[Consent to Collection and Use of Personal Data]
To provide ONYU services, we collect and use the personal data listed below. You have the right to refuse consent; however, if you do not consent, sign-up and use of the service are not possible. By ticking the checkbox, you agree to the collection and use of your personal data as set out below and in ONYU’s Privacy Policy. ※ Unless otherwise stated, references to time/zones follow the local time of the service location.
Consent to Collection and Use of Personal Data [Required]
| Data Items Collected | Purpose of Use | Retention Period |
|---|---|---|
| 1) Contact / Account Info: name, country/region of residence, email, account ID, password (stored in encrypted form), mobile phone number, preferred language | User identification & authentication, account creation & management, booking progress and customer notifications | Deleted without undue delay upon account deletion. Exceptions: retained as required by law (e.g., contracts/payments up to 5 years; dispute records 3 years; advertising 6 months; access logs at least 3 months). |
| 2) Payment Info (non-sensitive): payment gateway (PG) token/authorization number, card issuer/type, masked card info (e.g., last 4 digits), payment/refund history (we do not store full card number or CSC) | Payment processing, refunds & settlement, troubleshooting, abnormal-transaction detection | Same as above (statutory retention takes precedence). |
| 3) Booking Info & Basic Preferences: booking ID, date/time, program/clinic details, companion status, operational preferences (e.g., preferred language, notification channel) (health/medical details are not included here and require separate optional consent) | Booking intermediation, confirmation, change/cancellation handling, notifications, post-service support | Same as above. |
| 4) Membership / Loyalty (if applicable): membership ID, tier, accrual/redemption history | Membership operation, benefit provision & settlement | Same as above. |
| 5) Device / Network / Approx. Location: IP address, device/OS/app version, browser/carrier, push/ads tokens, SDK/cookie-based usage logs (timestamps, clicks/events, session length, crash logs, etc.), city/country-level approximate location | Service stabilization & quality improvement (error monitoring, performance), security & fraud prevention, localization (language/currency/server routing) | Same as above (access/connection logs kept at least the minimum period required by law). |
| 6) UGC & Communications: user-generated content (photos/images/videos/reviews/comments), customer-support inquiries, emails, in-app messages, processing records (including metadata) | Review posting & community operations, inquiry handling, dispute resolution, quality management | Same as above. |
| 7) Social Login Identifiers (if used): social account unique ID, profile name/avatar, authentication token | Social login linking, account creation/connection | Same as above. |
| 8) Third-Party Booking Data (if applicable): name, contact details, booking details of a companion/other traveler for whom you book | Processing bookings and sending related notifications | Same as above. |
| 9) Information Received from Partners/Processors (minimum scope): lawfully shared data from partner clinics/professionals, payment, messaging, or analytics providers (e.g., booking/payment status, error/decline reasons) | Booking fulfillment, settlement & customer support, service stabilization and security | Same as above. |
Important: Sensitive data (e.g., health information such as allergies, contraindications, skin/constitution details) is collected only when necessary and only with separate optional consent to support safe matching and reservations. You may refuse this optional consent and still sign up/use core features, though certain personalized features may be limited.