Nana Plastic Surgery Clinic (hereafter referred to as 'the Clinic') places great importance on the privacy of our patients and is committed to fully complying with the Personal Information Protection Act of South Korea to safeguard the rights of users. Through our privacy policy, we inform users how the personal information they provide is utilized, in what manner, and how it is managed to protect their privacy.
Article 1 (Types and Methods of Collected Personal Information)
When collecting personal information, the Clinic will notify users in advance of the scope and purpose of the collection, in accordance with relevant laws and regulations during the registration process or within the terms of service. The items of personal information collected are as follows.
■ Collection Items During Website Registration
○ Collection Items: Name, ID, Password, Email, Gender, Date of Birth, Address, Mobile Phone Number, Telephone Number, Access Log, Cookies, Access IP Information
○ Method of Personal Information Collection: During the process of using the website services (registration, online consultation, etc.) or while handling service provision tasks, the following information may be automatically generated and collected:
Service usage record, access log, cookies, access IP information
■ Collection Items During Medical Consultation
○ Mandatory Items: Name, Gender, Date of Birth, Contact Information (including guardian's contact), Address, E-mail, Height, Weight, Blood Type, Previous Surgery History
○ Health Information: Personal health information deemed necessary by the medical staff for providing medical services, including medical and family history
■ Method of Personal Information Collection
○ Collection through the website, written forms, fax, telephone, consultation bulletin board, email, etc.
Article 2 (Purpose of Collection and Use of Personal Information)
The hospital utilizes the collected personal information for the following purposes. All information provided by the user will not be used for any purposes other than those specified below, and in the event of a change in the purpose of use, prior consent will be sought.
○ Procedures for verification of identity for consultation/examination/appointment inquiries and medical treatment
○ Services for diagnosis and treatment
○ Administrative services such as billing, receipt, and refunds
○ Sending billing statements, details, certificates, and dispatch of drugs/materials and results
○ Entrusted online/offline inspections, external test requests
○ Securing communication channels to assist in handling complaints/grievances
○ Legal and administrative responses and measures for medical quality management and hospital operation
○ Minimum analysis data required for education and research
○ Providing information on medical treatment, academic information, and hospital information.
Article 3 (Providing and Sharing Personal Information)
Except with your consent or as stipulated by relevant laws, the hospital will not use or provide your personal information to others or to other companies/institutions beyond the scope mentioned in the "Purpose of Collection and Use of Personal Information." However, exceptions are made in the following cases:
○ When users have previously agreed to disclose the information
○ When required by law or for investigation purposes, based on procedures and methods prescribed by law upon request from investigative agencies
○ When necessary for statistics compilation or academic research, provided in a format that does not identify specific individuals
Article 4 (Retention and Usage Period of Personal Information)
The retention and usage period of personal information
Your personal information will be destroyed once the purpose of its collection or the purpose for which it was received has been achieved.
- For member registration information, when a member withdraws their membership or is expelled from membership
- For reservations, once the treatment associated with the reservation is completed
Regardless of the retention period mentioned above, if there is a need to continue retaining the data, we will obtain your consent.
[Technical Measures for Personal Information Protection]
Nana Plastic Surgery Clinic has implemented the following technical measures to ensure the security of your personal information and to prevent its loss, theft, leakage, alteration, or damage:
Your personal information is protected by passwords, and important data is encrypted during file and data transfer, or secured using file locking (Lock) functionality.
Nana Plastic Surgery Clinic has adopted authentication and security measures that use password algorithms to safely transmit personal information over the network. In cases where this is not implemented due to system circumstances, physician verification by assistants is performed.
To prevent personal information from being leaked due to hacking, intrusion prevention systems are utilized, and each server is equipped with intrusion detection systems that monitor for intrusions 24 hours a day.
Article 5 (Rights of the User and their Legal Representative and How to Exercise Them)
When a customer requests access, correction, or deletion of personal information, the hospital promptly and sincerely addresses and processes these requests. To protect personal information, procedures for accessing, correcting, or deleting personal information via phone, mail, FAX, or other methods other than in-person visits are not provided.
■ Access to Personal Information - Customers can visit the hospital to request access to their personal information, and we will respond promptly to such requests.
■ Correction and Deletion of Personal Information
[1] If a customer requests correction or deletion of personal information and it is acknowledged that there is an error or there is a need for correction or deletion, the hospital will do so without delay. The hospital may request documentation to verify the details of the correction or deletion.
[2] When a customer requests access to, or correction or deletion of their personal information, identification documents such as a passport must be presented to verify the individual's identity.
[3] If the hospital has a valid reason to refuse access to, or correction or deletion of all or part of the personal information, it will notify the customer and explain the reason.
[4] The legal representative of a child under the age of 14 can request access to, correction, deletion, or processing halt of the child’s personal information, and must submit documentation to prove their relationship and identity.
Article 6 (Installation/Operation of Automatic Personal Information Collection Device and Details on Its Rejection)
The hospital operates 'cookies' which frequently store and retrieve your information. Cookies are very small text files sent by the server operating the hospital's website to your browser and stored on your computer hard disk.
The hospital uses cookies for the following purposes:
The Clinic uses cookies for the following purposes:
1) To analyze the frequency and duration of visits by both members and non-members. This data helps us understand user preferences and areas of interest, which we use as metrics for refining our services.
2) To count your visits during various events hosted by the Clinic, so that we can offer information tailored to your areas of interest.
You have the choice to accept or decline cookies. You can configure your web browser settings to either accept all cookies, confirm each time a cookie is stored, or completely reject all cookies. However, if you choose to decline cookies, some services may not function as intended.
Article 7
To provide better services and customer convenience, and for smooth business operations, the hospital has entrusted the personal information processing tasks to external professional companies as follows. Through contracts such as the outsourcing contract, the hospital has stipulated compliance with laws related to personal information protection, confidentiality of personal information, prohibition of provision to third parties, responsibility in case of accidents, the period of delegation, obligations to return or destroy personal information after the end of processing, etc., and manages to comply with these to ensure safe management of personal information.
Data Recipients: Nana Beauty Group Inc., G2G Inc. (entities that have entered into business support service contracts with the company)
Purpose of Collection and Use: Hospital news, medical information, medical services, event notifications, etc.
Information Provided: Personal information (name, address, contact number, email)
Retention and Usage Period: Can be retained and used for the period stipulated by law.
Article 8 (Personal Information Protection Officer)
The hospital has established security devices as technical measures to protect users' personal information. All information provided by users is safely protected and managed through security equipment such as firewalls. Moreover, as a managerial measure for the protection of users' personal information, the hospital has established procedures necessary for access and management of users' personal information, and limits the number of people processing users' personal information to the minimum, conducting continuous security education. Additionally, the hospital designates users of the system that processes personal information and grants them passwords, which will be updated regularly.
Article 9 (Withdrawal of Consent/Method of Membership Withdrawal)
You can withdraw your consent regarding the collection, use, and provision of personal information that you agreed to at the time of membership registration at any time. Membership withdrawal can be done by clicking "Membership Withdrawal" on the My Page section of the hospital's homepage and going through the identity verification process to personally withdraw membership, or by contacting the personal information protection grievance handling department in writing, by phone, or via fax, etc., necessary actions such as the destruction of your personal information will be taken without delay.
Article 10 (Notification Obligation for Policy Changes)
This personal information processing policy can be changed due to amendments in relevant laws and guidelines or changes in internal operating policies. When there are changes in the hospital's "Personal Information Processing Policy," we will notify you through our website (https://en.nanahospital.com/).
[Video Information Processing Device Operation and Management Policy]
Nana Plastic Surgery Clinic (hereinafter referred to as 'the hospital') informs you of how the video information handled in our hospital is used and managed in what manner and purpose, through the video information processing device operation and management policy.
Article 1 (Basis and Purpose of Installation of Video Information Processing Devices)
According to Article 25, Paragraph 1 of the Personal Information Protection Act, our hospital operates video information processing devices for the following purposes:
○ Facility Safety and Fire Prevention
○ Crime Prevention for Customer Safety
Article 2 (Number of Installations, Installation Location, and Filming Range)
The number of installations, location, and filming range of the video information processing devices are as follows:
Number of installations: 180 units
Location and filming range: Building lobby and corridors, inside elevators, etc.
Article 3 (Details on How and Where to Verify Personal Video Information)
○ How to verify: You can verify by contacting the video information management officer in advance and visiting our hospital.
○ Place to verify: Nana Plastic Surgery Clinic
Article 4 (Measures Regarding the Requests from Information Subjects to Access Video Information, etc.)
Information subjects can request the operator of the video information processing device to access or confirm the existence or deletion of personal video information at any time. However, it is limited to the personal video information in which you were filmed and the personal video information that is clearly necessary for the urgent benefits of the information subject's life, body, and property. The hospital will take necessary measures without delay when a request for access, confirmation of existence, or deletion of personal video information is made. Despite the request of the information subject for access, etc., the request for access to personal video information can be denied in the following cases, and in such cases, the reason for refusal and methods of objection will be notified to the information subject in writing within 10 days.
○ When the retention period for personal video information has expired and it has been destroyed
○ Other cases where there are legitimate reasons to refuse the request of the information subject for access, etc.
Article 5 (Measures to Ensure the Security of Video Information)
The video information processed in our hospital is securely managed through measures such as encryption. Moreover, as a managerial measure to protect personal video information, our hospital is granting differentiated access rights to personal information and is recording and managing the creation date and time of personal video information, the purpose of access during viewing, the viewer, and the viewing date and time, etc., to prevent alteration or forgery of personal video information. In addition, we have installed locking devices for the secure physical storage of personal video information.
Article 6 (Details Regarding Changes in the Personal Information Processing Policy)
This Video Information Processing Device Operation and Management Policy was established on February 10, 2020. In the event of additions, deletions, or modifications to the content due to changes in laws, policies, or security technology, we will notify the reasons and details of the changes at least 7 days before implementation through our hospital's website.
Management Responsible Person: Kim Hyung-Jun
Contact: 02-544-0601
E-mail: nanaprs@naver.com
For reporting or consulting on personal information violations, please contact the following institution:
1. Personal Dispute Mediation Committee (https://www.kopico.go.kr/main/main.do/1336)
2. Information Protection Mark Certification Committee (https://www.eprivacy.or.kr/index.do/02-580-0533~4)
3. Grand Prosecutor's Office Internet Crime Investigation Center (https://www.spo.go.kr/site/spo/main.do/02-3480-3600)
4. National Police Cyber Terrorism Response Center (https://ecrm.cyber.go.kr/minwon/main/02-392-0330)