Privacy Policy
365mc Hospital ("the Hospital") complies with the Personal Information Protection Act of the Republic of Korea and is committed to safeguarding the personal information of all patients, visitors, and users of our online and offline services. This Privacy Policy describes how we collect, use, retain, and protect personal information, and the rights available to information subjects.
1. Items of Personal Information Collected and Collection Methods
(1) Items Collected
Membership Registration
- Required: Name, password, contact number, email address, usage records, etc.
- Optional: Date of birth, height, target weight, occupation, and areas of interest related to diet or treatment.
Consultation Requests
Name, contact information, email address, date of birth, and other information provided through the consultation form.
Medical Services
Required: Name, resident registration number, address, contact information, email, medical records, biometric data, etc.
(Under the Medical Service Act, collection of unique identification and medical information is mandatory.)
Payment
Credit card company name, card number, and other payment details.
(2) Collection Methods
Information is collected via the website, written forms, fax, telephone, in-person events, online boards, email, event participation, surveys, and counseling.
2. Purpose of Collecting and Using Personal Information
The Hospital processes personal information for the following purposes and does not use it for any other purpose without obtaining separate consent as required by the Personal Information Protection Act.
Membership Registration and Management
Verification of membership intent, user identification and authentication, membership maintenance and management, prevention of unauthorized use, verification of consent from legal guardians for minors under 14, and provision of notices and announcements.
Consultation Requests
Provision of health information, consultations, marketing and promotional materials, event participation guidance, and verification of user intent.
Medical Services
Personal identification, provision of medical information, treatment, prevention of unauthorized access, record-keeping for dispute resolution, handling of complaints, satisfaction surveys, and academic or medical research.
Payments
Processing and management of payments for services rendered.
3. Retention and Use Period of Personal Information
Personal information is retained and used only for the period necessary to achieve the intended purpose. Once that purpose is achieved, the information is promptly destroyed unless required by law.
- Membership Registration: Until membership withdrawal
- Consultation Requests: Until purpose is achieved or upon deletion request
- Medical Records: As required under the Medical Service Act and other related laws
- Payments: As required under financial and taxation laws
4. Destruction of Personal Information
(1) Procedure
When the retention period expires or the purpose of processing is fulfilled, personal information is moved to a separate database (or stored separately if on paper) and destroyed after a period of safe retention in accordance with internal policies and legal requirements.
(2) Method
Electronically stored data is permanently deleted using non-recoverable technical methods. Paper documents are shredded or incinerated.
5. Provision of Personal Information to Third Parties
The Hospital does not disclose personal information to third parties except in the following cases:
- When the patient moves between 365mc branches
- With the individual's prior consent
- When required by law or by investigative authorities under due legal process
- When used for statistical, research, or marketing purposes in a format that cannot identify specific individuals
6. Entrustment of Personal Information Processing
For efficient service delivery, certain operations are entrusted to external specialized companies under strict data protection agreements.
| Entrusted Company | Purpose of Entrustment | Personal Data Entrusted | Retention Period |
|---|---|---|---|
| 365mc Co., Ltd. | Website & EMR development and operations support | EMR ID, password, name, resident registration number (Korean nationals), foreign registration number (non-Korean nationals), address, telephone, mobile phone, email, medical information, and all other collected personal data. | Treatment/surgery records: 10 years; other information deleted upon customer request. |
Customer Center Name, resident registration number, phone number. | |||
| Seegene Medical Foundation | Laboratory testing (blood/sample analysis) | Chart number, name, resident registration number (Korean nationals), foreign registration number (non-Korean nationals). | Deleted immediately upon achievement of purpose. |
| SunKyung Surgi-Med Co., Ltd. | Compression garment production | Name, phone number, address, garment size. | Deleted immediately upon achievement of purpose. |
7. Rights of Data Subjects and Legal Guardians
Users and their legal guardians may, at any time, request to view or modify their personal information or that of a child under the age of 14, and may also request to withdraw their membership.
To access or update personal information, users (or guardians of minors under 14) can click on "Edit Personal Information" (or "Update Member Information"). To withdraw consent or terminate membership, click "Withdraw Membership", complete the identity verification process, and directly proceed with viewing, correction, or deletion.
Alternatively, users may contact the Personal Information Protection Officer by mail, telephone, or email. The Hospital will take prompt action without undue delay.
If a user requests correction of any errors in their personal information, such data will not be used or disclosed until the correction is completed. If incorrect information has already been provided to a third party, the Hospital will immediately notify the third party of the correction so that the necessary rectification may be made.
Personal information that has been deleted or for which consent has been withdrawn will be processed and stored only as required by applicable laws and within the retention periods stated in this policy, and will not be accessed or used for any other purpose.
8. Operation and Management of Video Surveillance Systems
The Hospital provides this Video Information Management Policy to explain how video data collected through CCTV systems is used, processed, and managed. This policy ensures transparency regarding the purposes, scope, and security measures applied to all video surveillance systems operated by the Hospital.
1. Purpose and Legal Basis for Installing Video Surveillance Systems
The Hospital operates video surveillance systems (CCTV) in accordance with the Personal Information Protection Act of the Republic of Korea for the following purposes:
- Ensuring facility safety and preventing fires
- Preventing crimes to protect patient and visitor safety
- Preventing theft or damage to vehicles within the premises
2. CCTV Operation and Management Overview
CCTV systems are operated across all 365mc Hospital branches, with dedicated managers responsible for each location.
3. Recording Time, Retention Period, and Processing Method
- Recording Time: 24 hours (motion detection)
- Retention Period: 1 month
- Processing Method: All access, use, disclosure, deletion, and requests related to personal video recordings are logged and managed. Once the retention period expires, all video data are permanently deleted using secure, non-recoverable methods to prevent restoration or misuse.
4. Outsourcing of CCTV Installation and Management
The Hospital entrusts the installation and management of its video surveillance equipment to specialized security service providers including S-1 Corporation, ADT CAPS, and Kookje Security.
5. Access to Recorded Video Information
To view recorded video information, please contact the Video Information Management Officer in advance and visit the hospital in person. Access will be granted after identity verification to ensure data protection.
6. Requests for Access or Deletion of Recorded Video Information
Individuals may request access to, confirmation of existence, or deletion of their personal video recordings at any time by contacting the operator of the video surveillance system. However, such requests are limited to cases where the recordings are necessary to protect the urgent life, body, or property interests of the data subject. Upon receiving a valid request for access, confirmation, or deletion, the Hospital will take the necessary actions without delay.
7. Security Measures for Video Information
The Hospital manages all recorded video data securely through encryption and other protective measures. Access rights to personal video information are granted selectively based on role and necessity. To prevent unauthorized alteration or misuse, all activities related to video data—such as creation time, access purpose, viewer identity, and viewing time—are logged and monitored. In addition, all recording devices and storage media are kept in secured, locked facilities to prevent unauthorized access or loss.
8. Changes to the Video Information Management Policy
This Video Information Management Policy was last revised on October 1, 2015. Should any additions, deletions, or modifications be required due to changes in relevant laws, policies, or security technologies, the Hospital will post a notice on its official website at least seven (7) days prior to enforcement, outlining the reasons and details of such changes.
9. Use of Automatic Data Collection Tools (Cookies)
The Hospital uses cookies and similar technologies that automatically store and retrieve user information to improve the functionality of our website and user experience.
A cookie is a small text file sent from the 365mc web server to the user's browser, which is stored on the user's computer hard drive. Cookies enable the website to recognize the user's device and remember preferences or previous visits.
(1) Purpose of Using Cookies
- To analyze the frequency and duration of visits by members and non-members
- To identify users' interests and preferences and track website usage patterns
- To measure participation in events and visits for targeted marketing
- To provide personalized and improved services to each user
(2) Refusing or Managing Cookies
Users have the option to disable cookies or receive alerts when cookies are being sent by adjusting their web browser settings.
10. Personal Information Protection Officer and Remedies
The Hospital has designated the following department and officer to protect customers' personal information and handle related complaints and inquiries.
If you wish to report or seek consultation regarding any personal information infringement, you may contact the institutions listed below:
- Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)
- Korea Internet & Security Agency (www.eprivacy.or.kr / +82-2-580-0533~4)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / +82-2-3480-3600)
- National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / +82-2-392-0330)
11. Security Measures
The Hospital implements various technical and administrative safeguards to protect users' personal information. All information transmitted by users is securely stored and managed within a protected system equipped with firewall technology.
Last updated: January 2025
For inquiries regarding this Privacy Policy, please contact us through our consultation page.
