Privacy Policy
This Privacy Policy describes the security and personal information collection and use measures taken by Tong-In Korean Medicine Clinic (hereinafter referred to as the clinic) to protect the personal information of customers who make reservations using the clinic's website.
We value your privacy and comply with the Personal Information Protection Act, and through this Privacy Policy, we will inform you of the purpose and manner in which the personal information you provide is used and what measures are being taken to protect your personal information.
- Items of personal information to be collected and methods of collection
- Purpose of collecting and using personal information
- Entrusting the handling of collected personal information and transferring it overseas
- Measures to ensure the safety of personal information
- Retention and use period of personal information
- Procedures and methods for destroying personal information
- Rights of users and legal representatives and how to exercise them
- Protection of children's personal information
- Method of refusal of consent and withdrawal of consent / withdrawal of membership
- Installation/operation of automatic personal information collection devices and refusal thereof
- Personal information protection officer and person in charge
- Matters concerning changes to the privacy policy
1. Items of Personal Information to be Collected and Method of Collection
The personal information processing items of the clinic are as follows when making a reservation through the website, and personal information is collected through the website. In addition, personal information provided for medical treatment when visiting the clinic is provided through a separate personal information agreement.
Classification of personal information items
When making a reservation on the website - Name, nationality, date of birth, email address
2. Purpose of collecting and using personal information
The clinic uses the collected personal information for the following purposes. All collected information will not be used for any purpose other than the following, and prior consent will be obtained if the purpose of use is changed.
- Reservation and reservation inquiry through the website
3. Entrusting the handling of collected personal information and transferring it overseas
In principle, we do not entrust the processing of personal information to others without your consent. However, in order to provide better services and customer convenience, we currently entrust the processing of personal information with your consent as follows.
Subcontractors | Outsourcing | Items of personal information entrusted | Personal Information Retention Period | Subcontractors and subcontracted tasks |
PREDAQ | Operation and maintenance of the website | All personal information collected on the website, etc. | Until the end of the outsourcing contract | See below |
Through the consignment business contract, the clinic stipulates compliance with laws and regulations related to personal information protection, confidentiality of personal information, responsibility in case of accidents, consignment period, and obligation to return or destroy personal information after the end of processing, and manages to comply with them. The personal information provided by the clinic to PREDAQ may be re-consigned for reservation confirmation.
Outsourcing Company Information
- Mailjet
- Processor: Mailjet (part of Sinch Email)
- Custodian's location: France (Mailjet's headquarters are based in
Paris, France)
- When and how: Ongoing, through the use of an online
communication platform, such as email services or API
integrations.
- Contact details of the data controller: privacy@mailgun.com
- Items of personal data we outsource
- Medical department
- Name
- Email
- Nationality
- Date of birth
- Reservation date
- Consignment: Mailjet is responsible for managing email communication services, including:
- Sending notifications related to patient reservations
- Sending appointment reminders
- Sending other medical-related communications (e.g., confirmations, follow-up messages)
- Retention and use of personal information: Personal data will be retained and used only for as long as necessary to fulfill the purposes of the email communication services. Once the information is no longer required or upon the user's request, the personal data will be deleted or anonymized, in accordance with data protection laws and retention periods outlined by relevant regulations.
- Predaq
- Custodian: PREDAQ
- Location of the Controller: 13F, 416, Hangang-daero, Jung-gu, Seoul, Republic of Korea
- Date and method of consignment: Ongoing, via online communication methods, including email communication and API integration
- Contact information of the data controller: Jaesung Joh (johjaesung@gmail.com), Tel: +82-10-3894-6761
- Items of personal data we outsource
- Medical department
- Name
- Email
- Nationality
- Date of birth
- Reservation date
- Description of consignment: PREDAQ is responsible for maintaining the web service that manages patient reservations, sending email notifications (such as appointment reminders), and handling medical-related communication via integrated email services with Mailjet. Additionally, PREDAQ oversees technical maintenance, updates, and operational support for the web service and the associated email functionalities.
- Retention and use of personal information: Personal information will be retained and used for as long as necessary to provide the services. This includes the duration required for handling patient reservations, email communications, and service maintenance. The data will be deleted upon the user's request or when no longer needed for operational or legal purposes.
4. Measures to ensure the safety of personal information
We take the following measures to ensure the safety of personal information.
to ensure the safety of personal information.
- administrative measures: establishment and implementation of internal management plans, operation of a dedicated organization, and regular employee training
- Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information,
installation and update of security programs
- Physical measures: Strict Access Control and Secure Storage of Administrative PCs
5. Retention and use period of personal information
The clinic destroys your personal information without delay when the purpose of collecting personal information or the purpose for which it was provided is fulfilled.
- In case of medical appointment: When the appointment business is over
- However, even if the purpose of collection or the purpose provided has been fulfilled, we may retain your personal information if it is necessary to preserve it in accordance with the provisions of laws and regulations such as the Commercial Act.
6. Procedures and methods of destruction of personal information
After the purpose of collecting and using personal information has been achieved, the Company will destroy the information without delay according to the storage period and usage period. The procedure and method of destruction are as follows.
The procedure of destruction
Destruction Procedure After the business related to the reservation is completed, the information is deleted or destroyed in accordance with internal policies and other relevant laws and regulations.
Destruction Method
- Personal information in the form of electronic files will be deleted using technical methods that do not allow the records to be reproduced.
- Personal information printed on paper will be destroyed by shredding or incineration.
7. Rights of users and legal representatives and how to exercise them
All customers may request access, correction, deletion, and suspension of their personal information processed by the Company. However, the Company may refuse or restrict such requests in the following cases.
- If there are special provisions in the law or it is necessary to comply with legal obligations.
- If there is a risk of harming the life or body of another person or unreasonably infringing on the property and other interests of another person.
- If we have not clearly stated our intention to terminate the contract with the information subject if we do not process personal information.
Methods and Procedures for Exercising Rights
- If the customer requests access, verification or correction of personal information, the Company shall respond to the customer's request in good faith, and if it is recognized that it is necessary to correct or delete the personal information, such as if it is found that the personal information contains errors or has exceeded the retention period, the Company shall correct or delete the personal information without delay.
- If a customer's representative visits and requests to view and verify the personal information, we will verify whether the representative is a true representative by presenting proofs such as a power of attorney indicating the representation relationship, the customer's identification card, and the representative's identification card.
- How to withdraw personal information
- You may withdraw your consent to the collection, use, or provision of your personal information.
- When a customer withdraws consent to the collection, use, or provision of personal information in person, the Company shall verify the identity of the customer and take necessary measures without delay, such as destroying the personal information, unless otherwise stipulated by law.
- A legal representative may withdraw consent to the collection, use, or provision of personal information of a child under the age of 14, and may request access to personal information provided by a child under the age of 14 or correction of errors.
8. Protection of Personal Information of Children
- We take measures to protect children and their legal representatives from being disadvantaged by personal information provided by children under the age of 14 (hereinafter referred to as ''children'').
- The Company shall obtain the consent of the child's legal representative when performing the following acts on the child's personal information.
- Collecting personal information for the child's service subscription or using the child's personal information beyond the scope notified at the time of service subscription or specified in the Terms of Service or providing it to a third party.
- If the person to whom the personal information of the child is provided uses the personal information for purposes other than the purpose for which it was provided or provides it to a third party.
- In order to obtain the consent of the legal representative, we may require the minimum necessary information such as the legal representative's name and resident registration number. In this case, the purpose of collecting, using or providing personal information and the need for the consent of the legal representative shall be notified to the child in plain language that the child can easily understand.
- We will not use the personal information of the legal representative collected to obtain the consent of the legal representative for any purpose other than to verify whether the legal representative has consented or provide it to a third party.
9. How to refuse consent and withdraw consent / withdraw membership
You may refuse to consent to the collection of personal information when making a reservation on the website, and if you do not consent, it may be difficult to use the service.
You may withdraw your consent to the collection, use, and provision of personal information when making a reservation on the website at any time. If you contact the person in charge of personal information protection in writing, by phone or fax, we will take necessary measures such as destroying your personal information without delay.
10. Personal Information Protection Officer and Person in Charge
In accordance with Article 31 (1) of the Personal Information Protection Act, we have a person in charge of personal information protection to protect your personal information and handle complaints related to personal information. If you have any questions regarding personal information, please contact the person in charge of personal information protection below. We will respond to your inquiries promptly and in good faith.
Name: Seung Hwan Lee
Telephone: (02)725-7510
Email: wooricare@naver.com
You may report any complaints related to personal information protection arising from the use of our services to the person in charge of personal information protection or the department in charge. We will provide a prompt and sufficient response to your report. If you need to report or consult about other personal information infringement, please contact the following organizations.
- Personal Information Dispute Mediation Committee 1833-6972 (http://kopico.go.kr)
- Personal Information Infringement Report Center 118 (http://privacy.kisa.or.kr)
- Cyber Investigation Division of the Supreme Prosecutors' Office 02-3480-3570 (http://spo.go.kr)
- National Police Agency Cyber Safety Bureau 182 (http://cyberbureau.police.go.kr)
11. Changes to the Privacy Policy
This privacy policy will be applied from September 13, 2024.
- Date of announcement and effective date: September 13, 2024