PRIVACY POLICY

A-top Plastic Surgery Clinic (hereinafter referred to as the ‘Main’) considers the protection of personal information on the Internet very important, and does its utmost to ensure that the personal information provided to the Head Office is protected by users when using it. . Accordingly, the company has created a personal information protection policy based on relevant laws and regulations that an information and communication service provider must comply with, such as the Communication Secret Protection Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communication Network Utilization. This personal information processing policy may be changed from time to time due to changes in government laws and guidelines or the internal policy of the company, and if there is any change, the company immediately reflects the relevant information in the personal information processing policy posted on the homepage’s initial screen I am doing it. Through this privacy policy, users will be able to understand how and for what purpose the collected personal information is being used and how it is securely protected.

[The order of this privacy policy is as follows.]

1. Items and methods
of collection of personal information to be collected 2. Purpose of collection and use of
personal information 3. Provision and sharing of
personal information 4. Retention and use period of
personal information 5. Destruction procedure and method of personal information
6. User and Rights of the legal representative and how to exercise it
7. How to withdraw consent / withdrawal of membership
8. Matters concerning the installation / operation of the automatic collection device of personal information and its rejection
9. Matters related to the operation / management of video information processing equipment
10. Matters regarding safety measures
11. Personal information manager
12. Notice obligation according to policy change
13. Consignment of handling of collected personal information

1. Items and methods of collecting personal information

When registering as a member, we collect only the minimum personal information necessary to use the service. The information collected for you to use the service of this application has mandatory and optional items that are entered when you sign up for membership, and there are no restrictions on the use of the service even if you do not enter optional items such as whether or not to receive mail.

end. Items collected during treatment

-Required items: Name (Korean), address, and contact
information-Health information: Personal health information deemed necessary by medical staff to provide medical services such as medical history and family history.
※ Unique identification information and medical information must be retained by medical law.
(We do not receive separate consent for collecting medical information.)

I. Items to be collected when registering on the website

-Required items: ID, password, name, e
– mail -Optional items: contact information (phone number, mobile phone number)
-Sensitive information: past medical history, surgical history, surgery of interest
-In the process of using the service or providing services, The same information can be automatically generated and collected without your consent. (Service usage record, access log, cookie, access IP information)
-Identity authentication (mobile phone authentication / ipin authentication): Name, identity, value for ipin members, ipin number, date of birth, gender, ID, password, contact information (email address, Mobile phone number), legal representative information for under 14, subscription authentication information

All. Items to be collected when receiving medical expenses

-When paying by credit card: credit card approval information such as card name and card number

la. How to collect personal information

-Personal information is collected in the following ways.
Homepage (member registration, real-time consultation, online reservation, online consultation, etc.), written form, fax, telephone, email

2. Purpose of collecting and using personal information

We use the collected personal information for the following purposes. All information provided by the user is not used for purposes other than those required for the following purposes, and prior consent will be obtained when the purpose of use is changed.
– identification procedures for the treatment / test / booking inquiries and medical-diagnostic and services for the treatment
– medical expenses claimed, storage, refunds, etc. wonmu services
– medical expenses bill, invoice, a certificate of dispatch and drugs / items and sending the results
-care Providing medical information to other medical institutions that have been commissioned and returned-
Securing communication channels to assist in disseminating notices and handling complaints / grievances-
Materials for handling online consultation responses-
Providing information on new services and events
-Managing medical quality, Legal and administrative responses and measures for the operation of the main office-
Minimum analysis data required for education and research
-Information on medical information, academic information,
and main office-Use of reference materials for smooth service provision during consultation and treatment
-In accordance with Article 52 of the Consumer Basic Law Collecting information for one consumer

3. Provision and sharing of personal information

This application uses your personal information beyond the scope notified in 『Purpose of Collection and Use of Personal Information』 or to other or other companies or organizations in any case, except with the consent of the relevant laws or regulations. Not provided.

However, the following cases are exceptions.
-When users agree to the disclosure in advance
-In accordance with the provisions of laws and regulations, or when there is a request from an investigative agency according to the procedures and methods prescribed in the laws for investigation purposes
-Statistics preparation • As necessary for academic research or market research When a person is processed and provided in a form that cannot be recognized

4. Retention and use period of personal information

When the purpose of collecting or receiving personal information is achieved, the company destroys your personal information without delay.

end. In the case of membership registration information: When membership is withdrawn or expelled from a member, one year has elapsed since the last login date (Article 29 of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. and Article 16 of the Enforcement Decree of the Act) b
. When collected for the purpose of surveys, events, etc .: When the surveys, events, etc. have ended
. When collected for medical purposes: Preservation according to the period specified in Article 15, “Preservation of medical records” of the Enforcement Rule of the Medical Service (patient roster: 5 years, medical record: 10 years), (preservation item: name, Address, medical information)
d. Record of consumer complaints and disputes: 3 years (Act on Consumer Protection in Electronic Commerce)
village. Records on collection / processing and use of credit information: 3 years (Act on the Use and Protection of Credit Information)
f. Record of identity verification: 6 months (Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.)
g. Records of visits: 3 months (Communication Secret Protection Act)
※ However, even if the purpose of collection or the purpose for which it was provided has been achieved, if there is a need to preserve it according to the provisions of laws and regulations such as the Commercial Act, we may retain your personal information.

5. Destruction procedure and method of personal information

This application will be destroyed immediately after the “Purpose of Collection and Use of Personal Information” is achieved. The destruction procedure and method are as follows.

end. Destruction procedure

The information entered by the user for membership registration, etc. is immediately destroyed by the following destruction method after the purpose is achieved.

I. Destroyed

When personal information becomes unnecessary when the retention period of the personal information has elapsed, or within 5 days from the end of the retention period, the purpose of processing personal information, abolition of the service, and termination of the business We destroy the personal information within 5 days from the date when it is deemed unnecessary to process the information.

All. Method of destruction

Personal information stored in the form of electronic files is deleted using technical methods that cannot reproduce the records. Personal information printed on paper is destroyed by shredding or incineration.

6. Rights of users and legal representatives and how to exercise them

When the customer requests to view, correct or delete personal information, the company will faithfully respond to the customer’s request and process it without delay. In order to protect personal information, we do not provide procedures for viewing, correcting, and deleting personal information of customers by phone, mail, fax, or other application methods other than the customer’s visit.

end. Reading personal information

Customers can request access to personal information by visiting our headquarters and respond promptly to them.

I. Correction / deletion of personal information

-When the customer requests correction / deletion of personal information, it is found that there is an error in personal information, etc. • If it is deemed necessary to correct / delet, it will correct / delete without delay. We may request evidence to correct the fact of correction / deletion. The personal information will not be used or provided until the correction is completed. In addition, if the wrong personal information has already been provided to a third party, we will notify the third party without delay of the result of the correction process so that the correction can be made.
-When a customer requests to view, correct, or delete his or her personal information, he / she checks the identity of the customer by providing identification documents such as a resident registration card, passport, or driver’s license, which indicates the customer’s identity.
-When a customer’s agent visits and requests to view, correct, or delete it, check the client’s power of attorney and consent form and the agent’s identification certificate to check whether the agent is a legitimate agent.
-If there is a legitimate reason for refusing to view, correct or delete all or part of personal information, the company notifies the customer and explains the reason.
– If you can limit the view and correct personal information
– If you or the fear harm significantly the life, health, property or rights party 3
– if that may have a significant hindrance to the work of such service providers
– Violation of laws and regulations
-Membership for children under the age of 14 (hereinafter referred to as “child”) is done through a separate form, and the consent of the legal representative is always required when collecting personal information.
-In order to obtain the consent of the legal representative, this application collects the minimum information such as the name and contact information of the legal representative from the child, and obtains the consent of the legal representative according to the method prescribed in the personal information processing policy.
-Users and legal representatives can exercise their rights by contacting the headquarters by using the Internet, telephone, or writing in connection with personal information, and the hospital takes necessary measures without delay.
※ Personal information that is required to be stored by law cannot be modified / deleted within the storage period even if requested.

7. Withdrawal of consent • How to withdraw a member

When you sign up, you can withdraw your consent to the collection, use, and provision of personal information at any time. For consent withdrawal (withdrawal from membership), click on “Withdrawal of consent (withdrawal from membership)” on the homepage to go through the verification process and then withdraw your consent directly (withdrawal from membership) or contact your personal information manager without delay. We will take necessary measures such as destruction.

8. Matters concerning the installation / operation of automatic personal information collection device and its rejection

In order to provide a customized service for users, we use ‘cookies’ that store and retrieve information from users from time to time. Cookies are small amounts of information that a website sends to your computer’s web browser and are also stored on your PC’s hard disk.

end. Purpose of Cookies

-Cookies identify the user’s computer, but do not identify each user individually. By using this cookie, we can make a more convenient service by grasping the type of visit and use for each service visited by the user and the size of the user.
-Users can choose whether to use cookies by adjusting the options of the web browser. That is, you can accept all cookies, send a notification when a cookie is installed, or reject all cookies.
-However, in order to use the service by logging in (LOG-IN) after accessing this application, users must accept cookies.

I. Cookie Installation / Operation and Rejection

-Users have the option to install cookies. Therefore, the user may allow all cookies by setting an option in the web browser, check each time a cookie is stored, or refuse to save all cookies.
-As a method of refusing to set cookies, you can accept all cookies, check each time you save cookies, or refuse to save all cookies by selecting the option of the web browser you use.
-Setting example
• For Internet Explorer: Tools menu at the top of the web browser> Internet Options> Privacy> Settings
• For Chrome: Settings menu at the right side of the web browser> Show advanced settings at the bottom of the screen> Content settings button for personal information> Cookies
-However, if you refuse to store cookies, you may have difficulty using some of our services that require login.

9. Matters concerning measures to ensure the safety of personal information

In order to ensure safety so that the personal information of customers is not lost, stolen, leaked, tampered with, or damaged, the following technologies are used. Administrative measures are being taken.[Minimization and training of personal information handling staff]We minimize the designation of personal information handlers and conduct regular training.[Periodic self-inspection] In
order to secure stability related to handling personal information, we conduct self-inspection at least once a year.[Establishment and implementation of internal management plan] For
the safe handling of personal information, we have established and implemented an internal management plan.[Encryption
of personal information ] Of the personal information of the user, the password is encrypted and stored and managed, so only the person can know it.[Technical countermeasures against hacking, etc.] In
order to prevent the leakage or damage of personal information due to hacking or computer viruses, security programs are installed, periodic updates and inspections, and systems are installed in areas where access is controlled from the outside. Monitoring and blocking.[Restrict access to personal information]We take necessary measures to control access to personal information through granting, changing, and canceling access rights to the database system that processes personal information. We control unauthorized access from the outside using an intrusion prevention system.[Access Control for Unauthorized Persons]The physical storage location of the personal information system that stores personal information is set aside, and access control procedures are established and operated.

10. Matters concerning operation / management of image information processing equipment

The company operates / manages video information processing equipment as follows.

Install based and installation purposes;
patient and facility safety, fire and crime prevention

Setup number, installation location and shooting range –
installed capacity: Total
installation location and the shooting range: The lobby, hallways, etc.

– Managing Director –
Managing Director: anyongsu, yihanjeong[Recording time and processing method of video information]Shooting time: 24 hours Shooting
processing method: Record and manage matters related to requests other than the purpose of personal video information, such as provision of third parties, destruction, and viewing, and restoration when the storage period expires Permanently delete (shred or incinerate for prints) in this impossible way.[Measures for information subject’s request for viewing video information, etc.]You can request the video information processing device operator at any time if you want to view or verify the existence of personal video information. However, it is limited to the personal video information you have taken and the personal video information required for the benefit of the information subject’s urgent life, body, and property.
In spite of requests such as viewing of information subjects, in the following cases, requests to access personal video information may be refused.
-When personal image information is stored and destroyed
-If there are legitimate reasons for rejecting requests such as viewing of other information subjects[Technical • Administrative and Physical Measures for the Protection of Image Information] The
image information processed by this application is safely managed through encryption measures. In addition, this application provides access to personal information differently as a management measure for protecting personal image information. To prevent tampering with personal image information, the purpose of creation and viewing of personal image information for viewing purposes is to be viewed. Recorded and managed. In addition, locks are installed for safe physical storage of personal video information.

11. Personal information manager

In order to protect your personal information and handle complaints related to personal information, we have the following personal information manager.

Personal Information Manager –
Managing Director: anyongsu, yihanjeong
deal squarely party: anyongsu, yihanjeong
Organization: A top plastic surgery clinics
Position: Representative wonjangnim
Phone: 02-555-0410
E-mail:
Your caused hasimyeo He used herein, the Service You can report any privacy-related complaints as the person in charge of personal information management.
We will provide prompt and sufficient answers to users’ reports.
If you need to report or consult about other personal information infringement, please contact the following organizations.

Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Supreme Prosecutors’ Office Cyber ​​Crime Investigation Division (http://www.spo.go.kr / (02) 3480-3573)
Police Agency Cyber ​​Terror Response Center ( http://www.ctrc.go.kr / (02) 392-0330)

12. Notice obligation according to policy change

This personal information processing policy was enacted on August 31, 2015, and it is added at least 7 days prior to the enforcement of the personal information processing policy that is changed when there are additions, deletions, and modifications in accordance with changes in laws, policies or security technologies. We will notify you of the reason for the change and its contents through the website.

13. Consignment of handling personal information

In order to improve the service, the member’s personal information is collected and analyzed by the consigned company, and in accordance with the relevant laws and regulations, necessary matters are prescribed so that the personal information can be safely managed in the consignment contract.
-We post information about the trustee, the scope of trust, and the scope of shared information through e-mail, telephone, or homepage.
-In the case of a consignment contract, the service provider’s strict adherence to personal information protection, confidentiality of personal information, prohibition of third-party provision, etc. are regulated and the contract contents are kept electronically.

Hospitals entrust personal information as follows for service implementation, and in accordance with related laws and regulations, necessary provisions are made for personal information to be safely managed in a consignment contract. The contents of the hospital’s personal information entrustment processing institution and consignment work are as follows.

Information net Server Hosting Homepage member information, cookies, data Until the end of the consignment contract
Consignee Consignment Item Retention and use period
The hospital regulates compliance with laws related to personal information protection, confidentiality of personal information, prohibition of provision of third parties, consignment periods, and the obligation to return or destroy personal information after the end of processing through contracts, etc. We manage to comply.

Announcement date: June 15,
2018 Enforcement date: June 15, 2018