Personal information handling policy
- Types of personal information collected and collection method;
- Collection of personal information and purpose of its use;
- Transfer and sharing of personal information;
- Consigned processing of personal information collected;
- Matters concerning procurement to secure the safety of personal information;
- Duration of storage and use of personal information;
- Right to refuse collection and use of personal information and disadvantage upon refusal;
- Procedure and method of destruction of personal information;
- Rights and practicing methods of users and their legal representatives;
- Protection of personal information of children;
- How to revoke the consent / withdraw membership;
- Installation/operation of automatic collection device for personal information and matters concerning its refusal;
- Matters concerning operation/management of visual data processing devices;
- The person responsible for the management of personal information;
- Obligation of notice upon the policy changes;
1. Types of personal information collected and collection method
The Company only collects minimal personal information required to access the service during membership registration. There are required items and optional items during membership registration in order for you to access the services provided by the Company, and there is no restriction upon the use of the services even if you choose not to make entries into optional items, such as whether to accept emails.
[Types of personal information collected during registration for general membership]
Required items: Name, ID, password, gender, date of birth, cell phone number, e-mail address
Optional items: Whether to accept e-mail. The following information may be automatically generated and collected during the course of accessing the service or processing the business providing services; Records of service accesses, access log, cookie and access IP information.
[Collection Method of Person Information]
Personal information shall be collected by means of the following methods: Collection through home page, written form, FAX, telephone, Q&A message board, e-mail and collection tool of generated information (a collection tool identical with the visitor analysis tool).
2. Collection of personal information and purpose of its use
The Company utilizes personal information collected for the following purposes. All information provided by users shall not be used for any purposes other than the followings, and prior consent shall be obtained when the purpose of its use ever changes.
- Statistics on Use of Service
- Communication channel for delivery of notices and handling of customer complaints
- Data to process responses via online consultation
- Offering of new services and information on events
- Data to develop new services and to provide individually tailored services
- Collection of information for consumers pursuant to Article 54 of the Framework Act on Consumers
3. Transfer and sharing of personal information
The Company shall not use or provide third party or third party businesses/agencies your personal information beyond the scope notified in “Collection of personal information and purpose of its use” under any circumstances unless otherwise consented by you or stipulated by applicable statutes. Notwithstanding the above, the followings shall be excluded:
- Where users consent the disclosure in advance
- Where a request is made by an investigative agency pursuant to provisions of applicable statutes or in accordance with the procedures and methods prescribed in applicable statutes
- Where the information is provided after processed in a format that no longer identifies a certain individual in cases where required for statistical purposes, academic researches and market surveys
4. Consigned processing of personal information collected
The Company outsources the personal information as follows, specifies the matters concerning prevention of personal information processing for other purposes than the outsourced purpose, technical and managerial safeguards of personal information, restriction on re-outsourcing and responsibilities for management, supervision and compensation for damages to an outsourcee through a document pursuant to Article 26 of the Personal Information Protection Act and supervises whether the outsourcee safety processes personal information.
Outsourcee Details of outsourced works Duration of storage and use of personal information
HEALTHHUB Co., Ltd. Operation and management of official website Until termination of consignment agreement
5. Matters concerning procurement to secure the safety of personal information
[Minimization and training for employees processing personal information]
The Company minimizes the designation of persons processing personal information and conducts regular training programs for those personnel.
[Implementation of in-house audit on regular basis]
The Company implements in-house audits on regular basis at least once a year in order to procure the safety with regard to processing of personal information.
[Establishment and implementation of internal management plans]
The Company establishes and implement internal management plans in order to ensure safe processing of personal information.
[Encryption of personal information]
Password from the personal information of users can only be recognized by the user him/herself as it is encrypted, stored and managed, and other important data is being handled through separate security features, such as encryption of files and transmitted data.
[Technical measures in preparation for hacking, etc.]
The Company has installed and updates and inspects a security program in order to prevent the personal information from being divulged or damaged by hacking or computer virus, and it also has installed a system at a location with limited accesses and monitors and blocks through technical and physical means.
[Restriction on access to personal information]
The Company takes necessary measures to restrict the access to personal information by graining, modifying and erasing the authority to access the database system processing personal information and controls unauthorized access from the outside by means of firewall system.
[Preservation of access records and prevention of forging/altering]
The Company retains and manages the records accessing the personal information processing system for at least 6 months and employs security features in order to prevent the access records from being forged, altered, stolen or lost.
[Restriction on access by unauthorized personnel]
The Company separately reserves a physical location to retain the personal information system retaining personal information and establishes and operates procedures restricting the access to the system.
6. Duration of storage and use of personal information
The Company destroys your personal information without delays when the purpose of collection or intended use of personal information is fulfilled. In cases of information on membership registration: In cases of collecting personal information for the purpose of survey or events when membership is withdrawn or a member is expelled: In cases of collecting personal information for the purpose of services when the survey or events during the given year are completed. Notwithstanding the above, the Company may retain your personal information when required to retain it due to provisions of applicable statutes, such as the Commercial Act, even if the purpose of collection or intended use is fulfilled.
7. Right to refuse collection and use of personal information and disadvantage upon refusal
You have a right to refuse to consent the collection and use of personal information. Membership registration shall be allowed even when optional information is not given; however, access to the Company news and survey services through e-mail shall not be available. Despite the above, membership registration shall not be allowed if minimum required information for management of members is not provided.
8. Procedure and method of destruction of personal information
The Company shall immediately destroy personal information when “collection of personal information and purpose of its use” is fulfilled. Procedures and methods of destruction shall be as follows:
Information entered by a user for the purpose of membership registration shall be immediately destroyed by destruction methods after the intended purpose is fulfilled.
- Personal information stored in an electronic file format shall be deleted by means of technical methods to such an extent that it not revivable.
- Personal information printed out on a paper shall be pulverized with a pulverizer or destroyed through incineration.
9. Rights and practicing methods of users and their legal representatives
The Company shall sincerely respond to demands from customers to access, correct and delete the personal information, and shall immediately take care of such demands. In order to protect the personal information, the Company shall not offer procedures to access, correct and delete personal information of customers by means of telephone, postal mail, facsimile or other methods except personal visits.
[Access to personal information]
A customer may request to access personal information by visiting the Company in person, and the Company shall promptly respond to such request.
[Correction/deletion of personal information]
The Company shall correct or delete the personal information without delay when a customer requests to correct or delete the personal information and when the personal information is deemed necessary to correct or delete as the personal information is discovered to be erroneous. The Company may request evidentiary materials required to verify facts of the details to be corrected or deleted.
① When a customer requests to access, correct and delete the personal information, the Company shall diligently respond to and immediately handle the customer’s request. In order to protect the personal information, the Company shall not offer procedures to access, correct and delete personal information of customers by means of telephone, postal mail, facsimile or other methods except personal visits.
② When a customer requests to access, correct and delete his/her own personal information, the Company shall verify his/her identification by obtaining a certificate of personal identification, including a certificate of resident registration, passport and driver’s license.
③ When a representative of a customer pays a visit in person and requests for access, correction and deletion, the Company shall verify the authenticity of the representative concerned by reviewing the power of attorney, consent form and identification certificate of the representative concerned.
④ When there is a just ground to refuse accessing, correcting and deleting whole or part of the personal information, the Company shall notify the customer concerned of the refusal and provide an explanation.
10. Protection of personal information of children
A legal representative of the Child may request to access, correct and delete the Child’s personal information. When intending to access, correct and delete the Child’s personal information, the legal representative shall go through a procedure to authenticate his/her identification and then may directly access, correct and delete the Child’s personal information.
11. How to revoke the consent / withdraw membership
You may withdraw your consent to collection, use and provision of personal information during membership registration at any time. You may execute your membership withdrawal at the menu of modification of personal information after logging into the official website; subsequently, the Company shall take necessary measures, including destruction of your personal information, immediately upon withdrawal of membership.
12. Installation/operation of automatic collection device for personal information and matters concerning its refusal
The Company operates ‘cookies’ designed to store and search your personal information on frequent basis. The term, ‘cookie,’ means a small text file used to operate the official website of the Company and sent to your browser by the server, which shall be stored on the hard disc of your computer. The Company shall use the cookie for the following purposes: The Company utilizes the cookie as a yardstick to reorganize services by analyzing the access frequency and visiting hours of regular members and non-members and understanding the preference and interested fields of the users. And the Company uses the cookie to provide individually tailored services upon the following visit of users by tracking the information concerned the web pages visited and traces of interested pages. You have options concerning installation of cookies. Hence, you reserve a right to allow all cookies, go through verification procedure every time cookies are stored or refuse to store all cookies by setting up the option at the web browser.
Examples of Configuration Methods
- For Internet Explore: From the upper tool menu of the web browser, Menu > Internet Option > Personal Information > Configuration
- For Chrome: From the configuration menu at the right side of web browser, Configuration Menu > Display Advanced Setup at the lower screen > Setup Button for the content of personal information > Cookie (If you refuse the installation of cookie, there may be difficulties with provision of some services.)
13. You may file the Company all complaints related to protection of personal information incurred during the course of accessing the services of the Company, and the Company shall offer you feedbacks to your filing of complaints in a prompt and sufficient manner. If you need to report or discuss all other matters concerning infringement of your personal information, please contact the following agencies.
- Individual Dispute Resolution Committee (http://www.1336.or.kr / 1336)
- Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
- High-Tech and Financial Crimes Investigation Division, Supreme Prosecutors' Office (http://www.spo.go.kr / (02) 3480-2000)
- Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr / (02) 392-0330)
14. Obligation of notice upon the policy changes
Date of Notice: March 10, 2020
Date of Enactment: March 1, 2020