Effective Date: 2021-06-01
DRC Healthcare Co., Ltd. (hereinafter the "Company") collects the personal information of customers who use the Internet site service and DRC Healthcare stores provided by the company.
We value it very much and do our best to protect your personal information.
The company complies with all personal information protection-related laws, including the [Personal Information Protection Act] and [Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.]
We further protect your personal information by enacting and complying with the company's personal information handling policy.
In addition, the company discloses the personal information processing policy on the first screen of the company website to determine what purpose and how personal information is being used.
We inform you of what measures are being taken to protect personal information, and make it easy for you to browse at any time.
Article 1 Personal information items to be collected
The company collects minimum personal information to provide services when customers sign up as members to use member services.
However, in order to provide better quality customized services to customers, we are selectively receiving additional personal information from customers.
The personal information collected for membership registration, consultation, product and service order and application, and complaint handling, etc. is as follows.
① Individual member
* Required items (basic information): name, identity verification value (personal authentication), ID (ID), password (P/W), password confirmation question and answer, address, mobile phone number, general phone number,
Email address, whether or not to receive email, information (SMS, MMS, DM, TM), date of birth
* Optional items (additional information): skin type, skin interests, and recommender ID
② Business member
* Required items (basic information): individual or corporate business, business name, business number, ID (ID), password (P/W), password confirmation question and answer, address,
Mobile phone number, landline number, email address, whether or not to receive email, information (SMS, MMS, DM, TM), date of birth
* Optional items (additional information): skin type, skin interests, and recommender ID
③ Foreign members
* Required items (basic information): name, alien registration number, nationality, consent to processing unique identification information, ID (ID), password (P/W), password confirmation questions and answers,
Address, mobile phone number, landline number, email address, whether or not to receive emails, whether or not to receive information (SMS, MMS, DM, TM), date of birth
* Optional items (additional information): skin type, skin interests, and recommender ID
④ When registering as a member of SNS
* Required items (basic information): full name (or profile information including nickname), mobile phone number, email (Kakao account), date of birth
* Optional items (additional information): Whether to receive marketing information (SMS, E-mail)
⑤ When a user purchases goods or services from the company, for payment and delivery, return and refund processing, etc.
Depending on your payment method, you will be asked to enter additional information such as:
* For card payment: Minimum information required for payment, such as credit card type, card number, and expiration date
* In case of bank transfer: name of bank account, account number, name of trader
* Contact information such as names, addresses, and phone numbers of the sender and recipient as information necessary for product delivery
⑥ When handling complaints and other matters at the request of other customers
* Required items: name, mobile phone number, address, medical certificate (or one copy of opinion or medical confirmation), drug receipt, bank name, account number,
Purchase receipt, etc. (Only when the user provides information, sensitive information is discarded immediately after the purpose is achieved after confirming customer information.)
⑦ IP addresses, cookies, visit date and time, service use records, and illegal use records may be automatically created and collected during the use of online services or service processing.
⑧ When using the online service, information about the terminal (operating system information, etc.) may be collected for user identification, service provision, and prevention of illegal use, etc.
Mobile carrier information may be additionally collected and used to provide services according to the characteristics of mobile services.
Personal information collection method: website ( https://www.drchealthcare.co.kr/ ), customer center, store, event, provision from affiliates, log analysis, cookies, etc.
Customers may refuse to consent to the collection and use of personal information. However, if you refuse to consent to the collection and use of essential items (basic information), you cannot sign up for membership, and you agree to the collection and use of optional items (additional information) by not entering optional items (additional information). In case of refusal, membership registration is possible,
You may be restricted from using the services and providing benefits using optional items (additional information).
Article 2 Purpose of collection and use of personal information
The company uses the collected personal information for the following purposes.
① Implementation of contract for service provision and settlement of fees for service provision
Securing transaction-related information for delivery, such as content provision, purchase and payment, delivery of goods or billing address
② Member management
Identification according to membership service use, confirmation of intention to sign up, prevention of duplicate sign-up, personal identification, prevention of illegal and unauthorized use by bad members, age confirmation, confirmation of consent of legal representative when collecting personal information of children under the age of 14, handling of complaints and securing a smooth communication path for handling civil complaints, confirmation of intention to join and withdraw, conclusion of a contract, maintenance, implementation, and management
③ Marketing utilization and new service development (Marketing use selection agreement items)
Development and specialization of new services (products), delivery of advertising information such as events, marketing utilization and general marketing activities for affiliate events and service promotion;
Information on products and services provided by the Company and its affiliates, event information and participation opportunities (SMS, SNS, DM, e-mail, etc.);
Analysis work on marketing and service use (individual and group statistical analysis) and new service development
④ SNS linked member management
When the SNS member's identity is verified and his/her consent is confirmed, the company's service provision, the delivery of ordered products (goods) and free gifts, and announcements and events about mall use
communication path of delivery about
Article 3 Period of retention and use of personal information and procedures and methods of destruction
① The company retains customers' personal information while using the services provided by the company and uses them for the purpose of providing services. Customers' personal information registered in the computer cannot be printed out in documents unless the person in charge of personal information management and the person in charge or those who have obtained their approval is authorized.
② When a customer deletes his/her personal information or requests to withdraw from membership, the company will take action without delay. status is treated.
③ The company deletes the information from the disk in accordance with the company's internal destruction procedure when the purpose of collection and/or the purpose of receiving personal information is destroyed as follows, and if it is printed, it destroys the customer's personal information by shredding Destroy without delay.
* In case of membership registration information: When membership is withdrawn or expelled from membership
* In the case of payment information: When the payment is completed or the statute of limitations expires
* For shipping information: when the goods or services are delivered or provided
* In the case of collection for the purpose of a survey or event: When the relevant survey or event ends
④ Even when the purpose of collection or provision has been achieved, if there is a need to preserve it in accordance with the provisions of laws such as the Consumer Protection Act in Electronic Commerce, Personal Information Protection Act, Commercial Act, Framework Act on National Tax, etc. We may retain your personal information.
* Records on contract or subscription withdrawal: 5 years
* Records on payment and supply of goods: 5 years
* Record of handling consumer complaints or disputes: 3 years
* Records on collection, processing and use of credit information: 3 years
* Minimum personal information retention after membership withdrawal (for processing non-re-registration after withdrawal): 1 month
Article 4 Provision of personal information
① The company does not use the customer's personal information or provide it to a third party beyond the scope notified in Article 2, except with the customer's consent or in accordance with the relevant laws and regulations.
In the case of providing or sharing personal information of customers, in advance, who is provided or shared with customers, what is their main business, what personal information items are provided or shared, and what is the purpose of providing or sharing personal information? etc. individually through e-mail or website notice, and then ask for the customer's consent.
② However, in the following cases, it may be provided without the customer's separate consent.
1. In case it is necessary for payment of service provision
2. When it is necessary for statistical preparation, academic research, or market research, processing a specific individual into an unrecognizable form and providing it to a research group, survey, research institution, etc.
3. Communications Secret Protection Act, Framework Act on National Taxes, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Act on Real Name Financial Transactions and Confidentiality, Act on Use and Protection of Credit Information, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act , when there are special provisions under the Consumer Protection Act, Criminal Procedure Act, etc.
Article 5 Management of personal information of non-member customers
The company provides product purchase services to non-member customers. For non-member orders, only personal information essential for delivery, payment, and product delivery is requested from the customer.
If you purchase a product as a non-member, the orderer information and recipient information entered by the non-member customer will not be used for any purpose other than payment and product delivery.
Article 6 Consignment of handling of personal information
① The company may entrust the management of customers' personal information to the following external specialized companies for smooth business performance such as service provision, customer convenience, smooth computer processing, and marketing.
② When entrusting the processing of personal information, the company must comply with the service provider's personal information protection-related instructions through consignment contracts, maintain the confidentiality of personal information, and prohibit the provision of personal information to third parties without the customer's consent. Manage to protect • Supervise.
③ Companies and tasks entrusted with handling personal information are as follows.
* Handling companies and business details
㉮ Handling company: Medi Korea (http://medikorea.info/)
Article 7 Rights of customers and legal representatives and how to exercise them
Customers and their legal representatives can inquire or modify the registered personal information of themselves or children under the age of 14 at any time, and may request cancellation of membership. Click 'Change Personal Information' (or 'Edit Member Information', etc.) to view/modify personal information of customers or children under the age of 14, and click "Withdraw Membership" to cancel membership (withdraw consent) After the pass, you can directly view, correct, or withdraw. Or, if you contact the person in charge of personal information management in writing, by phone or by e-mail, we will take action without delay. If you request correction of errors in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made. The company handles personal information that has been canceled or deleted at the request of a customer or legal representative as specified in the "period of retention and use of personal information collected by the company" and is not viewed or used for any other purpose.
Article 8 Matters concerning the installation, operation and rejection of the automatic personal information collection device
The company uses 'cookies' to store and find customer information from time to time to provide customized services. A 'cookie' is a small amount of information sent from the HTTP server to the user's browser and is stored on the hard disk of the terminal (PC, smartphone, tablet PC, etc.).
① In order to provide better services to customers, it is used for statistical analysis to improve and supplement the website, and for smooth communication between customers and the company.
② Cookies identify the customer's device, but do not personally identify the customer. In addition, the customer has the option of installing cookies.
Therefore, the customer can accept all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
③ You may refuse to store cookies by your choice, but in this case, you may not be able to use normal web services.
Article 9 Reading and correction of personal information, etc.
① The customer can log in to the company's website at any time and click [Modify Member Information] to directly view or correct, request from the person entrusted with handling personal information, or call the company's personal information management department, in writing, You can request to view, correct, delete, or stop processing by contacting us by e-mail, and the company will take relevant measures without delay in response to the customer's request.
② If the customer requests correction of errors in personal information, the company will not use or provide the personal information until the correction is completed. In addition, if incorrect personal information has already been processed, we will take action so that the result of the correction is reflected without delay.
③ In the following cases, the viewing and correction of personal information may be restricted.
1. If there is a risk of significantly harming the life, body, property, or rights and interests of the person or a third party
2. If there is a risk of significantly impeding the business of the service provider
3. Violation of laws, etc.
Article 10 Withdrawal of consent to collection, use and provision of personal information
① The customer can withdraw the consent to the collection, use and provision of personal information at any time.
Withdrawal of consent (withdrawal of membership) is to withdraw consent (withdrawal of membership) directly after logging into the company website, or to request a person entrusted with handling personal information;
You can do this by contacting the department responsible for managing personal information in writing, by phone, or by e-mail.
In response to the customer's request, the company will take necessary measures, such as processing the customer's withdrawal from membership and destroying personal information, without delay.
② The company strives to take necessary measures to make withdrawal of consent to collection of personal information (withdrawal of membership) easier than the method of collecting personal information.
Article 11 Measures to ensure the safety of personal information
In handling customer personal information, the company takes the following measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
① Customer's personal information is protected by a password, and files and data with personal information are protected through a separate security function using access right management, encryption, and file lock function.
② Regular in-house training is conducted for employees who handle personal information on acquisition of new security technologies and obligations to protect personal information.
③ The company is taking the following measures using a vaccine program to prevent damage caused by computer viruses. The antivirus program is updated regularly, and in the event of a sudden virus outbreak, the vaccine is provided as soon as it is released to prevent invasion of personal information.
④ Internal procedures are in place to prevent information leakage by internal employees through the security pledge of all employees, and to check the implementation of the personal information handling policy and whether employees are complied with.
⑤ Handover of personal information-related handlers is carried out thoroughly with security maintained, and responsibility for personal information accidents after joining and leaving the company is clarified.
⑥ The company is not responsible for personal information related problems caused by the customer's negligence or basic internet dangers.
Therefore, each customer must properly manage his/her ID and password and take responsibility for it in order to protect his/her personal information.
⑦ In the event that personal information is lost, leaked, altered, or damaged due to a mistake by an internal manager or an accident in technical management, the company will immediately notify the customer and take appropriate measures and compensation.
Article 12 Obligation to notify when changing the protection policy
The contents of the personal information processing policy will be notified through the 'Notice' (or individual notice) on the website if there is additional deletion or modification of the contents according to the government policy or changes in security technology within the company.
Article 13 Personal information protection work and related grievance department
The company is doing its best to protect customers' personal information and to ensure that customer information is used safely.
However, despite technical supplementary measures, we are not responsible for damage to information due to unexpected accidents caused by basic network risks such as hacking, and for various disputes caused by posts made by visitors. The company also designates the relevant department and person in charge of personal information management as follows to handle complaints related to personal information. You can report any complaints related to personal information protection that occur while using the company's services to the person in charge of personal information management or the department in charge, and the company will promptly and sufficiently respond to the customer's report.
* Personal information manager
- Affiliation: Domestic Business Headquarters
- Person in charge of personal information management: Choi Yong-hwan
- Phone number: 02-1544-0828
- Mail : email@example.com
If you need to report or consult on other personal information infringement, please contact the following organizations.
1. Personal Information Infringement Report Center ( www.privacy.kisa.or.kr/ 118 without area code)
2. Supreme Prosecutor's Office Cyber Crime Investigation Team ( www.spo.go.kr / 02-3480-3573)
3. National Police Agency Cyber Security Bureau ( www.cyberbureau.police.go.kr/ 182)
This policy will be enacted and implemented from June 01, 2021.