隐私政策

世界第一的 X 射线公司

DRGEM Co., Ltd. Privacy Policy

Effective Date: November 29, 2024

DRGEM Co., Ltd. (hereinafter referred to as the “Company”) has established and disclosed this privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and handle related complaints promptly and efficiently.
 The Company provides a procedure for users to click the “Agree” button regarding the contents of the “Privacy Policy” on this website. Clicking the button will be considered as agreement to the collection of personal information.

Article 1 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following. If the purpose of use changes, necessary measures such as obtaining separate consent will be taken in accordance with Article 18 of the Personal Information Protection Act.

1.     Provision and Improvement of Goods or Services

1)        The Company processes personal information for the purpose of providing content and existing services, conducting statistical analysis, analyzing service visit and usage records, discovering new service elements, and improving existing services.

2)        Personal information is processed for the purpose of analyzing service usage records and access frequency, providing statistics on service usage, and providing personalized information based on service analysis and statistics.

2.     Establishment of a Secure Internet Environment

Personal information is processed to build a service environment in which users can safely and securely use services with confidence, focusing on security, privacy, and safety.

Article 2 (Personal Information Processing and Retention Period)

  1. The Company processes and retains personal information within the retention and usage period specified by law or the period of retention and usage agreed upon by the data subject at the time of collection.
  2. The specific processing and retention periods for each type of personal information are as follows:

1)        Provision of goods or services: Until the completion of goods/services delivery and payment/settlement. However, in the following cases, the information will be retained until the end of the specified period:

①        Records related to transactions under Article 6 of the “Act on Consumer Protection in Electronic Commerce, etc.”

Display and advertising records

6 months

Records of contract or withdrawal, payment, and supply of goods

5 years

Records of customer complaints or dispute resolution

3 years

②        Retention Period of Communication Confirmation Data under Article 15-2 of the Protection of Communications Secrets Act

Subscriber telecommunications date and time, start and end time of telecommunications, counterparty subscriber number, usage frequency, originating base station location data

12 months

Computer communication, internet log records, access location tracking data

3 months

 

Article 3 (Rights and Obligations of Data Subjects and Methods of Exercise)

  1. Data subjects may exercise the following privacy-related rights at any time against the Company:

1)        Request for access to personal information

2)        Request for correction if there are errors

3)        Request for deletion

4)        Request for suspension of processing

  1. The rights under Paragraph 1 may be exercised through written, telephone, email, or fax communication with the Company, and the Company will take prompt action accordingly.

3.     The rights under Paragraph 1 may also be exercised through a legal representative or authorized agent of the data subject. In this case, a power of attorney form in accordance with the “Notice on Personal Information Processing Methods” (Form No. 11) must be submitted.

4.     The right of the data subject to request access to and suspension of processing of personal information may be limited under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the “Personal Information Protection Act.”

5.     If personal information is explicitly specified as required for collection under other laws, the data subject cannot request the deletion of such information.

Article 4 (Personal Information Items Processed)
The Company processes the following personal information items:

1.     Provision of goods or services

1)        Mandatory items: Name, email, affiliation, phone number, country

2)        Optional items: Job title

2.     The following personal information items may be automatically generated and collected during the use of internet services:
▶ IP address, cookies, MAC address, service usage records, visit history, misuse records, address, phone number, device information, location information, etc.

Article 5 (Destruction of Personal Information)

1.     The Company will promptly destroy personal information when the retention period expires, the purpose of processing has been achieved, or the information is no longer necessary.

2.     If the retention period of personal information agreed upon by the data subject has expired or the purpose of processing has been achieved, but the information must be retained according to other laws, the Company will transfer the relevant personal information to a separate database (DB) or store it in another location.

3.     The procedure and method for destroying personal information are as follows:

1)        Destruction procedure
 The Company selects the personal information to be destroyed based on the occurrence of the destruction reason and destroys the personal information with the approval of the Company’s personal information protection officer.

2)        Destruction method
 The Company will destroy personal information stored in electronic file formats so that the records cannot be recovered, and personal information stored on paper documents will be shredded or incinerated to destroy it.

Article 6 (Provision of Personal Information to Third Parties)

  1. The Company processes the personal information of data subjects only within the scope specified for the purpose of processing. The Company will only provide personal information to third parties in cases where the data subject has consented, or in accordance with the special provisions of law, as outlined in Article 17 and Article 18 of the “Personal Information Protection Act.” Except in these cases, the Company will not provide personal information to third parties.
  2. If the data subject has consented, the Company will provide the personal information of the data subject to third parties only within the minimum necessary scope as described below.

Recipient

Purpose of Provision

Provided Items

Retention and Usage Period

MEDIGEM Co., Ltd.

Provision of related services

Collected personal information such as name, email, organization, phone number, country, title, etc.

Until the purpose of use is achieved

 

Article 7 (Outsourcing of Personal Information Processing)

  1. The Company outsources personal information processing tasks as follows to ensure smooth processing of personal information.

Trustee (Service Provider)

Entrusted Task

Amazon Web Services Inc.

Physical management of database servers

  1.  When entering into an outsourcing contract, the Company specifies the following in the contract or other written documents in accordance with Article 26 of the “Personal Information Protection Act”: the prohibition of personal information processing for purposes other than the outsourced task, technical and managerial protective measures, restrictions on subcontracting, management and supervision of the subcontractor, and liability for damages. The Company also supervises whether the subcontractor processes personal information securely.
  2. In accordance with Article 26, Paragraph 6 of the “Personal Information Protection Act,” if the subcontractor outsources the Company’s personal information processing tasks, the subcontractor must obtain the Company’s consent.
  3. If the content of the outsourced tasks or the subcontractor changes, the Company will promptly disclose the changes through this personal information processing policy.

Article 8 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular staff training, etc.
  2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of sensitive personal information such as unique identifiers, installation of security programs.
  3. Physical Measures: Access control to computer rooms, data storage rooms, etc.

Article 9 (Personal Information Protection Officer)

  1. The Company has designated a Personal Information Protection Officer to oversee and be responsible for all tasks related to the processing of personal information, including handling complaints and providing remedies for data subjects. The Personal Information Protection Officer’s contact details are as follows:
    ▶ Personal Information Protection Officer
     Name: Jong Kyu Park
     Title: Team Manager / Senior Manager
     Contact: 02-869-8566, drgem@drgem.co.kr
     ※ This will connect to the Personal Information Protection Department.
  2. Data subjects may contact the Personal Information Protection Officer or the department in charge for any inquiries, complaints, or requests for remedies related to personal information protection arising from the use of the Company’s services (or business). The Company will promptly respond and handle such inquiries.

Article 10 (Request for Access to Personal Information)
Data subjects may request access to their personal information under Article 35 of the “Personal Information Protection Act” by contacting the department below. The Company will strive to process the request for access to personal information promptly.
▶ Department for Receiving and Processing Personal Information Access Requests
    Department Name: Sales Planning
    Person in Charge: Jong Kyu Park
    Contact: 02-869-8566, drgem@drgem.co.kr

Article 11 (Remedies for Infringement of Rights)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Reporting Center for remedies regarding personal information infringement. For other reports or consultations regarding personal information infringements, please contact the following agencies:

  1. Personal Information Dispute Mediation Committee: (Toll-Free) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Reporting Center: (Toll-Free) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
  4. National Police Agency Cyber Terror Response Center: 1566-0112 (www.netan.go.kr)

Article 12 (Changes to the Privacy Policy)

  1. This privacy policy will be effective from the date of implementation and may be updated, deleted, or modified due to changes in laws or internal policies.
  2. Any changes to the privacy policy will be notified through the website.