Personal information handling policy.

View Plastic Surgery (hereinafter referred to as “head office”) considers personal information protection on the Internet very important and is doing its best to ensure that the personal information provided to users is protected when using the head office. Accordingly, we have created and followed personal information processing policies based on relevant laws and regulations that information and communication service providers must comply with, such as the Communication Secret Protection Act, the Telecommunications Business Act, and the Information and Communication Network Utilization Promotion Act. This personal information processing policy can be changed from time to time due to changes in laws and guidelines of the Korean government or changes in our internal policy, and if there is any change, this policy immediately reflects the relevant information on the initial screen of the website. Through this personal information processing policy, users will be able to understand what purpose and method the collected personal information is used and how it is safely protected.(Additional documents or procedures may be required for the smooth application of this policy.)

[The order of this personal information processing policy is as follows]

1. Items and methods of collecting personal information to be collected.
2. Purpose of collecting and using personal information.
3. Providing and sharing personal information.
4. Period of retention and use of personal information.
5. Procedures and methods for destroying personal information.
6. Rights of users and legal representatives and methods of exercising them.
7. How to withdraw consent/withdraw membership.
8. Matters concerning the installation/operation of an automatic personal information collection device and its refusal.
9. Operation and management policy of video information processing equipment (CCTV)
10. Matters concerning measures to secure the safety of personal information.
11. Person in charge of personal information management.
12. Obligation to notify according to policy changes.
13. Consignment of personal information handling collected.

1. Items and methods of collecting personal information to be collected.

This application collects only the minimum amount of personal information necessary to use the service when signing up for membership. The information collected to use this application’s service includes mandatory and optional items entered when signing up for membership, and there is no restriction on service use even if you do not enter options such as whether you receive mail.

A. Items collected during medical treatment.
– Required items: Name (Hangul), address, contact information
– Health information: Personal health information deemed necessary by medical staff to provide medical services such as medical history and family history.
※ It is mandatory to have unique identification information and medical information under the Medical Service Act.
(We do not obtain separate consent for the collection of medical information.)

B. Items collected when signing up for membership on the website.
– Required items: ID, password, name, e-mail, contact number.
– Choice: Gender, region.
– Sensitive Information: Past medical history, surgical history, and areas of interest in surgery.
– The following information can be automatically generated and collected without the user’s consent during the service use process or service provision process. (Service usage record, access log, cookie, access IP information)
– Identification (Cellphone authentication/i-pin authentication): name, identification value, i-pin member has an i-pin number, date of birth, gender, ID, password, contact information (mail address, mobile phone number), legal representative information for those under 14 years of age, and subscription authentication information.

C. Items collected when collecting medical expenses.
– When paying with a credit card: Card payment approval information such as card company name and card payment approval information

D. How to collect personal information.
– Collect personal information in the following ways.
Homepage (member registration, online reservation, consultation application, event application, model application), written form, fax, telephone, e-mail.

2. Purpose of collecting and using personal information.

This application utilizes the collected personal information for the following purposes. All information provided by the user is not used for any purpose other than the following purposes, and if the purpose of use changes, prior consent will be sought.
– Identification procedures for medical treatment, examination, reservation inquiry, and medical treatment – Services for diagnosis and treatment
– Administrative services such as billing, payment, and refund of medical expenses.
– Sending medical expenses invoices, statements, certificates, or sending drug (goods) results.
– Providing medical information to other medical institutions that have been requested or returned.
– Securing a path of communication to help deliver notices, handle complaints, and grievances.
– Data for online counseling and response processing.
– Information on new services and events.
– Legal and administrative responses and measures for quality management of medical care and operation of the headquarters.
– Minimum analysis data needed for education and research.
– Information on medical treatment, academic information, and information on the original application.
– Use of reference materials for smooth service provision during counseling and treatment.
– Collecting information for consumers pursuant to Article 52 of the Framework Act on Consumers.

3. Providing and sharing personal information.

This application shall not use or provide your personal information to others, other companies, or institutions beyond the scope notified by the “Personal Information Collection and Use Purpose” in any case, except in accordance with your consent or provisions of relevant laws.
However, exceptions are made in the following cases.
– If the users agree to disclose it in advance,
– In a case where there is a request from an investigative agency in accordance with the provisions of the statutes or in accordance with the procedures and methods prescribed in the statutes for investigative
– In the case where it is necessary for statistics preparation, academic research, or market research, and a specific individual is processed and provided in an unrecognizable form.

4. Period of retention and use of personal information.

This application will destroy your personal information without delay when the purpose of collecting or receiving personal information is achieved.
A. In the case of membership information, personal information is destroyed after one year from the final login date when a member withdraws from membership or is expelled. (Personal Information Protection Act)
B. Where collected for the purpose of surveys, events, etc.: When the relevant surveys, events, etc. are terminated.
C. Where collected for medical purposes: Preservation in accordance with the period specified in Article 15 of the Enforcement Rule of the Medical Service Act.
D. Records of consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
E. Records on the collection/processing, use, etc. of credit information: 3 years (Act on the Use and Protection of Credit Information)
F. Records on identification: 6 months (Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.)
G. Records of visits: 3 months (Communication Secret Protection Act)
※ However, even if the purpose of collection or the purpose provided is achieved, your personal information may be retained if it is necessary to preserve it in accordance with the provisions of laws such as the Commercial Act.

5. Procedures and methods for destroying personal information.

This application will be destroyed immediately after the “purpose of collecting and using personal information” is achieved. The procedure and method of destruction are as follows.

A. Destruction procedure.
The information entered by the user for membership registration, etc., is immediately destroyed by the following method of destruction after the purpose is achieved.

B. Destruction Period
If the user’s personal information retention period has elapsed, the personal information will be destroyed within five days of the end of the retention period, and if personal information becomes unnecessary, such as achieving the purpose of processing personal information, abolishing the service, or termination of the business.

C. Destructing Method
Personal information stored in electronic file format is deleted using a technical method that cannot play records. Personal information printed on paper is crushed or incinerated with a grinder and destroyed.

6. Rights of users and legal representatives and methods of exercising them.

If a customer requests access, correction, or deletion of personal information, this application faithfully responds to the customer’s request and handles it without delay. In order to protect personal information, procedures for viewing, correction, or deletion of customer personal information by phone, mail, FAX, etc. other application methods other than customer visits are not provided.
A. Accessing personal information.
Customers can visit our office to request access to personal information and respond quickly.
B. Correction/deletion of personal information.
– If a customer requests correction or deletion of personal information, or if it is deemed necessary to correct or delete personal information, such as finding that there is an error, this application shall correct or delete it without delay. This application may request evidence necessary to confirm the facts of correction or deletion. We do not use or provide the personal information until the correction is completed. In addition, if the wrong personal information is already provided to a third party, we will notify the third party of the correction process without delay so that the correction can be made.
– If a customer requests to view, correct, or delete his or her personal information, he or she will be presented with an ID card such as a resident registration card, passport, and driver’s license to check his or her identity.
– If a customer’s agent visits and requests reading, correction, or deletion, check the customer’s power of attorney, consent, and identification certificate of the agent to confirm whether it is a legitimate agent.
– If there is a legitimate reason to refuse to view, correct, or delete all or part of personal information, this application notifies the customer and explains the reason.
– Where it is possible to restrict the access or correction of personal information.
– In a case where there is a risk of significantly harming the life, body, property, or rights and interests of the person or a third party.
– In a case where there is a concern that it may significantly interfere with the business of the relevant service provider.
– Violation of laws, etc.
※ Personal information that is obligated to be stored by law cannot be modified or deleted within the storage period even if requested.

7. Method of withdrawal of consent (withdrawal from membership)

You can withdraw your consent to the collection, use, and provision of personal information at any time when signing up as a member. Withdrawal of consent (withdrawal of membership) will take necessary measures, such as logging in (LOG-IN) with your account and withdrawing consent (withdrawal of membership) directly through “delete account” or contacting a personal information officer without delay.

8. Matters concerning the installation/operation of an automatic personal information collection device and its refusal.

In order to provide specialized customized services to users, we use “cookie” that stores and frequently calls users’ information. Cookies are sometimes stored on a PC hard disk with a small amount of information that a website sends to a user’s computer web browser.
A. The purpose of using cookies.
– Cookies identify users’ computers, but do not identify individual users individually. This cookie allows users to create more convenient services by identifying the types of visits and uses for each service they visit, and the size of users.
– Users can adjust the web browser’s options to choose whether to use cookies or not. In other words, you can accept all cookies, send a notification when they are installed, or reject all cookies.
– However, users must allow cookies to use the service by logging in (LOG-IN) after accessing this application.
B. Installation/operation and rejection of cookies.
– Users have the option of installing cookies. Therefore, users may allow all cookies by setting options in a web browser, go through verification whenever they are saved, or refuse to save all cookies.
– As a way to refuse to set up cookies, you can allow all cookies, go through confirmation every time you save them, or refuse to save all cookies by selecting the options in the web browser you use.
– How to set it up. Yes.
• For Internet Explorer: Tools menu > Internet Options > Personal Information > Settings at the top of the web browser
• In the case of Chrome: Settings menu on the right side of the web browser > Display advanced settings at the bottom of the screen > Set personal information content > Cookies
– However, if you refuse to save cookies, it may be inconvenient to use some of our services that require login.

9. Matters concerning measures to secure the safety of personal information.

In order to secure safety so that the customer’s personal information is not lost, stolen, leaked, altered, or damaged, the following technology. We are taking management measures.

[Minimization and training of personal information handling staff]
We minimize the designation of personal information handlers and provide regular training.

[Regular self-inspection]
In order to secure stability related to personal information handling, we regularly conduct self-inspection at least once a month.

[Established and implemented an internal management plan]
For the safe processing of personal information, we have established and implemented an internal management plan.

[Personal information encryption]
Among the users’ personal information, passwords are encrypted, stored, and managed, so only you can know, and important data uses separate security functions such as encrypting files and transport data.

[Technical measures against hacking]
To prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed, periodic renewal and inspection, systems are installed in areas where access is restricted from the outside, technically and physically monitored and blocked.

[Limited access to personal information]
It takes necessary measures to control access to personal information through granting, changing, and canceling access to the database system that processes personal information, and controls unauthorized access from outside using the intrusion blocking system.

[Controlling access to unauthorized persons]
There is a separate physical storage place for personal information systems that store personal information, and access control procedures are established and operated.

10. Operation and management policy of video information processing equipment (CCTV)

Through this policy, we will inform you of the purpose and method of using and managing the video information processed by this office.

The basis and purpose of installation of the video information processing device.
In accordance with Article 25 (1) of the Personal Information Protection Act, this application installs and operates video information processing devices for the following purposes.
– Facility safety and fire prevention.
– Crime prevention for customer safety.
(In the case of installation in the parking lot)
– Prevent car theft and damage.
※ In the case of a size exceeding 30 parking lots, it can be installed/operated based on Article 6 (1) of the Enforcement Rule of the Parking Lot Act.

The number of installations, location, and filming range.

The number of installations. Installation range.
72s. Installation of passages and customer waiting rooms on each floor.

Person in charge of management and access authority.
In order to protect your video information and handle complaints related to personal video information, we have a personal video information protection officer as follows.

In charge of Name
Person in charge of protection. Jeong Unhyun, head of the department of law.
The person who has access to it. Manager Shim Sang-gu.

Filming time, storage period, storage place, and processing method of video information.

Recording Time storage period storage place
24hour For up to 60 days from the date of recording Storage by floor.

Processing method: Records/management of requests for use, provision, destruction, and viewing of personal video information other than the purpose, and permanently deletes (crushing or incinerating printouts) in a way that cannot be restored at the expiration of the storage period expires.

Matters concerning consignment of installation and management of video information processing devices, etc. (only if applicable)
This office entrusts the installation and management of video information processing devices as follows, and stipulates necessary matters to ensure safe management of personal information during consignment contracts in accordance with relevant laws.

Trustee. The person in charge
S1 Co., Ltd. Manager Shim Sang-gu.

Matters concerning the method and place of confirmation of personal image information.
– Method of verification: Contact the person in charge of video information management in advance and check it in the conference room on the 5th floor under the presence of the person in charge.
– Location: Meeting room on the 5th floor.

Measures for requests such as viewing video information by the data subject.
You can request the person in charge of managing the video processing device at any time if you want to view, verify, or delete personal video information. However, it is limited to the personal image information you have filmed and clearly personal image information necessary for the benefit of the urgent life, body, and property of the data subject. If we request to view, confirm, or delete personal video information, we will take necessary measures without delay.

Measures to secure the safety of video information.
Video information processed herein is safely managed through encryption measures. In addition, this office provides differential access to personal information as a management measure to protect personal image information, and records and manages the creation date of personal image information, purpose of viewing, viewer, and viewing date to prevent forgery or alteration of personal image information. In addition, locks are installed for safe physical storage of personal image information.

Matters concerning the change in the operation/management policy of the video information processing device.
This video information processing device operation/management policy was enacted on July 1, 2019, and if there are additional, deletion, or modification of the contents due to changes in laws, policies, or security technology, we will notify you of the reasons and contents through our website at least 7 days before implementation.

11. Person in charge of personal information protection.

In order to protect your personal information and handle complaints related to personal information, we have a personal information protection officer as follows.

[Personal information protection manager]
Director of Protection: Jeong Unhyun, Director of Legal Affairs.
Accessor: Director Shim Sang-gu.
Affiliated: View Plastic Surgery/View Partners Co., Ltd.
Phone number: 02-2138-1305
Email: itservice@viewclinic.com

You can report all personal information protection-related complaints to the person in charge of personal information protection by using our service.
This application will respond quickly and sufficiently to users’ reports.
If you need a report or consultation on other personal information infringement, please contact the institution below.

Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)
The Supreme Prosecutors’ Office Cybercrime Investigation Team (http://www.spo.go.kr / (02) 3480-3573)
National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)

12. Obligation to notify according to policy changes.

This personal information processing policy was enacted on August 31, 2015, and we will notify you of the reason and contents of the change through our website at least 7 days before implementing the personal information processing policy if there is any addition, deletion or modification of the law, policy, or security technology.

13. Consignment of personal information handling collected.

In order to improve services, the entrusted company collects and analyzes members’ personal information, and the relevant laws stipulate necessary matters to ensure that personal information is safely managed when signing a consignment contract.
– Post matters related to the trustee, scope of trust, scope of shared information, etc. through e-mail, phone, or homepage.
– In the case of a consignment contract, the service provider’s strict instructions on personal information protection, confidentiality of personal information, and prohibition of provision to third parties are stipulated, and the contract details are kept electronically.
In order to implement the service, we entrust personal information as follows, and in accordance with relevant laws and regulations, we stipulate necessary matters to ensure that personal information can be safely managed when signing a consignment contract. The details of the personal information consignment processing agency and consignment work of this application are as follows.

Trustee. Contents of consignment work. Consigned personal information. Personal information retention period.
View Partners Co., Ltd. Manage all areas other than medical care for visual plastic surgery. Name, mobile phone, date of birth, gender, address, e-mail, home phone number, protected natural place. Until the end of the consignment contract.
Cafe 24 Co., Ltd. Hosting the homepage. ID, password, name, e-mail, contact number, date of birth, gender, whether or not the surgery is performed, and when the surgery is performed. Until the end of the consignment contract.
IT EASY Co., Ltd. Hosting the homepage. Name, mobile phone, date of birth, gender, address, e-mail, home phone number, protected natural place. Until the end of the consignment contract.
THN㈜Neo SoftBank Co., Ltd. Manage all areas other than medical care for visual plastic surgery. Name, date of birth, occupation, address, mobile phone number, date of surgery, name of surgery, history of surgery, whether or not drugs are being taken. Until the end of the consignment contract.

This office stipulates and manages to comply with personal information protection-related laws and regulations, confidentiality of personal information, prohibition of provision to third parties, consignment period, and obligation to return or destroy personal information after processing.
Announcement date: October 21, 2021.
Enforcement date: October 28, 2021.

Check the previous version of the personal information processing policy.

1. 2012 (Applied from April 1, 2012 to September 10, 2019)
2. 2021 (Applied from September 10, 2019 to October 27, 2021)