Abijou Clinic
Privacy Policy
ABIJU Clinic (hereinafter referred to as the “Clinic”) highly values the protection of your personal information and complies with the Personal Information Protection Act.
Through this Privacy Policy, we inform you of how the personal information you provide is used and protected.
The structure of this Privacy Policy is as follows:
1. Items of Personal Information Collected and Collection Method
The Clinic collects only the minimum personal information required to provide services during membership registration.
When signing up for services, you are required to provide both mandatory and optional information.
Optional items, such as whether to receive email notifications, can be left blank without limiting service use.
Mandatory items: Name, Date of Birth, Gender, Address, Age, Mobile Number, Email, Hospital Registration Info, Service Application Status
Medical information: Card company name, Card number, and other credit card payment approval information
Payment information: Card company name, Card number, and other credit card payment approval information
Medical information: Card company name, Card number, and other credit card payment approval information
Payment information: Card company name, Card number, and other credit card payment approval information
2. Purpose of Collection and Use of Personal Information
The Clinic uses the collected personal information for the following purposes:
All information provided by users will not be used for purposes other than those listed below.
If the purpose of use changes, prior consent will be obtained.
a. To verify identity for appointment booking, viewing, and use of membership-based services
b. To provide appointment reminders and informational content via SMS and email
c. To inform users of new services and event information
d. To generate analysis data for customer visits to develop new services
e. To provide medical services including diagnosis, treatment, billing, payment, and reimbursement
f. To provide basic information for outsourced laboratory testing
g. To collect consumer safety information in accordance with Article 52 of the Framework Act on Consumers
b. To provide appointment reminders and informational content via SMS and email
c. To inform users of new services and event information
d. To generate analysis data for customer visits to develop new services
e. To provide medical services including diagnosis, treatment, billing, payment, and reimbursement
f. To provide basic information for outsourced laboratory testing
g. To collect consumer safety information in accordance with Article 52 of the Framework Act on Consumers
3. Provision and Sharing of Personal Information
The hospital will not use or provide your personal information beyond the scope notified in the "Purpose of Collecting and Using Personal Information" without your consent or unless required by relevant laws and regulations. However, the following exceptions apply: · When users have given prior consent to disclosure
· When required by law or when requested by investigative agencies according to the procedures and methods prescribed by law for investigative purposes
· When providing data processed in a form that does not identify any specific individual for purposes such as statistics, academic research, or market research
· When required by law or when requested by investigative agencies according to the procedures and methods prescribed by law for investigative purposes
· When providing data processed in a form that does not identify any specific individual for purposes such as statistics, academic research, or market research
4. Consignment of Collected Personal Information
The hospital entrusts personal information as follows, and in accordance with Article 26 of the Personal Information Protection Act, stipulates matters such as prohibition of processing personal information for purposes other than performing the consigned tasks, implementation of technical and administrative safeguards, restriction on re-consignment, supervision of the trustee, and liability for damages in written contracts or similar documents.
The hospital also supervises whether the trustee safely handles personal information.
If there is any change in the content of the consigned tasks or the trustee, the hospital will promptly disclose it through this Privacy Policy.
Details of the hospital’s consigned tasks and trustees are as follows:
| Trustee Company | Consigned Task | Consigned Personal Information | Retention Period |
|---|---|---|---|
| WENION Co., Ltd. Yeoksam Branch | Phone reservation services | Patient name, chart number, address, date of birth, email address, phone number, mobile number, first visit date, visit date, attending doctor, consultant name, treatment/procedure name, treatment category, medical fee inquiry, photos, health information (EMR) | Until termination of contract |
| WENION Co., Ltd. Yeoksam Branch | Website and medical information system development, maintenance & support | All collected personal information including name, resident registration number (for Koreans), foreign registration number (for foreigners), patient registration number, ID, password, address, phone number, mobile number, email, health information, credit card information | Until termination of contract |
| DozenSoft Co., Ltd. | Information system management and various program development | All collected personal information including ID, password, hospital registration number, name, resident registration number (Koreans), foreign registration number (foreigners), address, phone number, mobile number, email, health information, credit card info | Until termination of contract |
| DozenSoft Co., Ltd. | Server maintenance | All collected personal information including hospital registration number, ID, name, resident registration number (Koreans), foreign registration number (foreigners), address, phone number, mobile number, email address, health information, credit card information | Until termination of contract |
5. Measures for Securing the Safety of Personal Information
[Minimization and Training of Personnel Handling Personal Information]
We minimize the designation of personnel who handle personal information and conduct regular training.
[Regular Internal Audits]
We conduct internal audits at least once a year to secure the safety of personal information handling.
[Establishment and Implementation of Internal Management Plans]
We establish and implement internal management plans for the safe processing of personal information.
[Encryption of Personal Information]
Passwords are encrypted and stored so that only the individual can know them. Important data is secured using file encryption and encrypted transmission.
[Technical Measures Against Hacking, etc.]
We install security programs, regularly update and inspect them, and install the systems in access-controlled zones to prevent leakage or damage due to hacking or viruses. We also technically and physically monitor and block unauthorized access.
[Access Control to Personal Information]
Access to the database systems handling personal information is controlled through granting, changing, or revoking access rights. Unauthorized external access is blocked using intrusion prevention systems.
[Storage and Prevention of Tampering with Access Logs]
Access logs to personal information systems are retained for at least 6 months and protected from tampering, theft, or loss.
[Physical Access Control of Storage Facilities]
Personal information is stored in physical storage locations that are separately secured with access control procedures.
We minimize the designation of personnel who handle personal information and conduct regular training.
[Regular Internal Audits]
We conduct internal audits at least once a year to secure the safety of personal information handling.
[Establishment and Implementation of Internal Management Plans]
We establish and implement internal management plans for the safe processing of personal information.
[Encryption of Personal Information]
Passwords are encrypted and stored so that only the individual can know them. Important data is secured using file encryption and encrypted transmission.
[Technical Measures Against Hacking, etc.]
We install security programs, regularly update and inspect them, and install the systems in access-controlled zones to prevent leakage or damage due to hacking or viruses. We also technically and physically monitor and block unauthorized access.
[Access Control to Personal Information]
Access to the database systems handling personal information is controlled through granting, changing, or revoking access rights. Unauthorized external access is blocked using intrusion prevention systems.
[Storage and Prevention of Tampering with Access Logs]
Access logs to personal information systems are retained for at least 6 months and protected from tampering, theft, or loss.
[Physical Access Control of Storage Facilities]
Personal information is stored in physical storage locations that are separately secured with access control procedures.
6. Retention and Use Period of Personal Information
The hospital shall immediately destroy the personal information of the user once the purpose of collection or provision has been achieved.
· In the case of membership registration information: When the user withdraws from membership or is expelled
· In the case of information collected for surveys or events: When the relevant survey or event ends
· In the case of information collected for medical treatment: Retained in accordance with Article 15 of the Enforcement Rule of the Medical Service Act regarding the preservation of medical records (Retention items: name, address, resident registration number, medical information)
· In the case of credit information collection/processing and usage: Retained for 3 years in accordance with the Act on the Use and Protection of Credit Information (Retention items: card company name, card number, etc. related to card payment approval)
However, even if the purpose of collection or provision has been achieved, personal information may still be retained when necessary according to relevant laws such as the Commercial Act.
· In the case of information collected for surveys or events: When the relevant survey or event ends
· In the case of information collected for medical treatment: Retained in accordance with Article 15 of the Enforcement Rule of the Medical Service Act regarding the preservation of medical records (Retention items: name, address, resident registration number, medical information)
· In the case of credit information collection/processing and usage: Retained for 3 years in accordance with the Act on the Use and Protection of Credit Information (Retention items: card company name, card number, etc. related to card payment approval)
However, even if the purpose of collection or provision has been achieved, personal information may still be retained when necessary according to relevant laws such as the Commercial Act.
7. Procedure and Method of Destroying Personal Information
The hospital shall immediately destroy personal information once the "Purpose of Collection and Use of Personal Information" has been achieved.
Destruction Procedure
Information entered by the user for purposes such as membership registration is destroyed immediately after the purpose is achieved, according to the destruction method.
Destruction Method
Personal information stored in electronic file format is deleted using technical methods that prevent the records from being recovered.
Personal information printed on paper is shredded or incinerated.
Information entered by the user for purposes such as membership registration is destroyed immediately after the purpose is achieved, according to the destruction method.
Destruction Method
Personal information stored in electronic file format is deleted using technical methods that prevent the records from being recovered.
Personal information printed on paper is shredded or incinerated.
8. Rights of Users and Legal Representatives and How to Exercise Them
1. If a customer requests to view, correct, or delete their personal information, the hospital will respond in good faith and process the request without delay. To protect personal information, requests via phone, mail, fax, or other means other than in-person visits will not be accepted.
[Viewing Personal Information]
Customers may visit the hospital and request to view their personal information, and the hospital will respond promptly.
[Correction/Deletion of Personal Information]
If a customer requests to correct or delete their personal information and the request is deemed necessary (e.g., due to errors), the hospital will proceed without delay. The hospital may request supporting documents to verify the need for correction or deletion.
2. When a customer requests to view, correct, or delete their personal information, the hospital will verify their identity by checking a valid ID (e.g., resident registration card, passport, or driver's license).
3. If a legal representative visits on behalf of the customer, the hospital will confirm the legitimacy of the representative by checking a power of attorney, consent form, and the representative’s ID.
4. If the hospital has a valid reason to refuse access, correction, or deletion of all or part of the personal information, it will notify the customer and explain the reason.
Customers may visit the hospital and request to view their personal information, and the hospital will respond promptly.
[Correction/Deletion of Personal Information]
If a customer requests to correct or delete their personal information and the request is deemed necessary (e.g., due to errors), the hospital will proceed without delay. The hospital may request supporting documents to verify the need for correction or deletion.
2. When a customer requests to view, correct, or delete their personal information, the hospital will verify their identity by checking a valid ID (e.g., resident registration card, passport, or driver's license).
3. If a legal representative visits on behalf of the customer, the hospital will confirm the legitimacy of the representative by checking a power of attorney, consent form, and the representative’s ID.
4. If the hospital has a valid reason to refuse access, correction, or deletion of all or part of the personal information, it will notify the customer and explain the reason.
9. Protection of Children’s Personal Information
Membership registration for children under the age of 14 (hereinafter referred to as "children") is conducted through a separate form written in plain and easy-to-understand language. The hospital obtains consent from the legal guardian before collecting or using the child's personal information.
The hospital collects only the minimum necessary information (e.g., legal guardian’s name and contact details) from the child in order to obtain consent. Consent is obtained in accordance with the procedures outlined in this privacy policy.
Legal guardians may request to view, correct, or delete the child’s personal information. To do so, they must go through the legal guardian verification process via the “Edit Member Info” section, after which they can directly view, correct, or delete the child’s information.
10. Withdrawal of Consent / Membership Cancellation
You may withdraw your consent to the collection, use, and provision of your personal information at any time. To withdraw consent, you may either:
Click “Cancel Membership” under “My Chart” on the hospital’s website and complete the identity verification process, or
Contact the Personal Information Protection Department via mail, phone, or fax.
Upon confirmation, your personal information will be promptly destroyed and necessary actions will be taken.
11. Use of Cookies and How to Refuse Them
The hospital uses “cookies,” which are small text files sent by the server operating the website and stored on your computer’s hard drive. These cookies allow the hospital to retrieve and store your information as needed.
Cookies are used for the following purposes:
We analyze the frequency and duration of visits by both members and non-members to understand users’ preferences and interests, which helps guide service improvements.
By tracking information on the web pages viewed and those of particular interest, we provide personalized services on subsequent visits.
We also use this data to assess participation and frequency of visits in events hosted by the clinic, granting differentiated opportunities and delivering customized information based on individual interests.
You have the right to choose whether to allow cookies. You can configure your web browser to allow all cookies, to notify you each time a cookie is saved, or to block all cookies entirely.
How to adjust your browser settings:
1) For Internet Explorer: Go to the Tools menu at the top of the browser > Internet Options > Privacy > Settings
2) For Chrome: Go to the menu on the top right of the browser > Scroll to the bottom and click "Advanced" > Under "Privacy and Security," click "Content Settings" > Cookies
Please note that if you choose to block cookies, some services may not function properly.
How to adjust your browser settings:
1) For Internet Explorer: Go to the Tools menu at the top of the browser > Internet Options > Privacy > Settings
2) For Chrome: Go to the menu on the top right of the browser > Scroll to the bottom and click "Advanced" > Under "Privacy and Security," click "Content Settings" > Cookies
Please note that if you choose to block cookies, some services may not function properly.
12. Operation and Management of Video Information Processing Devices
Abijou Clinic operates and manages video information processing devices as follows.
[Installation Basis and Purpose]
For the safety of patients and facilities, prevention of fire and crime, and management of parking and stopping. [Installation Location, Shooting Range, and Recording Time]
Installation location and shooting range: Entire area except locker rooms
Recording time: 24-hour continuous recording [Manager in Charge]
Position: Chief Director
Affiliation: Abijou Clinic
Phone Number: 1544-0377
Handling Method: Records and manages requests related to the use of personal video information outside of its purpose, provision to third parties, destruction, and access. Upon expiration of the retention period, the data is permanently deleted in a way that makes recovery impossible (in case of printed materials, by shredding or incineration). [How to Verify Personal Video Information]
Verification Method: Prior contact and visit application required. [Actions Regarding Requests for Access or Confirmation of Video Information by the Data Subject]
You may request the operator of the video information processing device at any time to access or confirm the existence of personal video information.
However, this is limited to personal video information in which you are recorded and that is clearly necessary to protect your urgent life, body, or property interests.
Even if you request access, the following cases may result in refusal:
1) When the retention period of the personal video information has expired and the data has been destroyed.
2) When there is a legitimate reason to refuse the request for access or confirmation. [Technical, Managerial, and Physical Measures to Protect Video Information]
Video information handled by the clinic is securely managed through encryption and other measures.
Additionally, the clinic applies managerial measures to protect personal video information by granting differentiated access rights and records the creation time of personal video information, purpose of access, accessor, and access time to prevent tampering or alteration.
Moreover, physical security measures such as locks are installed to ensure safe storage of personal video information.
For the safety of patients and facilities, prevention of fire and crime, and management of parking and stopping. [Installation Location, Shooting Range, and Recording Time]
Installation location and shooting range: Entire area except locker rooms
Recording time: 24-hour continuous recording [Manager in Charge]
Position: Chief Director
Affiliation: Abijou Clinic
Phone Number: 1544-0377
Handling Method: Records and manages requests related to the use of personal video information outside of its purpose, provision to third parties, destruction, and access. Upon expiration of the retention period, the data is permanently deleted in a way that makes recovery impossible (in case of printed materials, by shredding or incineration). [How to Verify Personal Video Information]
Verification Method: Prior contact and visit application required. [Actions Regarding Requests for Access or Confirmation of Video Information by the Data Subject]
You may request the operator of the video information processing device at any time to access or confirm the existence of personal video information.
However, this is limited to personal video information in which you are recorded and that is clearly necessary to protect your urgent life, body, or property interests.
Even if you request access, the following cases may result in refusal:
1) When the retention period of the personal video information has expired and the data has been destroyed.
2) When there is a legitimate reason to refuse the request for access or confirmation. [Technical, Managerial, and Physical Measures to Protect Video Information]
Video information handled by the clinic is securely managed through encryption and other measures.
Additionally, the clinic applies managerial measures to protect personal video information by granting differentiated access rights and records the creation time of personal video information, purpose of access, accessor, and access time to prevent tampering or alteration.
Moreover, physical security measures such as locks are installed to ensure safe storage of personal video information.
13. Person Responsible for Personal Information Management
To protect your personal information and handle complaints related to personal information, the hospital has appointed the following person responsible for personal information management. [Personal Information Manager]
Name: Park Hee-kyung
Position: Team Leader
Affiliation: Abijou Clinic
Phone Number: 1544-0377
You may report any complaints related to personal information protection that arise during the use of the hospital’s services to the personal information manager or the responsible department. The hospital will respond promptly and sufficiently to users’ reports. For other reports or consultations regarding personal information infringement, please contact the following organizations:
Personal Information Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Information Security Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
Supreme Prosecutors’ Office Cyber Crime Investigation Division (http://www.spo.go.kr / (02) 3480-2000)
Korean National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)
Name: Park Hee-kyung
Position: Team Leader
Affiliation: Abijou Clinic
Phone Number: 1544-0377
You may report any complaints related to personal information protection that arise during the use of the hospital’s services to the personal information manager or the responsible department. The hospital will respond promptly and sufficiently to users’ reports. For other reports or consultations regarding personal information infringement, please contact the following organizations:
Personal Information Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Information Security Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
Supreme Prosecutors’ Office Cyber Crime Investigation Division (http://www.spo.go.kr / (02) 3480-2000)
Korean National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)
14. Notice Obligation Regarding Policy Changes
This Personal Information Processing Policy was established on July 12, 2016. In case of additions, deletions, or modifications due to changes in laws, policies, or security technologies, the hospital will notify the reasons and details of the changes on its website at least 7 days prior to the enforcement of the revised policy.
-
CS Center
1544-0377 -
Abijou Clinic Business hours
Weekdays10:00-20:00
Lunch break14:00-15:00 (Except Saturdays)
Saturdays10:00-16:30
SundaysCLOSED
Whats App+82 10-3209-0377
- About
- This Month Promotion
- Popular Treatments Event
- Schedule Consult
- Careers
- Terms of Use
- Privacy Policy
- Minor Consent
© abijouclinic. All rights reserved.Designed by Threeway