id Hospital's Data Handing and Protection Policy
id Hospital, hereinafter referred to as "the hospital", collects, stores and handles all personal data in accordance with the relevant legistlation.
In order to protect the rights and interests of data subjects, and appropriately perform it's public duties, the hospital commits to collecting, storing and handling personal data appropriately and lawfully in accordance with the The Personal Information Protection Act of the Republic of Korea which provides general criteria for the handling of such personal information.
Furthermore, following all relevant laws and regulations, the hospital respects the rights and interests of the data subjects to read, correct, delete and request the suspension of processing their personal information and the data subject may request an admisistrative trial as prescribed by The Administrative Appeals Act.
In accordance with The Personal Information Protection Act, the hospital has the following personal information handling policies to protect the personal information and rights of the data subject, and to appropriately deal with grievances of data subjects related to their personal information, and if the personal information processing policy is revised, it will be announced through a notice on the hospital's website or individual notices.
Article 1. The Method of Collecting Personal Data and The Type of Data Collected
When collecting personal information, the hospital shall notify the scope and purpose of the collection in advance during online consultation or in the terms and conditions of use in accordance with the relevant laws and regulations. The items for collecting personal information are as follows:
- ① Collected data: Nationality, method / means of contact (messenger, email, etc.), contact number, list of procedures, photos, age and consultation content
- ② Health information: Personal health information deemed necessary by medical staff to provide medical services, such as medical history and family history
- ① When paying via debit card: Information necessary for payment validation including name of card company, card number, etc.
- ※ If personal information is collected for other specific purposes in the short term, it will be notified separately and collected.
- ① Collection through the hospital's website, written articles, fax, telecommunications, consultation noticeboard, email, etc.
Article 2. Purpose of The Collection of Personal Data
The hospital utilizes the collected personal information for the following purposes. Any information provided by the user will not be used for any purpose other than the following purposes, and prior consent will be sought if the purpose of use changes.
- ① Medical purposes, testing purposes, appointment inquiry and identification procedures for medical care.
- ② Services for diagnosis and treatment
- ③ Administrative services such as billing, receipt, refund, etc. for medical treatment
- ④ The sending of medical bills, statements, certificates, medications, products and results
- ⑤ Online or offline consignment, or requests for, external inspection
- ⑥ Securing communication channels to assist in handling complaints, etc
- ⑦ Legal and administrative measures for medical quality management and hospital operation
- ⑧ The minimum analysis data required for education, research
- ⑨ Notification regarding medical treatment, academic information, and hospital information
- ⑩ Offering services that are better specified to customers (marketing)
Article 3. Storage Method and Storage Timeframe of Personal Information
In principle, after the purpose of the collection and use of personal information is achieved, the information is destroyed without delay.
However, cetain information shall be preserved for the period specified for the following reasons:
- ① Type of information: name, date of birth, messenger id / username, home phone number, mobile phone number, email address
- ② Basis for extended preservation: the terms and conditions of use on the website of the hospital, and Article 15 of the Enforcement Regulations of Medical Law (preservation of medical records)
- ③ Preservation period: 10 years after the completion of, or withdrawal from, treatment
Article 4. Procedure and Method of the Destruction of Personal Information
The hospital shall destroy the collected and stored personal data without delay after the purpose of collecting and using the personal data has been achieved. The procedure and method of destruction are as follows:
- In accordance with the hospital's internal policy and other procedures regarding information protection under related laws and regulations, the information entered for online consultation, etc., will be transferred to a separate database after the purpose of the use of the information is achieved (in the case of paper communications, a separate document box) and stored for a certain period of time (described in the retention and usage period).
- Personal data transferred to a separate database will not be used for any purpose other than being retained for the required period unless the law requires additional procedures/use.
- Personal information stored in electronic file formats will be deleted using technical methods that prevent record reproduction. Personal information printed on paper will be shredded or dissolved.
Article 5. Sharing of Personal Information
Except with your consent or as required by relevant laws and regulations, the hospital will not use your personal information beyond the scope of the purposes disclosed for collecting and using your personal information, nor provide it to third parties or other companies/institutions. However, the following cases are exceptions:
- ① Submission of medical records for claiming medical expenses to the Health Insurance Review and Assessment Service in accordance with the National Health Insurance Act
- ② Cases where users have given prior consent for disclosure
- ③ Cases where it is required by law or when there is a request from an investigative agency in accordance with the procedures and methods prescribed by law for investigative purposes
- ④ Cases where it is necessary for the compilation of statistics or academic research, provided that the information is processed in a form that makes it impossible to identify specific individuals.
Article 6. Third-Party Communication and Handling of Personal Data
To provide better services and customer convenience, the hospital outsources the handling of personal information to external professional firms as follows.
Through contractual agreements, the hospital ensures the compliance with relevant privacy laws, the confidentiality of personal information, the prohibition of third-party disclosure, the liability for accidents, the duration of the outsourcing period, and the obligation to return or destroy personal information after processing. These measures are strictly managed to ensure that personal information is handled securely.
Companies | Details of Entrusted Work | Information Shared | How Long Peronal Information will be Retained |
---|---|---|---|
id Healthcare Group | Data processing (incl. work related to data processing) CCTV management |
Names, hospital registration number(s), dates of birth, etc. | Until end of contracted period |
Saegwang Health Inspection Center | Pathological testing | Names, hospital registration number(s), etc. Authorized collections of personal data required for testing |
Until end of contracted period |
RESTA Corp. | Conveyance of promotional event and advertising information Commissioned work etc. |
Names, ages, contact information, etc. | Until end of contracted period |
Carelabs | Conveyance of promotional event and advertising information Commissioned work etc. |
Names, ages, contact information, etc. | Until end of contracted period |
Article 7. Third-Party Sharing and Handling of Personal Data
I agree to receive marketing information for promotional purposes from ID Hospital, ID Networks Co., Ltd., ID Placostmetic Co., Ltd., and Global MEM Co., Ltd. The marketing activities of ID Hospital, ID Networks, and ID Placostmetic are handled by the outsourced company, ID Healthcare Co., Ltd.
By agreeing to receive marketing information, you are also considered to consent to receiving marketing information from the outsourced company.
- ① For processing tasks related to patient identification, appointment booking, and cancellations
- ② To provide information on hospital usage, new services, and event promotions
- ③ To send mobile notifications regarding appointments, reservations, hospitalizations, and scheduled examinations
- ① The retention period for personal information is the same as that of the information collection institution. However, this applies only in cases of termination (cancellation) of the contract with the information collection institution.
- ② You have the right to refuse consent, and if you do so, you may not be able to make appointments, which could negatively affect patient convenience and satisfaction.
Article 8. Rights of Users and Legal Representatives and Methods of Exercising Said Rights
The hospital will promptly and sincerely respond to customers' requests for access to, correction, or deletion of their personal information. To protect personal information, the hospital does not provide procedures for access, correction, or deletion of personal information through telephone, mail, fax, or other methods apart from in-person visits.
- ① Customers may visit the hospital to request access to their personal information, and the hospital will respond promptly.
- ① If a customer requests correction or deletion of their personal information and it is found that there is an error or a need for correction or deletion, the hospital will promptly make the necessary changes. The hospital may request supporting documents to verify the facts related to the correction or deletion.
- ② When a customer requests access to, correction, or deletion of their personal information, the hospital will verify the customer’s identity by requesting identification, such as a resident registration card, passport, or driver's license.
- ③ If the hospital has legitimate reasons to deny access, correction, or deletion of all or part of the personal information, it will notify the customer and explain the reasons.
- ④ The legal guardian of a child under the age of 14 can request access to, correction, deletion, or suspension of processing of the child's personal information. The guardian must submit proof of their relationship with the child and provide identification.
Article 9. Matters Concerning the Installation / Operation of Automatic Personal Data Collection Devices and Refusal
The hospital operates cookies, which are small text files stored on your computer's hard disk by the server used to operate the hospital's website. The hospital uses cookies for the following purposes:
- ① To analyze the frequency of site visits and visit times, and to understand users' preferences and interests, which are used as measures for service improvement.
- ② To track the number of visits you make to various events conducted by the hospital, and to provide differentiated information based on individual interests.
You have the option to accept cookies. You can configure your web browser settings to allow all cookies, prompt for confirmation before saving cookies, or refuse all cookies. Please note that if you refuse to install cookies, you may experience difficulties in receiving some services.
Article 10. Obligation to Notify Policy Changes
This privacy policy is subject to change due to amendments in relevant laws and guidelines or changes in internal operational policies. Any changes to the hospital's privacy policy will be announced on the website (http://www.idhospital.com).
- Name: Pilseung Jang
- Department: Management Division
- E-mail: gotama68@idhospital.com
- Name: Myungseok Song
- E-mail: resta@resta.co.kr
- Name: Geumseok Shin
- E-mail: kumssac@naver.com
- Name: Iljae Lee
- Department: Web Development Team, ID Healthcare Group
- Phone: 02-3496-9864
- E-mail: webmaster@idhospital.com
Date of Implementation: March 30, 2012
- 1. Personal Information Dispute Mediation Committee (https://www.kopico.go.kr ) (without country code) 1833-6972
- 2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-550-9531 ~2)
- 3. Cyber Investigation Division of Supreme Prosecutors' Office (http://spo.go.kr/(without country code) 1301, cid@spo.go.kr )
- 4. Cyber Safety Bureau of the National Police Department (http://cyberbureau.police.go.kr/02-3150-2659)
Video Information Processing Device Operation
and Management Policy
This policy informs you about the purposes and methods by which video information processed by this hospital is used and managed.
Article 1. Basis for Installation and Purpose of Video Information Processing Devices
In accordance with Article 25, Paragraph 1 of the Personal Information Protection Act, this hospital installs and operates video information processing devices for the following purposes:
- ① Facility safety and fire prevention
- ② Crime prevention for the safety of customers
Article 2. Number of Installations, Location of Installations, and Scope of Recording
The number, locations, and scope of the video information processing devices are as follows:
- ① Number of installations: 17
- ② Installation locations and filming scope: Building lobbies and corridors, inside elevators, etc.
Article 3. Manager and Authorized Personnel
To protect the video information of data subjects and handle complaints related to personal video information, the following personal video information protection officers are designated:
Classification | Name | Position | Department | Contact Number |
---|---|---|---|---|
Supervising Manager | Jonghoon Jeong | Management Team Leader | Management Team | 02-3496-5590 |
Authorized Personnel | Sihyun Kim | Team Member | Management Team | 02-3496-5591 |
Article 4. Recording Time and Storage Period of Video Information
The filming time, storage period, and storage location of image information are as follows:
- ① Filming time: 24 hours
- ② Storage period: Within 14 days from the date of filming
- ③ Storage location: Hospital server room
Article 5. Matters Concerning the Method and Place of Validation of Personal Image/Video Information
- ① Method of validation: You can validate it by visiting the hospital after contacting the video information management supervising manager in advance.
- ② Place of validation: Hospital server room
Article 6. Access Requests from Data Subjects to Access Image/Video Information, etc.
The information subject can request the image/video information device operator at any time if he/she wants to view, validate, or delete personal image/video information.
However, it is limited to the personal image/video information the subject was filmed and the information necessary for the benefit of life, corpus, and property of the information subject. This hospital will take necessary measures without delay for requests to view, validate, or delete personal image/video information.
Despite the data subject's request for validation, the requests may be rejected. In this case, the data subject shall be notified of the reason for rejection and the method of objection in writing within 10 days.
- ○ In the case of destruction of personal image/video information after the storage period has elapsed
- ○ In the case of which there is a justifiable reason to reject the request for validation, etc. by the data subject
Article 7. Measures to Ensure the Safety of Video Information
The video information processed by this hospital is safely managed through encryption measures.
In addition, this hospital exceptionally grants access to personal information as an administrative measure to protect personal image/video information, and records/manages the creation date and time of the information, the purpose of validation if requsted, the viewer, and the date and time of validation to prevent forgery and tampering of personal image/video information.
In addition, lock systems are installed for safe physical storage of personal image/video information.
Article 8. Matters Regarding Changes in the Handling Policy of Personal Information
The operation and management policy of this image/video information processing device was enacted on March 29, 2012, and if there is any addition, deletion, or modification of the contents due to changes in laws, policies, or security technologies, we will announce the details and reason for the change on the hospital's website at least 7 days before implementation.
Date of Implementation: August 10, 2024
- 1. Personal Information Dispute Committee (https://www.kopico.go.kr ) (without country code) 1833-6972
- 2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-550-9531 ~2)
- 3. Cyber Investigation Division of Supreme Prosecutors' Office (http://spo.go.kr/(without country code) 1301, cid@spo.go.kr)
- 4. Cyber Safety Bureau of the National Police Department (http://cyberbureau.police.go.kr/02-3150-2659)