Bibi Clinic (hereinafter referred to as the “Hospital”) complies
with the following processing policy in accordance with the Personal Information Protection Act and other related laws to protect users’ personal information and rights and to smoothly handle users’ complaints related to personal information. Through the personal information processing policy, the Hospital
informs you of how and for what purpose your personal information is used and what measures are taken to protect your personal information.

1. Items of personal information collected and collection method
The Hospital collects only the minimum amount of personal information necessary to provide treatment, treatment-related additional services, and website membership registration services.

[Items collected during treatment]
– Required items: Hospital registration number, name, address
– Optional items: Mobile phone number, e-mail
– Health information: Personal health information that medical staff deems necessary for providing treatment services, such as medical history and family history

[Items collected when receiving treatment fees]
– When paying by credit card: Card payment approval information, such as card company name and card number

[Items collected for health information notification service]
– Optional items: Name, date of birth, gender, address, mobile phone, hospital registration number, treatment information (visit and discharge, illness,
prescription, examination, payment information), e-mail, service application

[Items collected during website membership registration]
– Required items: Name, ID, password, gender, date of birth, mobile phone number, e-mail, address
– Optional items: Whether to receive mobile phone text messages and e-mails (when agreeing to receive advertising information), legal representative information (when registering as a member under the age of 14)

[Items collected when making a treatment reservation and inquiry]
– Required items: Name, gender, mobile phone number, reservation date and time, password, treatment subject, and name of the making the reservation
doctor – Optional items: Membership registration information, such as member ID and password (after member logging in) English:

[Items collected during health consultation]
– Required items: Name, mobile phone number, consultation details, password
– Optional items: Member ID, password, etc. Membership registration information (when making a reservation after logging in as a member), email address

[Other collected items]
– When collecting personal information for other specific purposes (such as posting), personal information is collected through a separate personal information collection and use consent procedure.
– Service usage records, access logs, cookies, access IP, etc. may be automatically generated and collected during the process of using the service or processing service provision tasks.
<Next> Service usage records, access logs, cookies, access IP, etc.

[Method of collecting personal information]
Personal information is collected through the following methods.
– Homepage, written forms, FAX, phone, consultation bulletin board, e-mail, event participation
– Collection through generated information collection tools (collection tools such as visitor analysis tools)

2. Purpose of collection and use of personal information
The hospital uses the collected personal information for the following purposes.
All information provided by the user will not be used for any purpose other than the purposes required below, and prior consent will be obtained if the purpose of use is changed.
– Used for identity verification procedures for membership services such as health consultation, medical appointment reservation, and reservation inquiry
– Used as a communication channel for delivering notices, handling complaints, etc.
– Statistics on service use
– Provision of medical services for diagnosis and treatment
– Data for medical support such as medical fee billing, collection, and refund
– Data required for education, research, and follow-up investigation of treatment results
– Basic data for external contracted testing and clinical trial review
– Provision of home services such as medical/examination/health check-up reservation, reservation inquiry, examination/health check-up result inquiry, and web questionnaire
– Sending of medical fee invoices, certificates, health check-up and examination-related items
– Provision of information on new services and events (optional)
– Data for providing health information, developing new services, and providing personalized services (optional)
– Collection of consumer risk information pursuant to Article 54 of the Framework Act on Consumers

3. Provision and sharing of personal information
Except when you consent or when required by relevant laws and regulations, the hospital will not use your personal information beyond the scope notified in the 『Purpose of Collection and Use of Personal Information』 or provide it to other persons, companies, or organizations under any circumstances.
However, the following cases are exceptions.
– When users have given prior consent
– When there is a request from an investigative agency in accordance with the provisions of the law or in accordance with the procedures and methods stipulated by law for investigative purposes
– When necessary for compiling statistics, academic research or market research and providing it in a form that does not allow the identification of specific individuals

4. Entrustment of handling collected personal information
The hospital entrusts personal information as follows, and when concluding an entrustment contract, in accordance with Article 26 of the Personal Information Protection Act, prohibits the processing of personal information for purposes other than the performance of the entrusted work, takes technical/administrative protective measures,
We specify in documents such as contracts matters regarding restrictions on re-entrustment, management/supervision of the trustee, compensation for damages, etc., and supervise whether the trustee safely processes personal information.
In the event that the content of the entrusted work or the trustee changes, we will disclose it without delay through this personal information processing policy.
The hospital’s personal information entrustment processing agency and the content of the entrusted work are as follows.
* Please write according to the actual content.
[Company name] – Medical information system
[Company name] – Specimen request
[Company name] – Security and visitor guidance
[Company name] – Patient diet and distribution

5. Matters regarding measures to ensure the safety of personal information
[Minimization and education of personal information handling staff]
We minimize the designation of personal information handlers and provide regular education.

[Conduct regular self-audits]
We conduct regular self-audits to ensure the stability of personal information handling.

[Encryption of personal information]
Passwords among the user’s personal information are encrypted and stored and managed, so that only the user can know them, and separate security functions such as encrypting files and transmission data for important data are used.

[Technical measures against hacking, etc.]
In order to prevent personal information leakage and damage due to hacking or computer viruses, we have installed security programs and are conducting periodic updates and inspections. We have also installed the system in an area with controlled access from the outside and are monitoring and blocking it technically/physically.

[Access control for unauthorized persons] We
have established a separate physical storage location for the personal information system that stores personal information and have established and are operating access control procedures for this.

6. Retention and use period of personal information
The hospital will destroy your personal information without delay when the purpose of collecting or providing personal information has been achieved.
– In the case of membership registration information: When membership is canceled or the member is expelled
– In the case of collection for the use of services for specific purposes such as surveys and events: When the purpose of the relevant service is terminated
– In the case of collection for medical treatment-related purposes (surveys, posting of posts, etc.): Retention in accordance with the period specified in Article 15, “Retention of records related to medical treatment” of the Enforcement Decree of the Medical Service Act
– In the case of information on the collection/processing and use of credit information: Retention for 3 years in accordance with the Act on the Use and Protection of Credit Information (items to be retained: card company name, card number, etc. card payment approval information)
– However, even if the purpose of collection or the purpose for which it was provided has been achieved, your personal information may be retained if there is a need to retain it in accordance with the provisions of the Commercial Act or other laws.

7. Procedures and methods for destroying personal information
The hospital destroys personal information immediately after the “purpose of collection and use of personal information” has been achieved. The procedures and methods for destruction are as follows.
– Procedures for destruction: Information entered by the user for membership registration, etc. is immediately destroyed by the destruction method after the purpose has been achieved.
– Method of destruction: Personal information saved in electronic file format is deleted using a technical method that renders the records unrecoverable. Personal information printed on paper is destroyed by shredding or incineration.

8. Rights of users and legal representatives and methods of exercising them
1. When a customer requests to view, correct, or delete personal information, the hospital will respond to the customer’s request in good faith and process it without delay.
In order to protect personal information, the hospital does not provide procedures for viewing, correcting, or deleting personal information by phone, mail, fax, or other methods of application other than a customer’s visit.
[Viewing personal information]
Customers may visit the hospital to request to view their personal information, and the hospital will promptly respond to such requests.
[Correction/deletion of personal information]
When a customer requests to correct or delete personal information, the hospital
will correct or delete it without delay if it is determined that there is an error in the personal information and it is deemed necessary to correct or delete it. The hospital may request supporting documents necessary to confirm the facts of the correction or deletion.
2. When a customer requests to view, correct, or delete his/her personal information, the customer’s identity will be verified by presenting an identification card such as a resident registration card, passport, or driver’s license.
3. When a customer’s agent visits to request to view, correct, or delete information, the customer’s power of attorney and consent form and the agent’s identification card will be verified to confirm whether the agent is a legitimate agent.
4. When the hospital has a legitimate reason to refuse to view, correct, or delete all or part of the personal information, the hospital will notify the customer of this and explain the reason.

9. Protection of children’s personal information
Membership registration for children under the age of 14 (hereinafter referred to as “children”) is done through a form written in plain language that is easy for children to understand, and
the consent of the legal representative must be obtained for the collection and use of personal information.
In order to obtain the consent of the legal representative, the hospital collects the minimum information from the child, such as the name and contact information of the legal representative.
The legal representative of a child may request to view, correct, and delete the child’s personal information. If you wish to view, correct, or delete the child’s personal information, you may
click on Edit Member Information and go through the legal representative verification process, after which the legal representative may directly view, correct, or delete the child’s personal information.

10. How to withdraw consent/cancel membership
You may withdraw your consent to the collection, use, and provision of personal information at any time after signing up for membership. You may
withdraw your membership by logging into the hospital homepage and clicking on “Cancel Membership”. For advertising information services such as health information, hospital news, and events, you may withdraw your consent directly on the “Modify Member Information” screen after logging into the hospital homepage, or
by contacting the hospital’s personal information processing department at any time.

11. Matters regarding the installation/operation of automatic personal information collection devices and their refusal
The hospital operates “cookies” that store and retrieve your information from time to time. Cookies are very small text files that the server used to operate the hospital’s website sends to your browser and are stored on your computer’s hard disk. The hospital uses cookies for the following purposes.
It analyzes the frequency of access and visit times of members and non-members, and identifies users’ tastes and areas of interest, and uses this as a measure for service improvement, etc.
It tracks information on the web pages viewed and pages viewed with interest, and uses this information to provide personalized services on your next visit. It uses this
information to identify your level of participation and number of visits in various events held by the hospital, and to provide differentiated entry opportunities and differentiated information according to your areas of interest.
You have the option to install cookies. Therefore, you can allow all cookies, check each time a cookie is saved, or
reject all cookies by setting options in your web browser.

[Example of setting method]
1) For Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings
2) For Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content settings button under Privacy > Cookies
If you reject the installation of cookies, you may have difficulty in providing some services.

12. Matters regarding operation/management of video information processing devices
* Please write according to the actual content.
The hospital operates and manages video information processing devices as follows.

[Installation basis and purpose]
Patient and facility safety, fire and crime prevention, parking management

[Number of installed units, installation location, and shooting range]
Number of installed units: 000 units
Installation location and shooting range: Lobby, hallway, parking lot, road, elevator, etc.
[Manager, department in charge, and access authority]
Position: Team Leader 000
Affiliation: Team 000
Phone number: (000) 0000-0000~0
[Video information shooting time, storage period, storage location, and processing method]
Shooting time: 24 hours
Shooting storage period: Within 30 days
Storage location: Building management center, parking control room, etc.
Processing method: Records and manages matters regarding requests for use of personal video information for purposes other than the intended purpose, provision to third parties, destruction, viewing, etc., and permanently deletes the information in a way that it cannot be restored (shredded or incinerated in the case of printed materials) upon expiration of the storage period.
[Matters regarding the method and location of confirming personal image information]
Confirmation method: Visit after prior contact Application confirmation
Location: 000 Team
[Measures for requests by data subjects
to view image information, etc.] If you wish to view or confirm the existence of personal image information, you may make a request to the operator of the image information processing device at any time. However, this is limited to personal image information filmed by you and personal image information that is clearly necessary for the urgent life, body, or property interests of the data subject. In the following cases, the request to view, etc. personal image information may be rejected despite the data subject’s request to view, etc.
1) If the personal image information has been destroyed due to the expiration of the retention period
2) If there is any other legitimate reason to reject the data subject’s request to view, etc.
[Technical, administrative, and physical measures to protect image information]
Image information processed by the hospital is safely managed through encryption measures, etc. In addition, the hospital grants differential access to personal information as an administrative measure to protect personal image information, and records and manages the creation date and time of personal image information, the purpose of viewing, the viewer, and the viewing date and time to prevent forgery or alteration of personal image information. In addition, locking devices are installed to ensure safe physical storage of personal image information.

13. Personal Information Manager
In order to protect your personal information and handle complaints related to personal information, the hospital has appointed a personal information manager or department in charge as follows.
* Please fill in the information according to the actual content.
[Personal Information Manager]
Name: Seo Kang-yeol
Position: Director
Affiliation: Main Hospital
Phone Number: 02-6953-7530
Email:
[Personal Information Department]
Phone Number: 02-6953-7530
You may report any complaints related to personal information protection that occur while using the hospital’s services to the Personal Information Manager or the responsible department.
The hospital will promptly and sufficiently respond to users’ reports. If you need to report or consult about other personal information infringements, please contact the following organizations.

Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / (02) 580-0533~4)
Supreme Prosecutors’ Office, Advanced Crime Investigation Division (http://www.spo.go.kr / (02) 3480-2000)
National Police Agency, Cyber ​​Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)

14. Obligation to notify of policy changes
If there are additions, deletions, or modifications to the contents of this personal information processing policy due to changes in laws, policies, or security technologies, the
reasons for and contents of the changes will be notified through the hospital homepage at least 7 days prior to the implementation of the changed personal information processing policy.
Announcement date: 00/00/00
00/00/00