AI-powered, tailored digital therapeutics for the management of neuro-psychological disorders.
Working Hours
Monday - Friday (excluding holidays)
9:00 AM - 6:00 PM
Email neurotx@neurotx.org
Phone +82-2-3290-3947
Fax +82-2-3290-3970
Address 132B, Korea University R&D Center, 145 Anam-ro, Seongbuk-gu, Seoul
Working Hours
Monday - Friday (excluding holidays)
9:00 AM - 6:00 PM
Email neurotx@neurotx.org
Phone +82-2-3290-3947
Fax +82-2-3290-3970
Address 145 Anam-ro, Seongbuk-gu, Seoul,
Korea University R&D Center 132B
NeuroTx (hereinafter referred to as the “Company”) legally processes and safely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of the information subject. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following personal information processing policy in order to inform the information subject of the procedures and standards for processing and protecting personal information and to promptly and smoothly handle complaints related thereto.
Article 1 (Purpose of processing personal information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken.
1. Website membership registration and management
Personal information is processed for the following purposes: confirmation of intent to register as a member, self-identification and authentication in accordance with the provision of membership services, maintenance and management of membership qualifications, prevention of unauthorized use of services, confirmation of consent of legal representatives when processing personal information of children under the age of 14, various notifications and notices, and complaint handling.
2. Provision of goods or services
Personal information is processed for the purposes of delivering goods, providing services, sending contracts and bills, providing content, providing customized services, verifying identity, verifying age, paying fees, and settling accounts.
3. Handling complaints
Personal information is processed for the purposes of verifying the identity of the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying the results of processing.
Article 2 (Items of personal information processed)
The company collects and uses personal information to the minimum extent necessary to provide services.
1. Provision of goods or services
Required items: <Name, phone number, email address>
Optional items: <Area of interest>
2. The following personal information items may be automatically generated and collected during the use of Internet services.
IP address, cookies, MAC address, service usage history, visit history, bad usage history, etc.
Article 3 (Processing and retention period of personal information)
① The company processes and retains personal information within the retention and use period of personal information stipulated by law or within the retention and use period of personal information agreed upon by the information subject when collecting personal information. ② The processing and retention periods for each personal information are as follows.
Website membership registration and management: Until withdrawal from the business/organization website
However, in the following cases, until the end of the reason
1) In the case of an investigation or inquiry due to a violation of relevant laws and regulations, until the end of the investigation or inquiry
2) In the case of remaining creditor-debtor relationships due to the use of the website, until the settlement of the creditor-debtor relationship
Article 4 (Matters regarding procedures and methods for destroying personal information)
① When personal information becomes unnecessary due to the expiration of the personal information retention period, achievement of the processing purpose, etc., the company destroys the personal information without delay.
② In the case where the personal information retention period agreed upon by the information subject has expired or the processing purpose has been achieved, but personal information must be retained in accordance with other laws and regulations, the personal information will be transferred to a separate database (DB) or stored in a different location. ※ The items of personal information preserved according to other laws and the basis for preservation can be found in “Article 3, Processing and Retention Period of Personal Information”
③ The procedures and methods for destroying personal information are as follows.
Destruction Procedure
The company selects personal information for which a reason for destruction has occurred and destroys the personal information with the approval of the company’s personal information protection officer.
Destruction Method
The company destroys personal information recorded and stored in electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.
Article 5 (Matters regarding measures to ensure the safety of personal information)
① The company is taking the following measures to ensure the safety of personal information.
Administrative measures: Establishment and implementation of an internal management plan, operation of a dedicated organization, and regular employee training
Technical measures: Management of access rights to personal information processing systems, installation of an access control system, encryption of personal information, installation and update of security programs
Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 6 (Rights, obligations, and exercise methods of information subjects and legal representatives) )
① The information subject may exercise the following personal information protection rights against the company at any time.
Request to view personal information
Request for correction in case of errors, etc.
Request for deletion
Request for suspension or withdrawal of processing
Request for refusal or explanation of automated decisions, etc.
※ Requests to view personal information of children under the age of 14 must be made directly by the legal representative, and information subjects who are minors over the age of 14 may exercise their rights regarding their personal information as minors or through their legal representative.
② The exercise of rights under Paragraph 1 may be made against the company in writing, by phone, e-mail, facsimile (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights may also be made through an agent such as the information subject's legal representative or a proxy. In this case, a power of attorney in the format of Appendix 11 of the "Personal Information Processing Method Notice" must be submitted.
④ If the information subject requests to view or suspend processing of personal information, The right to request may be limited by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information is explicitly stated as a collection target in other laws, the deletion of the personal information cannot be requested.
⑥ If the information subject has consented to the fact that an automated decision will be made, or has been notified in advance through a contract, etc., or if there is a clear provision in the law, the refusal of the automated decision is not recognized and only an explanation and review request is possible.
- In addition, a request for refusal or explanation of an automated decision may be rejected if there is a legitimate reason such as a concern that it may unfairly infringe upon the life, body, property, or other interests of another person.
⑦ The company verifies whether the person exercising the right is the person himself or a legitimate agent.
⑧ The company may exercise the right to the department below. The company will endeavor to ensure that the exercise of the right by the information subject is processed promptly.
Article 7 (Measures to Ensure the Security of Personal Information)
The company is taking the following measures to ensure the security of personal information. 1. Administrative measures: Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 8 (Matters related to installation/operation and refusal of automatic personal information collection devices)
① The company uses ‘cookies’ to store and periodically retrieve usage information in order to provide customized services to users.
② Cookies are small amounts of information that the server (http) used to operate the website sends to the user’s computer browser and are also stored on the hard disk of the user’s computer.
A. Purpose of cookie use: Used to provide optimized information to users by identifying the visit and usage patterns, popular search terms, and whether or not the user has accessed each service and website visited.
B. Installation/operation and refusal of cookies: You can refuse cookie storage by setting options in the Tools>Internet Options>Privacy menu at the top of the web browser.
D. If you refuse to save cookies, you may experience difficulties in using customized services.
Article 9 (Personal Information Protection Officer)
① The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from information subjects related to personal information processing.
▶ Personal Information Protection Department
Department Name: Management Support Team
Person in Charge: Kim Go-eun
Contact: <02-3290-3947>, <goeunkim17@neurotx.org>
② The information subject may inquire about all personal information protection-related inquiries, complaint handling, and remedies that arise while using the company's services (or business) to the personal information protection officer and the department in charge. The company will promptly respond to and process the information subject's inquiries.
Article 10 (Request to View Personal Information)
The information subject may request to view personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the information subject's request to view personal information.
▶ Personal Information Access Request Reception and Processing Department
Department Name: Management Support Team
Person in Charge: Kim Go-eun
Contact: <02-3290-3947>, <goeunkim17@neurotx.org>
Article 11 (Methods of Redressing Rights Infringement)
Data subjects may inquire about redress for damages and consultations regarding personal information infringement to the following institutions.
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information infringement, requesting consultation
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: (58324) 3rd floor, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
▶ Personal Information Dispute Mediation Committee
- Responsibilities: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: (03171) 4th floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors' Office Cyber Crime Investigation Division: (without area code) 1301 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: (without area code) 182 (ecrm.cyber.go.kr)
Article 12 (Enforcement and Change of Personal Information Processing Policy)
This personal information processing policy is effective from January 1, 2021.
* Appendix: WillSleep Account Deletion Request
If you would like to delete your WillSleep user account and associated data, please follow the steps below:
How to request account deletion:
Send an email to neurotx@neurotx.org.
Please include “Account Deletion Request” in the subject line of your email.
Include the email address of the account you wish to delete in the body of your email.
Types of data to be deleted:
Personally identifiable information (name, email, etc.)
Health data and user activity history
User settings and in-app activity
Data retention period:
After requesting account deletion, your data will be retained for an additional 30 days and may be recovered during this period. After 30 days, all data will be permanently deleted.
If you have any further questions after requesting deletion, please feel free to contact us. Thank you.
NeuroTx (hereinafter referred to as the “Company”) legally processes and safely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of the information subject. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following personal information processing policy in order to inform the information subject of the procedures and standards for processing and protecting personal information and to promptly and smoothly handle complaints related thereto.
Article 1 (Purpose of processing personal information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken.
1. Website membership registration and management
Personal information is processed for the following purposes: confirmation of intent to register as a member, self-identification and authentication in accordance with the provision of membership services, maintenance and management of membership qualifications, prevention of unauthorized use of services, confirmation of consent of legal representatives when processing personal information of children under the age of 14, various notifications and notices, and complaint handling.
2. Provision of goods or services
Personal information is processed for the purposes of delivering goods, providing services, sending contracts and bills, providing content, providing customized services, verifying identity, verifying age, paying fees, and settling accounts.
3. Handling complaints
Personal information is processed for the purposes of verifying the identity of the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying the results of processing.
Article 2 (Items of personal information processed)
The company collects and uses personal information to the minimum extent necessary to provide services.
1. Provision of goods or services
Required items: <Name, phone number, email address>
Optional items: <Area of interest>
2. The following personal information items may be automatically generated and collected during the use of Internet services.
IP address, cookies, MAC address, service usage history, visit history, bad usage history, etc.
Article 3 (Processing and retention period of personal information)
① The company processes and retains personal information within the retention and use period of personal information stipulated by law or within the retention and use period of personal information agreed upon by the information subject when collecting personal information. ② The processing and retention periods for each personal information are as follows.
Website membership registration and management: Until withdrawal from the business/organization website
However, in the following cases, until the end of the reason
1) In the case of an investigation or inquiry due to a violation of relevant laws and regulations, until the end of the investigation or inquiry
2) In the case of remaining creditor-debtor relationships due to the use of the website, until the settlement of the creditor-debtor relationship
Article 4 (Matters regarding procedures and methods for destroying personal information)
① When personal information becomes unnecessary due to the expiration of the personal information retention period, achievement of the processing purpose, etc., the company destroys the personal information without delay.
② In the case where the personal information retention period agreed upon by the information subject has expired or the processing purpose has been achieved, but personal information must be retained in accordance with other laws and regulations, the personal information will be transferred to a separate database (DB) or stored in a different location. ※ The items of personal information preserved according to other laws and the basis for preservation can be found in “Article 3, Processing and Retention Period of Personal Information”
③ The procedures and methods for destroying personal information are as follows.
Destruction Procedure
The company selects personal information for which a reason for destruction has occurred and destroys the personal information with the approval of the company’s personal information protection officer.
Destruction Method
The company destroys personal information recorded and stored in electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.
Article 5 (Matters regarding measures to ensure the safety of personal information)
① The company is taking the following measures to ensure the safety of personal information.
Administrative measures: Establishment and implementation of an internal management plan, operation of a dedicated organization, and regular employee training
Technical measures: Management of access rights to personal information processing systems, installation of an access control system, encryption of personal information, installation and update of security programs
Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 6 (Rights, obligations, and exercise methods of information subjects and legal representatives) )
① The information subject may exercise the following personal information protection rights against the company at any time.
Request to view personal information
Request for correction in case of errors, etc.
Request for deletion
Request for suspension or withdrawal of processing
Request for refusal or explanation of automated decisions, etc.
※ Requests to view personal information of children under the age of 14 must be made directly by the legal representative, and information subjects who are minors over the age of 14 may exercise their rights regarding their personal information as minors or through their legal representative.
② The exercise of rights under Paragraph 1 may be made against the company in writing, by phone, e-mail, facsimile (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights may also be made through an agent such as the information subject's legal representative or a proxy. In this case, a power of attorney in the format of Appendix 11 of the "Personal Information Processing Method Notice" must be submitted.
④ If the information subject requests to view or suspend processing of personal information, The right to request may be limited by Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information is explicitly stated as a collection target in other laws, the deletion of the personal information cannot be requested.
⑥ If the information subject has consented to the fact that an automated decision will be made, or has been notified in advance through a contract, etc., or if there is a clear provision in the law, the refusal of the automated decision is not recognized and only an explanation and review request is possible.
- In addition, a request for refusal or explanation of an automated decision may be rejected if there is a legitimate reason such as a concern that it may unfairly infringe upon the life, body, property, or other interests of another person.
⑦ The company verifies whether the person exercising the right is the person himself or a legitimate agent.
⑧ The company may exercise the right to the department below. The company will endeavor to ensure that the exercise of the right by the information subject is processed promptly.
Article 7 (Measures to Ensure the Security of Personal Information)
The company is taking the following measures to ensure the security of personal information. 1. Administrative measures: Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 8 (Matters related to installation/operation and refusal of automatic personal information collection devices)
① The company uses ‘cookies’ to store and periodically retrieve usage information in order to provide customized services to users.
② Cookies are small amounts of information that the server (http) used to operate the website sends to the user’s computer browser and are also stored on the hard disk of the user’s computer.
A. Purpose of cookie use: Used to provide optimized information to users by identifying the visit and usage patterns, popular search terms, and whether or not the user has accessed each service and website visited.
B. Installation/operation and refusal of cookies: You can refuse cookie storage by setting options in the Tools>Internet Options>Privacy menu at the top of the web browser.
D. If you refuse to save cookies, you may experience difficulties in using customized services.
Article 9 (Personal Information Protection Officer)
① The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages from information subjects related to personal information processing.
▶ Personal Information Protection Department
Department Name: Management Support Team
Person in Charge: Kim Go-eun
Contact: <02-3290-3947>, <goeunkim17@neurotx.org>
② The information subject may inquire about all personal information protection-related inquiries, complaint handling, and remedies that arise while using the company's services (or business) to the personal information protection officer and the department in charge. The company will promptly respond to and process the information subject's inquiries.
Article 10 (Request to View Personal Information)
The information subject may request to view personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the information subject's request to view personal information.
▶ Personal Information Access Request Reception and Processing Department
Department Name: Management Support Team
Person in Charge: Kim Go-eun
Contact: <02-3290-3947>, <goeunkim17@neurotx.org>
Article 11 (Methods of Redressing Rights Infringement)
Data subjects may inquire about redress for damages and consultations regarding personal information infringement to the following institutions.
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information infringement, requesting consultation
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: (58324) 3rd floor, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
▶ Personal Information Dispute Mediation Committee
- Responsibilities: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: (03171) 4th floor, Government Seoul Building, 209 Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors' Office Cyber Crime Investigation Division: (without area code) 1301 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: (without area code) 182 (ecrm.cyber.go.kr)
Article 12 (Enforcement and Change of Personal Information Processing Policy)
This personal information processing policy is effective from January 1, 2021.
* Appendix: WillSleep Account Deletion Request
If you would like to delete your WillSleep user account and associated data, please follow the steps below:
How to request account deletion:
Send an email to neurotx@neurotx.org.
Please include “Account Deletion Request” in the subject line of your email.
Include the email address of the account you wish to delete in the body of your email.
Types of data to be deleted:
Personally identifiable information (name, email, etc.)
Health data and user activity history
User settings and in-app activity
Data retention period:
After requesting account deletion, your data will be retained for an additional 30 days and may be recovered during this period. After 30 days, all data will be permanently deleted.
If you have any further questions after requesting deletion, please feel free to contact us. Thank you.