Privacy Policy of Inseong Medical Corporation (hereinafter referred to as 'the Company')
The Company, in accordance with Article 30 of the Personal Information Protection Act, establishes and discloses the following Privacy Policy to protect the personal information of data subjects, promptly and efficiently handle related complaints:
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and in case of changes in the purposes of use, separate consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.
Provision of Services
Processing of personal information for the purpose of confirming the identity of customer center inquiries, verifying customer center inquiry details, and notifying inquiry processing results.
Article 2 (Processing and Retention Period of Personal Information)
The Company retains the personal information of users for one month to provide services. However, if there is a deletion request from the user, it will be processed for deletion according to Article 7 (Destruction of Personal Information).
Article 3 (Third-Party Provision of Personal Information)
The Company does not provide the personal information of data subjects to third parties.
Article 4 (Outsourcing of Personal Information Processing)
The Company does not outsource personal information collected without the consent of users.
Article 5 (Rights of Users and Legal Representatives and How to Exercise Them)
The data subject may exercise the following rights regarding personal information protection against the Company:
Request for access to personal information
Request for correction in case of errors
Request for deletion
Request for suspension of processing
The exercise of rights under paragraph 1 may be made to the Company in writing, by phone, email, facsimile (FAX), etc., and the Company will promptly take necessary measures.
If the data subject requests correction or deletion of personal information under paragraph 1, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
The exercise of rights under paragraph 1 may be made through a legal representative or a delegate authorized by the data subject. In this case, a power of attorney according to the format provided in Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
The data subject must not violate the Personal Information Protection Act or other relevant laws when exercising the rights under paragraph 1, causing infringement of personal information and privacy of the data subject or others.
Article 6 (Personal Information Items Processed)
The Company processes the following personal information items:
Receipt of customer center inquiries on the homepage
Required items: Name, contact information, email, inquiry list, inquiry content, consent to the collection and use of personal information
The following personal information items may be automatically generated and collected during the use of internet services:
IP address, cookies, MAC address, service usage records, visit records, records of improper use, etc.
Article 7 (Destruction of Personal Information)
When personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose, the Company promptly destroys the relevant personal information.
If the retention period agreed upon with the data subject has expired or if personal information must be retained according to other laws despite the expiration of the processing purpose, the Company transfers the personal information to a separate database or retains it in a different storage location.
The procedure and method of personal information destruction are as follows:
Destruction Procedure: The Company selects personal information for disposal, obtains approval from the Company's Personal Information Protection Manager, and destroys the personal information.
Destruction Method: Personal information recorded and stored in electronic file format is destroyed to make it irreproducible using methods such as low-level format, and personal information recorded and stored on paper documents is shredded or incinerated.
Article 8 (Ensuring the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.
Physical Measures: Access control to computer rooms, data storage rooms, etc.
Article 9 (Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information)
The Company uses 'cookies' to store and periodically retrieve user information to provide individualized customized services.
Cookies are small pieces of information sent by the server (http) operating the website to the user's computer browser, and they may be stored on the hard disk of users' computers.
a. Purpose of using cookies: Cookies are used to understand the visit and usage patterns of users for each service and website visited, popular search terms, and whether secure connections are used, in order to provide optimized information to users.
b. Installation, operation, and rejection of cookies: Users can refuse to store cookies by adjusting the options in the Tools > Internet Options > Privacy menu of the web browser. However, refusing to store cookies may cause difficulties in using customized services.
Article 10 (Personal Information Protection Manager)
The Company is responsible for overseeing the overall handling of personal information, including the resolution of complaints and remedies related to personal information processing. The Company has designated a Personal Information Protection Manager as follows:
▶ Personal Information Protection Manager
Name: OOO
Position: OOO
Contact: <Phone Number>, <Email>, <Fax Number>
※ Connects to the Personal Information Protection Department.
▶ Personal Information Protection Department
Department: OOO Team
Person in charge: OOO
Contact: <Phone Number>, <Email>, <Fax Number>
Users may contact the Personal Information Protection Manager and the responsible department for any inquiries, complaints, and remedies related to personal information protection while using the Company's services or business. The Company will respond promptly to inquiries from data subjects.
Article 11 (Request for Access to Personal Information)
Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act from the following department. The Company will make efforts to promptly process data subjects' requests for access to personal information.
▶ Department for Reception and Processing of Requests for Access to Personal Information
Department: OOO
Person in charge: OOO
Contact: <Phone Number>, <Email>, <Fax Number>
Article 12 (Remedy for Violation of Rights)
Data subjects can inquire about remedies, consultations, etc., regarding personal information infringement to the following institutions:
▶ Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
Jurisdiction: Reporting personal information infringement, applying for consultation
Website: privacy.kisa.or.kr
Phone: 118 (without area code)
Address: 3rd Floor, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324 Personal Information Infringement Report Center
▶ Personal Information Dispute Resolution Committee
Jurisdiction: Applying for personal information dispute resolution, group dispute
