Asan Medical Center (hereinafter referred to as the “Hospital”) regards protecting your personal information as important and strictly conforms to the “Personal Information Protection Act.”
The Hospital informs how and for what purpose your personal information is used through the Privacy Policy and what measures the Hospital takes for personal information protection.

 

1. Collected Personal Information, Collection Method and Purpose of Use

The Hospital collects the following personal information to improve the newsroom user service and it is the minimum personal information collected for the above-mentioned purpose.

 

2. Personal Information Processing and Archiving Period

In principle, the Hospital will destroy any personal information collected after the purpose of use has been achieved.
However, when it is necessary to retain such information in accordance with the related laws and regulations, the Hospital will keep the information for a certain period.

 

3. Personal Information Provided to the Third Party

The Hospital processes your personal information within the scope defined in the [Purpose of Use] of the Privacy Policy or in accordance with the terms and conditions for service use. However, the information may be provided to the third part only when there is a special article set forth in the law or when the investigative or supervisory authorities request for such information according to the procedure and method specified in the law for the purpose of investigation under the condition that the information provider agrees to do so.

 

4. Consignment of Personal Information

The Hospital entrusts personal information as described below, and specifies in writing on prohibition of personal information processing other than the purpose of consignment, technical/managerial protective measures, restriction on re-consignment, management/supervision of consignee and liabilities including compensation for damages in accordance with Article 26 of the Personal Information Protection Act when signing a consignment agreement. The Hospital monitors and supervises whether the consignee safely processes personal information.
When the consignment scope or consignee changes, it will be immediately notified in the Privacy Policy.
When using a platform to achieve the purpose of use, in other words to improve the user service as specified in Clause 1, some personal information is saved in an overseas company.

 

5. Rights/Obligations of the Information Provider and Legal Representative & their Execution

1) The Hospital will respond to customers (legal representatives when children are less than 14 years old) with sincerity when they ask to read, revise and/or delete their personal information and handle the request immediately. For personal information protection, the Hospital does not allow reading, revising and deleting the customers’ personal information by phone, mail or fax, except for customers’ visit.

[Reading Personal Information]
Customers may visit the Hospital and request to read their personal information. The Hospital will quickly respond to the request.

[Revising/Deleting Personal Information]
When customers request for revision or deletion of personal information, the Hospital will do so when it is regarded necessary because of errors in such information. The Hospital may ask customers to submit necessary evidential documents for fact check with respect to revision or deletion.

2) When customers wish to read, revise and/or delete their personal information, they will have to present an identification certificate such as an ID card, passport or driver’s license that clearly shows who they are.

3) When the customer’s representative visits the Hospital to read, revise and delete personal information, the representative has to submit a letter of attorney, consent form and the representative’s identification card to validate whether he or she is a legal representative.

4) When there is a reasonable explanation for the Hospital to decline the customer’s request to read, revise and delete all or part of the personal information, it should be notified and explained to the customer.

 

6. Destroying Personal Information

The Hospital will immediately destroy personal information when the Purpose of Personal Information Processing has been achieved. The following is the procedure and method of destroying personal information.

[Procedure]
Any personal information collected for service will be destroyed immediately after the purpose of use has been met. However, when such information needs to be kept in accordance with the internal policy and related laws, it will be transferred to a separate DB, archived for a specific period and then destroyed.

[Method]
Any personal information saved in an electronic file format will be deleted in a way so that the recorded information cannot be reproduced. Personal information printed on paper will be placed in a paper shredder or burned so that it is completely destroyed.

 

7. Measures to Secure Safety of Personal Information

[Minimizing the Number of Employees Handling Personal Information and Training]
The Hospital minimizes the number of employees assigned to handle personal information and conducts regular training.

[Regular Self-Inspection]
The Hospital conducts self-inspection at least once a year to secure safety in relation to handling personal information.

[Establishment and Implementation of Internal Management Plan]
The Hospital establishes and implements an internal management plan for safe personal information processing.

[Encryption of Personal Information]
A security function such as encrypting files and data sent is applied to important data.

[Technical Measures to Cope with Hacking, etc.]
The Hospital installs security programs to prevent leakage of and damage to personal information caused by hacking or computer viruses, regularly updates and monitors the programs and installs a system in restricted areas for technical/physical monitoring and intrusion prevention.

[Restriction on Access to Personal Information]
The Hospital takes appropriate measures to control access to personal information by assigning, changing and cancelling access privileges to database system for personal information processing and controls unauthorized access from the outside with the intrusion prevention system.

[Storage of Access Logs and Forgery Prevention]
Any record on access to personal information processing system will be stored and managed at least 2 years, and a security function to prevent forgery, theft and loss is applied.

[Access Control of the Unauthorized]
The Hospital has a physical space of personal information system to keep personal information, and establishes and operates a procedure for access control.

 

8. Installation/Operation of Automatic Personal Information Collection System and its Refusal

The Hospital operates ‘cookie’ that saves and searches for your information at any time. Cookie is a very small text file that a server applied for the Hospital website operation sends to your browser, which is saved onto your computer hard disk. The Hospital uses cookies to statistically measure user interactions generated in the website and to improve the user service.
You have the right to choose cookie installation. Thus, with your web browser option, you may allow all cookies, go through confirmation every time cookie is saved or refuse to save all cookies.

[Setup Example]
1) In case of Internet Explorer 11: Tool menu at the web browser’s upper section > Internet Option > Personal Information > Advanced
2) In case of Chrome: Setup menu at the web browser’s upper section > Setup > Personal Information & Security > Cookie & Other Website Data
When you refuse to install cookies, you may have trouble receiving some services.

 

9. Chief Privacy Officer

[Chief Privacy Officer & Related Department]
- Related Department Name: Information Protection Room
- Contact Information: (02) 3010-7976
- E-mail: amcsecurity@amc.seoul.kr

 

10. Protection for Infringement on Rights and Interests of Information Providers

“Information Providers” may inquire consulting and remedies against infringement of personal information in respect to the following agencies.
The following organizations are different from the Hospital. You may contact them for further support or when you are unsatisfied with the Hospital’s action on handling complaints and result on remedies against infringement.

Personal Information Infringement Report Center (run by Korea Internet and Security Agency)
Remit: Reporting any personal information infringement, and consulting requests
Website: privacy.kisa.or.kr
Contact Information: (Without an area code) 118
Address: (58324) Personal Information Infringement Report Center, 3rd Floor, 9 Jinheung-gil (301-2 Bitgaram-dong), Naju-si, Jeonnam, Republic of Korea

Personal Information Dispute Mediation Committee
Remit: Request for personal information dispute mediation, collective dispute mediation (civil remedies)
Website: www.kopico.go.kr
Contact Information: (Without an area code) 1833-697
Address: (03171) 4th Floor Government Complex-Seoul, 209 Sejongdae-ro, Jongno-gu, Seoul Metropolitan City, Republic of Korea

Supreme Prosecutors’ Office Cyber Crime Investigation Department: (Without an area code) 1301, (www.spo.go.kr)
Korean National Policy Agency Cyber Bureau: (Without an area code) 182, (https://ecrm.cyber.go.kr/minwon/main)

 

11. Changes of the Privacy Policy

When the terms and conditions specified in the Privacy Policy are added, deleted or revised according to changes to the laws, policies or security technologies, the Hospital will notify the reasons for such changes and details before the revised Privacy Policy is executed.
The Privacy Policy will be in effect from January 1, 2022.