Privacy Policy
Visit Medical Korea Homepage Privacy Policy
Notwithstanding the foregoing, where any of its internal organizations (such as group/team, center, office, and others) creates its homepage, and adopts and implements its own privacy policy, please be advised that the privacy policy of such internal organization applies and will be posted on its homepage. (In case of CRM customers, their personal information will be processed in accordance with this privacy policy, while the privacy policy applicable to Duty Free VIP members will be posted separately.) If this VMK Homepage Privacy Policy is revised, a public notice of such revision will be given by KTO by posting a notice thereof on its website (or by giving notice to each user).
Article 1 (Purpose of Processing Personal Information)
- Sign-up and management of homepage membership To confirm applicants’ intention to sign up for a membership, identify applicants and authenticate their identity, manage users’ membership maintenance, verify users’ identity according to the limited identity verification system, prevent any unlawful use of services, confirm the consent of the legal representative in collecting the personal information of children under 14 years old, give notices, and so forth
- Handling of civil petitions To verify the identity of civil petitioners, check the nature of civil petitions, communicate or give notice for conducting a fact-finding examination, give notice of the result of handling civil petitions, and so forth
- Provision of goods and/or services To provide services, contents, or customized services; settle the payment of fees; and so forth
- Marketing and advertising purposes To develop new services and provide customized services, provide event and/or advertising information and the opportunity to participate, provide services and post advertisements according to demographic characteristics, conduct academic or market research, verify the effectiveness of services, examine access frequency or collect statistics on the use of services by users, and so forth
- Other purposes To collect essential and other information required by KTO’s regulations and rules and/or in relation to its business
※ For the detailed purposes of KTO’s processing of personal information, please refer to “KTO Personal Information Files” below or use the search menu for the list of personal information files on the Privacy Information Protection Portal (www.privacy.go.kr) of the Ministry of the Interior and Safety, as follows: the privacy information protection portal (www.privacy.go.kr) → civil petitions for personal information → requests for access and others to personal information → search menu for the list of personal information files.
Article 2 (Personal Information Items to Be Processed)
- Procedures for one-time real name authentication (“I-PIN,” those by credit rating agencies, and others) should be followed for services that require customer participation such as civil petitions, events, and others. For this reason, KTO does not retain the resident registration numbers of users on its VMK Homepage.
- Users’ “browser type,” “OS,” “date and time of visit,” and “IP” items are automatically collected to improve the quality of services.
- . In addition to the abovementioned items, for the other detailed items of personal information to be processed by KTO, please refer to “KTO Personal Information Files” below or use the search menu for the list of personal information files on the Privacy Information Protection Portal (www.privacy.go.kr) of the Ministry of the Interior and Safety as follows: Privacy Information Protection Portal (www.privacy.go.kr) → civil petitions for personal information → requests for access and other concerns to personal information → search menu for the list of personal information files.
※ The following items of personal information may be automatically generated and collected in the course of using web services. If a user refuses to give consent to the collection of such information, the user may not use the services: - IP address, cookies, MAC address, records of the use of services, records of visit, and others
Article 3 (Processing and Retention of Personal Information)
Article 4 (Provision of Personal Information to Third Parties)
- In principle, KTO processes users’ personal information on its VMK Homepage within the scope of processing prescribed in Article 1 (Purpose of Processing Personal Information) hereof. Thus, users’ personal information will not be processed beyond the original scope of processing prescribed herein nor provided to third parties without the prior consent of users.
For the detailed scope of processing personal information by KTO, please refer to “KTO Personal Information Files” below or use the search menu for the list of personal information files on the Privacy Information Protection Portal (www.privacy.go.kr) of the Ministry of the Interior and Safety as follows: Privacy Information Protection Portal (www.privacy.go.kr) → civil petitions for personal information → requests for access and other concerns to personal information → search menu for the list of personal information files.
Article 5 (Entrustment of Personal Information Processing)
Description of Entrusted Services |
|
---|---|
Entrusting Department / Representative | Medical &Wellness Team / Kim donghan |
Service Provider (Entrustee) | Yoon Communications,Inc. |
Term of Entrustment Contract | January 1 – December 31, 2020 | Entrustee’s Contact Number | 031-330-8000 |
- KTO entrusts the processing of personal information to a third party in relation to its VMK Homepage as follows to ensure that users’ personal information will be effectively processed:
- In entering into such entrustment contracts in relation to its VMK Homepage, KTO clearly defines in the contracts or other relevant documents the purpose of performing the services entrusted therein and the provisions of the parties’ responsibilities in accordance with Article 26 of the act including the prohibition of the processing of personal information; technical and administrative protection measures; restrictions on the re-entrustment, control, and supervision of entrustees; liability for damages and other concerns; and monitoring entrustees to ensure that they process users’ personal information safely and securely.
- In case of changes in the services entrusted or any of the service providers entrusted with such services, KTO will promptly disclose such changes through this privacy policy and seek prior consent from users for such changes, if necessary.
Article 6 (Rights and Obligations of the Subject of Personal Information, and Methods of Exercise)
- As the subject of personal information, each user is entitled to use the following rights: To request access and correction of his/her own personal information and/or of a child under 14 years old or cancellation of membership, and to request correction and deletion of errors concerning his/her personal information
- In requesting such access, correction, cancellation, deletion, and other concerns with respect to personal information, each user may access or correct his/her personal information or cancel membership in person after following the identity verification procedure such as the “modification of personal information,” “correction of member information,” “cancellation of membership,” “revocation of consent,” and others.
- If a user has requested correction or deletion of errors and others concerning his/her personal information, KTO will not use or provide the user’s personal information to third parties until the correction or deletion of such errors and other concerns has been completed on its VMK Homepage.
- The personal information canceled or deleted at the request of a user will be processed by KTO on its VMK Homepage in accordance with the provisions of Article 43 of the Enforcement Decree of the act.
- The subject of personal information may request KTO’s personal information protection department (ICT Business Development Team, Lee Taejun / Personal Information Protection Representative, Phone No.: 033-738-3696, Email Address: ltj8857@knto.or.kr) to give access, correct, or delete or stop processing his/her personal information. Alternatively, he/she may also make such request on the Privacy Information Protection Portal (www.privacy.go.kr) of the Ministry of the Interior and Safety (MOIS).
※ Privacy Information Protection Portal (MOIS) → Civil Petition Center → requests for access and other concerns to personal information (An identity verification is required.)
Article 7 (Destruction of Personal Information)
-
Destruction Procedures
The information entered by users is transferred to a separate database (or a separate document, in case of information printed on paper) once the purpose thereof has been achieved, and it is immediately destroyed after it has been retained for a given period in accordance with KTO’s internal policy and applicable law. In such a case, the personal information transferred to the separate database will not be used for any other purposes unless required by law. -
Destruction Deadlines
Users’ personal information will be destroyed within five days following the end of the retention period thereof when the retention period has expired or within five days from the date when it is deemed unnecessary to process such personal information any longer because of the achievement of the purpose of processing the same, discontinuance of the service(s), closure of business, and the like. -
Destruction Methods
The personal information stored in an electronic file will be deleted by using some technological methods that render such information impossible to be regenerated. The personal information printed on paper will be shredded with a shredder or destroyed through incineration.
Article 8 (Measures to Ensure the Safety of Personal Information)
-
The minimum number of employees who handle personal information and education
KTO appoints employees to handle personal information and limits the handling thereof to such employees in charge, thus taking measures for managing personal information by minimizing the number of employees involved therein. -
Conducting a privacy impact assessment
KTO complies with the obligation to conduct a privacy impact assessment in accordance with Article 35 of the Enforcement Decree of the act and Article 6 of the addendum to the aforementioned Enforcement Decree to ensure safety in handling personal information and improve its personal information management system. -
Development and implementation of an internal management plan
An internal management plan has been developed and is implemented to ensure the safe processing of personal information. -
Encryption of personal information
Personal information is managed through the application of encryption technologies, which guarantee safe storage and transmission of personal information, or through other comparable measures. -
Technical measures against hacking and others
To prevent any computer viruses or hackers from leaking and damaging personal information, necessary security programs are installed, and regularly updated and tested. Moreover, the personal information processing system has been established in a controlled access area, and is monitored and isolated technologically and physically. -
Access control procedures for personal information
Necessary actions are taken to control access to personal information by granting, modifying, or revoking access to the personal information processing database system. Moreover, unauthorized access from outside is controlled by using an intrusion prevention system. -
Storage of records of access, and protection against forgery and alteration
Records of access to the personal information processing system are stored and managed for at least six months, and security functions are used to protect such records of access from forgery, alteration, theft, or loss. -
Use of locks to provide document security
Documents, supplementary storage media, and others that contain personal information are stored in a safe place with locks. -
Control of unauthorized access
A physical storage area for storing personal information is separately designated, and access control procedures for such storage area are established and implemented.
Article 9 (Personal Information Protection Manager)
-
Personal Information Protection Manager
Name: PARK Chul Hyun
Department/Position: Smart Tourism Department
Contact Information: : (Telephone) 033-738-3693 (Email) ltj8857@knto.or.kr
* You will be connected to the team in charge of personal information protection. -
Personal Information Protection Department
Department: Smart Tourism Business Team
Personal information Lee Tae Joon
Contact Information: (Telephone) 033-738-3693 (Email) ltj8857@knto.or.kr
Article 10 (Department Responsible for Receiving and Handling Requests for Access to Personal Information)
- The subject of personal information is entitled to make a request to KTO for access to his/her personal information as follows in accordance with Article 35 of the act. KTO will endeavor to ensure that such a request for access to personal information made by the subject of personal information will be promptly processed on its VMK Homepage.
Department in Charge: Medical&Wellness Team
Representative: Lee Dongeun
Contact Information: (Phone) 033-738-3380, (Email) k-medi@knto.or.kr, (Fax) 033-738-3887 - In addition to KTO’s department in charge of receiving and handling such requests for access under subsection 1 above, the subject of personal information may also request access to personal information on the Privacy Information Protection Portal (www.privacy.go.kr) of the Ministry of the Interior and Safety (MOIS).
※ Privacy Information Protection Portal (MOIS) → civil petitions for personal information → requests for access and others to personal information (An I-PIN is required for identity verification purposes.)
Article 11 (Remedies for the Infringement of Rights)
-
Personal Information Protection Portal (run by the Ministry of the Interior and Safety)
Homepage: www.privacy.go.kr
Phone Number: +82-2-2100-3394 -
Personal Information Incident Report Center (run by the Korea Interment & Security Agency)
Homepage: privacy.kisa.or.kr
Phone Number: 118, without telephone exchange number -
Personal Information Dispute Mediation Committee (run by the Personal Information Protection Commission)
Homepage: www.kopico.go.kr
Phone Number: +82-1833-6972 -
Cybercrime Investigation Department, Supreme Prosecutors’ Office
Homepage: www.spo.go.kr
Phone Number: +82-2-3480-3573; (Representative Telephone Number of the Supreme Prosecutors’ Office) 1301, without telephone exchange number -
Cyber Safety Bureau, National Police Agency
Homepage: www.cyber.go.kr
Phone Number: (Cybercrime) +82-2-393-9112; (Representative Telephone Number of the National Police Agency) 182, without telephone exchange number
※ Procedures for requesting administrative appeals: A person whose rights or interests have been violated as a result of the actions taken or the omissions of the head of the public institution or agency with respect to the request made in accordance with the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Request to Stop Processing Personal Information and Others) of the act may file an administrative appeal according to the relevant provisions of the Administrative Appeals Act.
- For more detailed information about administrative appeals, please refer to Online Administrative Appeals (www.simpan.go.kr).