Silvia Health Inc. (hereinafter referred to as "the Company") complies with the Personal Information Protection Act and other related laws to protect the freedom and rights of data subjects. We process and manage personal information securely and lawfully. In accordance with Article 30 of the Personal Information Protection Act, we have established and publicly disclose the following privacy policy to provide guidance on the procedures and standards for processing and protecting personal information for data subjects, and to ensure that related grievances are handled promptly and smoothly.
1. Cases Without the Data Subject's Consent
(Required) Consent to Collect and Use Personal Information
The purposes and items for collecting and using personal information are as follows.
You have the right to refuse consent, but refusing to do so will make it impossible to use the service.
You have the right to refuse consent, but refusing to do so will make it impossible to use the service.
Legal Basis | Purpose | Collected Items | Retention and Use Period |
Personal Information Protection Act, Article 15, Paragraph 1, Item 4 (Conclusion/Fulfillment of a contract) | Membership registration and management | Mobile phone number, name (nickname), date of birth, gender | Until membership withdrawal |
2. Cases Where the Data Subject's Consent Has Been Obtained
The Company processes the following personal information items with the data subject's consent.
Legal Basis | Classification | Purpose of Processing | Items to be Processed |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Membership registration and management | User identity verification, personal authentication for membership service, user qualification maintenance, and prevention of fraudulent use of the service. | [Common] (Required) Mobile phone number, name/nickname, date of birth, gender |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Membership registration and management | User identity verification, personal authentication for membership service, user qualification maintenance, and prevention of fraudulent use of the service. | [Kakao] (Required) Nickname, profile image and history when linking to a KakaoTalk account, (Optional) KakaoTalk phone number (email), KakaoTalk account, gender, age range, date of birth, consent to receive ads |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Membership registration and management | User identity verification, personal authentication for membership service, user qualification maintenance, and prevention of fraudulent use of the service. | [Apple] (Required) Apple account ID, email address |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Handling civil complaints | User identity verification, confirmation of civil complaints. | (Required) Email address |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Service provision/improvement | Analysis of information for service provision and improvement, voice model improvement for customized voice service, and improvement of AI cognitive training learning data for service improvement and accuracy enhancement. | (Required) Service usage history, access logs, and user voice and video data extracted from call recordings entrusted to the Company. |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Marketing and ad use | Provision of new service (product) recommendations and customized services, and utilization of event and promotion information for marketing purposes. | (Optional) Email address, mobile phone number, login ID, gender, date of birth, service usage history |
Personal Information Protection Act, Article 15, Paragraph 1, Item 1 (Consent) | Use for Silvia's own research | Collection of health behavior data and cognitive health data for long-term health behavior guidance and cognitive health changes of the Silvia program using panel data. | (Required) Email address (login ID), mobile phone number, password, name, date of birth, gender, service usage history, access logs, voice and video data |
Personal Information Protection Act, Article 23, Paragraph 1 (Sensitive Information) | Service provision/improvement | Analysis of information for service provision and improvement, voice model improvement for customized voice service, and improvement of AI cognitive training learning data for service improvement and accuracy enhancement. | Voice and video data extracted from call recordings entrusted to the Company, voice data of users who have requested a voice test, and other user-provided health information |
3. Items Automatically Generated and Collected During Service Use
Service usage history, access logs, IP address, cookies, date and time of visit, records of fraudulent use.
4. Processing and Retention Period of Personal Information
① The Company processes and retains personal information for the period stipulated by law or for the period agreed upon by the data subject at the time of collection.
② The processing and retention period for each type of personal information is as follows:
② The processing and retention period for each type of personal information is as follows:
- Website Membership and Management: Until membership withdrawal. However, if any of the following reasons apply, the information will be kept until the reason is resolved:
- If a criminal investigation or inquiry related to a violation of relevant laws is in progress, until the investigation or inquiry is completed.
- If there are outstanding claims or debts related to website use, until the claims and debts are settled.
- Service Provision/Improvement: Until membership withdrawal. However, for voice data, until the retention period specified below:
- Voice data is encrypted to be unidentifiable and stored permanently.
- Provision of Goods or Services: Until the supply of goods/services is completed and payment/settlement is completed. However, if any of the following reasons apply, the information will be kept until the end of the specified period:
- Records regarding contracts or withdrawal of subscription: 5 years (Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc., Article 6, Paragraph 1, Item 2)
- Records regarding payment and supply of goods: 5 years (Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc., Article 6, Paragraph 1, Item 3)
- Records regarding consumer complaints or dispute resolution: 3 years (Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc., Article 6, Paragraph 1, Item 4)
- Records regarding display/advertisement: 6 months (Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc., Article 6, Paragraph 1, Item 1)
- Retention of communication confirmation data in accordance with Article 15-2, Paragraph 2 of the 「Telecommunications Secret Protection Act」:
- Computer communication, internet log data, access location tracking data: 3 months
5. Procedures and Methods for Personal Information Destruction
① When personal information becomes unnecessary due to the expiration of the retention period or the achievement of the purpose of processing, the information is destroyed without delay.
② If personal information must be retained for a continuous period according to other laws, even after the personal information retention period agreed upon by the data subject has expired or the purpose of processing has been achieved, the information is transferred to a separate database (DB) or stored in a different location.
※ The items and legal basis for personal information retained according to other laws can be confirmed in the '5. Personal Information Processing and Retention Period' section.
③ The procedures and methods for personal information destruction are as follows:
② If personal information must be retained for a continuous period according to other laws, even after the personal information retention period agreed upon by the data subject has expired or the purpose of processing has been achieved, the information is transferred to a separate database (DB) or stored in a different location.
※ The items and legal basis for personal information retained according to other laws can be confirmed in the '5. Personal Information Processing and Retention Period' section.
③ The procedures and methods for personal information destruction are as follows:
- Destruction Procedure:
- Select the personal information for which the reason for destruction has occurred, and destroy it after obtaining approval from the personal information protection officer.
- Destruction Method:
- Personal information recorded/stored in electronic file format is destroyed in a way that the records cannot be reproduced, and personal information recorded/stored in paper documents is destroyed by shredding or incineration.
6. Provision of Personal Information to Third Parties
① The Company provides personal information to third parties to the minimum extent necessary to provide smooth services, by obtaining the data subject's consent in accordance with Article 17, Paragraph 1, Item 1 of the 「Personal Information Protection Act」.
Third Party Recipient | Purpose of Use | Items Provided | Retention and Use Period |
Organizations affiliated with the user (e.g., volunteer centers, administrative welfare centers, welfare centers, local government organizations), and data managers | Service management, user management, user case management, and civil complaint handling | (Required) Email address (login ID), mobile phone number, password, name, date of birth, gender, service usage history, access logs, user voice and video data extracted from entrusted call recordings, profile photos, volunteer ID | Until the end of the service |
7. Entrustment of Personal Information Processing
① The Company entrusts the processing of personal information to the following entities to provide smooth services.
Entrusted Entity | Details of Entrusted Work |
Google | Data storage |
Export to Sheets
② The Company enters into a written agreement with the entrusted entity to explicitly state its compliance with the Personal Information Protection Act, including prohibiting the entrusted entity from processing personal information for purposes other than those specified in the entrusted work, technical/managerial protective measures, supervision and management of the entrusted entity, and liability for damages, and to ensure that the entrusted entity processes and manages personal information safely.
③ If the details or entrusted entity of the entrusted work changes, the Company will publicly disclose the details of the entrusted work and the name of the entrusted entity without delay in accordance with the Personal Information Protection Act.
③ If the details or entrusted entity of the entrusted work changes, the Company will publicly disclose the details of the entrusted work and the name of the entrusted entity without delay in accordance with the Personal Information Protection Act.
8. Matters Regarding the Automatic Personal Information Collection Device
① The Company uses 'cookies' to provide individualized services to users and stores usage information from time to time.
② Cookies are small amounts of information sent by the server used to operate the website (http) to the user's computer browser and can be stored on the user's PC hard disk.
③ The user has the right to choose whether to install cookies. Therefore, by setting options in the web browser, the user can allow all cookies, go through a confirmation step each time a cookie is saved, or refuse to save all cookies.
② Cookies are small amounts of information sent by the server used to operate the website (http) to the user's computer browser and can be stored on the user's PC hard disk.
③ The user has the right to choose whether to install cookies. Therefore, by setting options in the web browser, the user can allow all cookies, go through a confirmation step each time a cookie is saved, or refuse to save all cookies.
- How to refuse cookie settings (Internet Explorer):
- Click the Tools menu at the top of the web browser → Internet Options → Personal Information tab → Block/Allow cookie settings.
- How to refuse cookie settings (Chrome):
- Click the Settings menu at the top right of the web browser → Show advanced settings → Privacy and security → Cookies and other site data → Settings.
- How to refuse cookie settings (Edge):
- Click the Settings menu at the top right of the web browser → Settings → Cookies and site permissions → Manage and delete cookies and site data.
④ Refusing to save cookies may lead to some services, such as personalized advertising, being restricted in their use.
9. Measures for Ensuring the Security of Personal Information
The Company takes the following measures to ensure the security of personal information.
- Administrative Measures: Establishing and implementing internal management plans, providing regular employee training, and operating a dedicated organization.
- Technical Measures: Managing access rights to personal information processing systems, installing access control systems and other related protective measures, blocking internet access, encrypting personal information, retaining and inspecting access records, installing and updating security programs, and checking and fixing vulnerabilities in personal information processing systems.
- Physical Measures: Controlling access to server rooms and data storage rooms, storing documents and auxiliary storage media in a secure place with a lock, taking safety measures against disasters, and controlling the entry and exit of auxiliary storage media.
10. Rights and Obligations of Data Subjects and Their Legal Representatives, and How to Exercise Them
① A data subject can, at any time, request to view, transmit, correct, delete, suspend the processing of, or withdraw consent for their personal information (hereinafter referred to as "exercise of rights") from the Company.
② Rights can be exercised in writing, by phone, email, fax, or online in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
② Rights can be exercised in writing, by phone, email, fax, or online in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
- A data subject can directly view, correct, delete, suspend the processing of, or withdraw consent for their personal information at any time on the website under 'My Info > Member Info', or request to view it through 'Contact Us'.
- A data subject can, at any time, refuse or request an explanation for automated decisions through 'My Info > Member Info > Contact Us' on the website.
③ Rights can also be exercised through a legal representative or a person who has been delegated authority. In this case, a power of attorney in the format of "Notification on Personal Information Processing Methods" [Attachment 11] must be submitted.
④ The right of a data subject to view and suspend the processing of personal information may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information is explicitly stated as a subject for collection in other laws, the data subject cannot request its deletion.
⑥ The Company confirms whether the person exercising the rights is the data subject or a legitimate representative.
⑦ A data subject can exercise their rights with the department below. The Company will respond within 10 days (or without delay for a request for transmission) from the date of receiving the request from the data subject.
④ The right of a data subject to view and suspend the processing of personal information may be restricted by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information is explicitly stated as a subject for collection in other laws, the data subject cannot request its deletion.
⑥ The Company confirms whether the person exercising the rights is the data subject or a legitimate representative.
⑦ A data subject can exercise their rights with the department below. The Company will respond within 10 days (or without delay for a request for transmission) from the date of receiving the request from the data subject.
Personal Information Rights Request Reception & Processing Department
- Department: Engineering Team
- Contact: 1577-3328 (ext. 2)
- Email: engineering@silviahealth.com
11. Personal Information Protection Officer
① The Company has designated a personal information protection officer as follows to oversee all matters related to personal information processing and to handle complaints and provide relief for damages related to personal information processing for data subjects.
Personal Information Protection Officer
Name: Myungjin Ko
Position: CEO
Contact: 1577-3328 (ext. 1)
Email: contact@silviahealth.com
Name: Myungjin Ko
Position: CEO
Contact: 1577-3328 (ext. 1)
Email: contact@silviahealth.com
Personal Information Protection Department
Department: Engineering Team
Contact: 1577-3328 (ext. 2)
Email: engineering@silviahealth.com
Department: Engineering Team
Contact: 1577-3328 (ext. 2)
Email: engineering@silviahealth.com
② A data subject can contact the personal information protection officer and the personal information protection department with any questions, complaints, or requests for damage relief related to personal information protection that arise while using the Company's services (or business). The Company will respond and process the data subject's inquiries without delay.
12. Methods for Seeking Relief from Rights Infringement
A data subject can apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency, etc., to seek relief from personal information infringement. In addition, for other reports or counseling on personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
- National Police Agency: (without area code) 182 (ecrm.police.go.kr)
13. Matters Regarding Changes to the Privacy Policy
① This privacy policy is effective from 10.13.2025.
② You can check the previous privacy policies below.
② You can check the previous privacy policies below.
- 2025.10.10(Notice) ~ 2025.10.13(Applied)
Made with Bullet