Privacy Policy
Notice Date: September 25, 2025
Sky Labs Co., Ltd. (hereinafter referred to as the "Company") values the privacy of its users and strives to comply with relevant laws, including the Personal Information Protection Act.
Through this Privacy Policy (hereinafter referred to as the "Policy"), the Company informs you of the purpose and manner in which the Company uses personal information collected from users in the course of providing the CART App service (hereinafter referred to as the "Service") and what measures are taken to protect personal information.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1) Membership registration and management
(1) Personal information is processed for the purpose of confirming the intention to join the membership, identifying and authenticating the person in accordance with membership management, and maintaining and managing membership qualifications.
2) Provision of CART App Service
(1) Personal information is processed for the purpose of providing measurement results using the CART App service.
(2) The products applicable to the CART App Service are as follows.
-
CART BP pro
-
CART BP
2. Purpose of processing personal information, processing items, retention and use period and legal basis
The Company shall process and retain personal information within the period of retention and use of personal information in accordance with the laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
3. Items of Personal Information Processed
The Company processes the following personal information with the consent of the user. .
-
Email address
Purpose of processing
Membership registration and management
CART APP Service Provision
Classification
CART BP pro
CART BP
CART BP pro
CART BP
Personal information item
-
User account
-
Name
-
Password
-
Key
-
Weight
-
Phone number
General personal information
-
Patient number
-
Device information collected from the device
(Device Name, MAC address, firmware version, log information) -
Acceleration sensor data collected from the device
-
Location information (destroyed immediately after BLE connection)
Sensitive Information
-
Treatment time data
-
PPG measurement data
-
Biometric information (pulse rate, blood)
General Personal Information
-
Gender
-
Age group
-
Area of residence
-
Device Information Collection Data
(Device Name, MAC address, firmware version, log information) -
Location information (immediately destroyed after BLE connection)
Sensitive information
-
Key
-
Weight
-
Medications (including high blood pressure)
-
Biometric information (blood pressure, pulse, irregular pulse waves)
-
Average monthly blood pressure data
-
Average daily blood pressure data
Retention/use period and legal basis
-
Stored separately for 30 days to respond to requests for restoration after membership withdrawal, then destroyed
-
Records on handling consumer complaints or disputes: 3 years
"Act on the Protection of Consumers in Electronic Commerce, etc."
Until membership withdrawal
4. Matters concerning the processing of personal information of children under the age of 14
In principle, the Company does not collect personal information of minors. If it is necessary to collect personal information of persons under the age of 19 (adolescents weighing 30 kg or more) for the use of the service, the Company will obtain the consent of the legal representative in advance, destroy the information without delay upon completion of the relevant business, and thoroughly manage personal information during the business.
5. Provision of personal information to third parties
The Company shall process the personal information of the information subject only within the scope specified in the purpose of processing the personal information, and shall provide the personal information to a third party only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject or special provisions of the law, and shall not otherwise provide the personal information of the information subject to a third party.
In order to provide smooth service, the Company shall obtain the consent of the information subject in the following cases and provide it only to the minimum extent necessary.
Personal Information
To whom provided
Medical institution designated by the user
Category
CART BP,
CART BP pro
Personal Information
Purpose of use
Utilization of blood pressure information for medical treatment and healthcare purposes
Items of personal information provided
General personal information
-
User ID
-
Phone number
-
Name
Sensitive information
-
PPG measurement information (blood pressure, pulse rate)
-
Cuff type blood pressure measurement information (for blood pressure calibration)
Retention period of the recipient
Retention until the purpose of medical treatment is fulfilled and then destroyed
However, if preservation is required under relevant laws such as the Medical Act, it is retained only for that purpose.
6. Outsourcing of Personal Information Processing
The Company entrusts the processing of personal information to external specialized companies as follows. The entrustment of personal information processing is made to each entrusted company only when necessary for the fulfillment of each individual service. If the contents of the entrusted work or the entrustee changes, we will disclose it through this privacy policy without delay.
Name of the outsourcer
Metaem Inc.
Amazon Web Services, Inc.
Contents of consignment
Customer center CS response and processing
Provision of web services such as cloud services for the provision of the Company's services
7. Procedures and methods for destruction of personal information
In principle, the Company destroys personal information without delay when the purpose of collecting and using personal information is achieved or when the user's personal information becomes unnecessary due to membership withdrawal. However, if it is necessary to continue to preserve personal information in accordance with relevant laws and regulations after the purpose is achieved, the personal information shall be transferred to a separate DB or preserved in a different storage location.
Specific personal information destruction procedures and methods are as follows.
Destruction Procedure
Method of destruction
Personal information collected in the process of using the service shall be immediately destroyed when the purpose of processing has been achieved or the retention period in accordance with relevant laws and regulations has arrived.
Personal information stored in the form of electronic files shall be deleted using technical methods that do not allow the records to be reproduced. Personal information printed on paper shall be destroyed by shredding or incineration.
8. User's rights and obligations, how to exercise them, and related precautions
Personal Information
Viewing, correction
Deletion and suspension of processing
Withdrawal of consent regarding personal information
Precautions regarding your personal information
Users may view, correct, delete, or suspend the processing of their personal information collected and used by the Company at any time.
If you wish to view, correct, delete, or suspend the processing of your personal information, charge of personal information protection of the Company please contact the person in in writing, by phone, or by e-mail, and we will take action without delay.
Users may also request to view, correct, delete, or suspend the processing of their personal information through an agent, such as a legal representative or a person authorized by the user. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the "Notice on the Method of Processing Personal Information".
If you request the correction of errors in your personal information, the Company will not use such personal information until the correction is completed.
However, the Company may refuse to view or correct all or part of your personal information in any of the following cases.
-
If there is a risk of significant harm to the life, body, property, or rights and interests of the user or a third party or a third party
-
If it is likely to significantly interfere with the Company's business
-
If it is against the law
You may withdraw your consent to the collection, use, and provision of personal information at any time.
If you contact the person in charge of personal information protection in writing, by phone or e-mail, we will take necessary measures, such as destroying your personal information without delay. The Company will take necessary measures to make it easier to withdraw consent to the collection of personal information than to collect personal information.
Along with the right to privacy, you also have the obligation to protect yourself and not infringe on the privacy of others.
We ask that you keep your personal information up to date and accurate to prevent any untoward incidents. You are responsible for any accidents that occur due to inaccurate information you enter, and you may be penalized for entering false information, such as stealing other people's information.
Please be careful not to damage other people's personal information, including posts.
If you fail to fulfill this responsibility and damage the information and dignity of others, you may be punished under relevant laws, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
9. Measures to ensure the safety of personal information
1) The Company takes the following technical, administrative, and physical measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged when processing users' personal information.
(1) Administrative measures: Establishment and implementation of internal management plan, operation of dedicated organization, and regular employee training
(2) Technical measures: Managing access rights to personal information processing systems, installing access control systems, and encrypting personal information, installation and update of security programs
(3) Physical measures: Access control to computer rooms, data storage rooms, etc.
2) In order to ensure the safety of personal information, the Company implements the following activities in addition to those stipulated by laws and regulations.
(1) Acquisition of domestic and international personal information protection certifications: ISO/IEC 27701
10. Installation and operation of automatic personal information collection devices and rejection thereof
The Company does not operate a device that automatically collects user information within the CART APP.
11. Handling of Pseudonymized Information
The Company may pseudonymize the collected personal information so that it cannot recognize a specific individual and process it for statistical compilation, scientific research, public interest record keeping, etc. We do not outsource or provide pseudonymized information to third parties, Pseudonymized information is stored and managed separately so that it cannot be re-identified, records are kept on the processing of pseudonymized information, and records are created and kept on the processing of pseudonymized information. We take necessary technical and administrative protection measures, such as controlling access to computer rooms, data storage rooms, etc. where pseudonymized information is stored.
Category
Service
For improvement
Research
Purpose of Processing
Algorithms for internal service research For the purpose of advancement
Processing Items
Sensitive information
-
Biometric information (pulse rate, oxygen saturation, irregular pulse wave and atrial fibrillation, ECG, heart rate)
-
Symptom information entered by the user Acceleration sensor information collected from the device
Retention and use period
Research Purpose
Until fulfilled
12. Privacy Officer
In order to protect your personal information and handle complaints related to your personal information, we have designated a personal information protection officer as follows protection officer as follows.
Personal Information Protection Officer
Name
Position
Contact
Adress
Minsoo Jang
Vice President
1599-3402
703, 58, Pangyo-ro 255beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
You may report any complaints related to the protection of personal information arising from the use of the Company's services to the person in charge of personal information protection Privacy Officer. The Company will promptly respond to the user's report.
13. Request for access to personal information
The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following departments. The Company will endeavor to promptly process the information subject's request for access to personal information.
14. Remedies for infringement of personal information rights and interests
The information subject may apply to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency, etc.
Personal Information Infringement Report Center, etc. for dispute resolution or consultation. Other Personal Information
Please contact the following organizations to report or consult about other personal information infringements.
Personal Information Dispute Mediation Committee
Personal Information Infringement Report Center
Supreme Public Prosecutor's Office Online Complaint Center
National Police Agency Cyber Safety Bureau
Website
Contact
Website
Contact
Website
Contact
Website
Contact
1833-6972
118
1301
182
15. Other personal information processing related policies
Linking Sites
Provision Policy
Unauthorized Collection of Email
Opt-Out Policy
Transmission of Advertising Information
Changes to this Policy
Through the Services, we may provide links to websites or materials provided by other companies. In this case, the Company has no control over the external sites and materials, and therefore cannot be responsible for and does not guarantee the usefulness of the services or materials provided by them. If you click on a link on the Company's Service to go to a page of another website, etc., your personal information will be handled in accordance with a separate privacy policy that is not related to the Company, so please review the policy of that site.
The Company rejects the unauthorized collection of posted email addresses through the use of email harvesting programs or other technical devices.
The Company does not send commercial information for commercial purposes against the user's explicit refusal to receive it. If the user agrees to send e-mails such as product information and newsletters, the Company will take measures to make it easy for the user to recognize it in the subject line and body of the e-mail.
This policy was revised on September 1, 2025, and may be added, deleted, or modified in accordance with changes in laws, policies, or security technology, and when adding, deleting, or modifying the contents, we will notify the reason for the change and the contents through the homepage when implementing the changed privacy policy. If there are important changes such as providing personal information to a third party, changing the purpose of collection and use, or changing the retention period, we will obtain the user's consent in addition to the notice.
This policy is effective as of September 25, 2025.