CHA Bundang Medical Center, CHA University (Hereinafter, the “Medical Center”) regards personal information of customers as important and observes the “Medical Law” and “Personal Information Protection Act.” Abiding by Personal Information Management Policy, we inform our customers of ways and purposes in using personal information they provide and what measures are taken to protect their personal information.
CHA Bundang Medical Center, CHA University (Hereinafter, the “Medical Center”) regards personal information of customers as important and observes the “Medical Law” and “Personal Information Protection Act.”
Abiding by Personal Information Management Policy, the Medical Center informs customers of ways and usage of personal information they provide and what measures are taken to protect their personal information.
Please refer to the following for detailed personal information management policy.
The Medical Center shall use collected personal information for the purposes listed below. All the information provided by customers shall not be used except those purposes and when we change the purposes to use it, we shall seek consent of customers in advance in compliance with the Personal Information Protection Act.
A) Membership Information on Homepage
B) Treatment and Treatment Support
When collecting personal information from subjects, the Medical Center processes and retains the information within permitted and agreed period as the law dictates. Please refer to the following:
A) Information for homepage membership: Until the membership withdrawal. However, in some cases as indicated below, the information shall be retained until the termination of the issue.
B) Collected information to provide medical service: Retention period specified in the Medical Law. However, even after the purpose for collecting and using personal information has been achieved, the period shall be extended if the information needs to be preserved according to the commercial law and other related regulations and for patients’ medical services.
C) Personal information collected for the purposes of questionnaire, event etc.: Information shall be retained until the purpose of collecting it has been achieved.
D) Records about signs and advertisement: For 6 months (Consumer Protection Act for electronic commerce etc.).
E) Records about consumer complaints and dispute handling: 3 years. (Consumer Protection Act for electronic commerce etc.).
F) Records about user identification: 6 months. (Act on Promotion of Information And Communications Network Utilization And Information Protection etc.)
G) Records about visit: 3 months (Protection of Communications Secrets Act)
H) Data on collecting, processing and utilizing credit information: 3 years according to the Use and Protection of Credit Information Act.
Under any circumstances, the Medical Center does not use personal information of customers beyond the scope indicated in the PURPOSE OF PERSONAL INFORMATION COLLECTION AND MANAGEMENT or provide it to any others except to prior customer consent or relevant regulations require. However, based on the regulations of related act, it is allowed to provide personal information without customer consent in the following cases.
A) Upon agreement by users to open their information
B) Provision of medical records to health insurance examiners based on the National Health Insurance Act to request insurance benefit to cover treatment cost.
C) Modification of personal information to make the individual unidentifiable for statistics creation and academic research purposes.
D) Upon request by law enforcement agencies according to methods & procedures followed by the law.
E) As required by special regulations specified in the Act on Real Name Financial Transactions and Guarantee of Secrecy, Use and Protection of Credit Information Act, Electronic Communication Fundamental Law, Electronic Communications Networks, Local Tax Act, Consumer Protection Act, Bank of Korea Act, Criminal Procedure Act etc.
A) The Medical Center allows personal information to be commissioned for better services as below. When signing the entrustment agreement, the Medical Center stipulates necessary conditions in order to safely manage entrusted personal information in compliance with the law.
B) When signing an entrustment agreement, the Medical Center clearly dictates in the document such items as prohibition on processing personal information except for entrusted affair execution, technical & administrative protection measures, restriction on re-entrustment, management & monitoring of entrusted party, liabilities for damages and other responsibilities, and the Medical Center shall ensure that the entrusted party deal with personal information as safely as possible.
C) As changes are made to the details of entrusted affair or the entrusted party, the Medical Center shall publicize it without any delay according to the Personal Information Management Policy.
1. The Medical Center responds to customer request without any delay for discontinuance of access, correction, deletion and processing of personal information.
2. However, the Medical Center shall not proceed with discontinuance of access, correction, deletion and processing of personal information if the requests are made by telephone, mail, fax and so forth. Such requests shall be processed only by customer visit in order to protect personal information of the customer.
3. If there is a legitimate reason to deny customer request for discontinuance of access, correction and deletion of personal information in whole or in part, the Medical Center shall notify the customer and explain about the reason.
4. Regarding the policy of the Medical Center on review of personal information of customers, please refer to the following details:
A) Review of personal information
B) Correction and deletion of personal information
C) Discontinuance of personal information processing: Withdrawal of agreement for collection/utilization or provision of personal information (Membership cancellation)
D) Review/correction/deletion of homepage membership information: As for review/correction/deletion of membership information, login to the homepage, click “My Page”, go to “Information Correction,” and subsequently modify the information to complete the process.
E) Legal agent for children under 14 years old: Legal agent may request discontinuance of access, correction, deletion and processing of personal information of children under 14 years old and shall submit documentary evidence to prove the relationship with the child/children.
The Medical Center collects minimum amount of personal information for treatment, homepage membership, provision of additional services for treatment and so forth. Please refer to the following details of items the Medical Center processes in this regard.
A) Items to be collected for homepage membership
B) Treatment & medical checkup
C) Payment of treatment fee
D) Complaints Handling & Processing
E) Method of collecting personal information: Homepage, paper, fax, Telephone, online consultation, email etc.
F) Consent to collection of personal information: When collecting identifiable personal information of user(s), the Medical Center acquires user consent in compliance with legitimate procedures as shown below.
G) Rights to reject and consequences
User may refuse to agree and cancel agreement even after consent at any time. In case user disagrees to consent, he/she may be limited in using services as collected personal information is necessary to provide quality services.
1. When “Purpose of Personal Information Collection and Utilization” is achieved, the Medical Center disposes of such personal information without delay. The process and method of disposal of personal information are as follows:
A) Disposal Process
B) Disposal Method
1. The Medical Center appoints personal information managers as below who are responsible for all affairs relating to personal information protection and processing. The Medical Center will respond without delay to reports or complaints on any issues or services upon receiving them.
* CHA Bundang Medical Center, CHA University
* Website of CHA Bundang MedicalCenter,CHAUniversity
2. Please inquire at the following institutions for report or consultation on infringement of personal information
A) Personal Information Dispute Mediation Committee(www.1336.or.kr / 1336)
B) ePRIVACY i-safe(http://www.eprivacy.or.kr / 02)580-0533~4)
C) High-Tech Crime Investigation Department of Supreme Prosecutors' Office(www.spo.go.kr / 02)3480-2000)
D) National Police Agency Cyber Bureau (www.ctrc.go.kr / 02) 392-0330)
1. This personal information management policy was established in November 30, 2016, and in case content of it is added, deleted and modified due to changes in laws, policies or security technology, the Medical Center will notify changed details through homepage of the Medical Center at least 7 days before the new personal information management policy comes into effect.
- Publication Date: November 30, 2016
- Effective Date: December 7, 2016
The Medical Center takes the following technical and administrative measures necessary to prevent loss, theft, leakage, alteration or damage of personal information as it is processed.
A) Technical measures
B) Administrative measures
1. Customer may withdraw at any time his/her consent made for membership to collection, usage and provision of personal information.
2. Member may cancel his/her membership by visiting the homepage of the Medical Center, going to “Customer Service,” and clicking “Internet Error & Membership Cancellation” after identification check. Member may contact a website manager via letter, telephone or fax to authorize the manager for the cancellation, and then personal information of the customer will be destroyed without any delay.
1. What is cookie?
2. Purpose for using cookie: Providing a customized individual service including advertisements through analysis of user connection frequency, visiting times etc., recognizing the User favorites and interest area, visiting numbers etc.
3. Installation/operation of cookie & the refusal thereof
The Medical Center installs and operates image data processing equipment as follows:
A) Purpose of installing image data processing equipment: Providing security to clients and facilities, preventing fire and crime and managing parking.
B) The number of equipment installed, location and scope of recording
C) Manager, division and person authorized to have access to image data
D) Recording time, retention period, storage place and management method of image data
E) Method and place of image data confirmation
F) Measures to deal with the request of the subject of information for inspection of image data
G) Technical, administrative and physical measures to protect image data: Image data processed by the Medical Center is managed safely through several measures such as encryption. Also, the Medical Center grants graded access authority to staff according to their position as an administrative measure to protect personal image data. In addition, the Medical Center records and manages information such as creation date & time, review purpose, reviewer, review date of personal image data in an effort to prevent fabrication and alteration of the aforementioned data. Furthermore, locking devices have been installed for secure physical storage of personal image data.