1. What Privacy Policy Means for Our Users

BTMEDI Inc. (‘https://www.koreamedis.com’ or ‘https://www.koreamedis.co.kr’ or ‘KoreaMedis’ - hereinafter referred to as the "Company") pays attention to the collection and management of personal information and is committed to protecting such data. This Privacy Policy covers the scope and procedure in which your personal information is collected, how it is used and the scope of consignment, and the scope of third-party provision. In particular, this Privacy Policy covers the personal information collected and used in the course of the Service, subject to the Company's Terms of Service. Users may browse the Company's website or use some services without providing personal information to the Company, but the provision of personal information to be viewed below is required in order to use the functions of the Company's website as a whole service.

Privacy Policy has the following important implications.

• Privacy Policy provides transparent information in relation to the “life cycle of personal information,” such as the information collected by Company, how the collected information is used, with whom the information is shared when necessary, and when and how the information is destroyed once it fully serves its purpose.
• Privacy Policy informs users, the information subjects, their rights regarding their personal information as well as the methods and procedures to exercise such rights.
• Where the privacy infringement takes place, Privacy Policy guides you who to contact and what kind of help you should expect in order to prevent further damage and restore the damage you have already sustained.
• Above all, it defines the rights and duties of Company and users in relation to personal information and a means to guarantee the Right to Informational Self-determination among users.

The Company discloses its privacy policy in the terms and conditions of the website, so that you can easily see it at all times.

 

2. Purpose of processing personal information

The Company collects the personal information of users required to create a website account for the purpose of basically authenticating the identity for the use of the service and managing the authenticated user in this way. These purposes include verifying the user's intention to join, identifying and verifying basic identity, checking the maintenance of the minimum required qualifications for the use of the Service, preventing attempts to fraudulently use the Service by circumventing these qualifications, handling complaints to improve the quality of the Company's service, and communicating notices relating to the Company's policies.

The Company may collect the user's health information and medical records necessary for the efficient provision of medical service and non-medical service provided to the user through the Terms of Use of the Service.
The Company may collect some of the user's personal information and health information for the purpose of providing basic information about various services, promoting new services, or providing opportunities to participate in events.

In addition, the Company may collect and process personal information for the purpose of statistics and validation of service use for service inspection and improvement.

3. Target and method of collection of personal information

When you access our website, we automatically receive certain technical data, and you may provide additional information. The data information we automatically collect depending on your access includes information about the computers, phones, tablets, or other devices you use to access the Site, as well as information about the types of connections you have with these devices, the operating system, browser type, IP address, URL, device identifier, etc. of such devices.

We also use cookies for analytical purposes, and you can disable cookies in your browser settings at any time if you wish to do so.  Passport information 

For users who wish to register for an account, the Company collects information about their name, mobile phone number, residential address, gender, date of birth, e-mail address, passport information for hospital reservations, debit card or credit card necessary for payment, or account information, depending on the user's input. In the case of such information, the collection is made by voluntarily entering the entry items necessary for account generation on the website, but the collection may be made by fax, landline, e-mail, or via face-to-face consultation.

On the other hand, users who wish to receive more quality services may, at their option, provide the Company with information about their health (checkup information, counseling information, body specifics, etc.) or any information related to medical personnel (past medical institutions and medical facilities, consultation records, MRI scans, X-ray scans, surgical or other surgical procedures, etc.). Furthermore, the Company may collect all information related to past medical treatment or consultation from medical institutions other than the user's consent.

All of the above collected subjects and methods are subject to the user's voluntary and freely granted consent (by a statement or by a clear affirmative action), and the user is free to withdraw such consent, and the effect of withdrawal will occur after such withdrawal has been reached.

4. Processing sensitive information

With the express consent of the information subject, the Company may process genetic information of the information subject, biometric information that can uniquely identify natural persons, health information, sex life and sexual orientation information (hereinafter referred to as "Sensitive Information").

5. Destruction of Personal Information 

If the user's personal information is terminated after the account is created, the reason for the termination, withdrawal, etc., or other reasons arise, or if the user withdraws his/her consent to the processing of personal information through an email or a form or requests the deletion of personal information, the user's personal information will be converted to a state that cannot be processed. However, if there is a period of time specified in the relevant laws and regulations separately, it is necessary to observe the period.

6. Provision & Entrustment of Personal Information

You may entrust the processing of personal information collected to third parties in order to efficiently operate the Company's medical service and non-medical service. In the event of such a consignment, the Company shall inform the user of the basic information about the third party entrusted in advance, the contents of the consignment work, and the scope of personal information processed.

In order to provide medical services and non-medical services to users more effectively, the Company may provide health information or medical team information provided by users to medical institutions associated with the Company. In addition, the Company may provide the payment agency with information collected from the user in connection with payment of the selected product or refund of the product for which the subscription was withdrawn. In this case, the Company shall inform the user in advance of the scope of the personal information provided in this regard, the medical institution to be provided, and the payment agent, and go through the procedure to obtain individual consent for it.

However, the Company may provide personal information to a third party through non-identification measures without the user’s consent in accordance with the relevant laws and regulations, considering whether the information subject is penalized to the extent reasonably related to the purpose of collection, whether or not it has taken necessary measures to ensure safety such as encryption.

The company's officials who have handled or handled personal information in order to provide the Company's services do not obtain or obtain consent to the processing of personal information by false or other fraudulent means or methods in connection with the provision of such personal information to third parties. In addition, we do not divulge or provide unauthorized use of personal information learned in this process, nor do we damage, destroy, alter, falsify, or leak another person's personal information without justifiable authority or beyond the permitted rights.

 

 

7. Actions Taken to Protect Personal Information

We provide physical, electronic, and procedural safeguards to protect the personal information we collect and manage. For example, we take reasonable operational and technical measures to restrict access to personal information. More specifically, the data received by the Company may only be used by authorized employees and contractors. The company also uses encryption and other safeguards to ensure that the data is secure. These measures are reasonably designed to help protect personal data from loss, unauthorized intrusion, disclosure, alteration or destruction.

Despite the efforts of these companies, the website and network systems are not fully protected or completely prevented from risk. Therefore, the Company cannot guarantee or warrant the security of the information you transmit through the Website, and you are at your own risk. In this regard, if you have any reason to believe that your interactions with our website or services are no longer secure, please contact info@koreamedis.com in writing immediately.

8. Personal information about minors

The Company does not and will not collect personal data directly from children under the age of 14. The Company may process data from children under the age of 14 only at the request of a parent or guardian and only after confirming the identity of the parent/guardian and their authority to represent the child. In this regard, if you are a parent or guardian and are interested in your child's personal data, please contact info@koreamedis.com

9. Rights of Users & Legal Representatives and Exercising Those Rights

We provide you with the ability to delete your data if you choose to do so, at any time. Please email us with your request from the email you used to set up an account with us by emailing us at info@koreamedis.com.

 

-Users can go to ‘Home >My page> My information’ to view or update their personal information and request access to their personal information at any time.

 

-Users are entitled to request a suspension of processing their personal information at any time, and Company may refuse the request for suspension of processing if special provisions in the statute provide otherwise.

 

-Users can go to ‘Membership Withdrawal’ to revoke their consent to the collection and use of their personal information at any time.

 

-If the user is under the age of 14, the child’s legal representative has the right to view and update the child’s personal information, and to revoke his/her consent to the collection and use of the child’s personal information.

 

-If a user requests the correction of errors in his/her personal information, the relevant personal information will not be used or provided until the correction is made. In addition, in the event where the incorrect personal information has already been provided to a third party, Company will notify the third party of the corrected information without delay to ensure that the necessary correction is made.

 

-If the Company has already disclosed personal information to a third party when requesting the deletion of the information subject, the Company shall notify the third party of the deletion of the personal information unless it is impossible or excessive efforts are made.

-Users and their legal representatives can go to ‘My page’ to personally handle their rights or go to ‘Inquire’ to send a request.

When you delete your account, you won't be able to recover your information later. To delete your account at any time, please visit the following process: ‘Home >My page> My information’ or go to `Home>Korea Medis>Service center >Online Inquiry` to send a request. 

10. Processing of personal information

The information subject may request the Company to control the processing of personal information in the following cases, and the Company shall implement it.

▮ objected to the accuracy of personal information by the data subject.

▮ if the processing of personal information is illegal, the information subject objected to deletion and instead requested restrictions on the processing of personal information.

▮ no longer requires personal information, but the data subject has requested it to exercise or defend a legal claim.

▮ the data subject objected to the processing, but it is necessary for public service or legitimate interests, and the data processor (company or trustee) is examining whether the legitimate reason outweighs the individual's cause.

However, the Company may process personal information in the event of consent of the data subject, for the purpose of demonstrating the right of legal claims, for the protection of the rights of third parties of natural persons or legal entities, or for reasons in the main public interest of the EU or member states, even though the processing of personal information is limited.

When the Company decides to lift the privacy processing, the Company notifies the information subject.

11. Right to object to the processing of personal information

The information subject may indicate to the Company that he/she intends to object to direct marketing, the processing of personal information based on the company's legitimate interests or public interest duties, and the exercise of job rights, scientific historical research, and statistical purposes.

The Company shall take the following measures if requested by the information subject.
 

▪ Processing for direct marketing
The Company will stop processing personal information as soon as it receives the counter-indication.
The Company shall allow the information subject to make counter-demands to the marketing process at any time and shall handle it free of charge.
The Company shall inform the data subject of these rights and expressly present them separately from other information.

▪ processing based on the legitimate interests or performance of public duties and the exercise of job rights
The Company shall suspend the processing of personal information if there is a counter-intention of the information subject, unless it proves a legitimate basis that is more important and stronger than the interests claimed by the information subject, or for the purpose of confirming the legal right of claim.

12. Transfer of personal information

We may need to process your personal information outside of your country of residence in the course of providing the Services. In such cases, the Company will use appropriate safeguards (e.g., contractual data protection provisions) to ensure that additional personal information is protected, along with the provisions of this Privacy Policy.

13. Destruction of personal information

In principle, the Company destroys personal information without delay if the purpose of processing personal information is achieved. Company strictly destroys personal information immediately after the user withdraws membership.

However, if the Company has obtained separate consent from users regarding the retention period of personal information or if the laws and regulations impose duties to retain information for a certain period, personal information may be stored safely during the designated period..

The procedures, deadlines and methods for destruction are as follows:

▪ The information entered by the user will be destroyed immediately after the purpose is achieved. However, Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period. At this time, personal information transferred to a DB or a separate storage location will not be used for any other purpose unless required by law.

▮ Relevant statutes of Republic of Korea
Relevant statutes, including the Act on the Consumer Protection, in Electronic Commerce, Etc., the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act, require Company to store the information for a certain period of time under the following circumstances. Company stores personal information during the set period under the provisions of the statutes and in no case will it ever store this information for any other purposes.

- Act on the Consumer Protection, in Electronic Commerce, Etc.
Records on the contract or subscription withdrawal, etc. : Stored for 5 years
Records on the payment and supply of goods, etc. : Stored for 5 years
Records on the consumer complaints or dispute settlement : Stored for 3 years

-Framework Act on Electronic Documents and Transactions
Records on the distribution of electronic documents through authorized electronic addresses : Stored for 10 years

-Protection of Communications Secrets Act
Login information : 3 months

▪ If the retention period of personal information has elapsed, the user's personal information will be destroyed within 5 days from the end of the retention period, and within 5 days from the date when the processing of personal information is deemed unnecessary when the personal information becomes unnecessary, such as achieving the purpose of processing the personal information, abolishing the service, or terminating the business.

▪ Personal information that fully serve its purpose of collection and use, by means such as membership cancellation, service termination, and/or expiration of the retention period of personal information approved by the user, is destroyed to an irreversible state.

Information required to be retained under the statutes is also destroyed to an irreversible state without delay after the expiration of the relevant period.

 

Personal information stored in electronic form is securely deleted by technical means to prevent its recovery or restoration, while written information is shredded or incinerated.

 

Please note that Company separately stores and manages or deletes the personal information of members who have not used its service for at least one year in accordance with the Personal Information Validity Period Plan.

 

14. Protection of Personal Information

The Company is responsible for the handling of personal information processing, handling complaints of information related to personal information processing in order to protect the privacy of personal data.
▶ Head of Personal Information Protection
Name: Ju, Hyung Jin
Position: Representative
Rank: CEO
Contact: + 82-31-810-9395, info@koreamedis.com, Fax: + 82-31-903-3355
 ※ Contacts lead to personal information protection department.

 
▶ Personal information protection department
Department name: Overseas marketing
Contact person: Lee, Song Yi
Contact: + 82-31-810-9395, info@koreamedis.com, Fax: + 82-31-903-3355

 

15. Measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, the Company takes technical, administrative, and physical measures necessary to ensure safety as follows:

1) Minimization and training of personal information handling staff
We have designated employees who handle personal information and implemented measures to manage personal information by confining it to the person in charge.

2) Establishment and implementation of internal management plans
We have established and implemented an internal management plan for the safe processing of personal information.

16. Notices to Users in the European Union

[User's Rights]In accordance with applicable laws such as GDPR, you may request that your personal information be transferred to another administrator and you may request that your data be refused.
You have the right to lodge a complaint with the Privacy Rights Authority.
If you request correction of an error in your personal information, we will not use or provide that personal information until you have completed the correction.
If you have any of the above requests, please contact us in writing, by phone or e-mail through the Customer Center and we will act without delay.
If you refuse to process your personal information or withdraw your consent, you may receive a service that does not require the processing of such personal information.

[Off-shore provision of personal information]The Company may transfer personal information provided by information subjects in the European Union to outside the European Union (Republic of Korea) with the express prior consent of the data subject for the purposes set forth in this Privacy Policy and to provide medical services and non-medical services to institutions within the Republic of Korea and other countries which the Company operates.
The Company thoroughly supervises the transfer process and notifies the user about the details of the personal information transferred and how to protect it when transferring personal information to a third country. The user may request the company's personal information protection officer to stop using personal information in writing or by e-mail.

17. Updates to the Privacy Policy

If the Company updates this Privacy Policy for reasons such as amendments to relevant laws and circumstances, the company will post the changes on the website. In addition, if the company changes the way in which the personal data of the user is processed, it will be notified in advance and will go through the process of requesting the user's consent before implementing the change.

▮ Notification date  : January 21, 2022

▮ Effective date : January 28, 2022