Privacy Policy
Woori Medical Foundation Gimpo Woori Hospital (hereinafter referred to as ‘Hospital’) attaches great importance to the protection of your personal information and complies with the Personal Information Protection Act. In accordance with Article 30 of the Personal Information Protection Act, Woori Medical Foundation Gimpo Woori Hospital establishes and discloses the following personal information processing guidelines to protect the personal information of information subjects and to promptly and smoothly handle complaints related thereto.
The provisions to ensure that personal information is safely managed when signing a consignment contract are as follows.
1) Matters pertaining to the prohibition of processing personal information other than for the purpose of performing consignment work
2) Matters regarding technical and managerial protection measures for personal information
3) Matters regarding the purpose and scope of the entrusted work and restrictions on re-entrustment
4) Matters related to supervision, such as checking the management status of personal information
5) Matters related to compensation for damages in case of violation of obligations to be observed by the trustee
Article 5 Matters concerning the rights and obligations of information subjects and legal representatives and methods of exercising them
1) The information subject can exercise rights such as requesting the hospital to view, correct, delete, or suspend processing of personal information at any time.
2) To exercise rights under paragraph 1, you may contact us in writing, e-mail, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the hospital will take necessary measures without delay.
3) The exercise of rights under Paragraph 1 may be done through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney in the format of Appendix 11 of the Enforcement Rules of the Personal Information Protection Act.
4) Requests to view and suspend personal information processing may limit the information subject's rights pursuant to Article 35, Paragraph 5 and Article 37, Paragraph 2 of the Personal Information Protection Act.
5) Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
6) The hospital verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.
7) The information subject may withdraw his/her consent to the collection, use and provision of personal information at any time when registering as a member. To withdraw membership, log in to the hospital's website and click 『Withdraw Membership』 on the information modification page to go through the identity verification process and withdraw membership directly, or contact the person in charge of personal information protection in writing, by phone, or e-mail, and we will contact you without delay. We will take necessary measures, including destroying personal information.
※ Personal information that is required to be stored by law cannot be modified or deleted within the retention period even upon request.
Article 6 Items of personal information processed
There are required and optional items when registering as a member, and there are no restrictions on using the service even if you do not enter optional items such as whether to receive emails.
The provisions to ensure that personal information is safely managed when signing a consignment contract are as follows.
1) When receiving treatment
A. Collection items: Name, resident registration number (domestic), alien registration number (foreigner), address, phone number, mobile phone number
B. Health information: Personal information deemed necessary by medical staff to provide medical history, medical records, and medical services
2) Payment of medical expenses
When paying by credit card, payment approval information such as card company name and card number
3) Items collected when registering as a member of the website
Required items: name, date of birth, gender, login ID, password, mobile phone number, email The following information may be automatically generated and collected during the process of using the service or processing the service provision work. : Service usage records, access logs, cookie access IP information
4) Items collected to provide services other than medical treatment
Collection items: name, date of birth, reservation information, medical records, mobile phone number, address
5) Personal information collection method
We collect personal information in the following ways. - Written form, fax, phone, website membership registration, website bulletin board, email
Article 7 Matters concerning destruction of personal information
The hospital destroys personal information immediately after the purpose of collection and use of personal information has been achieved. Destruction procedures and methods are as follows.
1) Destruction procedure
The information entered by the user for membership registration, etc. is immediately destroyed according to the destruction method after the purpose has been achieved.
2) Destruction method
Personal information stored in electronic file format is deleted using technical methods that render the records unrecoverable.
Personal information printed on paper is destroyed by shredding or incineration
Article 8 Matters pertaining to the person in charge of personal information protection
1) In order to protect your personal information and handle complaints related to personal information, the hospital has a personal information protection manager as listed below.
A. Personal information protection officer
Name: Go Do-hyeon
Department: Hospital Director
Phone number: 031-999-1000
- Medical information section
Personal information protection officer and department
Position and department: Medical information team leader / Medical information team
Contact: 031-999-1827
- Home page section
Personal information protection officer and department
Position and Department: Public Relations Team Leader / Public Relations Team
Contact: 031-999-1623
2) You may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the hospital's services (or business) to the personal information protection manager and responsible department. The hospital will respond and process inquiries from information subjects without delay.
Article 9 Matters concerning measures to ensure the safety of personal information
The hospital is taking the following technical and administrative measures to protect your personal information to prevent it from being lost, stolen, leaked, altered or damaged.
1)Technical measures
A. Personal information is protected by a password, and important data is protected through a separate security function by encrypting files and transmission data (resident registration number, password) or using the file lock function.
B. We use anti-virus programs to prevent damage caused by server viruses. Antivirus programs are updated periodically, and if you catch a virus, it is treated as soon as a vaccine is available to prevent your personal information from being violated.
C. We build a web firewall (National Intelligence Service CC certification (EAL4 level), Korea Information and Communication Technology Association (TTA) GS certification, and National Intelligence Service verified encryption module installed) to prevent your personal information from being leaked by hacking, etc. We block intrusions and monitor intrusions 24 hours a day.
D. Additionally, our center uses networks that are separate from the internal network (OCS) and the external network (Internet).
2) Managerial measures
A. We strengthen the protection of personal information by managing the access rights of personal information handlers, authentication, password management, access control, and personal information encryption.
B. Consignment management of personal information
We supervise and manage entrusted individuals to ensure that personal information is not used for unfair purposes, such as leaking, processing without permission, or providing to third parties.
① Matters regarding re-consignment and prohibition of provision to third parties
② Storage and management of written personal information, input and output data
③ Matters related to inspection of personal information management status and training of affiliated employees
3) Physical measures
Access control for computer team, data storage room, medical information team, human resources and general affairs team, etc.
Article 10 Matters concerning the installation and operation of automatic personal information collection devices and their refusal
The hospital operates ‘cookies’ that store and retrieve your information from time to time. A cookie is a very small text file that the server used to run the hospital's website sends to your browser and is stored on your computer's hard disk. The hospital uses cookies for the following purposes: You have the option to install cookies. Therefore, by setting options in your web browser, you can allow all cookies, confirm each time a cookie is saved, or refuse to save all cookies. If you refuse to install cookies, it may be difficult to provide some services.
Article 11 Remedies for infringement of rights and interests of information subjects
1) You can report any personal information protection-related complaints that arise while using the hospital's services to the personal information manager. The hospital will promptly and sufficiently respond to users' reports.
2) The organizations below are separate from the hospital. If you are not satisfied with the hospital's own personal information complaint handling and damage relief results, or if you need further assistance, please contact us.
A. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information infringement, requesting consultation
- Website: privacy.kisa.or.kr
-Phone: (without area code) 118
- Address: Personal Information Infringement Reporting Center, 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2, Bitgaram-dong) (58324)
B. Personal Information Dispute Mediation Committee
- Responsibilities: Request for personal information dispute mediation, group dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: (03171) 4th floor, Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul
C. Supreme Prosecutors' Office Cyber Crime Investigation Unit: 02-3480-3573 (www.spo.go.kr)
D. National Police Agency Cyber Security Bureau: 182 (http://cyberbureau.police.go.kr)
Article 12 Matters concerning changes to personal information processing policy
This personal information handling policy was revised on October 1, 2021, and if there are additions, deletions, or modifications to the content due to changes in laws, policies, or security technology, it will be posted on the hospital website before the changed personal information handling policy is implemented. We will notify you of the reason and contents of the change.
Article 13 Judgment criteria for considerations in each subparagraph of Article 14-2, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act in relation to additional use and provision
1) In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, Gimpo Woori Hospital may additionally use and provide personal information without the consent of the information subject in consideration of matters pursuant to Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. there is.
2) Accordingly, Gimpo Woori Hospital has considered the following matters in order to further use and provide information without the consent of the information subject.
A. Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
B. Whether there is a possibility of additional use and provision of personal information in light of the circumstances in which personal information was collected or processing practices.
C. Whether the additional use and provision of personal information unfairly infringes on the interests of the information subject
D. Whether necessary measures were taken to ensure safety, such as pseudonymization or encryption.
Article 14 Request to view personal information protection
The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. Gimpo Woori Hospital will strive to ensure that the information subject's personal information is viewed and processed promptly.
1) Website personal information viewing request reception and processing department
A. Department Name: Public Relations Team
B. Contact: 031-999-1953
2) Medical information personal information access request reception and processing department
A. Department Name: Medical Information Team
B. Contact: 031-999-1827
Article 1 Purpose of processing personal information
Article 2 Processing and retention period of personal information
Article 3 Matters concerning provision of personal information to third parties
Article 4 Matters concerning entrustment of personal information processing
Article 5 Matters concerning the rights and obligations of information subjects and legal representatives and methods of exercising them
Article 6 Items of personal information processed
Article 7 Matters concerning destruction of personal information
Article 8 Matters pertaining to the person in charge of personal information protection
Article 9 Matters concerning measures to ensure the safety of personal information
Article 10 Matters concerning the installation and operation of automatic personal information collection devices and their refusal
Article 11 Remedies for infringement of rights and interests of information subjects
Article 12 Matters concerning changes to personal information processing policy
Article 13 Judgment criteria for considerations in each subparagraph of Article 14-2, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act in relation to additional use and provision
Article 14 Request to view personal information protection
Article 1 Purpose of processing personal information
The hospital uses the collected personal information for the following purposes. All information provided by users will not be used for purposes other than those required for the purpose, and prior consent will be requested if the purpose of use changes.
1) Website member information
A. Required information: Provision of medical treatment reservation, reservation inquiry, and membership service through the website
B. Optional information: Hospital news, disease information, etc. via email, surveys
2) Provision of non-medical services
Information on medical appointments, medical information, and hospital news via text message
3) Grievance handling
Confirmation of identity of complainant, confirmation of complaint, contact for fact-finding, notification, and processing results
We process personal information for purposes such as notification.
Article 2 Processing and retention period of personal information
The hospital destroys your personal information without delay when the purpose of collecting or providing personal information has been achieved.
1) Medical treatment information
Stored in accordance with the medical record storage standards specified in the Medical Service Act
2) Website member information
However, even if the purpose of collection or provision has been achieved, your personal information may be retained if there is a need to preserve it pursuant to the provisions of laws and regulations such as the Commercial Act.
A. Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
B. Records on collection/processing and use of credit information: 3 years (Act on Use and Protection of Credit Information)
C. Records of identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)
D. Records of visits: 3 months (Communication Secrets Protection Act)
3) Until services provided other than medical treatment are provided.
Article 3 Matters concerning provision of personal information to third parties
Except in cases where there is your consent or in accordance with the provisions of related laws, the hospital will in no case use your personal information beyond the scope notified in “Purpose of collection and use of personal information” or disclose it to other people or other companies or institutions. Not provided. However, the following cases are permitted:
1) When separate consent is obtained from the information subject
2) When there are special provisions in other laws
3) In cases where the information subject or his/her legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc., it is clearly necessary for the urgent benefit of the life, body, or property of the information subject or a third party. When accepted
4) When personal information is provided in a form that does not identify a specific individual as it is necessary for purposes such as statistical compilation and academic research.
5) If personal information is used for a purpose other than its intended purpose or is not provided to a third party, it is impossible to perform the duties prescribed by other laws and the Personal Information Protection Committee has passed deliberation and resolution.
6) When necessary to provide information to foreign governments or international organizations for the implementation of treaties and other international agreements.
7) When necessary for investigation of crime and filing and maintenance of indictment
8) When necessary to carry out the court's judicial duties
9) When necessary for the execution of punishment, custody, and protective measures.
Article 4 Matters concerning entrustment of personal information processing
The hospital entrusts personal information as follows to provide services, and stipulates necessary matters to ensure that personal information is safely managed when entering into a consignment contract in accordance with relevant laws and regulations. The hospital's personal information consignment processing agency and consignment details are as follows.
Consignment company | Consignment work details | Retention and use period of personal information |
---|---|---|
Opencom Co., Ltd. | ο Contents of entrusted work: Website membership management, identity verification based on membership service use, complaint handling, delivery of notices, development and specialization of new marketing services (products), delivery of advertising information such as events, other AS centers, web Site and system management ο Entrusted personal information items: name, date of birth, gender, login ID, password, phone number, address, mobile phone number, email ο The consignee can send newsletters to members via email, which are sent not for commercial purposes but to improve public health. Of course, in this case as well, you will have to go through a consent process when registering as a member, and if you do not agree, we will not send it to you. | Until the end of the consignment contract |
Until the end of the Amis Technology Co., Ltd. | server maintenance and system operation consignment contract. | Until the end of the consignment contract |
Esofting Co., Ltd | DB management | Until the end of the consignment contract |
Greuzen Co., Ltd. | Server Network | Until the end of the consignment contract |
Hi Parking Co., Ltd. | parking management | Until the end of the consignment contract |
S-Tech System Co., Ltd. | security | Until the end of the consignment contract |
Samsung Welstory Co., Ltd. | Patient's diet and feeding | Until the end of the consignment contract |
Ire Safety System Co., Ltd. | Environmental cleaning within the hospital | Until the end of the consignment contract |
ACK Co., Ltd. | LIS program maintenance | Until the end of the consignment contract |
CM Soft Co., Ltd. | Comprehensive checkup program maintenance | Until the end of the consignment contract |
GE Healthcare | Comprehensive checkup program maintenance | Until the end of the consignment contract |
Green Cross Medical Foundation Co., Ltd. | Consignment inspection | Until the end of the consignment contract |
Goliath Co., Ltd. | document shredding | Until the end of the consignment contract |
Fear Nine Co., Ltd. | Health checkup questionnaire, result sheet sent, mobile notification message, email | Until the end of the consignment contract |
LC Tech Co., Ltd. | Electronic consent form | Until the end of the consignment contract |
VUNO Co., Ltd. | Cardiac arrest risk prediction program within 24 hours | Until the end of the consignment contract |
Consignment company | Contact information | Management status | Management status |
---|---|---|---|
Opencom Co., Ltd. | 1544-4256 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Ami Technology Co., Ltd. | 02-573-3880 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Esofting Co., Ltd. | 02-2028-1104 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Gruzen Co., Ltd. | 02-538-3856 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Hi Parking Co., Ltd. | 070-7119-2562 | Personal information protection of educational evidence |
not applicable |
S-Tech System Co., Ltd. | 02-2142-8151 | Personal information protection of educational evidence |
not applicable |
Samsung Welstory Co., Ltd. | 031-999-1981 | Personal information protection of educational evidence |
not applicable |
Ire Safety System Co., Ltd. | 010-8710-0717 | Personal information protection of educational evidence |
not applicable |
ACK Co., Ltd. | 02-501-3734 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
CM Soft Co., Ltd. | 031-906-2990 | Personal information protection of educational evidence |
not applicable |
GE Healthcare | 02-6201-3114 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Green Cross Medical Foundation Co., Ltd. | 1566-0131 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
Goliath Co., Ltd. | 031-366-2893 | Personal information protection of educational evidence |
not applicable |
Fear Nine Co., Ltd. | 02-780-8003 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
LC Tech Co., Ltd. | 02-761-1416 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |
VUNO Co., Ltd. | 02-515-6646 | Personal information protection of educational evidence |
Personal information protection of Status Checklist |