Privacy Policy

All personal information processed by Lienjang Plastic Surgery Clinic (hereinafter referred to as the “Clinic”) is collected, retained, and processed based on relevant laws and regulations. The Personal Information Protection Act sets forth the general norms for the handling of such personal information. The Clinic shall legally and properly process the personal information it collects, retains, and processes in accordance with the provisions of these laws to ensure the proper performance of public duties and the protection of the rights and interests of the data subjects (information subjects). Furthermore, the Clinic respects the rights and interests of data subjects, including the right to access, request correction/deletion, and request suspension of processing of personal information held by the Clinic, as stipulated by relevant laws. Data subjects may file an administrative appeal regarding the infringement of these statutory rights and interests, as prescribed by the Administrative Appeals Act.

In accordance with the Personal Information Protection Act, the Clinic has established the following Privacy Policy to protect the personal information and rights of data subjects and to smoothly handle any grievances related to personal information. If the Clinic revises the Privacy Policy, it will be announced through the website’s notice board (or individual notification).

Article 1. Items of Personal Information Collected and Methods of Collection

When collecting personal information, the Clinic provides advance notice of the scope and purpose of collection on the application form or in the terms of use, in accordance with relevant laws and regulations. The personal information items collected are as follows:

1) Items Collected Upon Website Membership Registration

① Items collected: Name, ID, Password, Residential Area, Mobile Phone Number, Email, Access Logs, Cookies, Access IP Information

② Method of collection: website (membership registration)

※ The following information may be automatically generated and collected during the service use process or service provision tasks: Service usage records, access logs, cookies, access IP information.

2) Items Collected During Medical Treatment (Diagnosis/Consultation)

① Required items: Hospital Registration Number, Name (Korean), Date of Birth, Address, Email, Possibility of Pregnancy, Reason for Visit

② Health information: Personal Health Information deemed necessary by the medical staff for the provision of medical services.

3) Items Collected When Paying Medical Fees

① Credit Card Payments: Card Company Name, Card Number, and other credit card payment approval information.

※ In case personal information is collected for a specific, short-term purpose, it will be separately announced and collected.

4) Methods of Personal Information Collection

① Collection via: Homepage, written forms, fax, telephone, consultation bulletin boards, Email.

Article 2. Purpose of Collection and Use of Personal Information

The Clinic utilizes the collected personal information for the following purposes. All information provided by the user will not be used for any purpose other than those necessary for the objectives listed below, and prior consent will be obtained if the purpose of use is changed.

① Procedure for identity verification for diagnosis/examination/reservation inquiries and medical treatment.

② Services for diagnosis and treatment.

③ Administrative services such as medical fee billing, payment collection, and refunds.

④ Issuance of medical fee statements, itemized statements, various certificates, and dispatch of medication/supplies and test results.

⑤ Consignment of online/offline tests and request for external examinations.

⑥ Securing communication channels to assist in handling complaints/grievances.

⑦ Legal and administrative responses and measures for quality control of medical care and hospital operations.

⑧ Minimum analysis data necessary for education and research.

⑨ Guidance on treatment information, academic information, and hospital information.

⑩ Service guidance for publicity/marketing purposes.

Article 3. Matters Concerning the Processing of Personal Information of Children Under the Age of 14

The Clinic does not collect personal information from children under the age of 14. This means that medical treatment and services are not available for individuals under the age of 14, and consequently, there is no provision for a legal guardian to exercise the rights of a member child under the age of 14.

Article 4. Retention and Use Period of Personal Information

In principle, personal information is destroyed without delay once the purpose of its collection and use has been achieved. However, the following information is retained for the period specified below due to the reasons stated:

① Retention items: Name, Gender, Login ID, Password, Home Phone Number, Mobile Phone Number, Email

② Grounds for retention: The Clinic’s Website Terms of Use / Article 15 of the Enforcement Regulations of the Medical Service Act (Retention of records related to medical treatment)

③ Retention period: Destroyed upon withdrawal of membership / 10 years for medical records.

Article 5. Procedure and Method for the Destruction of Personal Information
In principle, the Clinic destroys personal information without delay once the purpose of its collection and use has been achieved. The procedure and method for destruction are as follows:

① Destruction Procedure
Information entered by the member for membership registration is transferred to a separate database (or a separate document cabinet in the case of paper) after its purpose has been achieved. It is then stored for a certain period and subsequently destroyed, according to internal policies and information protection reasons mandated by other relevant laws (refer to the Retention and Use Period). Personal information transferred to a separate database will not be used for any purpose other than retention, except in cases mandated by law.

② Method of Destruction
Personal information stored in electronic file format is deleted using technical methods that prevent the reproduction of the record. Personal information printed on paper is destroyed by shredding or melting.

Article 6. Provision of Personal Information to Third Parties

① The Clinic shall process the data subject’s personal information only within the scope specified in Article 2 (Purpose of Processing Personal Information). The Clinic shall provide personal information to a third party only in cases falling under Article 17 and Article 18 of the Personal Information Protection Act, such as the consent of the data subject or specific provisions in the law. The Clinic shall not provide the data subject’s personal information to a third party otherwise.

② The Clinic provides personal information to third parties as follows:

Atium Co., Ltd. (㈜에이티움)

-Recipient of Personal Information: Atium Co., Ltd.

-Purpose of Use by Recipient:

① For handling tasks related to patient identity verification, medical appointment, and cancellation.

② Guidance on clinic use and information on new services or events.

③ Mobile guidance regarding medical treatment, appointments, scheduled admissions, and scheduled examinations.

-Items of Personal Information Provided: Name, ID, Password, Gender, Mobile Phone Number, Email, Residential Area

-Recipient’s Retention/Use Period

① The personal information retention period is the same as that of the data collection institution. However, this is limited to cases of termination/cancellation of the contract with the personal information collection institution.

Note: The right to refuse consent exists. If consent is refused, medical appointments may be impossible, which may compromise patient convenience and satisfaction.

Active BH Co., Ltd. (주식회사 액티브비에이치)

-Recipient of Personal Information: Active BH Co., Ltd.

-Purpose of Use by Recipient: Guidance on self-managed mall event information.

-Items of Personal Information Provided: Name, ID, Gender, Mobile Phone Number, Email, Residential Area

-Recipient’s Retention/Use Period: ① The personal information retention period is the same as that of the data collection institution. However, this is limited to cases of termination/cancellation of the contract with the personal information collection institution.

Article 7. Matters Concerning the Outsourcing of Personal Information Processing

① The Clinic outsources personal information processing tasks to external specialized companies to provide better services, facilitate customer convenience, and ensure smooth business operations, as detailed below. The Clinic uses outsourcing agreements to stipulate and manage compliance with personal information protection laws, confidentiality of personal information, prohibition of provision to third parties, liability in case of incidents, duration of consignment, and the obligation to return or destroy personal information after processing is completed. Through this management, the Clinic ensures that personal information is handled and managed safely.

-Consignment company: Atium Co., Ltd. (㈜에이티움)

-Consignment work details: IT-related tasks, providing information on new services and events, and CCTV management

-Entrusted personal information: Name, hospital registration number, date of birth

Personal information retention period: Until the end of the consignment contract

② We will immediately disclose any changes to the details of the consigned tasks or the recipient (consignee) through this Privacy Policy.

Article 8. Rights and Obligations of the Data Subject and Legal Guardian, and Method of Exercise

① The data subject may exercise the rights to access, request correction/deletion, and request suspension of processing of personal information against the Clinic at any time.

※ A minor data subject aged 14 or older may exercise their rights concerning their personal information either by themselves or through their legal representative.

② These rights may be exercised against the Clinic through written documents, email, FAX, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. The Clinic will take action without delay.

③ These rights may also be exercised through a representative, such as the data subject’s legal representative or a person who has received delegated authority. In this case, a Power of Attorney in the form prescribed by Attached Form No. 9 of the “Notice on the Method of Handling Personal Information (No. 2020-7)” must be submitted.

④ The rights to request access and suspension of processing of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act in the following cases:

–Where there are special provisions in the law or it is unavoidable for the purpose of complying with statutory obligations.

-Where there is a risk of harming the life or body of another person or unduly infringing on the property and other interests of another person.

-Where it is difficult to fulfill a contract, such as being unable to provide the services agreed upon with the data subject if the personal information is not processed, and the data subject has not clearly stated the intention to terminate the contract.

⑤ A request for correction and deletion of personal information cannot be demanded if that personal information is explicitly designated as a subject of collection in other laws or regulations.

⑥ When a data subject requests access, correction/deletion, or suspension of processing based on their rights, the Clinic confirms whether the person making the request is the data subject themselves or a legitimate representative.

Article 9. Measures Taken to Ensure the Security of Personal Information

The Clinic takes the following measures to ensure the security of personal information:

1) Administrative Measures

① Establishment and Implementation of Internal Management Plans

The Clinic establishes and implements internal management plans for the safe processing of personal information.

② Minimization and Training of Personnel Handling Personal Information

The Clinic designates employees who handle personal information and implements measures to manage personal information by assigning differentiated authority levels to each person in charge.

③ Regular Internal Audits

Regular internal audits are conducted to ensure security related to the handling of personal information.

2) Technical Measures

① Encryption of Personal Information

Important personal information is encrypted during storage and transmission. Separate security features, such as using file encryption functions even when utilized within the “Clinic,” are also employed.

② Technical Measures Against Hacking, etc.

The Clinic installs security programs, conducts periodic updates and checks to prevent leakage and damage of personal information due to hacking or computer viruses, and installs systems in areas where external access is controlled, conducting technical/physical monitoring and blocking.

③ Restriction of Access to Personal Information

Necessary measures are taken to control access to personal information by granting, changing, or revoking access rights to the database systems that process personal information, and unauthorized external access is controlled using a firewall system.

④ Storage and Prevention of Forgery/Alteration of Access Records

Records of access to the personal information processing system are stored and managed for at least one year, and security features are used to prevent forgery, alteration, theft, or loss of access records.

3) Physical Measures

① Use of Locking Devices for Document Security

Documents and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.

② Access Control for Unauthorized Persons

Separate physical storage locations, such as personal information systems where personal information is stored, are maintained, and procedures for controlling access to these locations are established and operated.

Article 10. Matters Concerning the Installation/Operation of Automatic Personal Information Collection Devices and the Refusal Thereof

The Clinic operates ‘cookies,’ which frequently store and retrieve your information. A cookie is a very small text file sent by the server used to operate the Clinic’s website to your browser, and it is stored on your computer’s hard disk. The Clinic uses cookies for the following purposes:

① To analyze the connection frequency or visiting time of members and non-members, and to understand the user’s tastes and interests, using this as a measure for service reorganization.

② To track your visit count during various events conducted by the Clinic, utilizing this data to provide differentiated information based on individual interests.

You have the right to choose whether to install cookies. Therefore, by setting options in your web browser, you can allow all cookies, require a confirmation every time a cookie is stored, or refuse the storage of all cookies.

Article 11. Chief Privacy Officer (CPO)