Privacy Policy
Notice Date: September 25, 2025
Sky Labs Co., Ltd. (hereinafter referred to as the "Company") values the privacy of its users and strives to comply with relevant laws, including the Personal Information Protection Act.
Through this Privacy Policy (hereinafter referred to as the "Policy"), the Company informs you of the purpose and manner in which the Company uses personal information collected from users in the course of providing the CART App service (hereinafter referred to as the "Service") and what measures are taken to protect personal information.
1. Purpose of Personal Information Processing
The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1) Membership registration and management
(1) Personal information is processed for the purpose of confirming the intention to join the membership, identifying and authenticating the person in accordance with membership management, and maintaining and managing membership qualifications.
2) Provision of CART App Service
(1) Personal information is processed for the purpose of providing measurement results using the CART App service.
(2) The products applicable to the CART App Service are as follows.
-
CART BP pro
-
CART BP
2. Purpose of processing personal information, processing items, retention and use period and legal basis
The Company shall process and retain personal information within the period of retention and use of personal information in accordance with the laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
3. Items of Personal Information Processed
The Company processes the following personal information with the consent of the user. .
Purpose of processing
Membership registration and management
CART APP Service Provision
Purpose of processing
CART BP pro
CART BP
CART BP pro
CART BP
Personal information item
-
Email address
-
User account
-
Name
-
Password
-
Key
-
Weight
-
Phone number
General Personal Information
-
Patient number
-
Device information collected from the device
(Device Name, MAC address, firmware version, log information) -
Acceleration sensor data collected from the device
-
Location information (destroyed immediately after BLE connection)
Sensitive Information
-
Treatment time data
-
PPG measurement data
-
Biometric information (pulse rate, blood)
General Personal Information
-
Gender
-
Age group
-
Area of residence
-
Device Information Collection Data
(Device Name, MAC address, firmware version, log information) -
Location information (immediately destroyed after BLE connection)
Sensitive Information
-
Height
-
Weight
-
Medications (including high blood pressure)
-
Biometric information (blood pressure, pulse, irregular pulse waves)
-
Average monthly blood pressure data
-
Average daily blood pressure data
Retention and Use Period and Legal Basis
-
Stored separately for 30 days to respond to requests for restoration after membership withdrawal, then destroyed
-
Records on handling consumer complaints or disputes: 3 years
"Act on the Protection of Consumers in Electronic Commerce, etc."
-
Until membership withdrawal
4. Matters Concerning the Processing of Personal Information of Children Under the Age of 14
In principle, the Company does not collect personal information of minors. If it is necessary to collect personal information of persons under the age of 19 (adolescents weighing 30 kg or more) for the use of the service, the Company will obtain the consent of the legal representative in advance, destroy the information without delay upon completion of the relevant business, and thoroughly manage personal information during the business.
5. Provision of Personal Information to Third Parties
The Company shall process the personal information of the information subject only within the scope specified in the purpose of processing the personal information, and shall provide the personal information to a third party only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject or special provisions of the law, and shall not otherwise provide the personal information of the information subject to a third party.
In order to provide smooth service, the Company shall obtain the consent of the information subject in the following cases and provide it only to the minimum extent necessary.
Personal Information
To whom provided
Medical institution designated by the user
Category
CART BP,
CART BP pro
Personal Information
Purpose of use
Utilization of blood pressure information for medical treatment and healthcare purposes
Items of personal information provided
General personal information
-
User ID
-
Phone number
-
Name
Sensitive information
-
PPG measurement information (blood pressure, pulse rate)
-
Cuff type blood pressure measurement information (for blood pressure calibration)
Retention period of the recipient
Retention until the purpose of medical treatment is fulfilled and then destroyed
However, if preservation is required under relevant laws such as the Medical Act, it is retained only for that purpose.
6. Outsourcing of Personal Information Processing
The Company entrusts the processing of personal information to external specialized companies as follows. The entrustment of personal information processing is made to each entrusted company only when necessary for the fulfillment of each individual service. If the contents of the entrusted work or the entrustee changes, we will disclose it through this privacy policy without delay.
Name of the outsourcer
MetaM Co., Ltd.
Amazon Web Services, Inc.
Contents of consignment
Customer Service Center CS Response and Handling
Provision of web services, including cloud services, for the company's service delivery
7. Procedures and Methods for Destroying Personal Information
In principle, the Company destroys personal information without delay when the purpose of collecting and using personal information is achieved or when the user's personal information becomes unnecessary due to membership withdrawal. However, if it is necessary to continue to preserve personal information in accordance with relevant laws and regulations after the purpose is achieved, the personal information shall be transferred to a separate DB or preserved in a different storage location.
Specific personal information destruction procedures and methods are as follows.
Disposal Procedure
Disposal Method
Personal information collected during the service usage process will be promptly destroyed once the purpose of processing is achieved or the retention period required by relevant laws and regulations expires.
Personal information stored in electronic file formats is deleted using technical methods that prevent the records from being reproduced. Personal information printed on paper is destroyed by shredding or incineration.
8. User Rights and Obligations, Methods of Exercise, and Related Precautions
Personal Information
Viewing, correction
Deletion and suspension of processing
Withdrawal of Consent Regarding Personal Information
Important Notice Regarding User Personal Information
Users may view, correct, delete, or suspend the processing of their personal information collected and used by the Company at any time.
If you wish to view, correct, delete, or suspend the processing of your personal information, charge of personal information protection of the Company please contact the person in in writing, by phone, or by e-mail, and we will take action without delay.
Users may also request to view, correct, delete, or suspend the processing of their personal information through an agent, such as a legal representative or a person authorized by the user. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the "Notice on the Method of Processing Personal Information".
If you request the correction of errors in your personal information, the Company will not use such personal information until the correction is completed.
However, the Company may refuse to view or correct all or part of your personal information in any of the following cases.
-
If there is a risk of significant harm to the life, body, property, or rights and interests of the user or a third party or a third party
-
If it is likely to significantly interfere with the Company's business
-
If it is against the law
Users may withdraw their consent to the collection, use, and provision of personal information at any time.
By contacting the Personal Information Protection Officer in writing, by phone, or via email, we will promptly take necessary measures such as destroying the user's personal information. The company will take necessary measures to ensure that withdrawing consent for personal information collection is easier than the method used to collect the information.
Users have the right to have their personal information protected, along with the obligation to protect themselves and refrain from infringing on others' information.
Users are requested to accurately input their personal information in its most current state to prevent unforeseen accidents. Responsibility for accidents arising from inaccurate information entered by the user lies solely with the user. Inputting false information, such as misappropriating another person's information, may result in disadvantages.
Please be careful not to damage others' personal information, including their posted content.
Failure to fulfill these responsibilities and damaging others' information or dignity may result in penalties under relevant laws and regulations, such as the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.」.
9. Measures to ensure the safety of personal information
1) The company implements the following technical, administrative, and physical measures to ensure the security of users' personal information during processing, preventing loss, theft, leakage, alteration, or damage.
(1) Administrative Measures: Establishing and implementing internal management plans, operating dedicated organizations, conducting regular employee training
(2) Technical Measures: Access rights management for personal information processing systems, installation of access control systems, encryption of personal information,
installation and updating of security programs
(3) Physical Measures: Access control for computer rooms, data storage rooms, etc.
2) To ensure the security of personal information, the company implements the following activities in addition to those required by law.
(1) Acquisition of domestic and international personal information protection certifications: ISO/IEC 27701
10. Installation and operation of automatic personal information collection devices and matters concerning refusal thereof
The company does not operate any automatic information collection devices within the CART BP pro App.
11. Matters Concerning the Processing of Pseudonymized Information
The company may process collected personal information by pseudonymizing it to prevent identification of specific individuals for purposes such as statistical compilation, scientific research, and public interest record preservation. The Company does not outsource the processing of pseudonymized information or provide it to third parties. Pseudonymized information is stored and managed separately to prevent re-identification. Records detailing the processing of pseudonymized information are created and retained. Access to computer rooms, data storage facilities, and other locations where pseudonymized information is stored is controlled. Necessary technical, administrative, and physical protective measures are implemented.
Category
Service
For improvement
Research
Purpose of Processing
Algorithms for internal service research For the purpose of advancement
Processing Items
Sensitive Information
-
Biometric information (pulse rate, oxygen saturation, irregular pulse wave and atrial fibrillation, ECG, heart rate)
-
Symptom information entered by the user Acceleration sensor information collected from the device
Retention and use period
Until the research objectives are achieved
12. Chief Privacy Officer
The company has designated a Personal Information Protection Officer as follows to protect users' personal information and handle complaints related to personal information.
Chief Privacy Officer
Name
Position
Contact
Adress
Minsoo Chang
Executive Director
1599-3402
703, 58, Pangyo-ro 255beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do
Users may report any privacy-related complaints arising from the use of the Company's services to the Privacy Officer. The Company will provide prompt responses to user reports.
13. Matters Concerning Requests for Access to Personal Information
Data subjects may submit requests to access their personal information pursuant to Article 35 of the Personal Information Protection Act to the department listed below.
The company will endeavor to process data subjects' requests for access to their personal information promptly.
14. Remedies for Violations of Personal Information Rights
Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, and other relevant bodies to seek redress for personal information infringements. For reporting or consulting on other personal information infringements, please contact the institutions listed below.
Personal Information Dispute Mediation Committee
Personal Information Infringement Report Center
Supreme Public Prosecutor's Office Online Complaint Center
National Police Agency Cyber Safety Bureau
Website
Contact
Website
Contact
Website
Contact
Website
Contact
1833-6972
118
1301
182
15. Other Policies Related to Personal Information Processing
Link Site Provision Policy
Policy Against Unauthorized Email Collection
Transmission of advertising information
Changes to This Policy
The Company may provide links to websites or materials offered by other companies through its services. In such cases, the Company has no control over external sites or materials and therefore cannot be held responsible for or guarantee the usefulness of any services or materials obtained from them. When you click a link posted on the Company's Service to navigate to another website or page, the personal information on that site is processed according to its own separate privacy policy, which is unrelated to the Company. Please review the policies of such sites.
The company prohibits the unauthorized collection of posted email addresses using email harvesting programs or other technical devices.
The company does not send commercial advertising information contrary to the user's explicit opt-out request. If a user consents to receiving email communications such as product information guides or newsletters, the company ensures that the user can easily recognize this by clearly indicating it in the subject line and body of the email.
This policy was revised on September 1, 2025, and may be added, deleted, or modified in accordance with changes in laws, policies, or security technology, and when adding, deleting, or modifying the contents, we will notify the reason for the change and the contents through the homepage when implementing the changed privacy policy. If there are important changes such as providing personal information to a third party, changing the purpose of collection and use, or changing the retention period, we will obtain the user's consent in addition to the notice.
This policy is effective as of September 25, 2025.