Skip to main content

Privacy Policy

1. What is the Privacy Policy?

H&H Inc. (hereinafter referred to as the “Company”) collects, uses, and provides personal information based on the user's consent, and actively guarantees user's basic rights to determine the way their personal information is used.

As with all information service providers, the Company adheres to and complies with all relevant laws as well as personal data protection regulations and guidelines of the Republic of Korea.

The ‘Privacy Policy’ outlines the guidelines that the Company must adhere to so that users can access the Company’s services with the confidence and knowledge that the Company, in good faith, will protect their valuable personal information.

This Privacy Policy applies to all H&H Services (hereinafter referred to as “H&H” or “Services”).

2. Collection of Personal Information

The Company strives to keep the collection of necessary personal information for the provision of its services to a minimum.

The Company collects the minimum personal information necessary to provide the following services through the website, individual applications, or programs during membership registration or use of its services.

The list of collected information is as follows.

  1. Information required for subscription and social login

    • Social media information (Facebook, Apple, KakaoTalk), including nickname, user ID, email address, profile image, social media unique identification number (UID, App Center ID, etc.)
  2. Information required to use the service

    • Collection of users’ personal information provided by social media services, adhering to their policies, terms and conditions, and user consent
    • Service usage records
    • Information required for payment (when making payments)
    • Recommendation code of existing users who introduced the service to new users
    • Mobile phone number for inter-device data interworking
  3. Information required when submitting an inquiry about the service

    • The user’s e-mail, social media account, and phone number, during the process of receiving and resolving the an inquiry about the service or a report on the infringement of rights
    • For Mobile
      • Basic statistics on terminal model, mobile service provider information, hardware ID, and service use
      • Information about the device (terminal specification, terminal settings), IP address, cookies, log information, app version and app installation information, operating system version information, mobile service provider name, browser information
  4. Information entered by the customer when signing up for and using the service

    • (Username) Nickname
    • Information required for payment (when making payments)
    • Personal information for recommending customized exercises to users (exercise goal, level, frequency, time, gender, height, weight, date of birth)
  5. Camera-related information when using the service

    • android.permission.CAMERA The app requires camera access permissions for exercise motion detection and analysis, in order to collect Skeleton Data (in text format) and generate an exercise preview screen. The app does not collect any photos, videos, or audio files during this process.

    If a user submits an inquiry with a photo attached, the company can collect the user's photo information and use it only for the purpose of resolving the inquiry.

  6. Network Connectivity

    • android.permission.ACCESS_NETWORK_STATE: Check network connection status
    • android.permission.INTERNET: Internet usage
  7. Other information

    • android.permission.WAKE_LOCK: Alarm
    • android.permission.WRITE_EXTERNAL_STORAGE: Write to storage (used to store Skeleton Data files generated during exercise recognition analysis, which is the main function of the app)
    • android.permission.READ_EXTERNAL_STORAGE: Read storage (used to collect photos attached by users when submitting an inquiry, and used only for the purpose of resolving the inquiry)
    • When using AI exercises on the Gymmate app: Skeleton (joint coordinate value measured during exercise)
    • com.google.android.gms.permission.AD_ID: Ad ID access (used within the app to show personalized ads to users)

3. Use of Personal Information

The company uses the collected information for the following purposes.

  • To help users use the service smoothly

  • To identify users and prevent unauthorized use of services

  • To prepare statistical data on service use

  • For user management, service provision and improvement, and new service development

  • Providing customized services, developing new functions, market and advertisement analysis, and improving services

  • To improve services and to conduct surveys and analyses necessary for improvement

  • For raffles and gifts for campaigns and events

  • To verify the identity of the user and respond to their inquiries

  • To make important or necessary announcements

  • To provide payment functions, identification, and payment details management that occurs during the process of providing paid services

  • To preserve records for complaint handling and dispute settlement

  • For personal information necessary to provide the following services through the website, individual applications, or programs during membership registration or use of its services.

  • To check the consent of the legal representative when collecting personal information for children under the age of 14, and to verify the identity of the legal representative when they exercise the right of the legal representative

  • To provide analysis and personalization services based on demographic characteristics

  • To develop new services, provide various services, handle inquiries or complaints, and deliver announcements

  • To send or deliver content, or for fee settlement, when using paid services

  • To prevent and sanction against acts that interfere with the smooth operation of services (including account theft, fraudulent use, etc.)

  • To confirm participation in events/events, and to use marketing, advertising, etc.

  • For service usage records, access frequency and service usage statistics, customized service provision, and service improvement

4. Consignment and Provision of Personal Information

Personal information may be entrusted to an external entity to perform some of the tasks necessary for the provision of services to users and the fulfillment of the contract. The provision of personal information is based from the time when the user confirms it, and when entrusted, the Company manages and supervises the external entity so that it does not violate relevant laws, regulations and policies.

The Company provides personal information to third parties after obtaining consent within the scope necessary to provide services to users. The Company does not provide users' personal information to third parties except when the user separately consents, or as stipulated by laws and regulations.

5. Destruction of Personal Information

Personal information is destroyed without delay when the purpose of collection and use has been achieved or when there is a request for withdrawal from membership on the part of the user, and the procedure and method are as follows.

In the case of electronic files, personal information contained within is to be safely and thoroughly deleted so that they cannot be recovered or reproduced. In the case of other records, printed materials, written documents, etc., the personal information is to be destroyed by shredding or incineration.

In addition, H&H separately stores or deletes the personal information of users who have not used the service for one year in accordance with the ‘Personal Information Validity Period Plan’, and will notify users by email or other means at least 30 days before the date of storage.

Separately stored personal information is kept for 4 years and then destroyed without delay. However, if it is necessary to preserve the personal information in accordance with the provisions of relevant laws, the personal information is kept for the period stipulated by the relevant laws and regulations.

The personal information that must be kept for a certain period in accordance with laws and regulations, and the laws and regulations themselves are as follows.

Consumer protection laws pertaining to e-commerce or electronic transactions

Records on contract or subscription withdrawal: 5 years

Records on payment and supply of goods: 5 years

Records on consumer complaints or dispute resolution: 3 years

Records on displays / advertisements: 6 months

Framework Act on National Taxes

Bookkeeping and supporting documents for all transactions stipulated by tax law: 5 years

Electronic Financial Transactions Act

Records related to electronic finance: 5 years

Communication Secret Protection Act

Login history: 3 months

Users can exercise their rights related to personal information protection, such as viewing, correction, and deletion of personal information, and requesting suspension of processing. It can also be done through the legal representative of the information subject or the delegated person. In this case, a legitimate power of attorney must be submitted.

Gymmate processes terminated or deleted personal information at the request of the user in accordance with the "Personal Information Retention and Use Period" outlined below, and prevents it from being viewed or used for other purposes.

Users must be over 14 years old to sign up and use Gymmate. Therefore, Gymmate does not collect or use personal information of children under the age of 14.

7. Other Matters

H&H strives to protect the rights of users.

You can view or modify your personal information (legal representative if you are under the age of 14) at any time, and you can also request to withdraw your consent to the collection and use of personal information or withdraw from membership at any time. More specifically, to change or cancel a subscription (withdraw consent) through the settings function in the service, click 'Delete Account' within the service. If you request correction of errors in your personal information, it will be updated promptly.

The Company makes the following efforts to protect the valuable personal information of its users.

The Company regards the protection of users’ personal information as a fundamental value and makes the following efforts in handling personal information.

Personal information kept by the Company is encrypted.

The Company transmits the user's personal information using encrypted communication, and keeps important information such as passwords encrypted.

The Company will do its best to protect its databases of encrypted information safe from hacking attempts and computer viruses.

To prevent leakage or damage of users’ personal information through hacking and computer viruses, the Company operates its databases in an area separated from the rest of the Company premises with blocked access from the outside.

In addition, the Company continuously researches the latest hacking prevention and security technologies to be applied to its services.

The Company limits the number of people who can access personal information of users to a minimum.

The Company limits the number of employees who handle personal information to a minimum.

In addition, the Company prepares systematic standards for the creation and change of passwords and the right to access the database system that stores personal information and the system that processes personal information, and conducts continuous audits on those systems.

The Company sometimes makes use of cookies to provide PC-based services.

Cookies are used to enable faster and more convenient use of the website and to provide customized services.

What are cookies?

Cookies are very small text files sent to the user's browser by the server used to operate the website and are stored on the user's computer.

Purpose of use

To provide personalized and customized services, cookies are used to store and retrieve user information from time to time. When a user visits the website, the website server reads the contents of the cookie stored on the user's device to maintain the user's preferences and provide customized services. Cookies help users to access and use the website conveniently when they visit the website. In addition, they are used to provide customized information such as advertisements optimized through the user's website visit record and types of use.

Accepting and opting out of cookies

Cookies do not inherently store personally identifiable information such as name and phone number, and the accepting of cookies is optional. Therefore, the user can accept all cookies by setting their options on the web browser, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to accept cookies on your browser, website use may become inconvenient and there may be difficulties in using some services that require logging in.

How to set cookies

For Internet Explorer

Tools menu at the top of the web browser > Internet Options > Privacy > Settings

For Chrome

Settings menu on the top right corner of the web browser > Show advanced settings at the bottom of the screen > Personal information settings for personal content > Cookies

Have further questions about the protection of your personal information?

For all inquiries, complaints, advice, or other matters related to personal information protection that occur while using the service, please contact the person in charge of personal information protection and the department in charge. H&H strives to listen to your feedback and does its best to provide a prompt and sufficient response.

CPO: Youngjun Kim
Position: Director
Contact: +82-70-4269-3700 / Email: kyj@hnh.ai

Dial 118 (no area code)
https://privacy.kisa.or.kr

Dial 1833-6972 (no area code)
https://www.kopico.go.kr

Dial 1301 (no area code)
https://www.spo.go.kr

Dial 182 (no area code)
http://cyberbureau.police.go.kr

The Company may amend and update the Privacy Policy for the purpose of reflecting changes in relevant laws or services. If the Privacy Policy is changed, H&H will post the change, and the updated Privacy Policy will take effect 7 days after posting. However, the Company will notify you at least 30 days in advance when there is a significant change in user rights, such as changes in the items of personal information collected and the purpose of use.

Effective Date: June 27th 2023