Privacy Policy
The Korea Medical Foundation IFC Medical Examination Center (hereinafter referred to as “KOMEF Medical Examination Center”) complies with all laws related to privacy protection, including the Personal Information Protection Act, which is the main law related to privacy protection in Korea.
In addition, the KOMEF Medical Examination Center has established its own privacy policy, which is publicly available on its website (www.komef.org) so that customers can view it at any time. The Privacy Policy may be changed in accordance with amendments to relevant laws and guidelines or changes in internal operating policies, and such changes, if any, will be announced on the website (www.komef.org).
The Privacy Policy of the KOMEF Medical Examination Center contains the following details
- 1. Personal information subject to collection and methods of collection;
- 2. Purpose of collecting and using personal information
- 3. Period of retention and use of personal information
- 4. Personal information destruction procedure and method
- 5. Provision and sharing of personal information
- 6. Third-party handling of collected personal information
- 7. Matters concerning the rights and obligations of the information subject and/or his/her legal representative and how to exercise them
- 8. Method of withdrawal of consent and membership withdrawal
- 9. Matters concerning the installation and operation of automatic personal information collection devices and prohibition of their use
- 10. Contact information of the privacy officer and person in charge of privacy protection
- 11. Remedies for infringement of rights and interests
- 12. Measures to ensure the security of personal information
- 13. Image information processing equipment operation and management policy
- 14. Obligation to notify policy changes
1. Personal information subject to collection and methods of collection
The KOMEF Medical Examination Center collects only the minimum personal information necessary to provide services on its website. There are required and optional information items that must be entered during sign-up, and omitting the optional information will not lead to any restrictions on the use of the services. If you do not enter the required items, however, you may not be able to receive the services available.
- [Collected Information]
-
Required information : E-mail address, password, name, date of birth, sex, mobile phone number
Optional information : none * The following information may be automatically generated and collected in the course of service use or provision.
Service usage history, access logs, cookies, IP address, etc.
- [Collection Method]
-
By having the applicant enter their membership information when registering on the website
Through the posts on the website message board (general, consultation, appointment, photos, etc.)
2. Purpose of collecting and using personal information
The KOMEF Medical Examination Center utilizes the collected personal information for the following purposes only. The information provided by the user will not be used for purposes other than those required for the following purposes, and prior consent will be obtained if the purpose of use is changed.
- [Medical Services]
-
To provide health consultation, medical services, etc. for medical examinees
To provide medical care, consultation, prescription, etc.
To file claims for national health insurance, medical benefits, worker’s compensation insurance, etc.
To verify eligibility for national health insurance, medical benefits, worker’s compensation insurance, etc.
- [Services]
-
To provide medical examination results
To provide online appointment services
- [Membership Services]
-
To verify the identity of the individual, prevent wrongful or unauthorized use, confirm the applicant’s intent to sign up as a member, verify the applicant’s age, etc.
To handle complaints
To deliver notices
- [Marketing and Advertisement]
-
To determine the login frequency or statistics on the members’ use of the services
To use for academic and statistical purposes
3. Period of retention and use of personal information
In principle, after the purpose of collecting and using personal information is achieved, the information provided by the member will be destroyed without delay. However, if it is necessary to retain the information accordance with the provisions of the relevant laws and regulations, the KOMEF Medical Examination Center will retain the information for a period of time as stipulated by the relevant laws and regulations as follows
- Personal information and medical records : 10 years / Article 15 (Preservation of Records on Medical Care) of the Enforcement Rule of the Medical Service Act
- Records of consumer complaints or dispute handling : 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records of collection, processing, and use of credit information : 3 years (Credit Information Use and Protection Act)
- Records of identity verification : 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection)
- Records of visits : 3 months (Protection of Communications Secrets Act)
4. Personal information destruction procedure and method
The KOMEF Medical Examination Center will immediately destroy your personal information once the purpose of collecting and using it has been achieved. The procedure for and method of destruction are as follows
- [Destruction Procedure]
-
The personal information of members who have registered through the website will be immediately destroyed upon withdrawal of membership.
Personal information collected by the KOMEF Medical Examination Center will be retained in accordance with the 『Period of retention and use of personal information』 and destroyed according to the prescribed destruction method.
- [Destruction method]
-
Personal information stored in the form of electronic files will be deleted using technical methods that prevent the reproduction of the records.
Personal information printed on paper will be destroyed by shredding or incineration.
5. Provision and sharing of personal information
We process the personal information of medical examination recipients and patients only within the scope specified in Article 1 (Purpose of Processing Personal Information) of the Personal Information Protection Act and provide personal information to third parties only in cases falling under Article 17 of the Personal Information Protection Act. We may provide personal information to the National Health Insurance Service, the Health Insurance Review and Evaluation Service, insurance organizations, labor and welfare corporations, etc. in accordance with Article 18 (2) 2 of the Personal Information Protection Act (if there are special provisions in other laws) and Article 21 (Viewing of Records, etc.) of the Medical Service Act. Providing personal information to a third party requires prior consent from the information subject. However, we will not obtain consent based on the above rationale, except in the following cases
- The user has consented to the provision of information to a third party in advance
- The information on the medical examinations of employees is required by the employer
- The information and data are required according to relevant laws and regulations
6. Third-party handling of collected personal information
The KOMEF Medical Examination Center will not entrust your information to a third party without your consent. If such a need arises in the future, we will notify you of the entrusted party and the details of the entrusted duties and obtain your prior consent, if necessary.
The KOMEF Medical Examination Center entrusts the handling of personal information to third parties as follows
| Entrusted duty | Entrusted party | Personal information | Retention period |
|---|---|---|---|
| Medical examination program maintenance | Areumnuri Medicom. | Access to information (Name, resident registration number, date of birth, sex, address, spouse’s name, company name, department, position, employee number, etc.) | Until the end of the contract term |
| Electronic medical service program maintenance | Choongwae Information | Access to information (Name, resident registration number, date of birth, sex, address, spouse’s name, company name, department, position, employee number, etc.) | Until the end of the contract term |
| Medical imaging information system maintenance | Medical Standard | Access to information (name, date of birth, sex) | Until the end of the contract term |
| Dental consultation | Sangkwaehan Lee Dentistry | Access to information (name, date of birth, sex, company name) | Until the end of the contract term |
| Mailing service | Mirae e-Post | Access to information (name and address) | Within the statutory retention period |
| Diagnostic test | Seegene Medical Foundation | Name, chart number, first 6 digits of resident registration number, sex | Within the statutory retention period |
| Diagnostic test | Seoul Clinical Laboratories | Name, chart number, first 6 digits of resident registration number, sex | Within the statutory retention period |
| Genetic test | Medizen | Name, date of birth | Within the statutory retention period |
| Genetic test | Care Link | Name, date of birth | Within the statutory retention period |
| Remote image reading | Hesel Clinic | Name, resident number, hospital registration number, images, reading results, etc. | Until the end of the contract term |
| Biometric age test | BioAge | Name, date of birth, company name, chart number | Within the statutory retention period |
7. Matters concerning the rights and obligations of the information subject and/or his/her legal representative and how to exercise them
The information subject (or legal representative if the information subject is under the age of 14) may exercise the right to view, correct, delete, or request suspension of processing of his/her personal information at any time. The rights under Paragraph 1 may be exercised in writing, e-mail, fax, etc. after filling out the form in Form 8 of the Enforcement Rule of the Personal Information Protection Act, and we will deal with the request without delay. The rights under Paragraph 1 may be exercised through an agent, such as the legal representative of the information subject or a person who has been delegated the power by the information subject. In this case, a power of attorney in Form 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted. As for requests for access to personal information and suspension of processing thereof, the rights of the information subject may be restricted according to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act. Requests for the correction and deletion of personal information will not be accepted if the personal information is specified as the subject of collection under other laws. We will verify that the person making the request is the information subject or his/her authorized representative, including the person making the request for access, correction, deletion, or suspension of processing in accordance with the rights of the information subject.
- [Form 8 of the Enforcement Rule of the Personal Information Protection Act] Personal Information (Viewing, Correction, Deletion, Suspension of Processing) Request Form
- [Form 11 of the Enforcement Rule of the Personal Information Protection Act] Power of Attorney
8. Method of withdrawal of consent and membership withdrawal
You may withdraw your consent to the collection, use, and provision of personal information at any time.
To withdraw membership, log in to the website, click “Withdraw Membership” from the membership menu, proceed with the identity verification procedure, and withdraw membership directly, or contact the privacy officer in writing, by phone, or by e-mail, and we will take necessary measures such as destroying your personal information without delay.
9. Matters concerning the installation and operation of automatic personal information collection devices and prohibition of their use
We currently do not use cookies. Cookies are information that is stored on the user’s computer to store and retrieve the user’s information from time to time via the Internet browser. Cookies do not automatically or actively collect personally identifiable information, and users can refuse to have such cookies stored or deleted at any time.
- [Installation/operation and rejection of cookies]
-
You can choose whether to accept or decline cookies. That is, you can change your web browser settings to accept all cookies, go through a confirmation process each time a cookie is stored, or refuse all cookies. However, if you decline the use of cookies, you may have difficulty using some services that require you to log in.
To specify whether or not to accept cookies (for Internet Explorer 9 or later), proceed with the following steps
- Select [Internet Options] from [Tools].
- Click [General].
- Click [Browsing history > Clear].
- Check [Cookies and website data] and click the Delete button.
10. Contact information of the privacy officer and person in charge of privacy protection
In order to protect your personal information and to handle complaints related to personal information, we have designated the following persons as the privacy officer and person in charge of privacy protection.
- Privacy Officer
-
Name: Yoo Hang-geun
Position: Executive Director
Telephone: +82-2-6906-2304
E-mail: webmaster@komef.org
- Person in Charge of Privacy Protection
-
Department: Management Information Department
Name: Kim Gyeong-jong
Telephone: +82-2-6906-2320
E-mail: webmaster@komef.org
11. Remedies for infringement of rights and interests
You may file any complaints related to personal information protection arising from your use of our services to the privacy officer., and we will do our best to reply to you as soon as possible. You may also apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency, Personal Information Infringement Reporting Center, etc. to remedy damages caused by privacy infringement.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.or.kr)
- Privacy Infringement Reporting Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors’ Office Cyber Investigation Division: 1301 (cid@spo.go.kr / http://www.sppo.go.k)
- National Police Agency Cybersecurity Division: 182 (cyberbureau.police.go.kr)
A person whose rights or interests have been infringed by a disposition or nonfeasance by the head of a public institution in response to a request by the information subject for viewing, correction, deletion, suspension of processing, etc. of personal information may file an administrative appeal in accordance with the Administrative Appeals Act.
12.Measures to ensure the security of personal information
We implement the following technical and administrative measures to protect your personal information so that it does not get lost, stolen, leaked, altered or damaged:
- Technical measures
-
Passwords are stored in an encrypted form.
Security measures using encryption algorithms such as SSL are in place to ensure the safe transmission of personal information over the network.
We use an antivirus program to prevent incidents caused by server viruses in advance. The antivirus program is updated regularly, and when a virus is detected, it is handled as soon as a vaccine becomes available to prevent privacy breaches.
A web firewall is in place to prevent your personal information from being leaked as a result of hacking. Intrusions from the outside are blocked and monitoring 24/7.
- Administrative Measures
-
We conduct supervision and management of parties entrusted with the personal information of our members to ensure that the information is not used for wrongful purposes, such as disclosing personal information, processing it, and providing it to third parties without authorization.
We have minimized the number of persons who can handle the personal information of members and manage their access rights, in addition to ensure compliance with laws and policies through education and training.
13. Image information processing equipment operation and management policy
Pursuant to Article 25 of the Personal Information Protection Act, video information processing devices may be installed and operated when necessary to prevent safety and security incidents and fires in public facilities, except for places that may significantly infringe on the privacy of individuals, such as restrooms and changing rooms used by a large number of unspecified individuals and are intended to prevent safety and security incidents in advance.
- The number of video information processing equipment to be installed and their installation locations, shooting scope, and performance are as follows
-
Number of installations: Installed according to the needs of each center
Shooting scope: Within the center
Performance: Around 410,000 pixels
- The person responsible for management, department in charge, and those who are authorized to access the video information processing equipment are as follows
-
Manager and department in charge: Head of Management Support Department
Persons authorized to access the equipment: Members of the Management Support Department and Management Information Department
- The recording duration of the image information processing devices, the retention period of video footage, and the management, disposal, and storage methods are as follows
-
Recording time: 24-hour continuous recording
Retention of video footage: 10 to 30 days
Disposal of recorded records: Automatic deletion once the retention period has elapsed
Retention method: Recorded video information is stored on the hard disk of the recording device
- As for the method and places of monitoring the information of the video information processing equipment, it will be monitored as necessary at the place where the video information processing equipment is installed and in the office. The technical and administrative protection measures for the video information processing equipment are as follows:
-
Technical protection measure : Setting a password on the recording device
Administrative protection measures : Persons other than the manager and those authorized to access the equipment are prohibited from manipulating the equipment, access control using physical locks, etc.
14. Obligation to notify policy changes
This Privacy Policy is effective as of August 1, 2023.