The Clinic processes personal information for the following purposes, and if the purpose changes, the Clinic will take necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.

1. Website membership registration and service provision

2. Medical treatment and treatment support

(a) Identity verification procedures (including National Health Insurance eligibility check) for visit registration, appointment booking, appointment inquiry, and treatment feedback

(b) Securing channels of communication such as delivery of notices and handling civil petitions and grievances

(c) Conducting various surveys including medical service satisfaction surveys and providing callback guidance

(d) Providing SMS and callback guidance on treatment, appointments, hospitalization, and test schedules

(e) Issuance of statements of medical expenses, itemized statements, and various certificates

(f) Provision of medical treatment and related services for diagnosis and treatment (including joint consultations and sharing of the minimum necessary personal/medical information)

(g) Provision of administrative services including billing, receipt of payment, and refund of medical fees

(h) Preparation of materials for providing health content and for developing new services

(i) Analysis of the minimum necessary data for treatment services, including education, research, and domestic/overseas accreditation evaluations

3. Provision of information as required under applicable laws including the Medical Service Act and the Criminal Act

The Clinic collects only the minimum personal information necessary for medical treatment, website membership registration, and provision of ancillary services.

1. Website membership registration

(a) ID, password, nickname, email

(b) During use of the services, service usage records, access logs, cookies, and access IP information may be collected automatically

2. Medical services

(a) Name, resident registration number, address, contact information

(b) Medical and family history, main symptoms, diagnosis name, treatment progress, treatment details, and date/time of treatment

3. Administrative (billing) services

For credit card payments: card company name, card number, and other authorization information

4. Receipt and handling of complaints

Name, contact information, email

5. Methods of collection

Website, written forms, telephone, fax, email, counseling

1. The personal information of children under the age of 14 is processed with the consent of a legal representative.

2. Upon obtaining consent, only the minimum necessary information such as the legal representative’s name and mobile phone number is requested, and for website-based consent, confirmation is made via SMS after the online indication of consent.

The Clinic retains and processes personal information within the period prescribed by law or the period consented to by the data subject.

1. Website membership registration and management: Until withdrawal of membership (provided that, in the following cases, until the relevant reason ends)

(a) During investigations pursuant to violations of applicable laws: until the conclusion of such investigations

(b) Where claims or obligations arising from website use remain: until settlement is completed

2. Provision of medical services: Retention periods for medical records prescribed by the Medical Service Act

(a) Patient roster: 5 years

(b) Medical records: 10 years

(c) Prescriptions: 2 years

(d) Operative notes: 10 years

(e) Test contents and test opinion records: 5 years

(f) Radiographic images (visual materials) and related reports: 5 years

(g) Nursing records: 5 years

(h) Delivery records: 5 years

(i) Copies of medical certificates and the like: 3 years

※ If continued treatment is necessary, each item’s retention period may be extended accordingly.

3. Information collected through surveys, etc.: Until the purpose of collection is achieved

4. Information related to the collection, processing, and use of credit information: 3 years

1. Where personal information becomes unnecessary due to expiration of the retention period or achievement of the processing purpose, it shall be destroyed without delay.

2. Where preservation is required by other laws, the information shall be stored in a separate database (DB) or preserved in a different location.

3. Destruction procedures and methods

(a) Procedures: Personal information subject to destruction is selected and destroyed with the approval of the Personal Information Protection Officer.

(b) Methods: Electronic files are permanently deleted by an irreversible method; paper documents are shredded or incinerated.

Unless there is consent from the data subject or a legal basis, personal information will not be used or provided beyond the scope specified in Article 1.

1. Where the data subject has given prior consent to third-party provision

2. Submission of medical records for claiming medical care benefits pursuant to the National Health Insurance Act

3. Provision in a form that does not identify specific individuals for the purposes of statistics compilation or academic research

4. Requests for provision from investigative agencies in accordance with procedures and methods prescribed by law

5. Other cases prescribed by law

1. For smooth service provision, the Clinic outsources personal information processing as follows:

Consignee: Jo Jungwon Co., Ltd. / Outsourced work: Website operation and maintenance

Consignee: Senakle Co., Ltd. / Outsourced work: Medical information system for registration, treatment, and billing

Consignee: Korea Information & Communications Co., Ltd. / Outsourced work: Credit card payments

2. The Clinic supervises the consignees and will promptly disclose changes to the outsourcing details or the list of consignees through this Policy.

1. Administrative measures: Establishment and implementation of an internal management plan, periodic training, and operation of a dedicated organization

2. Technical measures: Access right management, installation of access control systems, network segregation, encryption, retention and inspection of access logs, installation and updates of security programs, and vulnerability inspection and remediation

3. Physical measures: Access control to computer rooms and data storage rooms, locked storage of documents and removable media, disaster and emergency safety measures, and controls on carrying items in and out

1. Data subjects may at any time request access, transmission, rectification, deletion, suspension of processing, and withdrawal of consent regarding their personal information.

2. To protect personal information, medical records such as medical charts are not provided by methods other than in-person visits (e.g., telephone, mail, or fax).

3. If access, rectification, or deletion is justifiably refused, the reason for refusal will be notified.

4. Specific procedures

(a) Access to personal information

1) For an in-person visit by the data subject, access is permitted after identity verification with an ID card.

2) For an in-person visit by an agent, submit a power of attorney (or family relationship document), the agent’s ID, and a copy of the data subject’s ID.

(b) Rectification and deletion of personal information

1) Upon confirmation of an error, rectification/deletion is carried out without delay (supporting documents may be requested if necessary).

2) Personal information that must be retained under law cannot be rectified or deleted during the statutory retention period.

3) Upon a rectification/deletion request, actions are taken after identity verification in accordance with applicable laws.

4) For an agent’s request, documents verifying the power of attorney must be submitted.

(c) Withdrawal of consent and suspension of processing

1) Upon a request for suspension of processing, actions are taken after identity verification in accordance with applicable laws.

2) For an agent’s request, documents verifying the power of attorney must be submitted.

(d) Access/rectification/deletion of website membership information: Log in > My Page > Edit Personal Information

(e) A legal representative of a child under the age of 14 may request access, rectification, deletion, or suspension of processing of the child’s personal information by submitting documentation proving the relationship and identity.

1. Personal Information Protection Officer: Dongwoo Son, Administration Director, +82-2-476-8965

2. For inquiries, complaints, or remedies regarding personal information protection, please contact the Protection Officer; responses and processing will be provided without delay.

Data subjects may refuse consent or withdraw consent; however, refusal may limit the provision of medical services and other smooth service delivery.

This Policy was enacted on October 1, 2025, and any changes due to laws, policies, or security technologies will be announced on the Website at least 7 days in advance.

- Date of Notice: October 1, 2025

- Effective Date: October 1, 2025

1. The Clinic uses cookies to provide customized services but does not automatically or actively collect personally identifiable information.

2. Cookies are used to provide customized information, including advertisements, by analyzing access frequency and visit times and identifying usage patterns and areas of interest.

3. Installation/operation and rejection of cookies

(a) You can allow all cookies, confirm before storing, or reject all cookies (note that certain services may be restricted).

(b) How to set

▶ Web browser: Chrome — ‘⋮’ (top-right) > New Incognito Window (Ctrl+Shift+N) / Edge — ‘…’ (top-right) > New InPrivate Window (Ctrl+Shift+N)

▶ Mobile browser: Chrome — ‘⋮’ (top-right) > New Incognito Tab / Safari — Settings > Safari > Advanced > Block All Cookies / Samsung Internet — ‘Tabs’ icon > Turn on Secret Mode > Start

1. Purpose of installation: Safety of patients and facilities; prevention of fires and crimes

2. Number, locations, and scope of installation

(a) Number of devices: 17 units at key facilities

(b) Locations and scope: Clinics, procedure rooms, cashier areas, consultation rooms, etc.

3. Person in charge and authorized personnel: Dongwoo Son, Administration Director, +82-2-476-8965

4. Recording hours, retention period, and storage location

(a) Recording hours: 24 hours

(b) Retention period: Within 30 days from the date of recording

(c) Storage location: Server room

5. How to check personal video information: Apply for an in-person visit after prior contact

6. Measures regarding requests for viewing, etc.

(a) Data subjects may request viewing or confirmation of existence, limited to their own recordings or where necessary to protect the life, body, or property interests.

(b) Requests may be refused if the footage has been destroyed after the retention period or if there is a legitimate reason for refusal.

7. Protective measures: Security management including encryption, differentiated access rights, tamper-resistance (recording date/time, viewing purpose, viewer, and viewing time), and physical protection such as locks