1. Items and methods of collecting personal information
2. Purpose of collection and use of personal information
3. Provision and sharing of personal information
4. Entrustment of the handling of collected personal information
5. Period of retention and use of personal information
6. Procedures and methods for destruction of personal information
7. Matters Concerning the Installation and Operation of Automatic Personal Information Collection Devices and Your Rights to Refuse
8. Measures to ensure the stability of personal information
9. Remedies for infringement of rights and interests
10. Contact information of the person in charge of personal information protection and the person in charge
11. Changes to personal information processing policy
12. Other

The company conducts tests entrusted by medical institutions and collects only the minimum amount of personal information necessary to provide test results.

1.1 Personal Information Items
[Collected items during consignment inspection]
– Mandatory Items: Name, resident registration number, alien registration number (only for foreigners), gender (only for foreigners), date of birth (only for foreigners), business number.
– Optional Items: The following information may be automatically generated and collected during the use of services such as phone number, address, mobile phone number, e-mail service, or service provision: service history, access log, cookie data, and access IP information.
* If personal information is collected for other specific short-term purposes, you will be notified separately before collection.

1.2 Methods of collecting personal information
Personal information is collected in the following ways: written forms, faxes, phone calls, and emails.

The Company utilizes the collected personal information for the following purposes:

① Use for identification procedures based on the use of inspection, reception, and result inquiry services.
② Securing a smooth communication path for delivering notices, handling complaints, providing guidance on new services, event information, etc.
③ Delivery of differentiated healthcare content.
④ Shipment of goods, such as certificates.
⑤ Provision of medical services for examination, diagnosis, and treatment, as well as for services like billing, receipt, and refund.
⑥ Basic data for outsourced consignment inspection and clinical trial review.
⑦ Sending certificates and inspection-related goods.
⑧ Utilization for marketing and advertising purposes: subscribing to and sending newsletters, answering questions, improving services, conducting customer satisfaction surveys, providing event and advertising information and opportunities to participate, and identifying or generating statistics on service usage by members.
⑨ Collecting information for consumers under Article 52 of the Consumer Framework Act.

The Company does not use or provide your personal information to third parties, other companies, or institutions beyond the scope of the “Purpose of Collecting and Using Personal Information,” except with your consent or as permitted by relevant laws and regulations. However, exceptions are made in the following cases:

① If the user has given prior consent for disclosure.
② When there is a request from an investigative agency in accordance with statutory provisions or procedures and methods prescribed by law for investigative purposes.
③ When it is necessary for the preparation of statistics, academic research, or market research, and the information is processed and provided in a form that does not identify specific individuals.

The Company may provide or share your personal information with its affiliates to better serve you. When this occurs, you will be individually notified in advance about the following:
ㆍThe identity of the affiliates.
ㆍThe specific personal information being provided or shared.
ㆍThe purpose of providing or sharing the information.
ㆍThe duration for which the information will be protected and managed.
If you disagree with this provision or sharing, you have the right to refuse or withdraw your consent at any time, even after you have initially agreed.

The Company entrusts personal information related to inspections and medical treatments to third parties and establishes necessary measures to safely manage this information during consignment contracts. These measures are in accordance with relevant laws and regulations and are detailed in contracts, inspection requests, computerized interfaces, websites, and result papers.

The details of the Company’s subcontractors and outsourced tasks are as follows:
Name of the subcontractor
Outsourced tasks
Personal information entrusted

When the purpose of collecting or providing personal information has been achieved, the Company will destroy your personal information without delay.
However, if the information was collected for the provision of inspection results, it will be retained in accordance with the medical record storage standards specified in the Medical Law.
Even if the purpose of collection or provision has been achieved, your personal information may be retained if necessary to comply with legal requirements, such as those outlined in the Commercial Act.

The Company promptly destroys personal information once the purpose of collecting and using it has been achieved. The procedures and methods for destruction are as follows:

6.1 [Destruction Procedure]
Once the purpose for which the information was collected has been achieved, the user-entered information is immediately destroyed using the designated destruction method. Personal information will not be used for any purpose other than retention unless required by law.

6.2 [Destruction Methods]
Personal information stored in electronic files is deleted using technical methods that ensure it cannot be recovered. Personal information printed on paper is either shredded or incinerated to ensure complete destruction.

The Company uses cookies, which are small text files sent from a server running the Company’s website to your browser and stored on your computer’s hard disk. Cookies are used to store and retrieve information about your visits.
You have the option to manage cookie settings through your web browser.
You can choose to accept all cookies, receive notifications when cookies are saved, or refuse to accept cookies entirely. Please note that refusing to accept cookies may affect the functionality of some services

8.1. Establishment and Implementation of Internal Management Plans
We establish and implement an internal management plan for personal information protection on an annual basis.

8.2. Minimization and Training of Personnel Handling Personal Information
We designate and minimize the personnel responsible for handling personal information and provide them with the necessary training to ensure effective management.

8.3. Restrictions on Access to Personal Information
We control access to personal information by managing permissions for database systems that process such information. This includes granting, modifying, and revoking access as necessary, and using intrusion prevention systems to guard against unauthorized external access.

8.4. Prevention of Alteration and Tampering of Access Records
We retain and manage records (such as web logs and summary information) of access to the personal information processing system for at least six months. Security measures are in place to prevent forgery, theft, or loss of these access records.

8.5. Encryption of Personal Information
Personal information is encrypted, stored, and managed securely. We employ additional security measures, including encryption, to protect sensitive data during storage and transmission.

8.6. Technical Measures Against Hacking and Other Threats
To prevent personal information leakage and damage from hacking or computer viruses, we install security programs, perform periodic updates and inspections, and implement systems with controlled external access. We also monitor and block unauthorized attempts to access network traffic and detect any illegal alterations of information.

8.7. Access Control for Unauthorized Persons
We have established and maintain access control procedures for the physical storage of personal information systems to prevent unauthorized access.

To seek relief for personal information infringements, the data subject may apply for dispute resolution or counseling with the following organizations:
Personal Information Dispute Mediation Committee
Korea Internet & Security Agency
Personal Information Infringement Reporting Center
For reporting and consultation on other personal information issues, please contact the following institutions:

– Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)
– Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
– Supreme Prosecutors’ Office Advanced Crime Investigation Division (http://www.spo.go.kr / (02) 3480-2000)
– National Police Agency Cyber Terrorism Response Center (http://www.ctrc.go.kr / (02) 392-0330)

To protect your personal information and address any related complaints, the Company has appointed a Personal Information Management Manager. The details are as follows:

• You can report any personal information protection-related complaints that arise while using the Company’s services to the Personal Information Management Manager or the relevant department.