information Protection" and its enforcement decrees.

**Article 3 (Purpose and Scope of Entrusted Tasks)**
Panaxtos shall perform the following personal information processing tasks within the scope necessary for the execution of the basic contract:
1. Management of personal information of customers and employees collected by the Applicant in relation to the NeuroHarmony (EEG) service.

**Article 4 (Restriction on Sub-entrustment)**
1. Panaxtos may not transfer or sub-contract any part or all of its rights and obligations under this agreement to a third party without prior written consent from the Applicant.
2. If Panaxtos obtains prior written consent from the Applicant to appoint a sub-contractor, Panaxtos must immediately notify the Applicant in writing of such appointment along with the relevant sub-contracting agreement.

**Article 5 (Measures for Ensuring the Safety of Personal Information)**
Panaxtos must implement the following necessary technical and administrative measures to ensure the safety of personal information in accordance with Article 29 of the "Personal Information Protection Act," Article 30 of its enforcement decree, and the "Standards for Ensuring the Safety of Personal Information" (Notification No. 2011-43 by the Ministry of the Interior and Safety):
1. Establishment and implementation of an internal management plan for the safe handling of personal information.
2. Access control and restriction measures for personal information.
3. Application of encryption technologies or equivalent measures to securely store and transmit personal information.
4. Storage of access logs and measures to prevent tampering or falsification in response to personal information breaches.
5. Installation and updating of security programs for personal information protection.
6. Provision of physical security measures such as secure storage facilities or locking mechanisms for personal information.
7. Other necessary protective measures for ensuring the safety of personal information.

**Article 6 (Restrictions on Personal Information Processing)**
1. Panaxtos must not process personal information beyond the purpose of the entrusted tasks specified in Article 3, nor provide or disclose such information to third parties during the term of this agreement or after its expiration.
2. Upon termination of the basic contract or this agreement, or when the purpose of the personal information processing is achieved, Panaxtos must immediately destroy or return the personal information in accordance with Article 16 of the enforcement decree of the "Personal Information Protection Act" as follows:
1. For electronic files: Permanent deletion using methods that prevent recovery.
2. For records, printed materials, documents, and other media: Shredding or incineration.
3. If Panaxtos destroys personal information, it must promptly notify the Applicant of the result in writing.

**Article 7 (Management and Supervision of the Sub-contractor)**
1. The Applicant may request Panaxtos to manage the following aspects, and Panaxtos must comply unless there are special reasons:
1. Status of personal information processing.
2. Access or connection status to personal information.
3. Individuals or entities accessing or connecting to personal information.
4. Compliance with prohibitions on use, provision, and sub-contracting for purposes other than those specified.
5. Implementation of security measures such as encryption.
6. Other necessary matters for personal information protection.
2. The Applicant may inspect the status of the above matters and request corrections, and Panaxtos must comply unless there are special reasons.
3. The Applicant may provide training to Panaxtos to prevent loss, theft, leakage, tampering, or damage to personal information due to the entrusted processing, and Panaxtos must comply.
4. The timing and method of such training will be discussed and implemented in consultation with Panaxtos.

**Article 8 (Compensation for Damages)**
1. If Panaxtos or its employees or other sub-contractors cause damage to the Applicant or any third parties due to a breach of this agreement or due to Panaxtos’s fault while performing the entrusted or sub-contracted tasks, Panaxtos shall compensate for the damages. The compensation limit for damages to the Applicant is [twice the average monthly fee for the last three months (or the applicable period if less than three months)].
2. If the Applicant compensates for damages incurred by third parties related to this agreement, the Applicant may seek reimbursement from Panaxtos.

**Article 9 (Termination and Cancellation of the Agreement)**
1. The Applicant or Panaxtos may terminate or cancel this agreement immediately without prior notice if any of the following conditions occur:
1. The other party fails to remedy a breach of the agreement within 30 days after notice of such breach.
2. The other party is subject to cancellation or suspension of business operations by the government, making performance of the agreement impossible or significantly difficult.
3. The other party is subject to bankruptcy or similar procedures.
4. The other party’s performance of the agreement is deemed impossible due to natural disasters or other force majeure events.
5. Significant risk to the other party’s credit due to transfer, seizure, or other major asset issues making performance of the agreement questionable.
6. The other party is subject to suspension of transactions by a financial institution, making performance of the agreement questionable.
7. Other situations where there is significant risk to the other party’s credit making performance of the agreement impossible or significantly difficult.
2. Termination or cancellation of this agreement does not affect claims for damages.

**Article 10 (Effective Date and Validity Period)**
1. This agreement becomes effective from the date both parties sign or seal it and remains valid until the basic contract is terminated, expires, or this agreement is terminated for any reason.
2. Responsibilities arising from any breach of this agreement during its validity and confidentiality obligations under Article 11 remain in effect even after the agreement’s termination.

**Article 11 (Confidentiality)**
The Applicant and Panaxtos must not disclose, leak, or provide any business secrets or personal information learned in relation to the signing and performance of this agreement to any third parties without prior written consent from the other party.

**Article 12 (Resolution of Disputes)**
Any matters not specified in this agreement or any interpretation disputes shall be resolved through mutual agreement according to relevant laws and general practices. In the event of legal disputes, the competent court shall be the Seoul Central District Court.