Personal information processing policy
DKI Technology Co., Ltd. (hereinafter referred to as “Company”) protects the personal information of service (hereinafter referred to as “Service”) users in accordance with Article 30 of the Personal Information Protection Act and Article 27-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, and In order to handle related grievances quickly and smoothly, we establish and disclose the following personal information processing policy.
1. Purpose of collection and use of personal information
2. Items and methods of collection and use of personal information to be processed
3. Personal information processing and retention period
4. Personal information destruction procedure and method
5. Provision of personal information to third parties
6. Consignment of processing of personal information
7. Rights of users and legal representatives and how to exercise them
8. Matters concerning the installation, operation and refusal of automatic personal information collection devices
9. Technical and administrative protection measures for personal information protection
10. Personal Information Protection Officer
11. Remedies for Infringement of Rights and Interests
12. Department that receives and handles requests for access to personal information
13. Matters regarding changes to the personal information processing policy
1. Purpose of collection and use of personal information
The company processes the collected personal information of users for the following purposes. Personal information to be processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with the law.
| division | purpose |
|---|---|
| Member management | Confirmation of intent to sign up for membership, identification/certification by provision of membership services, maintenance/management of membership qualifications, prevention of illegal use of services, various notices/notifications |
| service provision | Lifelog item-based health information monitoring service, health insurance corporation medical information inquiry and storage, disease prediction information provision |
| Handling civil affairs | Verification of the identity of the complainant, confirmation of report or complaint, notification of contact for fact-finding, and notification of processing results |
| Marketing and Advertising Utilization | Statistical collection for new service development and health information provision service, service provision and advertisement posting according to statistical characteristics, service validation, event and advertising information provision and participation opportunities, identification of access frequency, etc. |
3. Personal information processing and retention period
① The company processes and retains the personal information of the information subject within the period of holding and using the personal information agreed upon when collecting personal information from the information subject or the personal information retention period according to the law.
② Each personal information processing and retention period is as follows.
1) Membership registration and management: Immediate destruction upon request for membership withdrawal
(However, if there is information related to membership registration in other PHRS services, destruction of member information may be restricted.)
However, in the case of the following reasons, until the relevant reason ends
- In the case of ongoing investigations due to violations of related laws, until the end of the investigation
- Receivables/debts related to the use of mobile applications remain until settlement of the receivables/debts
- Record on identity verification (Act on Promotion of Information and Communication Utilization and Information Protection, etc.): 6 months
- Internet log records, access tracking data (Communications Secrets Protection Act): 3 months
2) Personal information validity period (inactive account policy): The personal information of users who have not used service records for more than one year is separated from the personal information of general users in accordance with Article 29 of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. (inactive account) conversion) to be stored and managed.
30 days prior to conversion to an inactive account, users are notified in advance via e-mail, etc., and personal information stored separately is not used or provided unless there are special provisions in the relevant laws and regulations.
4. Personal information destruction procedure and method
① The company destroys the personal information without delay when it becomes unnecessary when the personal information retention period has elapsed or the purpose of processing has been achieved.
② If personal information must be kept in accordance with other laws and regulations even though the retention period agreed to by the user has elapsed or the purpose of processing has been achieved, the personal information is moved to a separate database (DB) or stored in a different storage location. Preserve.
Personal information that is separately preserved is not used for any purpose other than the purpose of preservation unless otherwise required by law.
③ The procedure and method of destroying personal information are as follows.
1) Destruction procedure
The company establishes and destroys personal information destruction plans for personal information that needs to be destroyed.
The company selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
2) Destruction method
Personal information printed on paper is shredded with a shredder or destroyed by incineration, and personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.
5. Provision of personal information to third parties
① The company processes the user's personal information only within the scope specified at the time of collection, and provides personal information to a third party only with the user's consent or when there are special provisions in other laws.
③ The company provides personal information to third parties as follows.
| recipient | Purpose of use by recipients | Items of personal information provided | Retention period of use by recipient |
|---|---|---|---|
| Medical institutions, insurance companies | Provision of PHR (Personal Medical Data Management) analysis information | Health checkup, treatment details | When membership is withdrawn |
※ Currently, medical institutions and insurance companies have not been confirmed, and it is provided only to institutions/companies registered as demand institutions for providing PHR-based medical data analysis information. However, provision of personal information to a third party within the mobile application is provided after the consent of the user.
6. Consignment of processing of personal information
① In the future, the company will disclose the consignment of personal information processing tasks for smooth personal information processing.
② When concluding a consignment contract, the company shall, in accordance with Article 25 of the Personal Information Protection Act, prohibit handling of personal information for purposes other than the purpose of entrusted business, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, etc. It is specified in the document and supervises whether the trustee handles personal information safely.
③ If the contents of the entrusted business or the consignee are changed, we will disclose it through this Privacy Policy without delay.
7. Rights of users and legal representatives and how to exercise them
① Users can exercise the following personal information protection rights against the company at any time.
1) Request to view personal information
2) Request for correction in case of errors
3) Deletion request
4) Request for suspension of processing
② The exercise of rights pursuant to Paragraph 1 can be done in writing, e-mail, or fax (FAX) according to the Form No. 8 of the Enforcement Rules of the Personal Information Protection Act for the company, and the company will take action without delay.
③ If the information subject requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.
8. Matters concerning the installation, operation and refusal of automatic personal information collection devices
① The company uses ‘cookies’ that store and retrieve usage information from time to time in order to provide personalized services to users.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser, and is also stored in the user's mobile device.
1) Purpose of use of cookies: It is used to provide optimized information to users by identifying each service visited by the user, types of visits and usage within applications, popular search words, and security access.
2) Installation, operation, and refusal of cookies: Click More in the default browser you are using, then click Settings > Advanced Settings > Reject Cookies (the setting method is different for each mobile device)
3) If you refuse to save cookies, difficulties may occur in using customized services.
9. Technical and administrative protection measures for personal information protection
The company takes the following measures to ensure the safety of personal information.
1) Administrative measures: Establishment and execution of internal management plans, etc.
2) Technical measures: Account management such as personal information processing system, access authority management, encryption, security program installation, etc.
3) physical measures
10. Personal Information Protection Officer
① The company is responsible for overall handling of personal information, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing.
| Personal Information Protection Chief Officer | Personal Information Protection Officer |
|---|---|
|
Name: Heo Kyung-soo Title: Representative Phone number: 02-780-1340 |
Name: Heo Kyung-soo Title: Representative Phone number: 02-780-1340 |
② Users can make inquiries to the person in charge of personal information protection and the person in charge of personal information protection related to all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's services. The company will respond to and handle inquiries from users without delay.
11. Remedies for Infringement of Rights and Interests
① Users can inquire about damage relief and consultation for personal information infringement to the following organizations.
※ As an institution separate from the company of the following institutions, if you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us.
② If you need to report or consult about other personal information infringement, please contact the following organizations.
| Inquiries | contact | home page |
|---|---|---|
| Personal Information Infringement Reporting Center | (without area code) 118 | https://privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee | 1833-6972 | https://www.kopico.go.kr |
| Supreme Prosecutor's Office Cyber Investigation Division | (without area code) 1301 | https://cybercid.spo.go.kr |
| National Police Agency Cyber Security Bureau | (without area code) 182 | https://cyberbureau.police.go.kr |
12. Department that receives and processes personal information access requests
① Users may request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. DKI Technology Co., Ltd. will make efforts to promptly process users' personal information access requests.
▶ Personal information viewing request reception, processing department contact: 02-780-1340
13. Changes in Privacy Policy
First written: Privacy Policy (February 22, 2020)
