Privacy policy
Privacy policy
UPIC Clinic Personal Information Processing Policy
All personal information handled by U-Pick Clinic (hereinafter referred to as “hospital”) is collected, retained, and processed in accordance with relevant laws and regulations. The Personal Information Protection Act sets forth general norms for the handling of such personal information, and hospitals use personal information collected, retained, and processed in accordance with the provisions of these laws to properly perform public affairs and protect the rights and interests of information subjects . In addition, the hospital will handle the personal information held by the information subject legally and appropriately, including requests for viewing, correction, deletion, and suspension of processing, in accordance with the relevant laws and regulations. Rights and interests are respected, and the information subject may request an administrative trial in accordance with the Administrative Appeals Act for violations of such legal rights and interests.Hospitals provide information subjects in accordance with the Personal Information Protection Act. In order to protect personal information and rights and to smoothly handle the grievances of information subjects related to personal information, we have the following personal information handling policy. When revising the personal information handling policy, we will post a notice on the website (or individual Notice will be announced through notice.
Article 1. Personal information items collected and collection methods
When collecting personal information, the hospital provides prior notice of the scope and purpose of collection when applying for membership or in the Terms of Use in accordance with relevant laws and regulations. Personal information collection items are as follows.
a. Items collected when registering as a member of the website
① Items collected: name, ID, password, area of residence, mobile phone number, email, access log, cookie, access IP information< /span>① Collection through website, written form, fax, phone, consultation bulletin board, email, etc.D. Personal information collection method※Personal information provided in the short term for other specific purposes When collecting, we will notify you separately and collect it.① When paying by credit card: Card payment approval information such as card company name and card number② Health Information: Personal health information deemed necessary by medical staff to provide medical services, such as medical history and family history. Items collected when paying medical expenses① Required items: hospital registration number, name (Korean), date of birth, address, e-mail, marital status, route of visitB. Items collected during treatmentService usage records, access logs, cookies, access IP information※The following information may be automatically generated and collected during the service use process or service provision process.
② Personal information collection method: Homepage (membership registration)
Article 2. Purpose of collection and use of personal information
The hospital uses the collected personal information for the following purposes. All information provided by users will not be used for purposes other than those necessary for the following purposes, and prior consent will be requested if the purpose of use changes.
① Medical treatment/testing/reservation inquiry and treatment Identity verification process
② Services for diagnosis and treatment
③ Medical service such as billing, payment, refund, etc.
④ Sending medical expenses invoices, statements, certificates, and sending medicines/goods and results
⑤ Entrustment of online/offline testing, request for external testing
⑥ Handling of complaints/grievances, etc. Securing communication channels to help
⑦ Legal and administrative responses and measures for medical quality management and hospital operation
⑧ Minimum necessary for education and research Analysis data
⑨ Medical information, academic information, hospital information information
⑩ Service information for promotional/marketing purposes (e.g. text messaging for event information, etc.)
Article 3. Period of retention and use of personal information
In principle, after the purpose of collecting and using personal information has been achieved, the information is destroyed without delay. However, the following information is preserved for the specified period for the reasons below.
① Preservation items: name, gender, login ID, password, home phone number, mobile phone number, email >< /span>③ Preservation period: Destruction upon Withdrawal of membership/medical treatment record 10 years
② Basis for preservation: Terms of use of our website/Medical Law Enforcement Rules Article 15 (Preservation of records related to medical treatment)
Article 4. Procedure and method for destroying personal information
In principle, the hospital destroys the information without delay after the purpose of collecting and using personal information has been achieved. The destruction procedures and methods are as follows:
a. Destruction Procedure
The information entered by the member for membership registration, etc. is transferred to a separate DB (in the case of paper, a separate filing cabinet) after the purpose is achieved, and information is protected in accordance with internal policies and other related laws. Depending on the reason (see retention and use period), it is stored for a certain period of time and then destroyed. Personal information transferred to a separate DB will not be used for any purpose other than that for which it is retained, unless required by law.
B. Method of destruction
Personal information stored in electronic file format is deleted using a technical method that renders the record unrecoverable. Personal information printed on paper is shredded or dissolved in a shredder.
Article 5. Provision of personal information to a third party
①The hospital processes the personal information of the information subject only within the scope specified in Article 2 (Purpose of processing personal information) , and requires the consent of the information subject and the law. Personal information is provided to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including special regulations.
②The hospital provides personal information to third parties as follows.
1. Atium Co., Ltd.
-Recipient of personal information: Atium Co., Ltd.
-Purpose of use of personal information of the recipient:– Personal information items provided: name, ID, password, gender, mobile phone number, email, residential area③ Medical treatment, Mobile guidance on reservations, hospitalization plans, and test schedules② Information on hospital use and new hospital services and event information
① To process tasks related to patient confirmation and treatment reservations and cancellations① The retention period of personal information is the same as that of the information collection agency. However, this is limited to cases where the contract with the personal information collection agency has been terminated② You have the right to refuse consent. If you refuse consent, you will not be able to make a medical appointment, thereby improving patient convenience and satisfaction. This may be hindered
2. ActiveBH Co., Ltd.
-Recipient of personal information: ActiveBH Co., Ltd.
-Purpose of use of personal information of the recipient: Company mall event information information-Retention and use period of the recipient: ① The personal information retention period is Same as information collection agency. However, this is limited to cases where the contract with the personal information collection agency has been terminated
-Provided personal information items: name, ID, gender, mobile phone number, email, residential area a>
Article 6. Matters regarding entrustment of personal information processing
① In order to provide better services and provide customer convenience, etc., the hospital entrusts and operates personal information processing tasks to an external professional company as follows. there is. Through consignment business contracts, etc., the hospital complies with laws and regulations related to personal information protection, maintains confidentiality of personal information, prohibits provision of personal information to third parties, assumes responsibility in the event of an accident, entrustment period, and has the obligation to return or destroy personal information after processing. We regulate and manage compliance to ensure that personal information is managed safely.
consignor | Consignment work details | Entrusted personal information | Personal information retention period |
---|---|---|---|
Atium Co., Ltd. | Computer-related work, new service and event information information, CCTV management | Name, hospital registration number, date of birth, etc. | Until the end of the consignment contract |
② If the contents of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 7. Rights of users and legal representatives and how to exercise them
If a customer requests to view, correct, or delete personal information, the hospital will faithfully respond to the customer’s request and process it without delay. . In order to protect personal information, we do not provide procedures for viewing, correcting, or deleting personal information of customers through phone, mail, fax, or other application methods other than through customer visit.
a. Viewing personal information
① Customers may visit the hospital and request viewing of personal information, and we will respond promptly.
B. Correction/deletion of personal information
① When a customer requests correction/deletion of personal information, the hospital recognizes that correction/deletion is necessary, such as when it is determined that the personal information contains an error. In such cases, corrections and deletions will be made without delay. The hospital may request supporting materials necessary to verify the facts of the correction or deletion.
② If a customer requests to view, correct, or delete his/her personal information, the customer’s identity must be confirmed. You will be presented with an identification document such as a resident registration card, passport, or driver’s license to confirm your identity.
③ The hospital has a legitimate reason for refusing to view, correct, or delete all or part of your personal information. If so, we will notify the customer and explain the reason.
④ The legal representative of a child under the age of 14 may request to view, correct, delete, or suspend the processing of the child’s personal information. You must submit proof of your relationship with the child and proof of identification.
Article 8. Matters related to the installation/operation of automatic personal information collection devices and their refusal
The hospital operates ‘cookies’ to store and retrieve your information from time to time. A cookie is a very small text file that the server used to run the hospital’s website sends to your browser and is stored on your computer’s hard disk. The hospital uses cookies for the following purposes.
① Analyze the access frequency and visit time of members and non-members, identify users’ tastes and interests, and measure service reform, etc. It is used as.
② It is used as data to provide differentiated information according to the individual’s area of interest by identifying the number of visits at various events held by the hospital.
You have the option to install cookies. Therefore, by setting options in your web browser, you can allow all cookies, confirm each time a cookie is saved, or refuse to save all cookies. If you refuse to install cookies, it may be difficult to provide some services.
Article 9. Personal Information Protection Manager
① The hospital is responsible for overall work related to personal information processing, and appoints a personal information manager as follows to handle complaints and provide relief for damage from information subjects related to personal information processing. Specifying it.
division | name | position | contact |
---|---|---|---|
Personal Information Protection Officer | Wookyong Lee | Representative Director | 031-625-8596 |
② Information subjects may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the hospital’s services to the personal information protection manager and responsible department. The hospital will respond and process inquiries from information subjects without delay.
Article 10. Notification obligation due to policy changes
The contents of this personal information handling policy may be changed according to changes in related laws and guidelines or changes in internal operating policy. If the hospital’s personal information handling policy changes, we will notify you through the website.
Enforcement date: December 15, 2022
If you need to report or consult about other personal information infringements, please contact the organizations below.
1. Personal Information Dispute Committee (https://www.kopico.go.kr) (without area code) 1833-6972
2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-550-9531~2)
3. Supreme Prosecutors’ Office Cyber Investigation Division (http://spo.go.kr/(without area code)1301, cid@spo.go.kr)
4. National Police Agency Cyber Safety Bureau (http://cyberbureau.police.go.kr/02-3150-2659)
Article 11. Change in personal information processing policy
① This personal information processing policy is effective from December 15, 2022.
Image information processing device operation and management policy
This hospital uses and manages the image information processed by this hospital for what purposes and in what manner through the image information processing device operation and management policy. We will let you know if it is working.
Article 1. Basis and purpose of installation of image information processing equipment
This hospital installs and operates image information processing equipment for the following purposes in accordance with Article 25, Paragraph 1 of the Personal Information Protection Act. >
① Facility safety and fire prevention
② Crime prevention for customer safety
Article 2. The basis and purpose of installation of video information processing devices
The number of installed units, location, and shooting range of video information processing devices are as follows.
① Number of installed devices: Total 16 Large
② Installation location and shooting range: Within the hospital
Article 3. Person in charge of management and person with access rights
In order to protect the video information of the information subject and handle complaints related to personal video information, we have a person in charge of personal video information protection as follows.
division | name | department | contact |
---|---|---|---|
Personal video information protection officer | Heo Shin-young | Counseling team | 4630hes@naver.com |
Personal video information protection manager | Binna Lee | medical team | zlzlr8@naver.com |
Article 4. Shooting time, storage period of video information
The shooting time, storage period, and storage location of video information are as follows.
① Shooting time: 24 hours③ Storage location: Hospital server room
② Storage period: Within 14 days from the date of filming
Article 5. Matters regarding the method and location of checking personal video information
① How to check: You can check by contacting the person in charge of video information management in advance and visiting the hospital.
② Confirmation location: In the hospital
Article 6. Measures in response to the information subject’s request to view video information, etc.
If the information subject wishes to view, confirm the existence of, or delete personal video information, he or she may make a request to the operator of the video information processing device at any time. However, it is limited to personal video information recorded by you and personal video information clearly necessary for the urgent benefit of the life, body, and property of the information subject. If a request is made to view, confirm the existence of, or delete personal image information, the hospital will take necessary action without delay. Despite the information subject’s request for viewing, etc., the request to view personal video information, etc. may be refused in the following cases. In this case, the information subject will be notified in writing of the reason for refusal and the method of objection within 10 days. < /span>② Location: Hospital server room
① How to check: You can check by contacting the video information manager in advance and visiting the hospital.
Article 7. Measures to ensure the safety of video information
The video information processed by this hospital is managed safely through encryption measures, etc. In addition, as a management measure to protect personal video information, this hospital grants differential access rights to personal information. In order to prevent forgery or falsification of personal video information, the date and time of creation of personal video information, purpose of viewing, viewer, and viewing information. Dates, times, etc. are recorded and managed. In addition, we are installing a locking device to ensure safe physical storage of personal video information.
Article 8. Matters regarding changes to personal information handling policy
This video information processing device operation and management policy was enacted on December 15, 2022, and content may be added or deleted in in accordance with changes in laws, policies, or security technology. If there are any modifications, we will notify the reason and details of the changes on the hospital’s website at least 7 days prior to implementation.
Effective date: December 15, 2022
If you need to report or consult about other personal information infringements, please contact the organizations below.
1. Personal Information Dispute Committee (https://www.kopico.go.kr) (without area code) 1833-6972
2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-550-9531~2)
3. Supreme Prosecutors’ Office Cyber Investigation Division (http://spo.go.kr/(without area code)1301, cid@spo.go.kr)
4. National Police Agency Cyber Safety Bureau (http://cyberbureau.police.go.kr/02-3150-2659)