Deepmedi

Privacy Policy (Deepmedi Co., Ltd.)

  • Deepmedi Co., Ltd. (hereinafter the “Company”) establishes this Privacy Policy in accordance with applicable laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection (the “Information and Communications Network Act”) and the Personal Information Protection Act, to protect users' personal information and rights and to smoothly handle user grievances related to personal information.
  • If the Company amends this Privacy Policy, it will provide notice individually or through App notices.
  • This Policy takes effect on April 1, 2019.

1. Purpose and Items of Personal Information Collection

  • The Company processes personal information for the following purposes.
PurposeCategoryRequired ItemsOptional Items
Service membership registration and managementSign-upName, e-mail, password-
Provision of goods or servicesDevice identificationMobile phone serial number, IMEI-
Provision of goods or servicesService useName, e-mail, gender, height, weight, year of birth, finger video for blood pressure measurement, blood pressure-
Provision of goods or servicesPayment- Mobile phone payment: mobile phone number, carrier- Credit card payment: card company name, card number, expiration date-
Analysis based on demographic characteristics and development and provision of services-성별, 키, 몸무게, 태어난연도, 혈압측정을 위한 손가락 동영상, 혈압-
Handling user complaints and grievancesMemberName, e-mail-
Handling user complaints and grievancesNon-memberName, e-mail-
Marketing and advertising useNewsletter deliveryName, e-mail-
Marketing and advertising useProvision of customized services이름, 이메일, 성별-
Marketing and advertising useEvent information delivery and participationName, e-mail-
  • If the purposes or items of member information processed by the Company change, the Company will request consent in advance in accordance with applicable laws.

2. Retention and Use Period of Personal Information

  • The Company retains and uses personal information within the retention and use period required by applicable laws or consented to by the data subject at the time of collection.
  • The processing and retention periods for each category of personal information are as follows.
Purpose of RetentionPeriodBasis for Retention
Information related to transaction details and supporting documents5 yearsFramework Act on National Taxes, Corporate Tax Act
Records on labeling and advertising6 monthsAct on Consumer Protection in Electronic Commerce, etc.
Records on contracts or withdrawal of offers5 yearsAct on Consumer Protection in Electronic Commerce, etc.
Records on payment and supply of goods, etc.5 yearsAct on Consumer Protection in Electronic Commerce, etc.
Records on consumer complaints or dispute handling3 yearsAct on Consumer Protection in Electronic Commerce, etc.
Retention of access records3 monthsProtection of Communications Secrets Act
Cases where retention is necessary under the Commercial Act and other applicable laws10 yearsCommercial Act

3. Entrustment of Personal Information Processing

  • The Company entrusts personal information processing as follows for smooth handling of personal information-related work.
TrusteeEntrusted WorkContact
Naver Cloud PlatformUse of cloud services1544-5876
  • When entering into entrustment agreements, the Company supervises whether the trustee safely processes personal information in accordance with applicable laws.
  • If the details of entrusted work or the trustee change, the Company will disclose such changes without delay through this Privacy Policy.

4. Overseas Transfer of Personal Information

  • The Company does not provide personal information to overseas business operators.

5. Provision of Personal Information to Third Parties

  • If the Company needs to provide personal information to a third party, it will request consent in advance in accordance with applicable laws. In such cases, the Company will disclose the relevant details in this Privacy Policy.
  • The Company may not provide users' personal information to a third party without prior consent. However, the following cases are exceptions.
    • Where information is provided in a form that cannot identify a specific individual and is necessary for statistics, academic research, or market research
    • Where requested by a national agency under applicable laws
    • Where necessary for criminal investigation purposes or requested by the Information and Communications Ethics Committee
    • Where requested under procedures prescribed by other applicable laws

6. User Rights and Obligations and How to Exercise Them

  • The Company does not collect personal information from children under the age of 14.
  • Users may exercise the following rights regarding their registered personal information.
    • Users may request suspension of processing and deletion of personal information in writing, by e-mail, through the website, or by other means.
    • If a user requests correction or deletion of errors in personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
    • A request for correction or deletion of personal information may not demand deletion where other laws specify that the personal information must be collected.
  • User rights, including access, correction, suspension of processing, and deletion, may be exercised through a legal representative or an authorized agent. In this case, a power of attorney in the form prescribed in Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
  • When a request for access, correction, deletion, or suspension of processing is made under data subject rights, the Company verifies whether the requester is the data subject or a legitimate agent.
  • Users have the following obligations as data subjects.
    • Users must keep their personal information up to date, and users themselves are responsible for problems caused by entering inaccurate information.
    • Users are responsible for maintaining the security of their accounts and may not transfer or lend them to third parties.
    • If a user applies for the service by misappropriating another person's personal information, the user may lose eligibility and be punished under applicable laws.

7. Destruction of Personal Information

  • In principle, the Company destroys personal information without delay once the purpose of processing has been achieved. The destruction procedures and methods are as follows.
    • Destruction procedure
      • Information entered by users is destroyed immediately after the purpose is achieved. However, for Members who have not used the service for one year, the Company notifies them by e-mail and, unless the user makes a separate request, destroys the personal information by a secure and unrecoverable method.
    • Destruction method
      • Information in electronic file form is destroyed using technical methods that prevent the records from being reproduced.
      • Personal information printed on paper is destroyed using a shredder.

8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

  • The Company uses cookies, which store and retrieve usage information from time to time, to provide customized services to users.
  • Cookies are small pieces of information sent by the server (http) used to operate a website to the user's computer browser and may be stored on the hard disk of the user's PC.
    • Purpose of cookies:
      • Providing information optimized for users
    • How to install, operate, and refuse cookies: You may refuse cookie storage through the methods below.
      • Internet Explorer: Tools at the top of the browser > Internet Options > Privacy menu options
      • Microsoft Edge: Browser top menu > Settings > View advanced settings > Cookie menu options
      • Chrome: Browser top menu > Settings > Advanced > Content settings > Cookie menu options
  • If you refuse cookie storage, there is no issue with using the service, but customized services may not be available.

9. Personal Information Protection Officer

  • The Company designates the following Personal Information Protection Officer to take overall responsibility for personal information processing and to handle user complaints and remedies related to personal information processing.
    • Personal Information Protection Officer
      • Name: Lee Kwang-jin
      • Position: Representative
      • Contact: lby593@deep-medi.com
  • Users may contact the Personal Information Protection Officer regarding all personal information protection inquiries, complaint handling, and remedies arising while using the Company's services. The Company will respond to and process user inquiries without delay.

10. Measures to Secure Personal Information

  • In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures necessary to secure personal information.
    • Minimization and training of employees handling personal information
      • The Company designates employees who handle personal information and limits handling to responsible personnel to minimize access and manage personal information.
    • Establishment and implementation of an internal management plan
      • The Company establishes and implements an internal management plan for the safe processing of personal information.
    • Retention of access records and prevention of forgery or alteration
      • The Company retains and manages records of access to personal information processing systems, such as web logs and summary information, for at least six months and uses security functions to prevent access records from being forged, altered, stolen, or lost.
    • Encryption of personal information
      • Users' personal information is encrypted, stored, and managed. Important data is also encrypted during storage and transmission and protected by separate security functions.
    • Technical measures against hacking, etc.
      • To prevent personal information leakage or damage caused by hacking or computer viruses, the Company installs security programs, periodically updates and checks them, installs systems in areas where external access is controlled, and technically and physically monitors and blocks access.
    • Restriction of access to personal information
      • The Company takes necessary measures to control access to personal information by granting, changing, and deleting access rights to personal information processing systems.

11. Remedies for Infringement of Data Subject Rights and Interests

  • If you need detailed assistance regarding infringement of data subject rights and interests, please contact the following institutions.
    • Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
      • Duties: Reports of personal information infringement and consultation requests
      • Website: privacy.kisa.or.kr
      • Phone: 118 (without area code)
      • Address: 3F Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do 58324, Korea
    • Personal Information Dispute Mediation Committee
      • Duties: Personal information dispute mediation applications and collective dispute mediation (civil resolution)
      • Website: www.kopico.go.kr
      • Phone: 1833-6972 (without area code)
      • Address: 4F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul 03171, Korea
    • Supreme Prosecutors' Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
    • Korean National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr)

12. Changes to this Privacy Policy

  • This Privacy Policy applies from its effective date. If additions, deletions, or corrections are made in accordance with applicable laws or policies, the Company will notify users through the website at least seven days before the changes take effect.