Privacy Policy

Mediark Co., Ltd. (hereinafter referred to as the "Company") complies with the laws and regulations related to the protection of personal information that information and communication service providers must comply with, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Communications Secret Protection Act, and the Telecommunications Business Act. The company is doing its best to protect user rights by establishing a privacy policy based on relevant laws.

This privacy policy applies exclusively to the services provided by the "Application Symptom" provided by the company and contains the following details.

Article 1 (Collection Items and Purpose of Personal Information)

The company collects the following personal information items. The processed personal information will not be used for purposes other than those listed below unless there is a separate consent under Article 18 of the Personal Information Protection Act or there is a special provision in another law.

       
Purpose of Use Collection Items Retention Period
Membership Registration and Service Provision
  • Email (SNS account UID)
  • Language
  • Nationality
    •      		Retained until membership withdrawal
    Profile Creation and Medical Interview System Use
  • Profile Name
  • Gender
  • Date of Birth
  • Height, Weight
  • Smoking and Drinking Habits
    •      		Retained until profile deletion or membership withdrawal
    Service Consultation Response
  • User Name
  • User Phone Number
  • User Email
    •      		Retained for 5 years after consultation completion
    Event Participation
  • Delivery Address for Goods
  • Recipient's Name
  • Recipient's Mobile Number
    •      		Retained for 5 years after the event
    Statistical Management and Customized Service Provision for System and Service Improvement
  • Device Unique ID, Device Model Name, Operating System, App Version
    •      		Stored excluding personal information
    Provision of Symptom Interview Summary Service (Including Sensitive Information)
  • [Sensitive Information] Main Symptoms, Accompanying Symptoms, Health Information (Blood Pressure, Fasting Blood Sugar, Oxygen Saturation, Body Temperature, Respiratory Rate, Heart Rate, Alcohol Consumption, Smoking Habits, etc.), Underlying Disease History (Hypertension, Diabetes, Past Surgical and Hospitalization History, Cancer Diagnosis History, etc.), Family History, Prescription History and Medication Status, All Information Entered by the User Using the Symptom App, etc.
    •      		Stored excluding personal information

    Article 2 [Provision of Personal Information]

    1. 1. The company provides personal information to third parties within the scope specified during collection and usage, only after obtaining the user's prior consent. The company will not provide it beyond this scope without the user's prior consent, except in the following cases:
      1. When the user has given written consent
      2. When there is a legal obligation for the company to submit the user's personal information
      3. For statistical compilation, academic research, or market research, where the information is processed in a form that cannot identify a specific individual
    2. The company provides sensitive personal information of the user to third parties within the scope specified during collection and usage, only after obtaining the user's prior consent. The company will not provide it beyond this scope without the user's prior consent, except in the following cases:
      1. When the user has given written consent or when the user has directly shared the information
      2. When there is a legal obligation for the company to submit the user's personal information
      3. For statistical compilation, academic research, or market research, where the information is processed in a form that cannot identify a specific individual

    Article 3 (Procedure and Method of Personal Information Destruction)

    Users' personal information is, in principle, destroyed without delay when its retention period has elapsed or when the personal information becomes unnecessary. The company's procedure and method for destroying personal information are as follows:

    1. Destruction Procedure
      1. The company records and manages matters related to the destruction of personal information. Destruction is carried out under the responsibility of the personal information protection manager, who then verifies the results.
      2. Except in cases required by other laws, the company may exceptionally not destroy user personal information.
    2. Destruction Method
      1. Personal information stored on paper or other recording media is either shredded or incinerated.
      2. Personal information stored in electronic file format is permanently deleted using a method that makes restoration or regeneration impossible.
    3. Method of Retaining Undestroyed Information
      According to company regulations, if personal information is not destroyed and is retained, that personal information or personal information file is stored and managed separately from other personal information. The company does not use the personal information moved to a separate database for purposes other than those stipulated by law.

    Article 4 (Rights, Duties of the Personal Information Subject, and Their Exercise Method)

    1. Users can, at any time, request the company to view their personal information registered through the ‘Symptom’ service, the status of the company's use or provision of their personal information to third parties, and the status of the company's consent to the collection, use, and provision of personal information. If there are errors, users can request corrections and can request membership withdrawal (account deletion).
    2. For users or children under 14 to inquire and modify their personal information, they can click on 'Personal Information Change' (or 'User Information Modification', etc.), and for membership withdrawal (consent withdrawal), they can click on 'User Withdrawal' (or 'Membership Withdrawal', etc.), and after undergoing an identity verification process, they can directly view or modify or withdraw.
    3. In the case of the previous clause, the company promptly investigates the personal information and, upon the user's request, takes necessary measures such as correction and deletion, and then informs the user of the results. Until the company takes the necessary measures, it does not use or provide the personal information in question.
    4. Users can request the company to suspend the processing of their personal information at any time. In this case, the company immediately suspends all or part of the processing of personal information and takes necessary measures such as destroying the personal information that has been suspended without delay.
    5. If you have opinions related to personal information, you can contact the personal information protection manager and the person in charge by mail, phone, or email. After receiving and processing your inquiry, we will guide you on the results.
    6. Users, when logged in, should be particularly careful not to disclose their personal information to others around them.

    Article 5 (Technical and Administrative Personal Information Protection Measures)

    The company is taking the following technical and administrative measures to ensure that personal information is not lost, stolen, leaked, altered, or damaged, in order to secure the safety of users' personal information in its handling process.

    1. Minimal personal information is collected without real-name verification, and sensitive information is stored excluding personal details.
    2. Countermeasures against hacking, etc.
      The company does its utmost to prevent the leakage or damage of members' personal information caused by hacking or computer viruses. Data is regularly backed up in case of personal information damage, and the company uses encrypted communication to transmit personal information securely over the network.
    3. Limiting the number of processors and training
      The company restricts access to personal information to a minimum number of people. Only the marketers who directly deal with the users, the personal information protection manager and in-charge personnel, and others who necessarily have to handle personal information for their work are allowed access. The company emphasizes the importance of complying with the personal information handling policy through regular education for the relevant employees. However, the company is not responsible for any problems caused by the user's carelessness or internet issues, such as the leakage of ID, password, and personal information.

    Article 6 (Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

    No automatic personal information collection device is installed.

    Article 7 (Guidance on the Use of Third Party Modules)

    In order to measure the advertising effect of the Simtomi application service advertised on third-party media and to pay advertising costs to the advertising agency, and to analyze the customer's use of the service, a third-party module may be installed on the Simtomi application. The installed third-party modules are as follows:

    1. iOS
      [Firebase For iOS]
      • Provider: Google
      • Purpose of Use: To analyze the user's use of the service
      • Provided Information: Device information in a form that cannot personally identify the user
    2. Android
      [Firebase For Android]
      • Provider: Google
      • Purpose of Use: To analyze the user's use of the service
      • Provided Information: Device information in a form that cannot personally identify the user

    Article 8 (Contact Information for the Personal Information Protection Officer and Manager)

    1. You can report all complaints related to personal information protection that arise while using the company's service to the personal information protection officer. The company will promptly respond to the member's reports.

      Personal Information Management Officer
      • Name: Lee Chanhyeong
      • Affiliation/Position: CEO of (Inc.) MediaArk
      • Phone Number: 1544-1087
      • Email Address: service@mediark.io
    2. If you need to report or consult about personal information infringement, please contact the following institutions:
      • Personal Information Infringement Report Center (privacy.kisa.or.kr / No area code 118)
      • Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
      • Prosecutors' Office Cybercrime Investigation Team (www.spo.go.kr / 02-3480-3571)
      • National Police Agency Cyber Security Bureau (www.ctrc.go.kr / No area code 182)

    Article 9 (Scope of Application)

    This 'Personal Information Handling Policy' does not apply to personal information collection activities of other websites linked to the Simtomi application. Also, this 'Personal Information Handling Policy' applies only to members who have entered into a use contract with the company and does not apply to members who have been granted authority under the use contract with the company. The personal information handling policy applicable to members must be checked through the personal information protection officer (or similar position) of each company (organization).

    Article 10 (Notification Obligation)

    The personal information handling policy can be modified for purposes such as reflecting changes in laws or services. When the personal information handling policy changes, the changes will be posted, and the changed personal information handling policy will take effect 7 days after the posting.

    Supplementary Provisions

    1. This agreement is announced on October 25, 2023.
    2. This agreement will be implemented from November 1, 2023.