Hixmed, Inc. (hereinafter referred to as the “Company”) values the personal information of subjects and establishes and discloses the in order to comply with related laws such as the ‘Personal Information Protection Act’.
Chapter 1: General Provisions
“Personal information” refers to information regarding a living person that can be used to identify the individual, such as name, resident registration number, etc. (Including information that cannot be used to identify an individual alone but can be easily combined with other information to identify it). “Data subject” means a person who can be identified by the processed information and is the subject of the information. The company discloses the personal information processing policy on the first screen of the website so that it can be easily checked at any time. In addition, when revising the personal information processing policy, we will publish a notice (or notify individually) through the website. Each business division may operate a separate personal information processing policy according to the characteristics of the business. In this case, the personal information processing policy of each business division takes precedence, please check the personal information processing policy announced on the website.
Article 2: Personal Information Processing Items and Purpose
The company handles personal information within the minimum range necessary to provide services.
1. Items to be processed
1) Items automatically generated and collected in the process of using the website Access IP information, service use record, access log, cookie and MAC address.
2. Purpose of processing
1) Stable service operation and quality improvement through user service usage analysis such as access frequency identification and service usage statistics collection.
Article 3: Processing and Retention Period of Personal Information
After the purpose of collection and use of personal information is achieved, the company destroys the information without delay. However, the following information is retained for the period specified for the following reasons, and consent from the information subject is obtained if necessary.
1. Items automatically generated and collected in the process of using the website
– Retention period: 6 months
– Reason for retention: Identify access frequency and collect service usage statistics
Article 4: Destruction of Personal Information
The company destroys the personal information without delay in cases when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing. If the personal information retention period agreed by the information subject has elapsed or the personal information has to be kept according to other laws despite the achievement of the purpose of processing, the personal information is moved to a separate database (DB) or the storage location to preserve it is changed. The method of destroying personal information is as follows.
1. Personal information recorded and stored in the form of an electronic file will be deleted through a technical method that doesn’t allow the reproduction of the record.
2. Personal information recorded and stored in paper documents is destroyed by crushing with a shredder or incineration.
Article 5: Provision of Personal Information to Third Parties
The company uses personal information within the scope of the purpose for which it was collected and does not use or provide or share personal information to third parties beyond the scope. However, exceptions are made in the following cases.
1. In case of obtaining separate consent from the information subject.
2. If there are special provisions in other laws.
3. When the information subject or his/her legal representative is unable to express his/her intention or if prior consent cannot be obtained due to unknown address, etc., and it is clearly necessary for the immediate benefit of life, body, or property of the data subject or a third party.
4. In case of providing personal information in a form that cannot identify a specific individual as it is necessary for the purpose of statistical preparation and academic research.
5. If the Protection Committee deliberates that it’s impossible to perform the business under the jurisdiction of other laws without using personal information for purposes other than the intended purpose, or if this is not provided to a third party.
6. When it is necessary to provide information to a foreign government or international organization for the implementation of treaties and other international agreements.
7. When it is necessary for the investigation of a crime and the establishment and maintenance of public prosecution.
8. Where it is necessary for the court’s judicial affairs.
9. Where it is necessary for the execution of punishment, probation, and protective measures.
Article 6: Entrustment of Personal Information Processing
The company entrusts the following personal information processing tasks for smooth business processing and stipulates necessary matters so that personal information can be safely managed in the consignment contract in accordance with relevant laws and regulations.
1. Website operation
– Details of entrusted work: website maintenance and system management, etc.
– Period of retention and use of personal information: Until the specified retention period and reason expire.
Article 7: Rights and Obligations of Information Subjects and Method of Exercising
The information subjects can exercise the following rights related to personal information protection against the company at any time:
1. Request to view personal information.
2. Request for correction in case of errors, etc.
3. Request for deletion.
4. Request to stop processing personal information
The exercise of related rights can be made to the company in writing, e-mail, fax, etc., and the company will take action without delay.
If the information subject requests correction or deletion of personal information errors, the company will not use or provide the personal information until the correction or deletion is completed.
Rights can be exercised through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, a power of attorney must be submitted.
Article 8: Measures to Secure the Safety of Personal Information
The company applies the following measures to ensure the safety of the personal information it retains:
1. Administrative measures: establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: installation of an access control system, encryption of important information, prevention of computer virus damage using vaccine programs, personal information transmission security device (SSL) on network based on encryption algorithms, operation of intrusion prevention system, etc.
3. Physical measures: Control access to computer rooms, data storage rooms, etc.
Article 9: Matters Concerning the Installation and Operation of the Automatic Personal Information Collection Device and Its Rejection
The company operates ‘cookies’ that store and find your information from time to time. Cookies are very small text files sent to your browser by the server used to operate the company’s website and are stored on your computer’s hard disk. The company uses cookies for the following purposes:
1. Analyze access frequency and visit time, identify users’ tastes and interests, and track traces
2. The user has the option of accepting cookies related to targeted marketing and personalized service that identifies the degree of participation in various events and number of visits, etc.. Therefore, the user can accept all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
Example of setting (in case of Internet Explorer): Tools > Internet Options > Privacy section at the top of the web browser. If the user refuses to install cookies, there may be difficulties in providing services.
Article 10: Personal Information Protection Officer
Information subjects can inquire about all personal information protection related inquiries, complaint about handling, damage relief, etc. The company will promptly answer and process inquiries from the information subject. If you need to report or consult on other personal information infringement, please contact the following organization:
– Personal Information Infringement Report Center (privacy.kisa.or.kr /118)
– Personal Information Dispute Mediation Committee (www.kopico.go.kr /1833-6972)
– Cyber Investigation Division, Supreme Prosecutors’ Office (www.spo.go.kr /1301)
– National Police Agency Cyber Security Bureau (cyberbureau.police.go.kr /182)
Article 11: Change of Personal Information Processing Policy
This privacy policy is effective from October 12th, 2023.