■ Open Healthcare Co., Ltd. Personal Information Processing Policy
Open Healthcare Co., Ltd. (hereinafter referred to as “Open Healthcare”) processes and manages personal information lawfully and safely, in compliance with the provisions of the “Personal Information Protection Act”, the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.”, and related laws, for the protection of freedom and rights of customers (hereinafter referred to as “information subjects”) using the website (hereinafter referred to as “Service”).
Accordingly, in accordance with Article 30 of the “Personal Information Protection Act”, we inform the procedures and standards for processing personal information and the personal information processing policy to the information subjects a in order to quickly and smoothly handle complaints related to this.
Article 1 [Personal information processing items]
Open Healthcare processes the following personal information items:
| Classification | Personal information items processed |
|---|---|
| Customer Inquiry | [Required] Country, name, email, position |
| [Optional] Contact information, company name |
※ Access log and cookie information may be automatically created and collected during service use.
※ Open Healthcare does not collect sensitive information (ideas/beliefs, membership/withdrawal from labor unions/political parties, political opinions, health, sex life, etc.) that may significantly infringe on the privacy of the information subject.
※ Open Healthcare does not collect personal information in principle, in case the user is under the age of 14. However, when we inevitably collect personal information of people under the age of 14 to use the service, Open Healthcare shall obtain the consent of the legal representative in advance, destroy the information immediately as soon as the relevant work is completed, and thoroughly manage personal information while the work is in progress.
Article 2 [Purpose of personal information processing]
Open Healthcare processes personal information for the following purposes. Personal information under process shall not be used for purposes other than the following. In addition, in case of change of the purpose of use, we shall take necessary measures, such as obtaining separate consent in accordance with Article 18 of the “Personal Information Protection Act”.
| Purpose of processing | Details |
|---|---|
| Responding to customer inquiries | Confirming customer inquiries and providing responses |
Article 3 [Personal information processing and retention period]
Open Healthcare processes and retains personal information within the personal information retention and use period in accordance with the law or within the personal information retention and use period agreed upon when collecting personal information from the information subject.
| Purpose of processing | Processing and retention period |
|---|---|
| Response to customer inquiries | Retained for 1 year after registering customer inquiries ※ However, during an investigation process due to violation of related laws and regulations, personal information shall be retained until the end of the investigation |
Article 4 [Provision of personal information to third parties]
Open Healthcare processes the personal information of the information subject only within the scope specified in the purpose of processing the personal information, and only handles personal information to third parties in cases that fall under Articles 17 and 18 of the “Personal Information Protection Act”, including the consent of the information subject and special provisions of the law. Other than above, personal information of the information subject shall not provided to third parties. Currently, Open Healthcare does not provide personal information to third parties.
Article 5 [Destruction of personal information]
Open Healthcare destroys the personal information immediately when the personal information becomes unnecessary, such as when the personal information retention period has passed or the purpose of processing has been achieved.
In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period consented to by the information subject or the purpose of processing has been achieved, the personal information may be transferred to a separate database (DB) or stored in a different storage location.
The procedures and methods for destroying personal information are as follows:
1) Destruction procedure
– Select the personal information that requires destruction, and destroy the personal information with the approval of Open Healthcare’s personal information protection manager.
2) Destruction method
– Personal information recorded and stored in the form of electronic files is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding them with a shredder.
Article 6 [Measures to ensure the safety of personal information]
Open Healthcare is taking the following measures to ensure the safety of personal information in accordance with relevant laws and regulations, including Article 29 of the “Personal Information Protection Act”, to prevent personal information from being lost, stolen, leaked, altered or damaged.
- Administrative measures
– Establishment and implementation of internal management plan, regular personal information protection training for employees, and operation of a dedicated organization
- Technical measures
– Management of access rights to personal information processing system, password management, installation of access control system, encryption of personal information, and installation and update of security program
Article 7 [Matters regarding installation, operation and refusal of devices that automatically collect personal information]
Open Healthcare uses ‘cookies’ to store usage information and retrieve it frequently in order to provide individualized services to users.
Cookies are a small amount of information that the server (http) used to run the website sends to the user’s computer browser and are sometimes stored on the hard disk of the user’s PC computer.
1) When a user connects, the user’s computer can read the contents of the cookie stored in the browser, find the user’s additional information on the computer, and provide the service without additional input.
2) Cookies identify the user’s computer, but do not personally identify the user. Additionally, users have choices regarding cookies. By adjusting your web browser as follows, you can accept all cookies, send notification when cookies are installed, or reject all cookies. However, if you refuse to install cookies, you may have difficulty using services on the website.
| Type | How to set |
|---|---|
| Internet Explorer | Tools at the top of the browser > Internet Options > Personal Information |
| Chrome | Top right corner of browser > Customization and control > Settings > Privacy and security > Delete browsing history |
| Naver Whale | Top right corner of browser > Three dot icon > Settings > Privacy and security > Delete browsing history > Delete data |
| Microsoft Edge | Top right corner of browser > three dots icon > Settings > Privacy and services > Clear browsing data > Select items to clear > Clear now |
Article 8 [Criteria for judgment regarding additional use and provision]
In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, Open Healthcare can use and provide personal information additionally without the consent of the information subject in consideration of matters pursuant to Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. Open Healthcare’s standards for additional use and provision without the consent of the information subject are as follows:
– Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
– Whether there is a foreseeability of additional use and provision of personal information in light of the circumstances in which personal information was collected or processing practices
– Whether the additional use and provision of personal information unfairly infringes on the interests of the information subject
– Whether necessary measures were taken to ensure safety, such as pseudonymization or encryption.
Article 9 [Personal Information Protection Manager]
In order to protect the personal information of information subjects and handle inquiries and grievances related to personal information processing, Open Healthcare designates and operates a personal information protection manager and department in charge as follows:
1) Personal information protection officer
– Name: Youngsam Lee
– Position: IT Development Department Manager
2) Personal information protection department (responsible for receiving and processing personal information access requests)
– Department: IT Development Department
– Person in charge: Manager Sangjin Ahn
– E-mail: ohc@openhealthcare.com
The information subject may inquire about personal information protection related inquiries, complaint handling, damage relief, etc. that arise while using Open Healthcare’s services to the personal information protection manager and the department in charge. Open Healthcare will respond and process inquiries from information subjects as quickly and faithfully as possible
Article 10 [Methods for relief from infringement of rights and interests of information subjects]
In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, etc. For other personal information infringement reports and consultations, please contact the organizations below:
1) Personal information protection comprehensive support portal (operated by the Ministry of the Interior and Safety)
– Responsibilities: Report of personal information infringement, request for consultation, provision of data
– Website: http://www.privacy.go.kr
– Phone number: 02-6952-8650
2) Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
– Responsibilities: Reporting personal information infringement, requesting consultation
– Website: http://privacy.kisa.or.kr
– Phone number: (without area code) 118
3) Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
– Responsibilities: Request for personal information dispute mediation, collective dispute mediation (civil resolution)
– Website: http://www.kopico.go.kr
– Phone number: 1833-6972
4) National Police Agency cyber safety guard
– Responsibilities: Inquiry and reporting of criminal cases related to personal information infringement
– Website: http://www.police.go.kr/www/security/cyber.jsp
– Phone number: (without area code) 182
Open Healthcare guarantees the information subject’s right to self-determination of personal information and strives to provide consultation and relief for damage caused by personal information infringement. If you need to report or consult, please contact the responsible department below:
Consultation and reporting regarding personal information protection
– Department name: IT Development Department
– Person in charge: Manager Sangjin Ahn
– e-mail: ohc@openhealthcare.com
A person whose rights or interests have been infringed due to a disposition or omission made by the head of a public institution upon request to the provisions of Article 35 (view of personal information), Article 36 (correction/deletion of personal information), and Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act. may request an administrative trial in accordance with the provisions of the Administrative Appeals Act.
– Consultation and reporting regarding personal information protection
Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)
Article 11 [Change in processing policy]
Open Healthcare’s processing policy can be changed in accordance with relevant laws, guidelines, and Open Healthcare’s internal operating policy. In case of such, Open Healthcare shall disclose the changes in accordance with the method prescribed by relevant laws and regulations.
This processing policy will be effective from January 8, 2024
