EN
[mshop_form_designer slug=’personal_policy’ default=true]
Mine Plastic Surgery Privacy Policy
(hereinafter referred to as ‘Hospital’) complies with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of information subjects.
Personal information is processed and managed safely.
In accordance with Article 30 of the Personal Information Protection Act, in order to guide information subjects to the procedures and standards for personal information processing and to promptly and smoothly handle complaints related thereto, a personal information processing policy is established and disclosed as follows.
Index
1. Purpose of processing personal information
2. Processing and retention period of personal information
3. Personal information items processed
4. Provision of personal information to third parties
5. Entrustment of personal information processing
6. Overseas transfer of personal information
7. Procedures and methods for destroying personal information
8. Rights, obligations and exercise methods of information subjects and legal representatives
9. Measures to ensure the stability of personal information
10. Technical measures to protect personal information
11. Matters related to installation, operation and refusal of automatic personal information collection devices
12. Matters related to collection, use and refusal of behavioral information, etc.
13. Criteria for judging additional use and provision
14. Processing of pseudonymized information
15. Personal information protection officer
16. Remedy for infringement of rights and interests
17. Installation and operation of video information processing equipment
18. Changes to personal information processing policy
Article 1 Purpose of processing personal information
The hospital processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following.
If the purpose of use changes, we will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
1. When there are special provisions in the law or when it is unavoidable to comply with statutory obligations.
| Related laws | Purpose of processing |
|---|---|
| Medical Service Act and Enforcement Rules of the Act | Visiting and issuing copies of various records and patient records, including medical applications, medical records, midwifery records, nursing records, patient lists, prescriptions, etc |
| National Health Insurance Act | Request for medical care benefits |
| Volunteer Information | Volunteer Information |
| Electronic Financial Transactions Act | Payment of medical expenses |
| Act on Prevention and Control of Infectious Diseases | Report patients with infectious diseases, patients with infectious diseases, or pathogen holders |
| Acquired Immunodeficiency Prevention Method | Report to the optometrist's office for the diagnosis of infected people |
| Blood Management Act | Report of specific blood side effects |
| organ transplantation act | Report of presumed brain death |
| Framework Act on Health and Medical Services | Report and notify of the discovery of a diseased person or a person suspected of having a disease |
| Emergency Medical Service Act | Emergency patient transport |
2. Providing services such as medical appointments
•
Personal information is processed for the purpose of providing medical services such as diagnosis, treatment and hospitalization, appointment and examination appointment, notification of appointment and appointment schedules, bill of medical bills, and provision of medical services such as billing, receipt, and refund during diagnosis and treatment.
3. Handling of civil service affairs
•
Personal information is processed for the purpose of securing a smooth communication path such as identification of the complainant, confirmation of the contents of the complaint, contact for fact-finding, and notification of processing results in case of complaints related to medical services.
4. Sign up
•
Confirmation of intention to become a member, identification/authentication of identity through provision of membership services, maintenance/management of membership, verification of identity through implementation of limited identity verification system, prevention of illegal use of services, confirmation of consent of legal representative when collecting personal information of children under 14 years of age, Personal information is processed for the purposes of various notifications, grievance handling, record preservation for dispute resolution, and collection of statistics on service use.
Article 2 Processing and Retention Period of Personal Information
① The hospital processes and retains personal information within the period of possession and use of personal information in accordance with the law or the period of possession and use of personal information agreed upon when collecting personal information from the data subject.
② Each personal information processing and retention period is as follows.
1. Where there are special provisions in the Act or where it is inevitable for compliance with legal obligations under the Act
(Article 22(2) of the Medical Service Act and Article 15 of the Enforcement Rules)
※ In addition, if necessary for continuous treatment, it can be extended and preserved for the period of each item only once.
- Patient list: 5 years
- Medical records: 10 years
- Prescription: 2 years
- Surgical record: 10 years
- Details of inspection and records of inspection findings: 5 years
- Radiographs (including images) and their findings: 5 years
- Nursing records: 5 years
- Preterm birth record: 5 years
- Copies of medical certificates, etc. (to preserve medical certificates, death certificates, body examinations, etc. separately): 3 years
2. Providing services such as medical appointments
- It is held in accordance with Article 15 of the Enforcement Regulations of the Medical Law, "preservation of records related to medical treatment".
3. handling of civil service affairs
- It will be held for three years after the completion of the civil complaint processing.
4. membership
- Until membership withdrawal or expulsion
③ However, if it falls under the following reasons, it shall be kept until the end of the reasons.
1. Where an investigation, investigation, etc. is in progress due to violation of relevant Acts and subordinate statutes, until the end of the investigation and investigation
2. Where the bond and debt relationship remains due to the use of the website, until the settlement of the relevant bond and debt relationship
Article 3 Items of personal information to be processed
① The hospital is collecting the following personal information for compliance with statutory obligations.
1. Where there are special provisions in the Act or where it is inevitable for compliance with legal obligations under the Act
- application for medical treatment
•
Required items: Name, resident registration number, medical subject, phone number, patient registration number (medical card number)
- Application for Elective Care
•
Required items: Name, address, phone number, resident registration number, medical treatment support item
- medical records
•
Required items: Address, name, contact information, resident registration number, medical history and family history, main symptoms, diagnosis result or diagnosis name, treatment progress, treatment details (injection, medication, treatment, etc.), date and time of treatment
- a preterm birth record
•
Required items: Address, name, contact information, resident registration number, number of births and stillbirths, progress after pregnancy and findings thereof, presence or absence of a medical examination by a doctor during pregnancy (including tests on tuberculosis and sexually transmitted diseases), location and date and time of delivery, progress and treatment of delivery, number of births, gender and biopsy, sintering for birth and fetal appendages, whether or not a postpartum doctor's medical examination exists
- a nursing record book
•
Essential items: Name of the person receiving nursing care, matters concerning body temperature, pulse, respiratory and blood pressure, matters concerning medication, matters concerning intake and excrement, matters concerning treatment and nursing, date and time of nursing care
- a patient's list
•
Required: Address, name, resident registration number, phone number
- Obligations to report infectious disease patients, infectious disease doctors, or pathogen holders
•
Required items: Name of infectious disease patient, infectious disease doctor, or pathogen holder, resident registration number, phone number, occupation, gender, address, infectious disease name, infectious disease occurrence information, reported medical institution, public health center report information
- Emergency patient transfer obligation
•
Mandatory items: patient's name, address, guardian's name, address, phone number, patient condition before first aid, patient condition after emergency politics, first aid measures
- Obligations to report the diagnosis and examination of infected persons
•
Required items: Name of the deceased, resident registration number, address, test findings, presumed infection route, major cause of death, clinical symptoms
2. Providing services such as medical appointments
- an appointment for a doctor's appointment
•
Required: Name, resident registration number, mobile phone number
- Foreign medical appointment
•
Required: Name, gender, date of birth, passport number, passport expiration date, nationality, phone number, e-mail address, residential address in Korea
- Providing medical services such as receiving medical expenses
•
Required: Payment approval information such as card company name and card number (when paying with a credit card)
3. handling of civil service affairs
•
Required: Name, e-mail, mobile phone number, complaint details and inquiries
4. (If there is a homepage where membership is available) Membership registration
•
Required items: name, date of birth, ID, password, mobile phone number, email address, legal representative information for children under 14 years of age (name, date of birth, gender, mobile phone number)
•
Optional items: Home phone number
② The hospital may collect and use resident registration numbers, unique identification information, and sensitive information, including personal information, without the consent of the information subject in order to comply with legal obligations such as medical treatment.
Article 4 Provision of personal information to third parties
① The hospital processes the personal information of the information subject only within the scope specified, and provides personal information to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law. Other than that, the personal information of the information subject is not provided to third parties.
② In accordance with Article 11 of the Emergency Medical Services Act, when an emergency patient is transferred to another medical institution, the hospital may provide medical records necessary for treatment to the receiving medical institution.
③ In cases falling under Article 21, Paragraph 3 of the Medical Service Act, the hospital allows the patient to check the contents, such as by allowing the patient to view or provide a copy of the patient's records.
④ When a hospital conducts research on human subjects in accordance with Article 18 of the Bioethics and Safety Act, the hospital may provide the participant's personal information to a third party after obtaining written consent from the information subject and deliberation by the institutional committee in accordance with the same Act.
⑤ The hospital may provide personal information as follows with the consent of the information subject.
| Recipient | Purpose of provision | Items provided | Retention and use period |
|---|---|---|---|
| <Third party name> | <Purpose of provision> | <Provided items> | <Retention and use period of recipient> |
Article 5 Entrustment of Personal Information Processing
The hospital does not entrust the processing of personal information.
Article 6 International transfer of personal information
The hospital does not transfer personal information overseas.
Article 7 Procedures and methods for destroying personal information
① The hospital destroys the personal information without delay when the personal information becomes unnecessary, such as when the personal information retention period has expired, the processing purpose has been achieved, medical services have been abolished, or business has closed.
② In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period agreed upon by the information subject or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or storage location changed. Save it differently.
③ When a hospital reports closure or suspension of business, it transfers the recorded and preserved medical records, midwifery records, nursing records, and other medical records to the head of the competent public health center.
④ The procedures and methods for destroying personal information are as follows.
1. Destruction procedure
•
The hospital selects the personal information that requires destruction and destroys the personal information with the approval of the hospital's personal information protection manager.
2. Method of destruction
•
The hospital destroys personal information recorded and stored in the form of electronic files using methods such as low level format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.
Article 8 Rights, obligations and methods of exercise of information subjects and legal representatives
① The information subject may exercise the following rights against the hospital at any time.
1. View records related to the patient (person)
2. Other requests to view, correct, delete, or suspend processing of personal information
※ Requests to view personal information regarding children under the age of 14 must be made directly by the legal representative. Information subjects who are minors over the age of 14 may exercise their rights regarding the personal information of the information subject themselves or through their legal representative. You may also exercise .
② The rights under each subparagraph of Paragraph 1 may be exercised in the following ways.
View records related to the patient (you): Present your ID card to the hospital to verify your identity.
Other requests to view, correct, delete, or suspend processing of personal information: in writing, e-mail, or facsimile (FAX) in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act
③ The exercise of rights under each subparagraph of Paragraph 1 may be done through an agent, such as the information subject's legal representative or a person authorized to do so.
Viewing records related to the patient (principal): If the agent designated by the patient meets the requirements prescribed by Ordinance of the Ministry of Health and Welfare, such as attaching a consent form from the patient and documents proving that he or she has authority to represent the patient, submit the following documents:
① A copy of the ID card of the person requesting access to records or issuance of a copy.
② In the case of a consent form in Form No. 9-2 of the 「Medical Act Enforcement Rules」 and a power of attorney in Form No. 9-3 of the Medical Act Enforcement Rules hand-signed by the patient, if the patient is a minor under the age of 14
must be completed by the patient's legal representative and must be accompanied by documents confirming that the patient is the legal representative, such as a family relationship certificate.
③ Copy of the patient's identification card. However, patients under the age of 17 and for whom a resident registration card has not been issued in accordance with Article 24 (1) of the Resident Registration Act are excluded.
•
Other requests to view, correct, delete, or suspend processing of personal information: Submit a power of attorney in accordance with Form No. 11 of the Annex “Notice on Personal Information Processing Methods (No. 2020-7)”
④ The exercise of rights under each subparagraph of Paragraph 1 may be restricted in the following cases.
•
Viewing records related to the patient (principle): When it is an important matter for national security and interferes with carrying out “audit and investigation work in progress pursuant to other laws”
•
Other requests to view, correct, delete, or suspend processing of personal information: Cases falling under each subparagraph of Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act
Article 9 Measures to ensure the stability of personal information
The hospital is taking the following measures to ensure the safety of personal information.
1. Management measures: Establishment and implementation of internal management plan, operation of dedicated organization, regular employee training
2. Technical measures: Management of access rights to personal information processing system, installation of access control system, encryption of personal information, installation and update of security program
3. Physical measures: Access control to computer rooms, data storage rooms, etc
Article 10 Technical measures to protect personal information
When handling your personal information, the hospital is taking the following technical measures to ensure safety and prevent personal information from being lost, stolen, leaked, altered or damaged..
•
Your personal information is protected by a password, and important data is protected through a separate security function by encrypting files and transmission data or using the file lock function.
•
The hospital adopts authentication and security devices that can safely transmit personal information on the network using member authentication and related encryption algorithms, and when not implemented due to system circumstances, physician confirmation is performed by an assistant.
•
To prevent your personal information from being leaked through hacking, etc., we use devices that block intrusions from the outside, and an intrusion detection system is installed on each server to monitor intrusions 24 hours a day.
Article 11 Matters concerning the installation, operation and refusal of automatic personal information collection devices
① The hospital uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.
go. Purpose of use of cookies: They are used to provide information optimized for users and to revamp services by identifying visitation and usage patterns, popular search terms, and secure access to each service and website visited by the user.
me. Installation, operation and refusal of cookies: You can refuse the storage of cookies through option settings in the Tools>Internet Options>Personal Information menu at the top of your web browser.
all. If you refuse to store cookies, you may have difficulty using customized services.
Article 12 Matters concerning the collection, use and refusal of behavioral information, etc.
① During the service use process, the hospital collects and uses behavioral information to provide customized services and benefits optimized for information subjects, such as online customized advertisements.
② The hospital collects behavioral information as follows.
| Items of behavioral information collected | How to collect behavioral information | Purpose of collecting behavioral information | Retention/use period and subsequent information processing methods |
|---|---|---|---|
| User’s website/app service visit history, search history, purchase history | Automatically collected when users visit/run websites and apps | Provides personalized product recommendation services (including advertisements) based on user interests and tendencies | 2 years from collection date |
③ The hospital collects only the minimum behavioral information necessary for online customized advertising, etc., and collects sensitive information that may clearly infringe on an individual's rights, interests, or privacy, such as thoughts, beliefs, family and relative relationships, educational background, medical history, and other social activity history. We do not collect behavioral information.
④ The hospital does not collect behavioral information for customized advertising purposes from children it knows are under the age of 14 or from online services that primarily use children under the age of 14, and provides customized advertising to children it knows to be under the age of 14. Do not.
⑤ The information subject can block or allow online customized advertisements using the settings function of the web browser or smartphone. However, while this method allows users to block or allow online customized advertisements in bulk, the collection of behavioral information for other purposes, such as automatic login and blocking access from other devices, may also be blocked, so users must be careful.
•
Block/allow customized advertising through web browser
(1) Internet Explorer (Internet Explorer 11 for Windows 10)
- In Internet Explorer, select the Tools button, then select Internet Options
- Select the Privacy tab, select Advanced under Settings, and then select Block or Allow cookies.
(2) Chrome browser
- In Chrome, click the ‘⋮’ sign in the top right (Chrome customization and controls), then click Show settings.
- Click ‘Show advanced settings’ at the bottom of the Settings page and click Content Settings in the “Privacy” section.
- In the Cookies section, check the box for ‘Block third-party cookies and site data’.
•
Block/allow customized advertising via smartphone
(1) (Android) ① Google Settings → ② Advertisements → ③ Select or deselect ad customization settings
※ The method may differ slightly depending on the OS version.
(2) (iPhone) ① iPhone Settings → ② Personal Information Protection → ③ Advertisements → ④ Limit Ad Tracking
⑥ Information subjects can inquire about questions related to behavioral information, exercise their right to refuse, or submit damage reports to the contact information below.
•
Personal information protection officer
Person in charge: Director Lee Seong-wook, CEO of Mine Plastic Surgery
•
Person in charge of personal information protection and grievance handling
Management Support Team Director Jeonghee Lee, 02-516-1175, [email protected]
Article 13 Criteria for judging additional use and provision
① 병원은 「개인정보 보호법」 제15조제3항 및 제17조제4항에 따라 「개인정보 보호법」 시행령 제14조의2에 따른 사항을 고려하여 정보주체의 동의 없이 개인정보를 추가적으로 이용·제공할 수 있습니다.
| Item | Purpose of use and provision | Retention and use period |
|---|---|---|
| Name, contact information, address | Contacting you to inform you that you have received a prescription medication in error | Destroy immediately upon achievement of purpose |