[Wonjin Plastic Surgery Clinic – Personal Information Handling Policy]

Wonjin Plastic Surgery Clinic places great importance on safeguarding the personal information of our patients, and fully complies with the Personal Information Protection Act of the Republic of Korea. Our clinic’s personal information handling policy clarifies the purposes for which the clinic uses the personal information provided by its patients and the method of its use. This policy also explains the measures that have been implemented by the clinic to ensure the protection of personal information.

■ Regarding the items of personal information collected and the method of collecting this information, it is the policy of Wonjin Plastic Surgery Clinic to collect only the minimal amount of personal information that is required for the use of the clinic’s services at the time patients register for membership. At the time patients register for membership to use the services of the clinic, patients are requested to provide a list of required items of information as well as optional items. It is not mandatory for patients to provide any of the optional items of information, such as the patient’s e-mail address for receiving communications, to use the clinic’s services.

[Treatment Information]

- Collected items of information : name, address, contact information, treatment records
※ According to the provisions of Korea’s Medical Service Act, the clinic is obligated to retain unique identification information and treatment information (separate consent is not required)

[Items of information collected at the time of homepage membership registration]

- Required items of information : name, ID, password, address, contact information (phone number, mobile phone number)
- Optional items of information : email, consent to receive e-mails
- In the process of using services or in the process of handling work pertaining to the provision of services, the following items of information may be automatically generated and collected.
: service usage records, log-in records, cookies, access IP information

[Method of collecting personal information]

- Personal information is collected using the following means of communication.
Homepage, document forms, fax, phone, consultation message boards, email

■ Purpose of collecting and using personal information
The personal information collected by the clinic is used for the following purposes.
The clinic shall not use any of the information provided by the user for any purpose other than the purposes described in the following, and in the event that the clinic wishes to change the purpose of using the information, the clinic shall first obtain the consent of the user.

[Treatment information]

- To provide treatment related services including diagnosis and treatment, and to provide administrative services such as preparing invoices, collecting payments and issuing refunds

[Homepage membership information]

- Required information : For scheduling treatment appointments through the homepage, viewing scheduled appointments, and other membership services
- Optional information : E-mail for receiving clinic news, informational guides regarding diseases, etc. and surveys

■ Period of retention and usage of the provided personal information
Once the clinic has achieved the purpose for which it has collected or received personal information, the clinic shall destroy your personal information without any further delay.

[Treatment information]

- Treatment information is stored in compliance with the legal requirements for storing treatment records as stipulated in the Medical Service Act

[Homepage membership information]

- Once the user has withdrawn from membership or has been expelled from membership, the clinic may retain the user’s personal information even after the clinic has achieved the purpose for which it has collected or received the information only in cases where the preservation of the information is required to comply with the provisions of laws such as commercial laws, etc.
- Records pertaining to consumer complaints or processing of disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records pertaining to the collection/processing and usage of credit information, etc.: 3 years (The Use and Protection of Credit Information Act)
- Records pertaining to the verification of personal ID: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection)
- Records pertaining to visits: 3 months (Protection of Communications SecrecyAct)

■ Procedures and method of destroying personal information
The clinic shall immediately destroy personal information once it has achieved its purpose for collecting and using the personal information. The procedure and method of destroying the personal information are as follows.

[Destruction procedure]

Information input by the user for membership registration, etc. shall be immediately destroyed according to the following method of destruction once the clinic has achieved its purpose for using the said information.

[Destruction method]

Personal information stored in the form of electronic files is deleted using a technological method that prevents the possibility of recovering the records. Personal information printed on paper is destroyed by shredding with a paper shredder or by burning.

■ Provision and sharing of personal information
The clinic does not use our clients’ personal information for any purposes beyond the scope of the “Purpose of collecting and using personal information” stipulated above, nor does the clinic provide this information to other individuals, companies or institutions, with the exception of case in which the client has given consent, or in cases necessary for compliance with the provisions of related laws.

- In cases where information is required for the purposes of submitting treatment records to the Health Insurance Review & Assessment Service to request payment for treatment benefit costs in accordance with the provisions of Korea’s National Health Insurance Act or to compile statistics or to conduct scholarly research, information shall be provided in a format processed to ensure that no specific individual can be identified.
- Submission of information to comply with the requests of investigative authorities in accordance with the procedures and methods determined by law.

■ Rights of users and their legal representatives and the method of exercising rights
A separately prepared form containing easily comprehensible language is provided for use in the registration process for any child under the age of 14 (hereinafter referred to as “child"), and the clinic always obtains the consent of the child’s legal representative as a requirement prior to collecting the child’s personal information.
The clinic collects from the child the minimum amount of information necessary to obtain the consent of the child’s legal representative, such as the name and contact information of the child’s legal representative, and the clinic ensures that the consent of the legal representative is received according to the method stipulated in the clinic’s “Personal Information Handling Policy.”
The legal representative of a child may request to view, revise, or delete items of personal information pertaining to the child.
If a legal representative who wishes to view, revise, or delete items of personal information pertaining to the child, the legal representative should click the “revise member information” option. After completing the procedure to verify the user’s status as a legal representative, the legal representative may directly view, revise or delete the child’s personal information or may contact the personal information protection manager by written communication, phone, fax, etc. and request implementation of any necessary measures. The clinic does not provide any third party or share with any third party information regarding children, and in cases where a legal representative requests the correction of errors in the personal information collected from a child, the clinic shall be prohibited from using or providing the personal information in question until the error correction is completed.
※ Personal information that the clinic is obligated to store by law cannot be revised or deleted within the required storage period even if requested.

■ Method of withdrawing consent / membership withdrawal
A client can withdraw at any time the consent given by the client regarding collection, usage and provision of personal information at the time of membership registration. To withdraw from membership, the client can click the “My Page” section of the clinic’s homepage, click “Membership Withdrawal,” complete the ID verification process, and then withdraw from membership directly on-line. The client may also contact the personal information protection manager by written communication, phone, fax, etc. and the manager will implement any necessary measures without delay, such as the deletion of the client’s personal information.

■ Installation / operation of devices for automatically collecting personal information and matters pertaining to the refusal of such devices
The clinic operates ‘cookies’ that store and retrieve member information. Cookies are very small text files that the server used to operate the clinic’s website sends to the member’s browser, and they are stored in the member’s computer’s hard disk. The clinic uses these cookies for the following purposes.
Members have the right to select whether to enable the installation of cookies. Therefore, any member can set up options in the member’s own web browser to permit all cookies, to receive a request to confirm the member’s permission each time a cookie is stored, or disable the storage of all cookies.
When a member has denied permission to install cookies, the clinic may experience difficulties providing some of it services.

■ Personal Information Management Director
To ensure that our clients’ personal information is protected and to process any complaints pertaining to personal information, the clinic has appointed the following personal information management director.

[Personal Information Management Director]

Name : Dong-Hyeon Kim
Affiliation: Wonjin Plastic Surgery Clinic
Job Position : Deputy manager
Phone number : 02-3477-3300
E-mail : wonjin_privacy@daum.net
Clients can report any complaints and issues pertaining to the protection of their personal information that arise in the course of using the services of the clinic to the personal information management director.
The clinic will provide a satisfactory response to the issues reported by users in a timely manner.
Please inquire at the following institutions to report incidents or receive consultations in the event of other violations of personal information.
Personal Information Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Information Security ePrivacy Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
Supreme Prosecutor's Office Cyber Criminal Investigation Division (http://www.spo.go.kr / (02) 3480-3573)
National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)

Date of publication: March 22, 2012
Effective date : March 29, 2012