-
1. Personal information items collected and methods of collecting
-
1)
Collected items
- ①
ID (E-mail), Name (First Name, Middle Name, Last Name), Password, Profession, Office/Home/Cell Phone Number, Office/Home Address 1&2, City, State/Province, Zip/Postal Code, Country
- ②
The above information may be generated and collected during the “Service” use process or business operation process: "Service" usage records, access logs, other device information, etc.
-
2)
Collection method
- ①
"Users" enter the information directly when registering for membership or applying for service use.
- ②
When the information of users (education recipients) is delivered to “Company” by institutions, associations, and schools, etc. which the “Users” are affiliated with, “Company” will enter the information of “Users” en bloc on their behalf.
-
3)
Automatic collection upon using the "Service"
"Users" have the right to refuse to agree to the collection and use of personal information. However, if they refuse to agree, they will not be able to receive the “Service” of “Company” that requires the collection of the above information.
-
2. Purpose of collecting and using personal information
“Company” will utilize the collected personal information for the following purposes:
-
1)
Providing services such as education operation/support, education history management, educational services, evaluation operation/support, evaluation history management, member management, issuance of transcripts, VOC handling, etc.; monitoring-related work; providing assessment and education-related information; internal research and evaluation service improvement using data analysis and statistics
-
2)
“Company” utilizes the personal information collected from “Users” for marketing and advertising purposes, such as newsletters, and presenting of events, educational information, and educational products, etc. that “Company” provides to "Users."
-
3. Sharing and providing collected personal information (provided to third parties)
“Company” will not provide the personal information of “Users” to the outside without the consent of “Users” (except as prescribed by law). In the case of the consent of “Users”, the provision of personal information to third parties shall be limited to the following conditions:
Recipients of personal information |
Purpose of use of personal information |
Personal information provided |
Retention/usage period of personal information |
Jaseng Hospital of Korean Medicine |
User identification |
Name, Profession, Contact Number |
Duration of provision of services related to <Jaseng Medical Academy> |
Jaseng Medical Foundation |
User identification |
Name, Profession, Contact Number |
Duration of provision of services related to <Jaseng Medical Academy> |
-
4. Entrustment of personal information processing
“Company” entrusts the operation of the personal information of “Users” to external professional agencies for the execution of the "Service". The agencies entrusted with personal information may change, and the personal information of “Users” will be delivered only to the agencies to which the entrustment of work is necessary for the execution of the service. The recipients of personal information, the purpose of usage of personal information, the personal information provided and the retention/use period of personal information are made known as in the table of personal information processing entrustment.
Entrusted agencies |
Entrusted work contents |
Entrusted personal information items |
Retention/usage period of personal information |
JSD1 |
On/off-line service operation proxy including payment/cancellation/refunds |
ID (E-mail), Name, Profession, Contact Number, Financial Payment Information |
Duration of provision of services |
PAYPAL |
Paid service payment proxy |
Financial Payment Information |
Duration of provision of services |
-
5. Retention/usage period of collected personal information
After the purpose of collecting and using personal information is achieved, or if “Users” request membership withdrawal or withdraw consent, "Company" will destroy the personal information of “Users” after storing it for a certain period of time (up to 30 days from the education completion date) to check whether the transaction is completed, including payment of education expenses, etc. In the event that personal information is to be stored according to the provisions of the relevant laws, the personal information of users shall be kept during the storage period under the relevant laws. The preserved items/contents, the preservation period and the grounds for preservation are made known as in the table of the retention/usage period of collected personal information.
Preserved items/contents |
Preservation period |
Grounds for preservation |
Records on contract or withdrawal of subscription, etc. |
5 years |
Act on Consumer Protection in Electronic Commerce, Etc. |
Records on payments and the supply of goods, etc. |
5 years |
Records on handling of consumer complaints or disputes |
3 years |
Records on electronic finance |
5 years |
Electronic Financial Transactions Act |
-
6. Procedure and method of destruction of personal information
-
1)
Destruction procedure
In principle, after the purpose of collecting and using personal information has been achieved, "Company" will destroy such information without delay. However, if "Company" is required to store such information according to the provisions of the relevant laws, it will destroy such information after temporarily storing it for the period prescribed under the law. In this case, "Company" will not use the stored personal information for other purposes.
-
2)
Destruction method
Personal information printed on paper will be shredded by a shredder or destroyed through incineration, and personal information stored in electronic file format will be deleted using a technical method where the records cannot be restored.
-
7. Measures to secure the security of personal information
"Company" takes the following technical, administrative and physical measures necessary to ensure security:
-
1)
Establishing and implementing an internal management plan
"Company" establishes and executes its internal management plan for personal information protection. "Company" implements measures to manage personal information by designating the minimum number of personnel in charge of personal information protection and educating them.
-
2)
Restricting access to personal information
"Company" takes necessary measures to control access to personal information through granting, altering, and canceling access rights to the database system that processes personal information, and controls external unauthorized access using the intrusion prevention system.
-
3)
Storing access records and preventing falsification
"Company" stores and manages access records to the personal information processing system (web logs, summary information, etc.) for at least 6 months or longer, and uses security functions to prevent falsification, theft and loss of the access records.
-
4)
Encrypting personal information
The personal information of “Users” is encrypted and then stored and managed. In addition, separate security features are used, including storing important data and encrypting it upon transmission, etc.
-
5)
Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information by hacking or computer viruses, etc., "Company" installs, periodically updates and checks security programs, installs the system in an area where access from outside is controlled, and monitors and blocks the system technologically and/or physically. It also detects attempts to illegally change information, etc. as well as controls network traffic (monitoring).
-
6)
Control of access of non-authorized persons
"Company" designates a separate physical storage location for the personal information system which stores personal information, and establishes and operates a procedure for control of access.
-
8. The rights and its exercise method of “Users”
"Users" may access or partially modify their registered personal information at any time. However, name (first name, middle name, last name) and profession can be modified only after undergoing confirmation by the administrator. "Company" handles withdrawn or deleted personal information so that it is not available for view or use.
-
9. Matters concerning the installation and operation of automated collection devices of personal information and its rejection
"Company" installs and operates devices that automatically collect personal information, such as 'cookies', etc., which store and retrieve user information intermittently. Cookies are a very small text file sent to the users' browsers by the server used to operate the “Company” website, and stored on users' computer's hard disks. "Company" uses cookies, etc. for the following purposes:
-
1)
Purpose of use of cookies, etc.
To provide targeted and personalized services by analyzing the frequency of access and time of visit, etc. of members and non-members, identifying and tracking users’ preferences and interest areas, and identifying the level of participation in various events and identifying number of visits, etc.
-
2)
Method of rejecting cookie settings
“Users” have an option regarding installing cookies. However, in the case that users reject to install cookies, service provision may be difficult. Regarding the method of rejecting cookies, users can allow all cookies, undergo confirmation every time they save cookies, or reject to save all cookies by selecting an option for their web browser.
-
10. Data Protection Officer (DPO) and the department in charge of personal information
"Company" designates the relevant department and Data Protection Officer (DPO) as follows in order to protect the personal information of “Users” and handle complaints related to personal information.
-
1)
Personal information protection manager
- Name: Me-riong Kim
- Phone Number: +82. 2. 750. 1554
- Email: therev@jaseng.co.kr
-
2)
Personal information protection staff
- Name: Hyejin Seo
- Phone Number: +82. 2. 750. 1575
- Email: seohyejin@jaseng.co.kr
“Users” can report all complaints related to personal information protection that arise from using the service of “Company” to the personal information protection manager or the department in charge of personal information. "Company" will promptly and adequately respond to the users' reports.
-
11. Notice obligation
If the current personal information handling policy needs to be changed, "Company" will notify the details on its website at least 7 days before the revision of the personal information handling policy.