Chapter 1. General Provisions
Article 1 (Purpose) This Policy aims to protect the personal information of Medipeace users by specifying obligations for information and telecommunications service providers under Articles 16–18 of the Act on Promotion of Information and Communications Network Utilization and Information Protection.
Article 2 (Definitions)
1. "Personal information" means information about a living individual that can identify that individual, including when combined with other information.
2. "Information and communications service" means telecommunications services and information provision using such services.
3. "Service provider" (hereinafter "Medipeace") means telecommunications businesses and those who provide information using their services.
4. "User" means a person who uses services provided by "Medipeace" and is identified by the processed information.
5. "Third party" means any party other than the user, the service provider, and those entrusted by "Medipeace" with personal information processing.
6. "Privacy Policy" means the plan established by "Medipeace" to protect users' personal information.
Article 3 (Scope) This Policy applies to personal information processed through information and communications networks as well as manually through written documents.
Chapter 2. Measures Regarding Collection of Personal Information
Article 4 (Scope of Collection)
① "Medipeace" may collect minimum personal information necessary for service agreements through lawful means, with the following as mandatory items:
1. Name
2. Resident registration number (for members) or alien registration number
3. Address
4. Phone number
5. Desired ID (for members)
6. Password (for members)
7. Email address (or mobile phone number)
② "Medipeace" shall not collect personal information that could significantly infringe on basic human rights, including race, ideology, place of origin, political inclinations, criminal records, or health status, except with user consent or as required by law.
Article 5 (Types of Collection)
① "Medipeace" shall distinguish between mandatory and optional items when collecting personal information.
② "Medipeace" shall not refuse basic service provision because a user has not filled in optional items.
Article 6 (Consent)
① "Medipeace" must obtain user consent when collecting personal information, except when required by law, for delivery purposes, for fee settlement, for non-identifying statistical research, or for identity verification.
② Consent shall be given through signature, electronic signature, email, or checking a consent box.
Article 7 (Notification or Specification) When seeking consent under Article 6, "Medipeace" shall notify or specify the following in writing or online:
1. Personal information manager's affiliation, name, and contact
2. Purpose of collecting and using personal information
3. Third-party provision details
4. Users' rights and how to exercise them
5. Personal information items to be collected
6. Retention and use period
Chapter 3. Measures Regarding Use, Provision, and Management of Personal Information
Article 8 (Restrictions on Use and Provision)
① "Medipeace" may not use personal information beyond the scope notified under Article 7 or provide it to third parties, except as permitted by law, for fee settlement, or for non-identifying statistical research.
② If "Medipeace" intends to exceed the notified scope, it must individually notify users and obtain consent.
③ Those who received personal information from "Medipeace" may not use it beyond its stated purpose or provide it to third parties, except with user consent or as required by law.
Article 9 (Ensuring Accuracy) "Medipeace" shall manage users' personal information accurately and up to date.
Article 10 (Technical Measures) "Medipeace" shall take technical measures to prevent loss, theft, leakage, alteration, or damage of personal information:
1. Password-based security devices
2. Anti-virus programs
3. Encryption for network transmission
4. Access control via intrusion blocking systems
5. Other necessary technical devices
Article 11 (Administrative Measures)
① "Medipeace" shall establish procedures for personal information access and management.
② "Medipeace" shall designate system users, assign passwords, and update them regularly.
Article 12 (Confidentiality) Those who handle personal information shall not disclose it to others.
Article 13 (Destruction of Personal Information)
① Personal information must be destroyed without delay when the collection purpose is achieved, except when retention is required by law, when the retention period was pre-notified, or with individual user consent.
② Printed personal information shall be shredded or incinerated; electronic files shall be deleted using unrecoverable methods.
Article 14 (Entrustment of Processing)
① "Medipeace" must obtain user consent when entrusting personal information processing to external parties.
② Selected parties must be able to comply with this Policy.
③ Entrustment contracts must clearly specify compliance obligations, confidentiality, prohibition on third-party provision, and liability.
Chapter 4. Measures Regarding Users' Rights
Article 15 (Right to Access and Correction)
① "Medipeace" shall verify identity and take necessary action without delay when users request access or correction.
② "Medipeace" shall enable users to access or correct their information online.
③ "Medipeace" may require proof of representation from a user's representative.
④ "Medipeace" shall not use personal information until errors requested for correction are corrected.
⑤ "Medipeace" shall notify users without delay after taking corrective action.
Article 16 (Withdrawal of Consent)
① "Medipeace" shall verify identity and take necessary action without delay when users request withdrawal of consent.
② "Medipeace" shall enable users to withdraw consent for collection, use, or provision of their personal information online.
Article 17 (Handling Complaints)
① "Medipeace" shall establish procedures to collect opinions and handle complaints.
② "Medipeace" shall accept and handle complaints through phone, email, or online consultation.
Article 18 (Dispute Resolution) "Medipeace" and users may refer personal information disputes to the Personal Information Dispute Mediation Committee within the Korea Information Security Center.
Chapter 5. Measures Regarding Disclosure and Responsibility
Article 19 (Disclosure of Privacy Policy) "Medipeace" shall establish and disclose a privacy policy including: matters of Article 7, cookie operation, technical and administrative measures, complaint handling, and policy revision.
Article 20 (Training)
① "Medipeace" shall establish training procedures for relevant employees.
② Training may be conducted in-house or entrusted to specialized institutions.
Article 21 (Internal Audit)
① "Medipeace" shall establish audit procedures for Policy compliance.
② Discovered violations shall be promptly corrected.
Article 22 (Personal Information Manager)
① "Medipeace" shall designate a personal information manager.
② The manager is responsible for all compliance measures.
Article 23 (Restriction of Handlers) "Medipeace" shall designate the minimum number of personnel who can handle personal information.
Chapter 6. Special Measures Regarding Children
Article 24 (Collection Method) When collecting personal information from children under 14, "Medipeace" shall use plain language and obtain legal guardian consent.
Article 25 (Rights of Legal Guardian)
① "Medipeace" shall take necessary action without delay when a legal guardian requests access or correction of a child's personal information.
② "Medipeace" shall take necessary action without delay when a legal guardian withdraws consent.
③ Articles 15 and 16 apply mutatis mutandis to legal guardian requests.
Chapter 7. Supplementary Provisions
Article 26 (Special Provisions)
① When using external organizations to collect or handle personal information, "Medipeace" bears responsibility and should recommend compliance with this Policy.
② No one shall damage, invade, steal, or disclose others' information processed through information and communications networks.
Supplementary Provision
This Policy is effective from July 1, 2026.