FOREVER CLINIC MYEONGDONG

Privacy Policy

Effective date: 2025-04-23

Forever Clinic Myeongdong (hereinafter "Clinic") processes personal information in accordance with Article 30 of the Personal Information Protection Act and Article 22 of the Medical Service Act to protect the rights and interests of data subjects.

Article 1 (Purpose of Processing Personal Information)

The Clinic processes personal information for the following purposes. Personal information will not be used for purposes other than those stated below. If the purpose changes, the Clinic will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Website membership registration and management

  • Confirming intent to register, maintaining membership status, identity verification
  • Providing appointment booking, confirmation, modification, and cancellation services
  • Maintaining records for complaints and dispute resolution

2. Medical and healthcare services

  • Appointment booking and medical services for dermatology, plastic surgery, aesthetics, etc.
  • Medical consultation, procedure guidance, and prior consent
  • Processing and confirming medical fee payments
  • Issuing prescriptions, medical certificates, and other documents

3. Marketing and advertising (only for those who provide separate consent)

  • Sending event and promotion notifications via SMS, email, and KakaoTalk
  • Providing new treatment information and health newsletters
  • Statistical and analytical use for service improvement

Article 2 (Personal Information Items Processed)

The Clinic processes the following personal information:

1. Items collected upon membership registration

  • [Required] Name, date of birth, gender, mobile phone number, email address, login ID, password
  • [Optional] Address, occupation, referral source, treatment interests

2. Items collected for appointments and consultations

  • [Required] Name, contact information, desired treatment, appointment date and time
  • [Optional] Previous treatment history, skin type, special notes, consultation content

3. Items automatically collected during service use

  • IP address, cookies, service usage records, visit records, improper use records

4. Sensitive information (collected pursuant to the Medical Service Act and Article 23 of the Personal Information Protection Act)

  • Health information, medical records, and prescription details collected during treatment
  • Before/after procedure photos (collected after written patient consent)

Sensitive information is collected pursuant to Article 22 of the Medical Service Act, Article 14 of its Enforcement Rules, and Article 23(2)(2) of the Personal Information Protection Act.

Article 3 (Retention Period)

  • The Clinic processes and retains personal information within the legally required retention period or the period agreed upon when collecting personal information from data subjects.
  • Retention periods for each category of personal information are as follows:

■ Member information: Until withdrawal (retained 1 year post-withdrawal to prevent misuse)

■ Medical records: At least 5 years per the Medical Service Act Enforcement Rules Article 15 (some records 10 years)

■ Reservation and consultation records: 3 years

■ Upon withdrawal of marketing consent: Immediately destroyed (withdrawal history retained 1 year)

■ E-commerce transaction records: 5 years per the E-Commerce Act

■ Consumer complaint/dispute records: 3 years per the E-Commerce Act

Article 4 (Third-Party Disclosure)

  • The Clinic processes personal information only within the scope stated in Article 1 and provides personal information to third parties only with the user's consent or as required by law (Articles 17 and 18 of the Personal Information Protection Act).
  • Personal information may be provided to third parties without consent in the following cases:
  • Transfer of medical records to other medical institutions per Article 21 of the Medical Service Act
  • Provision to the Health Insurance Review and Assessment Service and National Health Insurance Service per the National Health Insurance Act
  • Requests from investigative agencies pursuant to applicable law

Article 5 (Processing Consignment)

  • The Clinic entrusts personal information processing to the following third parties for smooth service delivery:

Consignment Details

  • Consignee: SMS/KakaoTalk notification service / Work: Appointment confirmation messages and alerts
  • Consignee: Website operation and management service / Work: Website maintenance and server operation
  • Consignee: Payment processing service / Work: Online medical fee payment processing
  • When entering into entrustment agreements, the Clinic specifies in contracts: prohibition of processing personal information beyond the scope of entrusted work, technical and managerial protective measures, and restrictions on re-entrustment, in accordance with Article 26 of the Personal Information Protection Act.

Article 6 (Rights of the Data Subject)

  • The data subject may exercise the following rights against the Clinic at any time:
  • Right to access personal information
  • Right to request correction of errors
  • Right to request deletion
  • Right to request suspension of processing
  • Rights may be exercised in writing, by email, or by fax pursuant to Article 41(1) of the Personal Information Protection Act Enforcement Decree, and the Clinic will respond without delay.
  • For access to medical records, separate identity verification is required under Article 21 of the Medical Service Act and Article 13-3 of its Enforcement Rules.
  • Personal information of children under 14 is processed with the consent of their legal guardian, who may request access, correction, deletion, or suspension of processing.

Article 7 (Destruction of Personal Information)

  • The Clinic destroys personal information without delay once the purpose of processing has been fulfilled.
  • If personal information must be retained despite the expiration of the agreed retention period or fulfillment of the processing purpose due to other legal requirements, the information is moved to a separate database or stored in a different location.
  • Destruction procedure and methods:
  • Destruction procedure: Grounds arise → Privacy Officer approval → Destruction executed → Destruction record kept
  • Electronic files: Permanently deleted using irreversible methods
  • Printed materials: Shredded or incinerated

Article 8 (Security Measures)

The Clinic implements the following technical, administrative, and physical measures in accordance with Article 29 of the Personal Information Protection Act:

  • Establishment and implementation of internal management plans
  • Minimizing personnel handling personal information and conducting training
  • Restricting access to personal information (access control systems)
  • Applying encryption when storing or transmitting personal information
  • Technical countermeasures against hacking (antivirus programs, firewalls, etc.)
  • Maintaining and protecting access records to personal information processing systems
  • Physical access control to medical spaces and facilities

Article 9 (Cookies)

  • The Clinic uses cookies to store and retrieve usage information to provide personalized services.
  • Cookies are small pieces of information sent by the server to the user's browser and stored on the user's computer.
  • Users may accept or refuse cookies through browser settings. Refusing cookies may limit certain services.

Article 10 (Privacy Officer)

The Clinic has designated a Privacy Officer responsible for overseeing personal information processing and handling complaints and remedies.

■ Privacy Officer

  • Name: [Name]
  • Position: [Director / Administrative Manager, etc.]
  • Contact: [Phone number] / [Email]

■ Privacy Department

  • Department: [Administrative Office / Admin Team, etc.]
  • Contact: [Phone number] / [Email]

Data subjects may submit personal information access requests pursuant to Article 35 of the Personal Information Protection Act to the department above. The Clinic will ensure timely processing of access requests.

Article 11 (Remedies for Rights Violations)

For personal information violation remedies and consultations, you may contact the following agencies:

  • Personal Information Infringement Report Center (KISA): privacy.kisa.or.kr / 118
  • Personal Information Dispute Mediation Committee: www.kopico.go.kr / 1833-6972
  • Supreme Prosecutors' Office Cyber Crime Investigation Division: www.spo.go.kr / 1301
  • National Police Agency Cyber Safety Bureau: cyberbureau.police.go.kr / 182

Article 12 (Changes to This Policy)

  • This Privacy Policy takes effect from the effective date. Changes due to laws or policy will be announced through notices at least 7 days before taking effect.
  • For significant changes to user rights, notice will be given at least 30 days in advance.
KakaoTalkKakaoTalkLINE(Japan)LINE(Japan)LINE(Taiwan)LINE(Taiwan)WeChatWeChatWhatsAppWhatsApp