Notice on Email Address Collection The email addresses posted on this site must not be collected without permission through email collection programs or other technical devices. Please be aware that violation of this rule may result in criminal punishment under the Act on Promotion of Information and Communications Network Utilization and Information Protection.
Article 50-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection (Prohibition of Unauthorized Collection of Email Addresses)
- No one shall collect email addresses from an internet website that has explicitly stated its refusal of email address collection, by using programs or other technical devices that automatically collect email addresses.
- No one shall sell or distribute email addresses collected in violation of Paragraph 1.
- No one shall use email addresses, knowing that they are prohibited from being collected, sold, or distributed under Paragraphs 1 and 2, for transmitting information.
- Violation of this provision is punishable by a fine of up to 10 million Korean Won.

■ Items of Personal Information Collected
The company collects the following personal information for purposes such as membership registration, consultation, and service application:
- Collected items: Name, date of birth, gender, login ID, password, password question and answer, email, service usage records, access logs, cookies, access IP information, payment records
- Collection method: Through the website (membership registration, bulletin board)
Purpose of Collection and Use of Personal Information
The company uses the collected personal information for the following purposes:
- Fulfillment of contracts related to service provision
- Utilization for marketing and advertising
Retention and Use Period of Personal Information
In principle, once the purpose of collection and use of personal information has been achieved, the company will promptly destroy the relevant information. However, if retention is required under relevant laws and regulations, the company will keep member information for a certain period as prescribed:
- Retention basis: Act on the Use and Protection of Credit Information
- Retention period: 3 years
- Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records on the collection, processing, and use of credit information: 3 years (Act on the Use and Protection of Credit Information)

Article 1 [Purpose)
These terms and conditions apply to ITONE Co., Ltd. (hereinafter referred to as “Company”). Location-based services (hereinafter referred to as “services”) are provided to “members” (referring to people who agree to these terms and conditions and use the service. Hereinafter referred to as “members”). In order to provide this, the company collects the member's personal location information, and in its position as a location information provider, provides the member's personal location information to the location-based service provider in accordance with the provisions of the Act on the Protection and Use of Location Information, etc. The purpose is to establish rights, obligations, and other matters between members, the company, and location-based service providers.
Article 2 (Types of Services)
The services provided by the company are as follows:
➀ A service that verifies that the registered band holder is nearby by communicating with the installed AP, and transmits location information through the smartphone registered to the band when the holder leaves the band.
➁ A service that sends a danger notification message to the smartphone where the band is registered through the band's SOS button when the band holder recognizes an emergency situation.
➂ A service that measures a member’s heart rate by linking the band and a smartphone, and transmits the measured information to the server through the smartphone to check the health status.
➃ Other services that the company determines are consistent with the essence of this service and improve customer convenience Article 3 (Rules other than terms and conditions)
Matters not specified in these Terms and Conditions are subject to relevant laws and regulations such as the Act on Protection and Use of Location Information, the Telecommunications Business Act, and the Act on Promotion and Protection of Information and Communications Network Utilization, etc., the Company's Terms of Use, and detailed service usage guidelines separately established by the Company. Follow the regulations, etc.
Article 4 (Consent regarding collection of personal location information)
The company collects members' personal location information to provide location-based services, and members are deemed to have agreed to these terms and conditions by agreeing to them.
Article 5 (Withdrawal of consent to collection of personal location information)
Members may withdraw their consent to the collection of personal location information through methods such as terminating service.
Article 6 (Method of collecting personal location information)
① The company collects location information according to the method specified in the items below.
Bluetooth Beacon: Obtains location data by collecting information from surrounding beacons through the Bluetooth signal of the location information collection terminal (AP). Location data is obtained by matching the member's location through the communication strength and sensitivity of the AP and beacon.
② If the collection method of personal location information set forth in Paragraph 1 changes, the Company will announce it on the Internet or notify members. However, if prior notification is not possible due to reasons beyond the company's control, notification will be provided after the fact.
Article 7 (Protection of member’s personal location information)
The company strives to protect members' personal location information in accordance with relevant laws and regulations.
Article 8 (Retention of data confirming use and provision of personal location information)
① Based on Article 16, Paragraph 2 and Article 18, Paragraph 1 of the Act on Protection and Use of Location Information, etc., the Company automatically records data confirming the collection, use, and provision of location information for members in the location information system. , It is preserved for one year to respond to civil complaints.
② If a member withdraws all or part of his/her consent pursuant to the provisions of Article 24, Paragraph 4 of the Act on Protection and Use of Location Information, etc., the Company will confirm the collected personal location information and the fact of collection, use, and provision of location information without delay. Data (limited to personal location information of the part to be withdrawn and data confirming the use and provision of location information in the case of partial withdrawal of consent) will be destroyed. However, if the member separately consents or there is a need to preserve it pursuant to the provisions of the Framework Act on National Taxes, the Corporate Tax Act, the Value-Added Tax Act, or other related laws and regulations, the information shall be preserved in accordance with the relevant laws and regulations.
Article 9 (Retention and use period of personal location information)
The company achieves the purpose of collection, use or provision of the member's personal location information, or confirms the fact of collection, use and provision of location information that must be recorded and preserved pursuant to the provisions of Article 16, Paragraph 2 of the Act on Protection and Use of Location Information, etc. In accordance with the provisions of Article 23 of the Act on Protection and Use of Location Information, the personal location information is stored for two years for use within the scope of the purpose agreed upon by the customer and to respond to civil complaints, and is destroyed without delay after two years.
Article 10 (Provision of personal location information)
① In accordance with the provisions of Article 20 of the Act on the Protection and Use of Location Information, a location-based service provider that has obtained the member’s consent may request the company to provide the member’s personal location information.
② Location-based service providers must meet the following requirements and request personal location information from the company.
1. The fact that the member’s consent has been received
2. Scope and period of personal location information
③ If a location-based service provider requests a member's personal location information without consent pursuant to the provisions of Paragraph 1, or as a result of the Company's confirmation, it is determined that the member does not consent to the provision of personal location information, or if the request is subject to the relevant laws and regulations If the request is judged to be in violation of the above, the provision of the member's personal location information may be refused.
Article 11 (Obligations of the Company)
① If a member's complaint related to the collection of personal location information is received, the company must promptly process it. If prompt processing is difficult, the company will notify the member of the reason and processing schedule.
② The company complies with laws and regulations related to the collection of members’ personal location information, such as the Act on the Protection and Use of Location Information, the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Communications Secrets Protection Act, and the Telecommunications Business Act.
③ Pursuant to Article 20, Paragraph 1 of the Act on Protection and Use of Location Information, etc., the Company cannot refuse to provide personal location information requested by a location-based service provider without justifiable reasons.
Article 12 (Member’s Rights)
① Members may withdraw all or part of their consent to the Company’s collection of member personal location information.
② Members may request the Company to temporarily suspend the collection, use or provision of personal location information at any time, and the Company cannot refuse this and is equipped with technical means to do so.
③ Members may visit the company to request withdrawal of consent or suspension of personal location information collection pursuant to paragraphs 1 and 2, and may also request such request by phone, fax, or mail. If a member withdraws or suspends consent to the collection of personal location information pursuant to Paragraph 1 or 2, the Company's provision of various services to the member may become impossible.
④ Members may request the Company to view or notify the Company of any of the following materials, etc., and if there are errors in such materials, they may request correction.
1. Data confirming the collection/use/provision of location information for members
2. The member's personal location information is subject to the Act on Protection and Use of Location Information or other laws.
Reasons and contents provided to third parties in accordance with regulations.
Article 13 (Member’s Obligations)
① Members must not engage in any of the following acts.
1. Acts of registering or distributing computer virus-infected materials that cause malfunction of equipment related to the collection of personal location information or destruction or confusion of information, etc.
2. Acts of impersonating someone else and falsely stating one’s relationship with another person.
3. Distributing false information for the purpose of providing property benefit to oneself or others or causing damage to others.
4. Unauthorized misappropriation or leakage of another person’s personal location information.
5. Other illegal or unfair actions
② Members must comply with relevant laws and regulations, the provisions of these Terms and Conditions, the usage guide and notices posted on the service, and matters notified by the Company, and must not engage in any other acts that interfere with the Company's business.
Article 14 (Prohibition of transfer)
Members, companies and location-based service providers may not transfer or delegate all or part of their status or rights and obligations under these Terms and Conditions to a third party, or dispose of them for purposes such as providing collateral.
Article 15 (Compensation for Damages)
① If a member violates the provisions of these Terms and Conditions and causes damage to the company, the company may claim damages from the member. In this case, the member cannot avoid liability if he or she cannot prove that there was no intent or negligence.
② If damage occurs to a member due to the company's violation of Articles 15 to 26 of the Act on Protection and Use of Location Information, etc., the member may file a claim for compensation against the company. In this case, the company cannot avoid liability if it cannot prove that there was no intention or negligence.
Article 16 (Disclaimer)
① If the Company is unable to collect personal location information due to a natural disaster or other force majeure, the Company shall be exempted from liability in this regard.
② The Company is not responsible for any disruption in service use resulting from the Company’s failure to collect personal location information or incorrect collection of personal location information due to reasons attributable to members or location-based service providers.
Article 17 (Obligations of the company)
① If damage occurs to a member due to the company's violation of the provisions of Articles 15 to 26 of the Act on Protection and Use of Location Information, etc., the member may file a claim for damages against the company. In this case, the company cannot avoid liability if it cannot prove that there was no intention or negligence.
② If the parties do not reach an agreement or cannot reach an agreement regarding a dispute related to location information, the company or the member may apply for mediation to the Personal Information Dispute Mediation Committee under Article 43 of the Personal Information Protection Act. Article 18 (Service usage fees and conditions)
➀ The company and the member enter into a supply reservation that includes information on usage fees according to the scope of service use.
➁ Members pay usage fees according to the conditions specified in the service supply contract, and the company provides the service.
Article 19 (Company contact information)
The company's name and address are as follows.
① Company name: ITONE Co., Ltd.
② Address: #207, 260, Changryong-daero, Yeongtong-gu, Suwon-si, Gyeonggi-do (Gwanggyo Central Biz Tower)
③ Main phone number: 031-8066-7720, FAX: 031-8066-7722
(Supplementary provisions)
Article 1 (Enforcement Date) These terms and conditions will come into effect from June 1, 2022.

Article 1 (Purpose)
① These standards are established pursuant to Article 16(1) of the Act on the Protection and Use of Location Information (hereinafter referred to as the “Act”) and Article 20(3) of the Enforcement Decree of the same Act, to set the minimum criteria for administrative and technical protective measures necessary to prevent leakage, alteration, or damage of location information and to ensure the security of location information when processed by location information providers and location-based service providers (hereinafter referred to as “location information business operators, etc.”).
Article 2 (Definitions)
① The terms used in these standards are defined as follows:
- Location Information Manager: An employee who oversees or makes final decisions on location information protection tasks.
- Location Information Handler: A person who processes location information under the direction and supervision of the location information business operator, etc.
- Records of Collection, Use, and Provision of Location Information: Materials confirming the collection, use, and provision of location information under Article 2(4) and (5) of the Act.
- Malicious Program: A program that may damage, delete, alter, forge, or interfere with the operation of information systems, data, or programs.
- Disaster: As defined in Article 3(1) of the Framework Act on Disaster and Safety Management.
- Auxiliary Storage Medium: A medium capable of storing information that can be easily separated or connected to a location information system or personal terminal.
② Terms not defined herein shall follow the definitions in the Act and the Enforcement Decree.
Article 3 (Organization Structure and Operation)
① Considering organizational size and importance of tasks, an information protection and personal information protection management system shall be established and continuously operated. The basis for organizational composition shall be specified in the information protection and privacy policy, and a professional working-level organization shall be formed and operated.
- The organization shall include: Location Information Manager (CEO), Privacy Officer (Head of Corporate Research Institute), Location Information Officer (Platform Team Leader of Corporate Research Institute), System Operations Officer (Operations Team Leader), Security Officer (Security Officer within Corporate Research Institute), working-level organization, and committee. (Amended Nov. 4, 2025)
- The composition and scale of the working-level organization shall consider company size, business/service characteristics, importance and sensitivity of information, and legal regulations.
- The working-level organization may be dedicated or concurrent, but even concurrent organizations must be officially assigned roles and responsibilities to ensure effective performance. The company operates the Corporate Research Institute as the working-level organization. (Amended Nov. 4, 2025)
- Members shall have expertise in information protection and privacy, with degrees, certifications, practical experience, or relevant training.
- A committee shall be formed to review, approve, and decide on important matters related to information protection and privacy.
- The committee shall consist of executives, managers, and officers with actual authority to make decisions.
- Meetings shall be held regularly or as needed.
Article 4 (Designation of Location Information Manager and Handlers)
① The location information business operator, etc. shall designate a Location Information Manager to perform the following tasks:
- Overall management of collection, use, provision, disposal, and administration of location information.
- Inspection of unlawful or improper acts involving location information by employees or third parties.
- Handling and supervision of complaints or opinions raised by data subjects regarding location information processing.
- Other necessary matters for location information protection.
② The Location Information Manager shall be an executive or a department head/team leader responsible for managing location information or customer complaints.
③ The operator shall designate Location Information Handlers under its supervision, who shall perform:
- System/network security management, access control to restricted areas.
- Ensuring stable operation services, backups, and media security.
- Handling complaints and inspecting unlawful acts related to location information.
Article 5 (Designation and Limitation of Access Rights)
① Access rights to the location information system shall be granted only to the minimum number of personnel necessary, differentiated by task stage (collection, use, provision, disposal).
② When personnel changes occur (transfer, resignation), access rights must be modified or revoked without delay.
③ Records of granting, modifying, or revoking access rights shall be kept for at least five years.
Article 6 (Response to Location Information Security Incidents)
① Signs or incidents of location information breaches must be reported immediately to the Location Information Manager. Examples include:
- Unauthorized disclosure of personal location information.
- Excessive or unnecessary queries/downloads.
- Unauthorized mass transmission or printing.
- Deletion, alteration, or damage of location information files.
- Discrepancies in login/logout records.
- System/software errors or abnormal shutdowns.
- Attempts to operate with administrator privileges by general users.
- Security system alerts.
- Access attempts using accounts of retirees or those on leave.
- Any other intrusion or suspicious activity.
- Processing of personal location information without customer consent.
② Reports must be made only to the designated management department.
③ Victims must be notified in writing within one week after approval by the Location Information Manager.
④ Compensation procedures shall be determined by convening a committee.
Article 7 (Data Subject Rights and Complaints)
① Data subjects may exercise rights such as access, correction, deletion, or suspension of processing of location information.
② Requests may be made via writing, email, or fax, and the company shall act without delay.
③ Upon receipt, the company shall verify identity and assign handling to the responsible department.
④ The responsible officer shall report to the Location Information Manager and provide the processing results to the data subject in writing (email, SMS, etc.).
Article 8 (Regular Training for Handlers)
① The company shall conduct training to protect location information and prevent incidents.
- Frequency: At least twice per year.
- Participants: Location Information Manager, Officers, Handlers, and related staff.
② Training methods may include group sessions, departmental training, or groupware-based education.
③ Attendance records and evidence shall be kept for at least three years.
④ Those unable to attend shall be scheduled for make-up training.
Article 9 (Operation of Records)
① System Account Management Ledger: Records of account creation/deletion, including service name, server, department, name, account, status, date, reason, usage period, with approvals preserved.
② Print/Copy Management Ledger: Records of printing/copying personal location information, including purpose, destruction details, operator and recipient details, destruction date, and approvals.
Article 10 (Regular Internal Audit)
① Internal audits shall be conducted at least once per year to verify implementation of protective measures.
② Audits shall be conducted in June or December.
③ Audits shall be performed by a Location Information Audit Committee composed of executives and department heads.
④ Findings shall be corrected or addressed through disciplinary measures if necessary.
⑤ Records shall be kept for at least three years.
Article 11 (Identification and Authentication)
① Secure identification/authentication methods must be applied to verify legitimate access.
② Accounts must be issued individually and not shared.
③ Password rules must be established and enforced.
④ Device addresses must be identified to restrict access and block external intrusion.
Article 12 (Firewall and Access Control)
① Unauthorized access must be blocked through:
- Installation/operation of firewalls.
- Limiting access time.
- Other technical measures.
Article 13 (Electronic Logging of Access)
① Access to the system must be automatically logged.
② Logs must be retained for at least one year.
③ Logs must be protected against tampering, theft, or loss.
Article 14 (Security Programs)
① Operators must install and operate antivirus and other security programs.
- Automatic updates or monthly updates must be applied.
- Immediate updates must be applied upon security alerts or vendor notices.
Article 15 (Encryption and Secure Transmission)
① Operators must apply encryption or equivalent measures to securely store and transmit location information.
② Access time must be minimized.
③ Other technical measures must be applied to prevent unauthorized access.
Article 16 (Destruction of Location Information)
① Location information must be destroyed without delay when retention period expires or processing purpose is achieved.
- If retention is required by law, data must be stored separately.
② Destruction must be approved by the Location Information Manager.
③ Electronic files must be destroyed using irreversible methods.
④ Paper records must be shredded or incinerated.
Supplementary Provisions
- Effective Date: September 1, 2023.
- Effective Date (Amendment): November 4, 2025.
- Amendment: Article 3 (Organization Structure and Operation) clarified regarding composition of location information protection organization.