Privacy Policy

HB Connect Co., Ltd. (hereinafter referred to as the "Company"), as the operator of the onsim service, has established and discloses this Privacy Policy in accordance with applicable data protection laws and regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international laws. This policy is designed to protect users' personal information and rights and to ensure the proper handling of any related concerns or complaints.

Please note that this policy does not apply to data processed on behalf of other organizations. Such data processing is governed by the contract with the respective organization. For information on how those organizations handle personal data, please refer to their individual privacy policies.

1. Personal information refers to any information relating to an identified or identifiable living individual. This may include names, identification numbers, images, or any other data that can be used—either alone or in combination with other data—to identify a person.
2. Sensitive information includes data related to a person's health, genetic or biometric data, sexual orientation, religious or political beliefs, trade union membership, or any other information that could significantly impact an individual's privacy.
3. User refers to any individual who agrees to onsim's Terms of Service and Privacy Policy and provides personal and/or sensitive information to the Company to use onsim services.
4. Onsim services include all services provided by the Company, which can be accessed through the web, chatbot, or mobile application (hereinafter "App").
5. The Company complies with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international privacy laws, depending on the user's region.
6. This Privacy Policy is publicly available through our website and the onsim App.
7. Users are required to review and accept this Privacy Policy and Terms of Service before using the service. Consent is confirmed when the user taps the "Agree" button.

The Company collects only the personal information necessary to operate and provide the onsim service. If additional personal information is needed, it will be collected only after obtaining your explicit consent. When you sign up for or use onsim, you may be asked to provide the following types of personal information:

1. General Personal Information and Identifiers: We collect basic contact information such as your name, username or nickname, email address, mailing address, and phone number.
2. Demographic Data: Depending on the service, you may be asked to provide or voluntarily submit demographic details including age, gender, marital status, and similar information.
3. Payment Information: If you make a purchase or engage in financial transactions, we collect payment-related information such as credit card numbers, bank account details, and billing information.
4. Content and Files: We collect photos, documents, or other files you upload to onsim. We also store and process any communications you send to us, including emails and messages.
5. Sensitive Personal Information:
   • Account Access Credentials: We collect usernames, account numbers, passwords, security codes, or other credentials required to access your account securely.
   • In-App Communication Content: We collect messages and other content you share through onsim's chat features and community forums.
   • Health Data: We collect and analyze health-related information including gender, date of birth, occupation, information about existing or chronic medical conditions, health metrics such as blood pressure, heart rate, body composition, height, weight, fasting blood glucose, exercise history and activity records.
6. Technical Information Automatically Collected During Use of Onsim: When you use our website or mobile application, certain internet and electronic network activity information is automatically generated and recorded. This includes device type and operating system, browser type and version, IP address and general location, language settings, date and time of access, app usage behavior, crash logs and performance data, unique device identifiers and advertising identifiers.
7. Log Data: When you use the onsim mobile app, our servers automatically record your IP address, device type and operating system, app settings and version, date and time of access to onsim, and app usage activity.
8. Geolocation Data: Depending on your device and app settings, we may collect geolocation data when you use our app or online services. We may infer your general location based on your IP address.
9. Device Information: We collect information about the device you use to access onsim, including the device type, operating system, settings, unique device identifiers, crash reports, and diagnostic data.
10. Usage Data and Personalization: While using onsim, we collect data about your activities, such as food or exercise logs, to personalize your experience. We also collect details about your interactions with our website, app, or connected products.
11. Sensor Data: If you choose to connect third-party sensors or devices (e.g., Apple Watch), we may receive data such as step counts, workout data, or other fitness-related metrics.
12. Inferred or Derived Information: We may generate new information about you based on the data we collect. For example, we may calculate your Body Mass Index (BMI) using your height and weight data.
13. Third-Party Device and Service Integration: With the user's explicit consent, our service may collect health-related data from third-party devices and services such as Garmin Connect and InBody. This may include heart rate, activity records, sleep data, and body composition metrics.

When using the onsim mobile app, we may request access to the following device functions, depending on your settings and service usage. You may decline optional permissions, but doing so may limit some app features.

• Location (optional): To display maps and perform location-based searches
• Storage (optional): To save photos and other uploaded files
• Physical Activity (optional): To collect health data such as step counts and heart rate
• Notifications (optional): To receive alerts about content, reminders, or updates

We do not share your personal information with third parties unless:

1. You have provided explicit consent
2. We are legally obligated to do so under applicable laws or court orders

To provide services efficiently, some user data may be transferred to servers or service providers located outside your country of residence.

Transfer Method: Real-time via secure network during service use

Retention Period: Deleted upon service termination or based on our retention policy

Safeguards: Encryption, access control, and other security technologies are applied.

1. The company retains a user's personal data from the time the user agrees to the Terms of Service and Privacy Policy and registers for membership until the user terminates the service agreement or withdraws membership.
2. In the case of voluntary withdrawal, the company may retain certain personal data in a separately stored and masked format for up to 90 days for the purposes of responding to customer inquiries, conducting statistical analysis for service improvement, and addressing potential legal disputes.
3. After the retention period has expired, the personal data will be permanently and irreversibly deleted (hard delete).
4. Account deactivation refers to the temporary locking of a user's account. The user may request reactivation through identity verification and administrator approval.
5. Personal data may be retained separately until the applicable circumstances are resolved in cases of ongoing investigations, outstanding debts, or as required by applicable laws.

1. Upon membership withdrawal, the company will immediately exclude the personal data from active service use and store it separately in a masked and non-identifiable format for a designated retention period. After the retention period expires, the data will be permanently and irreversibly deleted (hard delete).
2. When the purpose of personal data collection and use has been achieved, or when the retention period has expired and the data is no longer necessary, the company will destroy the personal data without delay.
3. Destruction Procedure: The company selects personal data subject to destruction and proceeds with destruction after obtaining approval from the Personal Information Protection Officer.
4. Destruction Method: Personal data stored in electronic file formats will be permanently deleted so that it cannot be recovered. Personal data recorded and stored in paper documents will be shredded or incinerated for destruction.

We apply the following technical and organizational safeguards:

1. Limit access to personal data to authorized personnel only
2. Maintain internal policies for secure data handling
3. Encrypt stored and transmitted personal information
4. Keep access logs for at least 6 months and protect them from tampering
5. Secure physical documents in locked environments

We use cookies and similar technologies to provide personalized services and improve user experience.

Usage examples:

• Auto-login
• Analyze site traffic and user behavior
• Offer personalized content and marketing

You may control or block cookies:

• On iOS: Settings → Privacy → Tracking → Turn off "Allow Apps to Request to Track"
• On Android: Settings → Privacy → Ads → Reset or delete Ad ID
• On browser: Adjust cookie settings in your browser's privacy options

You may exercise the following rights regarding your personal data:

1. Request access to your data
2. Request correction of inaccurate data
3. Request deletion of your data
4. Request restriction of processing

You may exercise your rights by contacting us via email at hbconnect@hbconnect.io.

If we make changes to this Privacy Policy, we will notify you at least 7 days in advance. For material changes (e.g., third-party sharing), we will notify you 30 days in advance and obtain your consent where required.

We are committed to responding to your requests promptly.

If you believe your personal information has been misused or handled improperly, you may take the following actions:

1. Contact Us Directly: Email us at hbconnect@hbconnect.io. We will respond within 7 business days and work to resolve the issue within 30 days.
2. External Help:
   • EU/EEA Users: You may file a complaint with your country's Data Protection Authority. → View EU Supervisory Authorities
   • California Users: Contact the California Privacy Protection Agency (CPPA)

We are committed to protecting your personal data and resolving any issues quickly and fairly.