All personal information handled by Medizen Humancare (hereinafter referred to as ""Company"") is collected, retained, and processed based on relevant laws and regulations or with the consent of the information subject.
This policy has been in effect since February 17, 2014.
The company will treat personal information collected, held, and processed in accordance with the provisions of the Act and subordinate statutes in order to properly perform public affairs and protect the rights and interests of the information subject. In addition, the company respects the rights and interests of users, such as the right to request perusal and correction of personal information held by the company, and you can apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or Personal Information Infringement Report Center operated by the Korea Internet Security Agency. The company's privacy policy is based on the current Personal Information Protection Act. This is to inform you that this policy applies to all websites operated by the company unless otherwise explained. However, if the responsible organization (team, division, etc.) within the company establishes and implements a separate personal information processing policy for the related statutes, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., it shall be posted on the website operated by the organization.
- 1. Purpose of processing personal information
- 2. Processing and retention period of personal information
- 3. Providing personal information to third parties
- 4. Outsourcing of personal information processing
- 5. Rights, obligations, and methods of action of information subjects
- 6. Processing of personal information items
- 7. Destruction of personal information
- 8. Measures to secure the safety of personal information
- 9. Person in charge of personal information protection
- 10. 만14세 미만의 아동의 개인정보보호
- 11. 개인정보침해 관련 상담 및 신고
1. Purpose of processing personal information
The company does not use personal information for any purpose other than the following, and will process it with consent if the purpose of use is changed:
- 1) Service delivery
- Personal information is processed for the purpose of providing services such as self-certification, certificate issuance (education certificate), national domain registration, spam civil complaint, identity theft complaint processing, and overseas advancement consultation.
- 2) Processing civil complaints
- Personal information is processed for the purpose of viewing personal information, correcting and deleting personal information, requesting to stop processing personal information, reporting personal information leakage, receiving and processing personal information infringement reports, spam complaints, and hacking reports.
2. Processing and retention period of personal information
The company processes and retains personal information based on statutes or within the scope of its consent from the information subject.
Processing and retention during the period of receiving Medizen Humancare services.
3. Providing personal information to third parties
Personal information collected and held by the company shall not be provided to a third party without the consent of the user, and personal information may be provided to a third party in the following cases:
- 1) If the information subject has obtained a separate consent
- 2) If there is a special provision in the Act or it is inevitable to comply with the obligations under the Act
- 3) Where the information subject or his legal representative is unable to express his/her intention or obtain prior consent due to an unknown address, etc., and is clearly deemed necessary for the urgent benefit of the information subject or third party
- 4) Where personal information is provided in a form that is not recognizable to a particular individual as necessary for the purpose of statistical preparation and academic research
If the company provides personal information to a third party, the following items will be notified to the information subject and the consent will be obtained:
- Name (corporation or organization) and contact information of the recipient
- Purpose of use of personal information of the recipient, items of personal information provided
- Period of personal information possession and use of personal information by the recipient
- Fact that there is a right to refuse consent and details of the disadvantage if there is a disadvantage due to the refusal of consent
4. Outsourcing of personal information processing
In principle, the company shall not outsource the processing of personal information to another person without the consent of the user. However, if the company outsource the processing of personal information to a third party, it shall be outsourced pursuant to Article 26 of the Personal Information Protection Act (Limitation to Personal Information Processing Subsequent to Outsourcing of Work) according to the following documents:
- 1) Matters concerning the prohibition of processing personal information other than the purpose of performing outsourced affairs
- 2) Matters concerning technical and management protective measures for personal information
- 3) Other matters prescribed by the Presidential Decree for the safe management of personal information:
- Purpose and scope of outsourced work
- Matters concerning restrictions on re-outsourcing
- Matters concerning measures to secure safety, such as restrictions on access to personal information
- Matters concerning supervision, such as inspection of the management status of personal information held in connection with outsourced affairs
- Matters concerning liability, such as compensation for damages, etc. where a trustee violates his/her obligations to comply with pursuant to Article 26 (2) of the Act
5. Rights, obligations, and methods of action of information subjects
As an information subject, the user may take action on the following rights:
- 1) Request to access personal information: The company's personal information files may be required to be viewed in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, the request for perusal of personal information may be restricted as follows pursuant to Article 35 (5) of the Personal Information Protection Act:
- A. Where access is prohibited or restricted by law
- B. Where there is a risk of harming another person's life or body or of unjustly infringing on another person's property and other interests
-
C. If any of the following duties cause significant disruption, examination of educational background, function and employment, and qualification examination
- Matters concerning the ongoing evaluation or judgment of compensation, payment, etc.
- Work on audits and investigations under other laws
- 2) Request for correction and deletion of personal information: The subject may request the company to correct or delete personal information pursuant to Article 36 (Rectification or Erasure of Personal Information) of the Personal Information Protection Act. However, if the personal information is specified for collection in other statutes, it cannot be requested to delete it.
- 3) Request for suspension of personal information processing: The subject may request the company to suspend the processing of personal information pursuant to Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act. In addition, the legal representative of a child under the age of 14 may request the company to review, correct, delete, and suspend the child's personal information. However, a request for suspension of processing of personal information may be rejected pursuant to Article 37 (2) of the Personal Information Protection Act.
- A. Where there is a special provision in the Act or it is inevitable to comply with the obligations under the Act
- B. Where there is a risk of harming another person's life or body or of unjustly infringing on another person's property and other interests
- C. Where it is impossible to perform the duties prescribed by other laws unless a public institution processes personal information
- D. In the case where it is difficult to fulfill a contract, such as failing to provide services agreed with the information subject without processing personal information, the information subject has not clearly expressed his intention to terminate the contract
- 4) For requests for perusal, correction, deletion, and suspension of personal information, the company shall notify of its actions within ten (10) days. Requests for perusal, correction, deletion, and suspension of processing of personal information can be made through the relevant department, and the request form is as shown in attached Form 1.
- 5) You can make actions of your rights under the above conditions through a legal representative of the information subject or a delegated representative. In this case, you must submit a power of attorney in attached Form 2.
6. Processing of personal information items
The company collects and retains personal information only by the regulations of statutes and the consent of the information subject. The main personal information files collected and held by the company based on the provisions of the Act are as follows:
< Company name, customer name, phone number, mobile number, email, website address >
7. Destruction of personal information
In principle, the company shall destroy the personal information without delay if the period of personal information has expired or the purpose of processing has been achieved. However, this is not the case if it is to be preserved in accordance with other laws. Procedure, date, and method of destruction are as follows:
- 1) Destruction procedure
- Information entered by users shall be destroyed in accordance with internal policies and related laws after the retention period has expired or the purpose of processing has been achieved.
- 2) Destruction date
- The user's personal information shall be destroyed within five (5) days from the end of the period of personal information, or within five (5) days from the date when it is deemed unnecessary to process personal information.
- 3) Destruction method
- When destroying personal information processed by the company, destroy it in the following ways:
- For electronic file types: Permanently delete in an unrecoverable manner
- For records, printed materials, written documents, or other media other than the form of electronic files: shredding or incineration
8. Measures to secure the safety of personal information
According to Article 29 of the Personal Information Protection Act, the company takes technical, management, and physical measures necessary to secure safety as follows:
- 1) Establishing and implementing an internal management plan
- The company establishes and implements an internal management plan ('14.1.6) in accordance with the criteria for Personal Information Safety Measure (Notices 2011 - 43 of the Ministry of the Interior and Safety).
- 2) Minimizing the designation of personal information handlers and education
- The company minimizes the designation of personal information handlers and provides regular education.
- 3) Restrict access to personal information
- By granting, altering, and eliminating access to personal information database systems, unauthorized access from outside is controlled using intrusion blocking systems and intrusion prevention systems. The personal information handler uses a virtual private network (VPN) when connecting to the personal information processing system from outside through an information and communication network. In addition, the details of authorization, change, or cancellation are recorded, and the records are kept for at least three (3) years.
- 4) Storage of access records and prevention of forgery
- The company keeps and manages records (web logs, summary information, etc.) accessed in the personal information processing system for at least 6 months, and manages access records to prevent forgery, theft, and loss.
- 5) Encryption of personal information
- The user's personal information is encrypted and stored and managed. The company also uses separate security features, such as encrypting sensitive data for storage and transfer.
- 6) Technical countermeasures against hacking, etc.
- In order to prevent personal information leakage or damage caused by hacking or computer viruses, the company installs security programs, updates, checks, and installs systems in areas where access is restricted from outside, where the areas are supervised and blocked technically and physically.
- 7) Access control for unauthorized persons
- The company establishes and operates access control procedures for the personal information system where personal information is stored separately.
9. Person in charge of personal information protection
If you have any questions about personal information protection, or if you have questions about personal information infringement report/processing, you can consult using the Personal Information Infringement Report Center operated by the Korea Internet Security Agency.
* For phone inquiries: call +82-118 (Ext. 2), email inquiries: privacy@kisa.or.kr
Please contact below to process the personal information that the company has:
개인정보 보호책임자
Person responsible for personal information protection: |
Team |
Medizen Humancare Business Support Headquarters |
Name |
Kim Hee Jung |
Phone |
02-555-9806 |
Email |
help@medizencare.com |
개인정보 보호담당자
Person in charge of personal information protection: |
Team |
Medizen Humancare Business Support Headquarters |
Name |
Cho Ga Eun |
Phone |
02-555-9806 |
Email |
help@medizencare.com |
10. Changing the Privacy Policy
This personal information processing policy has been applied since April 28, 2016.
Previous privacy policies can be found below.
11. Relief methods for infringement of rights and interests
In order to receive relief due to personal information infringement, the information subject may apply for dispute resolution or consultation, such as the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center operated by the Korea Internet Security Agency, etc. In addition, contact the following institutions for reporting and consulting on personal information infringement:
· Personal Information Infringement Report Center
- 1) Personal Information Dispute Mediation Committee: +82-118 (Ext. 2)
- 2) Supreme Prosecutors' Office Forensic Science Investigation Department: +82-2-3480-3571 (http://www.spo.go.kr)
- 3) Korean National Police Agency Cyber Bureau: +82-1566-0112 (http://www.netan.go.kr)
- A person who has been infringed by the right or profit by the head of a public institution for a request under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may request an administrative trial.
- ※ For more information on administrative judgment, please visit the Korea Ministry of Government Legislation website (http://www.moleg.go.kr)