Privacy Policy

CJ Bioscience (hereinafter referred to as 'the Company' or “we”) values your privacy and protection of your personal information. This Privacy Policy explains how the Company collects, stores, uses, shares, transfers, deletes, and processes information collected from or about you (“Personal Information”) by the Company. The Company strictly adheres to the Personal Information Protection Act and other applicable domestic laws related to personal information protection in the operation of the Ezbiome.app service.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

By using our service, you hereby consent to our Privacy Policy and agree to its terms. Please be aware that if you do not provide us with your Personal Information, certain services may be unavailable to you.

1. Personal Information We Collect

When you register on our website to utilize the services offered, the Company may ask for your contact information, including but not limited to items such as, name, email address, institution name, role, job title, and country.




2. Collection of Personal Information

The Company uses collected Personal Information solely for the following purposes, member management, service development/provision and improvement, and creating a safe internet usage environment, including to:

• Confirm a user's intention to register or leave Ezbiome.app, primarily for member management purposes
• Provide, operate, and maintain our website
• Understand and analyze how you use our website
• Convey changes to terms and conditions, announcements, updates, provide responses to inquiries or questions about service usage, and handle complaints for service operation
• Communicate with you, either directly or through one of our partners, including for customer service, to provide you with event information and participation opportunities, as well as for marketing and promotional purposes
• Find and prevent fraud



3. Provision and Delegation of Personal Information to Third Parties

As a principle, the Company does not provide Personal Information externally without the user's consent. However, Personal Information may be provided to third parties in the following cases:

• When consent is obtained from the user
• When there are special provisions in law
• When the information subject or legal representative is unable to express their intent, or when it's impossible to obtain prior consent due to reasons such as unknown addresses, and it's clearly recognized as necessary for the urgent life, bodily, or property interests of the information subject or a third party

The Company entrusts the processing of Personal Information to Amazon Web Services (AWS) in order to provide service stability and the latest technology to users. AWS does not have access to the user's Personal Information and does not independently use or share the user's Personal Information under any circumstances.

Entrusted Company	Contents of Entrusted Tasks	Personal Information Retention & Usage Period
Amazon Web Services Inc.	Retention of Personal Information Collected During Membership Registration and Service Use	Until the time of member withdrawal or the end of the entrusted contract

4. Disposal of Personal Information

As a principle, the Company promptly destroys user's Personal Information when the user withdraws from our website service or as long as needed for the specific business purpose or purposes for which it was collected. However, if separate consent is obtained from the user for the retention period of Personal Information, or if the law imposes an obligation to keep the information for a certain period, the Personal Information will be securely stored for that period. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period.

Act on the Consumer Protection in Electronic Commerce, Etc.

• Records regarding the contract or subscription withdrawal, etc. : Stored for 5 years
• Records regarding the payment and supply of goods, etc. : Stored for 5 years
• Records regarding the consumer complaints or dispute settlement : Stored for 3 years

Protection of Communications Secrets Act

• Login information : 3 months

The Company destroys Personal Information for which the collection and usage purpose has been achieved, such as upon member withdrawal and the expiration of the personal information retention period consented to by the user, in a way that it cannot be recovered or reproduced.

Personal Information that is recorded or stored in electronic file format is safely deleted using technical methods to prevent recovery or reproduction, and physical copies, such as printouts, are destroyed by methods like shredding or incineration.

5. Rights and methods of exercise for users and legal guardians

• You may inquire, modify, or delete your Personal Information at any time, and you may request access to your Personal Information.
• You may request to suspend the processing of Personal Information at any time, and may refuse to suspend processing in certain cases as stipulated by law.
• You may withdraw your consent for the collection and use of Personal Information at any time through 'membership withdrawal'.
• For children, we encourage parents and legal guardians to observe, participate in, and/or monitor and guide your children’s online activity. Parents and legal guardians of such minor may view, modify, or delete the child’s personal information, request to suspend its processing, and withdraw consent for its collection and use. We do not knowingly collect, maintain, disclose, or otherwise process Personal Information from minors below the age of 14 without the permission of such minor’s parents or legal guardians. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

6. Measures to ensure the security of Personal Information

   The company is doing its utmost to manage users’ Personal Information securely and is protecting Personal Information beyond the level required by the Personal Information Protection Act.

   • We have established and implemented an internal management plan for personal information protection.

     We have established an internal management plan for personal information, which includes the designation of a personal information protection officer, the composition and operation of a personal information protection organization, etc., and we check whether the internal management plan is being implemented properly every year.

   • We have taken measures to control access to personal information and limit access rights.

     Through the granting, changing, and deletion of access rights to the personal information processing system, we take necessary measures to control access to personal information, and we use an intrusion prevention system to control unauthorized access from the outside.

   • We have taken measures to keep access records of personal information and prevent forgery and alteration.

     We keep and manage the record of access to the personal information processing system for at least 1 year and manage it to prevent the access record from being forged, altered, stolen, or lost.

   • We have taken encryption measures to securely store and transmit personal information.

     Personal information required by law to be encrypted is stored in an encrypted form. Also, we securely send and receive personal information over the network through encrypted communications.

   • We install and update security software for personal information.

     To prevent leakage and damage of personal information by hacking or computer viruses, etc., we install security software and update and check it regularly.

7. Information regarding the Personal Information Protection Officer and Manager

• If you have questions or comments about this Privacy Policy or ahow your Personal Information is processed, please contact the relevant person listed below. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. We may, after receiving your request, require additional information from you to honor the request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

• Personal Information Protection Officer

  Name: Choi ImJae

  Affiliation: Business Support Office

  Contact: 02-6078-3488

  Email: bs.privacy@cj.net

• Personal Information Protection Manager

  Name: Yun Byungwook

  Affiliation: BIO DP) IT Team

  Contact: 02-6078-3488

  Email: bs.privacy@cj.net

8. Duty to Notify Before Revision

We reserve the right to change this Privacy Policy from time to time. We will alert you when changes have been made by indicating the date this Privacy Policy last updated as the date the Privacy Policy became effective or as otherwise may be required by law. It is recommended that you periodically revisit this Privacy Policy to learn of any changes.

9. Transfer of Personal Information across national borders

Please be aware that Personal Information we collect and process may be transferred and maintained outside your state, province, country, or other jurisdiction where the privacy laws may not be as protective as those in your location, including the United States. We have put in place lawful transfer mechanisms and adequate safeguards, in accordance with applicable legal requirements, to protect your Personal Information.