Privacy Policy – Copy

Privacy Policy | AIOBIO

Privacy Policy

AIOBIO Co., Ltd. (“www.blissxp.com”, hereinafter “we” or “AIOBIO”) is committed to protecting your personal data and rights in accordance with the Personal Information Protection Act of Korea. This privacy policy explains how we collect, use, share, and protect your personal information, and how you may exercise your rights.

We will notify you of any changes to this policy through our website announcement or by individual notice.

This policy is effective as of December 1, 2020.

1. Purpose of Personal Information Processing

We collect and process personal information for the following purposes. Your personal data will not be used for purposes other than those stated below, and any changes to the intended use will be subject to your prior consent.

a. Membership Registration and Management

To confirm membership intention, verify identity for member-only services, maintain membership status, prevent misuse of services, provide notifications, and resolve complaints or disputes.

b. Provision of Goods or Services

For product delivery, service provision, invoice issuance, content delivery, identity verification, and payment processing.

c. Marketing and Advertising

To develop new services/products, provide tailored services, share event and promotional opportunities, evaluate service effectiveness, analyze usage frequency, and compile service usage statistics.

2. Personal Information File Overview

  • File Name: AIOBIO-blissxp-PrivacyPolicy
  • Items Collected: Email address, mobile number, password and recovery Q&A, login ID, name, company phone number, job title, company name, occupation, credit card information, service usage history, access logs, cookies, IP address, payment history, license number, business registration number
  • Collection Methods: Website, written forms, phone/fax, promotional events, shipping requests, third-party partners
  • Retention Basis: Personal Information Protection Act
  • Retention Period: 5 years
  • Applicable Laws: Credit info: 3 years; Complaints/disputes: 3 years; Payment/supply: 5 years; Contracts: 5 years; Ads/labeling: 6 months

3. Retention and Processing Period

We retain and process personal data within the retention period defined by law or consented to by the user at the time of collection. The retention period for each category is 5 years from the date of consent, in compliance with the Personal Information Protection Act and relevant laws.

4. Provision of Personal Data to Third Parties

We do not share personal data with third parties without your consent, unless required by law. Example: CJ Logistics for delivery (name, address, contact) retained for 1 month.

5. Outsourcing of Personal Data Processing

We outsource to KG Inicis for payment processing (1-month retention). Agreements ensure data protection, non-reuse, and supervision.

6. User Rights and How to Exercise Them

You may access, correct, delete, or request processing suspension of your data. Rights may be exercised via email, fax, or written request. Identity verification is required. Representatives must submit a power of attorney.

7. Items of Personal Information Processed

Required: Email, mobile number, name, credit card info, bank account info

8. Destruction of Personal Information

Once the purpose is fulfilled, data is destroyed using secure methods. Paper records are shredded or incinerated.

9. Use of Cookies and Refusal

Cookies store usage info to optimize services. You can refuse cookies via browser settings, though some features may be limited.

10. Personal Information Protection Officer

Chief Privacy Officer: Hyunhoon Jung (Director, Operations Management)

Privacy Department: Minkyeong Seo (Marketing Team)

Contact: +82-2-561-5101 / [email protected] / +82-02-3454-1403

11. Policy Amendments

This policy takes effect from the above date. Any updates will be announced at least 7 days prior to application.

12. Safeguards to Protect Personal Information

  • Regular audits (quarterly)
  • Minimized access and staff training
  • Security measures against hacking and malware
  • Encryption and secure transmission
  • Access logs kept ≥ 6 months
  • Database access control
  • Locked storage for physical documents
  • Access control for storage locations