1. Nature and scope of the terms and conditions

These terms and conditions describe the relationship between AssembleCircle Corp.(hereinafter referred to as "AssembleCircle") and WebCeph members (hereinafter referred to as 'members') or non-members who use the WebCeph service, and the rights, obligations and necessary matters between the member and AssembleCircle in relation to the use of the WebCeph service provided by the AssembleCircle to members. It is for the purpose of defining.

When you use the WebCeph service or sign up as a member, you are required to confirm or agree to these terms and conditions. These terms and conditions are basically applied to all WebCeph services, but separate terms and operating policies may be applied for each individual service to comply with relevant laws and regulations and to achieve the purpose of each service.

2. WebCeph Service

WebCeph service is an orthodontic orthognathic artificial intelligence cloud platform designed by orthodontists and oral surgeons and developed by orthodontists. You can use the WebCeph service using a device that can connect to the Internet, such as a PC or mobile phone. WebCeph service includes diagnostic data analysis services for orthodontic and orthognathic surgery, and clinical case sharing and discussion platforms for academic purposes. For specific details of individual services, please refer to the WebCeph website.

WebCeph service is a service that assists doctors in diagnosis, medical plan establishment, medical practice, etc. WebCeph Services can help you, however, WebCeph Services is neither a medical institution nor a healthcare provider and does not provide medical advice or diagnosis. In other words, WebCeph service does not function as a substitute for a service that provides expert opinion or professional opinion in any way. AssembleCircle recommends that members establish a medical plan, perform medical treatment, or receive treatment through consultation with a medical professional along with the WebCeph service.

AssembleCircle provides the same service to all members, but the scope of the service provided for each individual service may vary to comply with relevant laws and regulations and to achieve the goal of individual service. For example, some of the WebCeph services may be provided only to members with medical qualifications, and members who wish to use the services may be required to provide evidence of medical qualifications to be provided with the services.

The AssembleCircle may modify, suspend, or terminate some or all the contents of the WebCeph website or WebCeph service for reasons of compliance with related laws and regulations, maintenance and management of services, and business judgment. For example, to perform routine or non-routine maintenance of the WebCeph service, to correct errors, or to perform other changes, we may suspend the WebCeph homepage or some operations of the WebCeph service as needed. In addition, AssembleCircle may stop the operation of the WebCeph service in a certain residential area. If a member violates the terms and conditions and related laws, services may no longer be provided to the member.

he WebCeph service is currently free, but it may be converted to a paid service in some or all of the WebCeph service. If there is a conversion in service payment, partial or whole, we will inform the members regarding the scope and pricing policy of the WebCeph service in advance.

3. Sign Up

1. The intellectual property rights of the content (hereinafter referred to as “content”) created by a member in through the WebCeph service belongs to the member in accordance with the relevant laws and regulations. Intellectual property rights related to WebCeph services (for example, AssembleCircle's trademark, etc.) and intellectual property rights of all materials that are stored, displayed or accessible on the WebCeph homepage are owned or licensed by AssembleCircle. You may modify, copy, reproduce, republish, upload, post, transfer, distribute, sell, license, lease, publicly display or perform, edit, or otherwise modify, copy, reproduce, republish, upload, post, transmit, distribute, sell, publicly display, or otherwise modify, in any way, without the written consent of the Assemblies. Secondary works cannot be produced.
2. In addition, members may view, use, download, and print selected portions of the WebCeph homepage for personal, non-commercial, and informational purposes, without posting WebCeph contents as is.
3. ssemble Circle shall not be held liable for any infringement of intellectual property rights of third parties during the process of creating contents by members, or disputes on intellectual property rights between members arising from members using contents of other members.

4. Types of services and how to use them

1. AssembleCircle provides the following services to its members.
1. Dental diagnostic medical data analysis service
2. Clinical and academic discussion informative service for clinicians and researchers
3. Dentist-patient clinical data and educational data delivery service
4. Educational services in the form of video lectures and text lectures and others
5. All other services provided to members through additional development by AssembleCircle or through partnership agreements with other companies
2. In principle, the service operates 24 hours a day, 365 days a year, unless there is a special obstacle in the business or technology of AssembleCircle.
3. AssembleCircle may determine the availability of some services separately. In this case, we will notify you via e-mail or notice pop-up within the service.

5. Restrictions on service use

1. AssembleCircle may restrict members' use of services in the following cases:
2. In the case of a time when there is a high possibility of a service error related to the financial institutions affiliated with AssembleCircle
3. When it is difficult to provide normal service due to repair, upgrade, inspection, replacement, hacking, etc.
4. In case the service operation is impossible due to force majeure such as natural disaster, war, explosion, terrorism, etc.
5. In case of occurrence of each subparagraph of Article 6 Paragraph 2, etc.
6. If AssembleCircle intends to restrict the use of the service, the reason, date, and period are determined in advance and notified via e-mail or notice pop-up within the service. However, if AssembleCircle recognizes that it is urgently necessary to limit the use of the service, it may post notice after the restriction on the use of the service.
7. AssembleCircle is not responsible for any restrictions on the use of services that are not attributable to AssembleCircle.

6. Cancellation of service use contract

1. A member may terminate or cancel the service use contract by applying for the termination of the use contract in the method determined by AssembleCircle.
2. AssembleCircle may terminate or cancel the service use contract with the member in the case of any of the following reasons:
3. If it is difficult for the member to achieve the purpose of the contract by violating these terms and conditions or related laws
4. When a member falsely fills in important information such as information related to qualifications for service use
5. When a member steals or uses another person's name or payment information
6. When a member uses WebCeph service for illegal purposes
7. When a member interferes with the operation of WebCeph service
8. When a member distributes a virus program or hacks
9. Other cases where AssembleCircle judges objectively that it is necessary to refuse to use the service, etc.
10. When AssembleCircle terminates or cancels the contract of use in accordance with this Article, it may set a reasonable period and grant the member an opportunity to file an objection.
11. AssembleCircle immediately resumes the service if the objection is justified.

7. Intellectual property rights

The intellectual property rights of the content (hereinafter referred to as “content”) created by a member in through the WebCeph service belongs to the member in accordance with the relevant laws and regulations. Intellectual property rights related to WebCeph services (for example, AssembleCircle's trademark, etc.) and intellectual property rights of all materials that are stored, displayed or accessible on the WebCeph homepage are owned or licensed by the AssembleCircle. You may modify, copy, reproduce, republish, upload, post, transfer, distribute, sell, license, lease, publicly display or perform, edit, or otherwise modify, copy, reproduce, republish, upload, post, transmit, distribute, sell, publicly display, or otherwise modify, in any way, without the written consent of the Assemblies. Secondary works cannot be produced.

In addition, members may view, use, download, and print selected portions of the WebCeph homepage for personal, non-commercial, and informational purposes, without posting WebCeph contents as is.

AssembleCircle shall not be held liable for any infringement of intellectual property rights of third parties during the process of creating contents by members, or disputes on intellectual property rights between members arising from members using contents of other members.

8. Data management policy

WebCeph services need to transfer, store, copy, delete, and edit data related to cloud services. In addition, WebCeph needs to index the content to retrieve, protect, and back up data. By using the WebCeph service, members give the AssembleCircle the authority to manage data. When a member provides data to the WebCeph service, the member has the right to use, store, copy, modify, transmit, disclose, explain, publicly post, distribute, or create a secondary work derived from the data on AssembleCircle is considered licensed.

The above license is valid even after the member stops using the WebCeph service or deactivates the account and AssembleCircle can use the above data to improve the WebCeph services or to develop a new WebCeph service through the above license. WebCeph will do its best to provide more convenient and useful services to the members through continuous service improvement, research, and development.

9. Collection of personal information

The company strives to protect the personal information of members as stipulated by relevant laws and regulations. The protection and use of personal information is in accordance with the relevant laws and regulations and the company's personal information processing policy.

The company does not provide personal information without the individual consent of the information subject to third parties, except in cases where the member uses the service and is requested to provide information from an investigative agency or other public institution in violation of related laws.

The company provides information only to the extent necessary for the entrusted company to investigate, also manages and supervises the safe processing of the users' valuable personal information.

The company does not collect personal information of minors under the age of 19.

10. Personal information entrusted by WebCeph

When a member provides data, etc. to AssembleCircle for the use of the WebCeph service, the member has all legal rights to the personal information (patient information) and the information subject (patient) for entrustment of the personal information (patient information). You must obtain consent.

For example, if you want to collect the personal information (patient information) of the information subject (patient) who uses the hospital or clinic you operate and provide it to the AssembleCircle, you must use the consent form below to provide the above personal information (patient Information) is collected and the consent of the data subject (patient) must be obtained for the above personal information (patient information) to be entrusted to the AssembleCircle.

[Check the consent form included in the member's guide (link)]

If the member's personal information (patient information) consignment provision violates the relevant laws or the terms and conditions of the WebCeph service and the operation policy, the provision of the WebCeph service may be suspended, Personal information (patient information) may be deleted, member's use of the WebCeph service may be restricted or the account may be suspended. AssembleCircle is not responsible for any disputes between the member and the information subject (patient) or damages to the information subject arising from the violation of laws and regulations, etc.

Members who agree to these terms and conditions are deemed to have entrusted personal information processing work to the AssembleCircle in accordance with Article 26 of the Personal Information Protection Act. Please familiarize yourself with the following regarding personal information processing consignment.

• Purpose and scope of commissioned work: AssembleCircle processes personal information (patient information) entrusted by members within the scope of the purpose of providing the service. In any case, AssembleCircle does not process personal information (patient information) beyond the scope of the consignment purpose. The scope of the consignment service is that AssembleCircle obtains consent from the patient to provide personal information to a third party in order to provide an interlocking service between the company's Internet site (https://toosapp.com, hereinafter "Toosapp") Included.
• Consignment period: The AssembleCircle is entrusted with processing of personal information (patient information) during the member's service use period.
• Following consignment on International transfer of personal information (patient information): AssembleCircle transfers and processes personal information (patient information) entrusted by members located outside Korea within the scope of the purpose of providing the service to Korea as follows.

  Trustee (country to which personal information is transferred according to the consignment)	Commissioned work	Items of personal information transferred	Transfer date and transfer method	Trustee contact information	Purpose of use and retention period of trustee
  AssembleCircle Corp. (Korea)	WebCeph service provision and data management	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details	Retransfer of information stored in the cloud service when collecting personal information	411-ho, 4th floor, 240, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do (13493)	Until the member's service ends

  Trustee (country to which personal information is transferred according to the consignment)	AssembleCircle Corp. (Korea)
  Commissioned work	WebCeph service provision and data management
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	Retransfer of information stored in the cloud service when collecting personal information
  Trustee contact information	12 Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do (13487)
  Purpose of use and retention period of trustee	Until the member's service ends

• Re-consignment restrictions: The AssembleCircle does not transfer or re-consign all or part of the personal information (patient information) entrusted by the member to a third party, except in the case of obtaining prior consent from the member. A member who agrees to these terms and conditions is deemed to have read the following matters and consented to the re-consignment of the processing of personal information (patient information) as described below.

  Trustee (country)	Commissioned work	Items of personal information transferred	Transfer date and transfer method	Trustee contact information	Purpose of use and retention period of trustee
  Amazon Web Services Korea LLC (United States)	Cloud service	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details	When collecting personal information, it is stored in the cloud service	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)	Cloud service provision, until the end of the consignment contract
  Amazon Web Services Korea LLC (Canada)
  Amazon Web Services Korea LLC (Germany)
  Amazon Web Services Korea LLC (United Kingdom)
  Amazon Web Services Korea LLC (Australia)
  Amazon Web Services Korea LLC (Brazil)
  Amazon Web Services Korea LLC (France)
  Amazon Web Services Korea LLC (India)
  Amazon Web Services Korea LLC (S.Korea)
  Amazon Web Services Korea LLC (Japan)
  Amazon Web Services Korea LLC (Singapore)
  Amazon Web Services Korea LLC (Sweden)

  Trustee (country)	Amazon Web Services Korea LLC (United States)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Canada)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Germany)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (United Kingdom)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Australia)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Brazil)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (France)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (India)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (S.Korea)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Japan)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Singapore)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  Trustee (country)	Amazon Web Services Korea LLC (Sweden)
  Commissioned work	Cloud service
  Items of personal information transferred	Name, date of birth, gender, race, facial picture, oral picture, X-ray picture, measurement coordinates in medical images (radiation pictures and clinical pictures), diagnosis contents, treatment plan, treatment details
  Transfer date and transfer method	When collecting personal information, it is stored in the cloud service
  Trustee contact information	12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
  Purpose of use and retention period of trustee	Cloud service provision, until the end of the consignment contract

  In addition, as described above, the four countries to which personal information (patient information) is transferred due to re-consignment are the United States, Canada, Germany, and the United Kingdom. The location of the member (the location of the doctor who collected the patient information) will determine which country the personal information of the member will be transferred to. Please refer to the table below for details.

  Countries transferred upon re-entrustment	Country of data subject (patient)
  United States	Bahamas / Belize / Bermuda / Cayman Islands / Costa Rica / Cuba / Dominica / Dominican Republic / El Salvador / Guadeloupe / Guam / Guatemala / Haiti / Honduras / Jamaica / Mexico / Montserrat / Nicaragua / Northern Mariana Islands / Panama / Pitcairn / Puerto Rico / Republic of Korea / Saint Barthelemy / Saint Kitts and Nevis / Saint Lucia / Saint Martin(French part) / Sint Maarten(Dutch part) / Tanzania / Turks and Caicos Islands / United States / United States Minor Outlying Islands / Virgin Islands
  Canada	Canada / Greenland / Saint Pierre and Miquelon
  Germany	Albania / Angola / Armenia / Austria / Azerbaijan / Belgium / Bosnia and Herzegovina / Bulgaria / Cameroon / Central African Republic / Chad / Congo / Congo / Croatia / Cyprus / Czech Republic / Egypt / Equatorial Guinea / Georgia / Germany / Greece / Holy See(Vatican City State) / Hungary / Israel / Italy / Jordan / Lebanon / Libya / Liechtenstein / Luxembourg / Macedonia / Malta / Moldova / Montenegro / Namibia / Netherlands / Niger / Nigeria / Palestine / Poland / Romania / Russian Federation / Rwanda / San Marino / Serbia / Slovakia / Slovenia / South Africa / South Sudan / Sudan / Swaziland / Switzerland / Syrian Arab Republic / Tunisia / Turkey / Uganda / Ukraine / Zambia / Zimbabwe
  United Kingdom	Guernsey / Iceland / Ireland / Isle of Man / Jersey / United Kingdom
  Australia	American Samoa / Antarctica / Australia / Cook Islands / Fiji / French Polynesia / French Southern Territories / Heard Island and McDonald Islands / Kiribati / Marshall Islands / Micronesia, Federated States of / Nauru / New Caledonia / New Zealand / Niue / Norfolk Island / Papua New Guinea / Samoa / Solomon Islands / Tokelau / Tonga / Tuvalu / Vanuatu / Wallis and Futuna
  Brazil	Anguilla / Antigua and Barbuda / Argentina / Aruba / Barbados / Bolivia, Plurinational State of / Bonaire, Sint Eustatius and Saba / Bouvet Island / Brazil / Chile / Colombia / Curacao / Ecuador / Falkland Islands (Malvinas) / French Guiana / Grenada / Guyana / Martinique / Paraguay / Peru / Saint Vincent and the Grenadines / South Georgia and the South Sandwich Islands / Suriname / Trinidad and Tobago / Uruguay / Venezuela, Bolivarian Republic of
  France	Algeria / Andorra / Benin / Burkina Faso / Cape Verde / Cote d'Ivoire / France / Gabon / Gambia / Ghana / Gibraltar / Guinea / Guinea-Bissau / Liberia / Mali / Mauritania / Monaco / Morocco / Portugal / Saint Helena, Ascension and Tristan da Cunha / Sao Tome and Principe / Senegal / Sierra Leone / Spain / Togo / Western Sahara
  India	Afghanistan / Bahrain / Bangladesh / Bhutan / Botswana / British Indian Ocean Territory / Burundi / Comoros / Djibouti / Eritrea/ Ethiopia / India / Iran, Islamic Republic of / Iraq / Kazakhstan / Kenya / Kuwait / Kyrgyzstan / Lesotho / Madagascar / Malawi / Maldives / Mauritius / Mayotte / Mozambique / Nepal / Oman / Pakistan / Qatar / Reunion / Saudi Arabia / Seychelles/ Somalia / Sri Lanka / Tajikistan / Turkmenistan / United Arab Emirates / Uzbekistan / Yemen
  Korea, Republic of	China / Hong Kong / Korea, Democratic People's Republic of / Korea, Republic of / Macao / Mongolia / Taiwan
  Japan	Japan
  Singapore	Brunei Darussalam / Cambodia / Christmas Island / Cocos (Keeling) Islands / Indonesia / Lao People's Democratic Republic / Malaysia / Myanmar / Palau / Philippines / Singapore / Thailand / Timor-Leste / Viet Nam
  Sweden	Aland Islands / Belarus / Denmark / Estonia / Faroe Islands / Finland / Latvia / Lithuania / Norway / Svalbard and Jan Mayen / Sweden

• Measures to ensure the safety of personal information (patient information): AssembleCircle takes technical and managerial measures necessary to ensure the safety of entrusted personal information (patient information) in accordance with the relevant regulations under the Personal Information Protection Act. For details on measures to ensure safety, such as restricting access to personal information (patient information), please refer to the Privacy Policy.
• Matters related to supervision, such as checking the management status of personal information (patient information): For AssembleCircle, the member has access to the status of processing of personal information (patient information) entrusted by the member, access or access status of personal information (patient information), and use for other purposes. You can request confirmation of whether to comply with the provision and re-consignment prohibition, and whether security measures such as encryption are implemented.

11. Processing of anonymous information

Anonymous information refers to information that is no longer recognizable by using any other information given with reasonable time, cost, and technology. Members may provide or disclose anonymous information to AssembleCircle and other members during the process of using the WebCeph service. In this case, the consent of the information subject (patient) in paragraph 7 is not required.

For example, photographs in which it is impossible to identify a patient by any technical means may be considered anonymous information.

AssembleCircle does not guarantee the anonymity of anonymous information provided or disclosed by the member, and all risks due to insufficient anonymization are within the scope of the member's responsibility. Before providing anonymous information, be sure to review the appropriateness of anonymization.

In addition, the anonymous information disclosed by the member in the gallery can be used freely by the AssembleCircle for new service development, etc.

11. Protection and management of personal information

AssembleCircle collects and uses the personal information included in the data entrusted by the member, including the member's personal information, only within the purpose and scope agreed by the member, and does not provide it to third parties other than AssembleCircle without the consent of the member. It is managed safely in accordance with the laws and regulations related to personal information protection.

The subject of the personal information can request the AssembleCircle to view, correct, or delete the personal information at any time, and the member can withdraw his or her consent to provide personal information to the AssembleCircle.

Details on the protection and management of personal information can be found in the Privacy Policy.

12. Member Responsibilities

If the member confirms that he/she is 19 years of age or older, the member should agree that he/she is responsible for checking and complying with these Terms and Conditions when registering as a member. If a member violates these terms and conditions, the provision of the WebCeph service may be suspended, and the account may be suspended. For example, members should not do the following actions.

1. Falsely entering member information when registering as a member, selling, transferring, lending, or providing your account to others as collateral, permitting its use, or unauthorized use of another person's account
2. Using WebCeph services for false or illegal purposes, impersonating an individual or organization, or falsely stating or falsely describing affiliation with the individual or organization.
3. Harmful, intrusive, or damaging the website for the following purposes : interfering with the operation or access of the WebCeph service, damaging the WebCeph service, hijacking the operation of the WebCeph service, or monitoring the hardware, software, or equipment. Transferring possible viruses, worms, Trojans, time bombs, spyware or other computer code, files, or programs, limiting or prohibiting the ability of others to use WebCeph services.
4. Any act of removing, blurring, or modifying copyright, trademark or other proprietary notices on the WebCeph website.

If a member does not fulfill the obligations under these terms and conditions, even if the AssembleCircle does not immediately claim the rights to the member or delays the enforcement of the rights, this does not mean that AssembleCircle has waived the above rights. If AssembleCircle decides not to exercise the right of AssembleCircle in accordance with the member's failure to fulfill its obligations under these terms and conditions, AssembleCircle will only do this through written work.

13. AssembleCircle's Responsibilities

If you experience damage due to the intentional or negligence of AssembleCircle in the process of using the WebCeph service, AssembleCircle will compensate for your damage in accordance with the relevant laws and regulations. However, AssembleCircle is not responsible for any special or punitive damages that are not normally foreseeable. Even if the above damages are caused by natural disasters or equivalent force majeure, AssembleCircle is not responsible.

AssembleCircle makes no warranties, either express or implied, as to the accuracy, appropriateness, timeliness, completeness, and reliability of the following items.

1. WebCeph service output (simulation result, etc.)
2. Content created by members in the process of using WebCeph service
3. All content included in or delivered through the WebCeph homepage
4. Medical plans established by doctors using WebCeph services and medical actions performed

WebCeph homepage may contain links to third-party websites, including social media websites such as 'Facebook' and 'Twitter', but this is provided solely for the convenience of the members, and AssembleCircle is an external website linked to the website. We do not endorse or endorse the content of social media.

WebCeph homepage may contain links to third-party websites, including social media websites such as 'Facebook' and 'Twitter', but this is provided solely for the convenience of the members, and AssembleCircle is an external website linked to the website. We do not endorse or endorse the content of social media.

You may not use WebCeph Service for any commercial or business purpose, and AssembleCircle has no responsibility for any liability or loss of any kind incurred by you as a result.

14. Member's liability

1. If a member intentionally or negligently violates the provisions of these Terms and Conditions and causes damage to AssembleCircle, the member must compensate the damage suffered by AssembleCircle.
2. In the event that AssembleCircle receives various objections, including claims for damages or lawsuits, from a third party due to illegal acts or violation of these terms and conditions of a member, the member shall indemnify AssembleCircle at his/her own responsibility and expense.

15. Provision of paid services

The basic services of the WebCeph service are provided for free use after watching advertisements, but some services may be provided as paid services. For example, tracing and basic cephalometric analysis functions of dental medical images can be used for free with advertisements, but functions such as analysis without advertisements or time-lapse video generation of treatment progress can only be used with a paid membership.

WebCeph members can apply for a paid service use contract according to the procedure provided by AssembleCircle and use the paid service after AssembleCircle's approval. However, in the following cases, it may not be accepted or the consent may be withheld.

1. If it is not your real name or if you use someone else's name
2. In case false information is entered or the required information requested by AssembleCircle is not provided
3. If it may negatively affect the status or reputation of the service
4. In case the service cannot be provided due to restrictions on the supply of the service provided by the paid service
5. If you are a member who has a history of requesting content that violates these terms and conditions

In principle, WebCeph members use the paid service provided by AssembleCircle after paying the usage fee. The payment method for the fee for the paid services provided by AssembleCircle is based on credit card payment, but there may be differences in the payment method for each paid service. In the case of a service for which regular monthly payment is made, monthly payment is automatically made unless you request cancellation of the regular payment. In the case of a service for which regular yearly payment is made, yearly payment is automatically made unless you request cancellation of the regular payment.

AssembleCircle may periodically request members' personal information that is essential for payment, and WebCeph members must accurately provide personal information requested by AssembleCircle.

16.Cancellation of use of paid services

If you wish to cancel the paid service use contract, WebCeph members can apply for cancellation of the paid service at any time by using the menu provided in the service, and AssembleCircle will process it promptly as stipulated by law.

The cancellation of the paid service use contract is established by the WebCeph member's application for cancellation of the paid service use contract and the approval of AssembleCircle.

If the application for termination of the paid service use contract is established by the approval of AssembleCircle, the termination will be processed after the period of use for the current subscription term is over, and regular payment will no longer occur. Paid service benefits are maintained normally until the last day of the current subscription term.

If you cancel a subscription service (e.g., monthly subscription service, yearly subscription service), you will not receive a refund for the service you have already paid for.

In the case of one-time payment products (e.g., content products, cyber money, etc.) that are not subscription services, you can cancel through WebCeph customer service center within 7 days from the payment date. You must notify WebCeph customer service center (admin@assemblecircle.com) of your intention to cancel by e-mail, and AssembleCircle will refund within 5 business days after confirming the member's request and refund policy of WebCeph. WebCeph members cannot receive a refund for one-time payment products that have passed 7 days from the payment date.

If you want to use the service again after canceling the contract for using the paid service, you can apply for the paid service again using the menu provided in the service.

17. Delivery of opinions and improvements

Members may provide comments or feedbacks for the improvement of WebCeph services at any time through the WebCeph Service Customer Center (admin@AssembleCircle.com).

18. Dispute resolution

The relationship between AssembleCircle and the member in relation to these terms and conditions or the WebCeph service is governed by Korean law. Any dispute arising between the AssembleCircle and the member, any dispute arising out of these terms and conditions or in connection with the WebCeph service will be resolved in accordance with the procedures stipulated in the Korean Civil Procedure Act.

19. Amendment of Terms and Conditions

AssembleCircle may revise these Terms and Conditions within the scope of not violating relevant laws and regulations. If these Terms and Conditions are revised, we will notify you in advance about the reason for the revision and the effective date. You can send your opinion on the revision of the terms from the date the revised terms are posted on the WebCeph website to the effective date.

In the event of a change to the terms and conditions that are unfavorable to the member, the change will be notified on the WebCeph website 30 days before the change date. If your opinion is not communicated to the AssembleCircle by the notified effective date, you are deemed to agree to the revised terms and conditions. If you do not agree to the revised terms and conditions, we may not be able to provide you with WebCeph services subject to the revised terms and conditions.

For the purposes of the Clauses:

1. 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

2. 'the data exporter' means the controller who transfers the personal data;

3. 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

4. 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

5. 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

6. 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

The details of the transfer and in particular the special categories of personal data where applicable are as follows:

• Data exporter

The data exporter is a member of WebCeph, who collects personal data from a patient and transfers the personal data to the AssembleCircle Corporation through the WebCeph service for consigning the processing of personal data

• Data importer

The data importer is AssembleCircle Corporation, and will consign processing of the personal data to a subprocessor, such as Amazon Web Services Korea LLC (United States, Canada, Germany, England)

• Data subjects

The personal data transferred concern the following categories of data subjects: Patients who have consented to the processing of their personal data to WebCeph member

• Categories of data

The personal data transferred concern the following categories of data: Name, date of birth, contact information, address, prescription contents by date of examination, diagnosis details, intraoral photos and scans, facial part photos

• Special categories of data

The personal data transferred concern the following special categories of data: Prescription contents by date of examination, diagnosis details, intraoral photos and scans, facial part photos

• Processing operations

When collecting personal data, it is stored in the cloud service, and it can be accessed and processed.

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

The data exporter agrees and warrants:

1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Clause 13;
4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
5. that it will ensure compliance with the security measures:
6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
7. to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
8. to make available to the data subjects upon request a copy of the Clauses and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
9. that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
10. that it will ensure compliance with Clause 4(a) to (i).

The data importer agrees and warrants:

1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
3. that it has implemented the technical and organisational security measures specified in Clause 13 before processing the personal data transferred;
4. that it will promptly notify the data exporter about:

1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
2. any accidental or unauthorised access, and
3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information;
8. that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
9. that the processing services by the subprocessor will be carried out in accordance with Clause 11
10. to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
2. to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) are as follows:

• that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
• that it has implemented the technical and organisational security measures specified in Clause 13 before processing the personal data transferred;

Copyright © AssembCircle. All rights reserved. WebCeph and the WebCeph logo are registered trademarks of AssembleCircle Corp.

Announcement Date: August 23, 2021
Effective Date: September 1, 2021