Asan Medical Center (hereinafter referred to as the “Hospital”) regards protecting your personal information as important and strictly conforms to the “Personal Information Protection Act.”
1. Collected Personal Information, Collection Method and Purpose of Use
The Hospital collects the following personal information to improve the newsroom user service and it is the minimum personal information collected for the above-mentioned purpose.
|Collected Item||Collection Method||Purpose of Use|
|Service use history||Automatic collection upon access to the website||To improve the user service|
|Access log||Automatic collection upon access to the website||To improve the user service|
2. Personal Information Processing and Archiving Period
In principle, the Hospital will destroy any personal information collected after the purpose of use has been achieved.
However, when it is necessary to retain such information in accordance with the related laws and regulations, the Hospital will keep the information for a certain period.
|Archived Item||Period||Legal Basis|
|User internet log record / user access point tracking data||3 months||Communications Secret Protection Act|
|Any other check for communication fact||12 months||Communications Secret Protection Act|
3. Personal Information Provided to the Third Party
4. Consignment of Personal Information
The Hospital entrusts personal information as described below, and specifies in writing on prohibition of personal information processing other than the purpose of consignment, technical/managerial protective measures, restriction on re-consignment, management/supervision of consignee and liabilities including compensation for damages in accordance with Article 26 of the Personal Information Protection Act when signing a consignment agreement. The Hospital monitors and supervises whether the consignee safely processes personal information.
When using a platform to achieve the purpose of use, in other words to improve the user service as specified in Clause 1, some personal information is saved in an overseas company.
|Department & Contact
|Transferred Item||Country, Date and
Method for Transfer
|Transferee’s Purpose of Use
& Period of Archiving/Use
|Google LLC||Google LLC –privacy team
|Device browser related data,
website/app activity collection
information is not sent.)
|USA; sent via network
when the service is used.
|For statistical measurement
on user interactions in website
and app (IP address service security
provision and maintenance; informing
the user access country), user and
event data archiving for 26 months
5. Rights/Obligations of the Information Provider and Legal Representative & their Execution
1) The Hospital will respond to customers (legal representatives when children are less than 14 years old) with sincerity when they ask to read, revise and/or delete their personal information and handle the request immediately. For personal information protection, the Hospital does not allow reading, revising and deleting the customers’ personal information by phone, mail or fax, except for customers’ visit.
[Reading Personal Information]
Customers may visit the Hospital and request to read their personal information. The Hospital will quickly respond to the request.
[Revising/Deleting Personal Information]
When customers request for revision or deletion of personal information, the Hospital will do so when it is regarded necessary because of errors in such information. The Hospital may ask customers to submit necessary evidential documents for fact check with respect to revision or deletion.
2) When customers wish to read, revise and/or delete their personal information, they will have to present an identification certificate such as an ID card, passport or driver’s license that clearly shows who they are.
3) When the customer’s representative visits the Hospital to read, revise and delete personal information, the representative has to submit a letter of attorney, consent form and the representative’s identification card to validate whether he or she is a legal representative.
4) When there is a reasonable explanation for the Hospital to decline the customer’s request to read, revise and delete all or part of the personal information, it should be notified and explained to the customer.
6. Destroying Personal Information
The Hospital will immediately destroy personal information when the Purpose of Personal Information Processing has been achieved. The following is the procedure and method of destroying personal information.
Any personal information collected for service will be destroyed immediately after the purpose of use has been met. However, when such information needs to be kept in accordance with the internal policy and related laws, it will be transferred to a separate DB, archived for a specific period and then destroyed.
Any personal information saved in an electronic file format will be deleted in a way so that the recorded information cannot be reproduced. Personal information printed on paper will be placed in a paper shredder or burned so that it is completely destroyed.
7. Measures to Secure Safety of Personal Information
[Minimizing the Number of Employees Handling Personal Information and Training]
The Hospital minimizes the number of employees assigned to handle personal information and conducts regular training.
The Hospital conducts self-inspection at least once a year to secure safety in relation to handling personal information.
[Establishment and Implementation of Internal Management Plan]
The Hospital establishes and implements an internal management plan for safe personal information processing.
[Encryption of Personal Information]
A security function such as encrypting files and data sent is applied to important data.
[Technical Measures to Cope with Hacking, etc.]
The Hospital installs security programs to prevent leakage of and damage to personal information caused by hacking or computer viruses, regularly updates and monitors the programs and installs a system in restricted areas for technical/physical monitoring and intrusion prevention.
[Restriction on Access to Personal Information]
The Hospital takes appropriate measures to control access to personal information by assigning, changing and cancelling access privileges to database system for personal information processing and controls unauthorized access from the outside with the intrusion prevention system.
[Storage of Access Logs and Forgery Prevention]
Any record on access to personal information processing system will be stored and managed at least 2 years, and a security function to prevent forgery, theft and loss is applied.
[Access Control of the Unauthorized]
The Hospital has a physical space of personal information system to keep personal information, and establishes and operates a procedure for access control.
8. Installation/Operation of Automatic Personal Information Collection System and its Refusal
You have the right to choose cookie installation. Thus, with your web browser option, you may allow all cookies, go through confirmation every time cookie is saved or refuse to save all cookies.
1) In case of Internet Explorer 11: Tool menu at the web browser’s upper section > Internet Option > Personal Information > Advanced
2) In case of Chrome: Setup menu at the web browser’s upper section > Setup > Personal Information & Security > Cookie & Other Website Data
When you refuse to install cookies, you may have trouble receiving some services.
9. Chief Privacy Officer
[Chief Privacy Officer & Related Department]
- Related Department Name: Information Protection Room
- Contact Information: (02) 3010-7976
- E-mail: email@example.com
10. Protection for Infringement on Rights and Interests of Information Providers
“Information Providers” may inquire consulting and remedies against infringement of personal information in respect to the following agencies.
The following organizations are different from the Hospital. You may contact them for further support or when you are unsatisfied with the Hospital’s action on handling complaints and result on remedies against infringement.
Personal Information Infringement Report Center (run by Korea Internet and Security Agency)
Remit: Reporting any personal information infringement, and consulting requests
Contact Information: (Without an area code) 118
Address: (58324) Personal Information Infringement Report Center, 3rd Floor, 9 Jinheung-gil (301-2 Bitgaram-dong), Naju-si, Jeonnam, Republic of Korea
Personal Information Dispute Mediation Committee
Remit: Request for personal information dispute mediation, collective dispute mediation (civil remedies)
Contact Information: (Without an area code) 1833-697
Address: (03171) 4th Floor Government Complex-Seoul, 209 Sejongdae-ro, Jongno-gu, Seoul Metropolitan City, Republic of Korea
Supreme Prosecutors’ Office Cyber Crime Investigation Department: (Without an area code) 1301, (www.spo.go.kr)
Korean National Policy Agency Cyber Bureau: (Without an area code) 182, (https://ecrm.cyber.go.kr/minwon/main)