Cellreand
Privacy Policy
By
Article 30 of the Personal Information Protection Act, 'Cellreand' (hereinafter
referred to as the 'Member') establishes and discloses the following personal
information processing guidelines to protect members’ prompt and smoothly
handle grievances related thereto.
Article 1
(Items of personal information to be collected and methods of collection)
When
collecting personal information, the House of Representatives shall notify the
scope and purpose of collection in advance when applying for membership or in
the terms of use by relevant laws and regulations. Personal information
collection items are as follows
1.
Collected information when registering on the homepage
1)
Collected items: name, ID, password, address, mobile phone number, social
security number, gender, email, access log, cookies, access IP information
2)
How to collect personal information: Homepage (registration)
The
following information may be automatically generated and collected in the
process of using the service or in the course of service provision. Service
usage history, access logs, cookies, and access IP information
2.
What to collect during an encounter
1)
Required items: Social Security number, name (Korean), date of birth, address,
email, visit route
2)
Health information: Personal health information deemed necessary by the medical
staff to provide medical services, such as medical history and family history.
3.
What to collect when collecting medical bills
1)
For credit card payment: Card payment authorization information such as card
company name, card number, etc.
If
we collect personal information for a short period for other specific purposes,
we will notify and collect it separately.
4.
How we collect personal information
1)
Collection via homepage, written forms, fax, telephone, consultation boards,
email, etc.
Article 2
(Purpose of Collection and Processing of Personal Information)
The
council processes the collected personal information for the following
purposes. All information provided by users will not be used for purposes other
than those required for the following purposes, and if the purpose of use is
changed, we will take necessary measures such as obtaining separate consent by
Article 18 of the Personal Information Protection Act.
1.
Identification procedure for medical treatment/examination/reservation inquiry
and medical treatment
2.
Providing medical services for diagnosis and procedures
3.
resources to support your practice, including billing, payment, and
reimbursement
4.
Resources for stem cell culture when requesting stem cell culture management
5.
send certificates, send items related to the examination
6.
minimum analytics required for education, research, and clinical services
7.
entrust online/offline inspection, referral to external inspection
8.
Provide medical content and clinical research information
9.
Provide homepage membership service
10.
statistics on Service Usage
11.
ensure communication channels to help with complaints/grievances, etc.
12.
Resources for handling online consultation responses
13.
Provide information about new services and offers
14.
materials for developing new services and providing personalized services
15.
legal and administrative responses and measures for medical quality management
and clinic operation
16.
Service usage records, access logs, cookies, and access IP information
17.
Providing services such as surveys and events
(To
facilitate the above paragraph, personal information processing (handling)
tasks (direct mail, etc.) may be outsourced to external specialized companies.
and
disclose the contents on the homepage)
Article 3
(Processing and Retention of Personal Information)
Members
of the National Assembly shall process and retain personal information within
the period of retention and use of personal information by laws and regulations
or within the period of retention and use of personal information agreed upon
when collecting personal information from members.
The
periods for processing and retaining personal information are as follows
1.
Homepage membership registration and management: When you cancel your
membership or are removed as a member
2.
In case of stem cell culture management request: When you withdraw from
membership or are expelled from membership
3.
Records collected for medical treatment: Preserved by the period specified in
Article 15 of the Enforcement Rules of the Medical Act, "Preservation of
Records on Medical Treatment" (patient register: 5 years, medical records:
10 years), (Preservation items: name, address, resident registration number,
medical information)
4.
Records on consumer complaints or dispute handling: 3 years (Act on Consumer
Protection in Electronic Commerce, etc.)
5.
collected for a survey, event, etc.: when the survey, event, etc. has ended.
6.
For information on the collection/processing and use of credit information: 3
years by the Act on the Use and Protection of Credit Information
Act
on the Use and Protection of Credit Information for 3 years (retention items:
card payment authorization information such as card name and card number)
*
However, even if the purpose of collecting or receiving the information is
fulfilled, the personal information of the member may be retained if it is
necessary to preserve it by the provisions of laws and regulations such as the
Commercial Act.
Article 4
(Procedure and Method of Destruction of Personal Information)
In
principle, after the purpose of collecting and using personal information is
fulfilled, the National Assembly destroys the information without delay. The
procedure and method of destruction are as follows
1.
destruction procedure
Information
entered by members for membership registration, etc. is transferred to a
separate DB after the purpose is achieved (separate filing cabinet in case of
paper
In
the case of paper, a separate filing cabinet) by the internal policy and other
related laws for information protection reasons (see Retention
and
usage period) It is stored for a certain period and then destroyed. Personal
information transferred to a separate DB is not retained unless required by law
and
will not be used for any purpose other than that for which it was retained.
2.
destruction methods
Personal
information stored in electronic form will be deleted using technical methods
that make the records unrecoverable.
using
technical methods that make it impossible to reproduce the record. Personal
information printed on paper will be shredded or dissolved.
Article 5
(Provision of Personal Information to Third Parties)
The
council processes personal information only within the scope specified in
Article 2 (Purpose of collecting and using personal information) and provides
personal information to third parties only in cases falling under Articles 17
and 18 of the Personal Information Protection Act, such as the consent of the
member or special provisions of the law. The lawmaker provides personal
information to third parties as follows
|
To whom |
Recipient's
Purpose of Use |
What personal
information to provide |
Retention and
usage periods |
|
Medisian Inc. |
∙Website
operation and management |
Email, mobile
phone number, gender, date of birth, name, service usage history, cookies |
∙Until
termination |
Article 6
(Outsourcing of Personal Information Processing)
The
National Assembly entrusts the processing of personal information for the
smooth performance of its business, including the provision of better services
and customer convenience. In this case, the council provides only the minimum
information necessary for the company to perform its duties and manages and
supervises personal information so that it can be safely managed. Currently,
the personal information processing companies are as follows
|
Trustee |
Content of the assignment |
Retention and usage
periods |
|
Medisian Inc. |
∙System Operations |
Until the end of the
outsourcing agreement |
|
Samkwang Medical Foundation |
∙Pathological examination (personal information collected for the
examination, such as name, hospital registration number, etc.) |
Until the end of the
outsourcing agreement |
By Article 26 of the Personal Information Protection Act, when entering
into a consignment contract, the National Assembly specifies in documents such
as contracts the prohibition of processing personal information other than to
perform consignment work, technical and administrative protection measures,
restrictions on re-consignment, management, and supervision of the consignee,
and responsibilities such as compensation for damages, and supervises whether
the consignee processes personal information safely.
If the contents of the consignment
work or the trustee change, we will disclose it through this privacy policy
without delay.
Article 7 (Rights and Obligations of Members and Legal
Representatives and How to Exercise Them)
Customers may exercise their rights to view, correct, delete, or request suspension
of processing of their personal information at any time.
1. Customers can view or modify their registered personal information at
any time, and can also request to unsubscribe (withdraw consent).
2. To view or modify your personal information, click "Change
Personal Information" (or "Modify Membership Information") on
MyPage after logging in, and to cancel membership (withdraw consent), click
"Withdraw Membership" to view, modify, or withdraw directly after going
through the identification procedure. Or contact the person in charge of
personal information protection in writing, by phone, or by email, and we will
take action without delay.
3. If you request the correction of errors in your personal information,
we will not use or provide such personal information until the correction is
completed. In addition, if we have already provided incorrect personal
information to a third party, we will notify the third party of the correction
without delay so that the correction can be made.
4. the Council handles personal information that has been terminated or
deleted at the request of a customer or legal representative as specified in
"3. Processing and Retention Period of Personal Information" and does
not allow it to be viewed or used for any other purpose.
Article 8 (How to withdraw consent / withdraw membership)
You may withdraw your consent to the collection, use, and provision of
personal information at any time during membership registration. To withdraw
your membership, you can click "Withdraw" on the My page of the
councilor's website and go through the identity verification process, or you
can contact the personal information protection grievance department in
writing, by phone, or by fax, and we will take necessary measures such as
destroying your personal information without delay.
Article 9 (Measures to ensure the safety of personal
information)
The
National Assembly takes the following measures to ensure the safety of personal
information.
1.
conduct regular self-audits
We
conduct regular self-audits at least once a year to ensure reliability in
handling personal information.
2.
minimize and train personal information handling staff
We
take measures to manage personal information by designating and minimizing the
number of employees who handle personal information.
measures
to minimize personal information.
3.
Technical measures against hacking, etc.
To
prevent the leakage and damage of personal information by hacking or computer
viruses, the lawmaker shall install a security program and periodically update
and inspect the system.
To
prevent leakage of personal information and damage by hacking or viruses, the
lawmaker installs a security program, periodically updates and inspects it,
installs the system in an area with controlled access from the outside, and
monitors and blocks
to
prevent the leakage of personal information by hacking or viruses, periodic
updates and inspections, and setting up the system in an area with controlled
access from the outside.
4.
Encryption of personal information
Your
personal information is stored and managed with encrypted passwords so that
only you can know it.
For
sensitive data, we use separate security features such as encrypting file and
transmission data or using a file lock function.
5.
Retain access records and prevent tampering
We
keep and manage records of access to the personal information processing system
for at least one year, but we do not add personal information or process
uniquely identifiable or sensitive information about members over 50,000.
When
adding personal information or processing uniquely identifiable or sensitive
information about 50,000 or more members, it is kept and managed for 2 years or
more.
When
adding personal information about 50,000 or more members or processing unique
identifiers or sensitive information, it is kept and managed for more than 2
years.
We
also use security features to prevent access records from being falsified,
stolen, or lost.
6.
Restrict access to personal information
Granting,
changing, and canceling access rights to the database system that processes
personal information.
Necessary
measures are taken to control access to personal information, and an intrusion
prevention system is used to control unauthorized access from the outside.
unauthorized
access from outside.
7.
Use a lock to secure your documents
Keep
documents and secondary storage media containing personal information in a
secure, locked location.
We
will
8.
Control access for unauthorized users
Separate
physical storage areas for personal information and implement access control
procedures.
access
control procedures.
Article 10
(Installation, Operation, and Rejection of Automatic Personal Information
Collection Devices)
To
provide you with personalized and customized services, we use
"cookies" to store and retrieve your information from time to time.
A
cookie is a very small text file that the server used to operate the website
sends to the browser used by the member and is stored on the hard disk of the
member's device (PC/smartphone/tablet PC, etc.). When a member subsequently
visits the website, the website server reads the contents of the cookie stored
on the hard disk of the member's device to maintain the member's preferences
and provide customized services.
Members
may refuse to store or delete cookies at any time. Accordingly, members can set
options on their web browsers to accept all cookies, confirm each time a cookie
is saved, or refuse to save all cookies. However, if you refuse to store
cookies, it may be difficult to provide some services. You can specify whether
or not to allow cookies to be installed as follows.
1.
for Internet Explorer
1)
Click [Internet Options] from the [Tools] menu at the top of your web browser
2)
Click the [Privacy] tab
3)
Set the [Privacy Level
2.
for Chrome
1)
In the [Settings] menu on the right side of the web browser, click [Show
advanced settings] in the screen flowerbed.
2)
Under [Privacy], click the [Content Settings] button and set it to [Cookies].
Section 11
(Privacy Officer)
The
House of Representatives is responsible for the overall handling of personal
information and designates a personal information protection officer as follows
to handle complaints and damage relief for members related to the handling of
personal information.
|
|
Privacy Officer |
|
Department Name |
Coordinator |
|
Job Title |
Director |
|
First Name |
Eunseo Song |
|
Contact |
010-5082-3334 |
|
Email |
eunseo@cellreand.com
|
|
Fax number |
02-6203-3435~6 |
Members
may contact the personal information protection officer and the department in
charge for all personal information protection-related inquiries, complaints,
and damage relief arising from the use of the service (or business) of the
lawmaker. The Member will respond to and handle the Member's inquiries without
delay.
Article 12
(Request for access to personal information)
Members
may request access to personal information under Article 35 of the Personal
Information Protection Act to the following departments. The legislator will
endeavor to promptly process a member's request for access to personal
information.
|
|
Personal
information access request reception and processing department |
|
Department Name |
Coordinators |
|
Job Title |
Director |
|
First Name |
Eunseo Song |
|
Contact |
010-5082-3334 |
|
Email |
eunseo@cellreand.com
|
|
Fax number |
02-6203-3435~6 |
Article 13
(Remedies for Infringement of Rights)
Members
may apply for dispute resolution or consultation with the Personal Information
Dispute Mediation Committee or the Personal Information Infringement Reporting
Center of the Korea Internet & Security Agency to receive relief from
personal information infringement. For other reports and consultations on
personal information infringement, please contact the following organizations.
1.
Personal Information Dispute Mediation Committee: (without area code) 1833-6972
(www.kopico.go.kr)
2.
Personal Information Infringement Report Center: (without area code) 118
(privacy.kisa.or.kr)
3.
Supreme Public Prosecutor's Office: 1301 (without area code) (www.spo.go.kr)
4.
National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
"A
person whose rights or interests have been infringed by a disposition or
omission made by the head of a public institution in response to a request
under the provisions of Articles 35 (Access to Personal Information), 36
(Correction and Deletion of Personal Information), and 37 (Suspension of
Processing of Personal Information) of the Personal Information Protection Act
may file an administrative appeal by the Administrative Appeals Act.
For
more information about administrative appeals, please refer to the Central
Administrative Appeals Commission website (www.simpan.go.kr).
Article 14
(Installation and Operation of Image Information Processing Equipment)
The
National Assembly installs and operates video information processing equipment
as follows.
1.
Basis and Purpose of Installing Video Information Processing Equipment
-
Facility safety and fire prevention
-
Crime prevention for member safety
2. number of installations, installation locations, and coverage area
|
Installation
logarithms |
Installation
location and coverage |
|
13 |
All areas of the
clinic and major facilities (operating rooms, prep rooms, etc.) |
3. the person in charge of managing the image information processing
equipment and access authorization
|
|
Image
Information Processing Equipment Manager |
|
Department Name |
Coordinator |
|
Job Title |
Director |
|
First Name |
Eunseo Song |
|
Contact |
010-5082-3334 |
|
Email |
eunseo@cellreand.com
|
|
Fax number |
02-6203-3435~6 |
4. recording time, storage period, storage location, and processing
method of video information
|
Shooting time |
Retention period |
Storage |
|
24 hours |
30 days from the
date of shooting |
Senate Server
Room |
Processing
method: Record and manage requests regarding the use of personal information
for other purposes, provision to third parties, destruction, and access, and
permanently delete (shred or burn in the case of printouts) in a way that
cannot be restored upon expiration of the retention period.
5.
How and where to check video information
You
can check by contacting the person in charge of management or an authorized
person in advance, or by visiting the department in charge.
6.
Measures to respond to members' requests to view video information, etc.
You
must apply with a request for access to personal video information and
confirmation of the existence, and access is allowed only when the member is
filmed or when it is necessary for the member's life, body, or property
interests.
In
the following cases, the information subject's request to view personal video
information may be denied. In this case, the person in charge of management
shall notify the information subject of the reason for refusal in writing
within 10 days.
1.
materially interferes with the investigation, prosecution, or trial of a crime.
2.
if the storage period of personal visual information has expired and it is
destroyed
3.
there is a significant risk of infringing on the privacy rights of others by
taking necessary measures to comply with the request, such as viewing.
4.
there is a legitimate reason to deny the request, such as access to other
information.
7.
Technical, administrative, and physical measures to protect video information
In
addition, as a managerial measure to protect personal video information, the
lawmakers grant differential access rights to personal information, and to
prevent falsification and alteration of personal video information, the date of
creation, purpose of viewing, viewer, and date of viewing are recorded and
managed. In addition, a lock is installed for safe physical storage of personal
video information.
section 15
(changes to the privacy policy)
This
Privacy Policy is effective as of June 20, 2022.
