BASE Dermatology Clinic (hereinafter referred to as "the Company") establishes and discloses the following personal information processing guidelines in accordance with Article 30 of the Personal Information Protection Act, in order to protect the personal information of data subjects and to handle related grievances promptly and smoothly.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. Personal information being processed shall not be used for any purpose other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent shall be taken in accordance with Article 18 of the Personal Information Protection Act.
1. Website membership registration and management
Personal information is processed for the purposes of confirming membership registration intent, identification and authentication for membership services, maintaining and managing membership status, identity verification under the limited identity verification system, preventing unauthorized use of services, confirming legal guardian consent for processing personal information of children under 14, various notifications, and grievance handling.
2. Provision of goods or services
Personal information is processed for the purposes of delivering goods, providing services, sending contracts and invoices, providing content, providing customized services, identity verification, age verification, payment processing and settlement, and debt collection.
3. Grievance handling
Personal information is processed for the purposes of verifying the identity of complainants, confirming grievance details, contacting and notifying for fact-finding investigations, and notifying of processing results.
Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the retention and use period prescribed by law or within the retention and use period consented to by the data subject at the time of collection.
② The processing and retention periods for each category of personal information are as follows.
1. Website membership registration and management: Until withdrawal from the website
However, in the following cases, until the end of the relevant reason:
1) If an investigation related to a violation of applicable laws is in progress, until the end of such investigation
2) If any credit or debt relationship arising from website use remains, until the settlement of such credit or debt relationship
Article 3 (Rights of Users and Legal Guardians and Methods of Exercising Such Rights)
① Data subjects may exercise the following rights related to personal information protection against the Company at any time:
1. Request to access personal information
2. Request for correction in case of errors
3. Request for deletion
4. Request to suspend processing
② The exercise of rights under Paragraph 1 may be made to the Company in writing, by telephone, email, or fax, and the Company shall take action without delay.
③ If a data subject requests correction or deletion of errors in personal information, the Company shall not use or provide such personal information until the correction or deletion is completed.
④ The exercise of rights under Paragraph 1 may be made through an agent such as a legal guardian or an authorized representative of the data subject. In such cases, a power of attorney in accordance with the form prescribed in Annexed Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
⑤ Data subjects shall not infringe upon the personal information or privacy of themselves or others being processed by the Company in violation of the Personal Information Protection Act or other applicable laws.
Article 4 (Categories of Personal Information Processed)
The Company processes the following categories of personal information.
1. Website membership registration and management
Required items: Name, ID, password, address, phone number, email address
2. Provision of goods or services
Required items: Name, ID, password, address, phone number, email address
3. The following personal information items may be automatically generated and collected during the use of internet services:
IP address, cookies, MAC address, service usage records, visit records, records of improper use, etc.
Article 5 (Destruction of Personal Information)
① The Company shall destroy personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
② If personal information must continue to be retained pursuant to other laws despite the expiration of the consented retention period or achievement of the processing purpose, such personal information shall be transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows:
1. Destruction procedure: The Company selects personal information for which grounds for destruction have arisen and destroys such personal information with the approval of the Company's Personal Information Protection Officer.
2. Destruction method: Personal information recorded and stored in electronic file format is destroyed using methods such as Low Level Format to prevent reproduction, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.
Article 6 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
3. Physical measures: Access control for computer rooms, document storage rooms, etc.
Article 7 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
① The Company uses "cookies" that store and retrieve usage information to provide individualized customized services to users.
② A cookie is a small piece of information sent by the server (HTTP) operating the website to the user's computer browser and may also be stored on the hard disk of the user's computer.
a. Purpose of using cookies: Cookies are used to analyze visit and usage patterns for each service and website visited, popular search terms, security connection status, etc., in order to provide optimized information to users.
b. Installation, operation, and rejection of cookies: You may refuse to store cookies by adjusting the options under Tools > Internet Options > Privacy in the top menu of your web browser.
c. If you refuse to store cookies, you may experience difficulties using customized services.
Article 8 (Personal Information Protection Officer)
① The Company designates a Personal Information Protection Officer as follows, to take overall responsibility for personal information processing and to handle complaints and remedy damages of data subjects related to personal information processing.
Personal Information Protection Officer
Name: BASE Dermatology Clinic
Position: Byungsoo Kim
Contact: 051-711-4111
Personal Information Protection Department
Department: BASE Dermatology Clinic
Person in charge: Byungsoo Kim
Contact: 051-711-4111
② Data subjects may contact the Personal Information Protection Officer and the responsible department regarding all inquiries, complaints, and remedies related to personal information protection arising from the use of the Company's services (or business). The Company shall respond to and process inquiries from data subjects without delay.
Article 9 (Request for Access to Personal Information)
Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act at the department listed below. The Company shall endeavor to process requests for access to personal information promptly.
Department for receiving and processing requests for access to personal information
Department: BASE Dermatology Clinic
Person in charge: Byungsoo Kim
Contact: 051-711-4111
Article 10 (Remedies for Infringement of Rights)
Data subjects may contact the following organizations for remedies, consultations, and other inquiries regarding personal information infringement.
Personal Information Infringement Report Center (operated by Korea Internet & Security Agency, KISA)
- Scope: Reporting personal information infringement, consultation
- Website: privacy.kisa.or.kr
- Phone: 118 (no area code required)
- Address: 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324, Korea
Personal Information Dispute Mediation Committee (개인정보 분쟁조정위원회)
- Scope: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: 1833-6972 (no area code required)
- Address: 4F, Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Korea
Supreme Prosecutors' Office Cyber Crime Investigation Division (대검찰청 사이버범죄수사단): 02-3480-3573 (www.spo.go.kr)
National Police Agency Cyber Safety Bureau (경찰청 사이버안전국): 182 (http://cyberbureau.police.go.kr)
Article 11 (Enforcement and Amendment of Privacy Policy)
This Privacy Policy is effective as of August 5, 2024.
KR
EN
JP
CN
TW
WhatsApp
Instagram
YouTube
KakaoTalk
LINE
WeChat
Naver Place
Naver Blog
