amred logo
  • KR
  • EN
  • JP
  • CN

Privacy Policy

Preamble

AMRED Clinic (hereinafter “the Clinic”) processes and securely manages personal information in accordance with the “Personal Information Protection Act,” the “Medical Service Act,” and other related laws, to protect the freedoms and rights of data subjects. Pursuant to Article 30 of the Personal Information Protection Act, the Clinic hereby establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for processing and protecting personal information and to ensure that any complaints related thereto are handled promptly and smoothly.

Article 1 (Purpose of Processing Personal Information)

The Clinic processes personal information for the following purposes. Personal information will not be used for any purpose other than those listed below. If the purpose of use changes, the Clinic will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act and take any other necessary measures.

1. Provision of Medical Services

Reservation of medical appointments; management of medical records; diagnosis and treatment; prescription; examinations; billing, payment collection, and refunds related to medical services.

2. Membership Registration and Management

Confirmation of intent to register as a member; identification and authentication for membership services; maintenance and management of membership status; prevention of misuse; confirmation of legal guardian consent for minors under 14; notifications and announcements; handling of complaints.

3. Marketing and Advertising

Delivery of promotional information (e.g., events); analysis of access frequency; compilation of usage statistics.

Article 2 (Items of Personal Information Processed)

The Clinic collects and uses only the minimum personal information necessary for service provision.

1. Personal Information Processed Without Consent

Under legal provisions, the Clinic processes the following personal information without obtaining consent:

Purpose: Provision of medical services and management of patient lists (Medical Service Act Article 22; Personal Information Protection Act Article 15(1)2)

  • Items: Name; Resident Registration Number; Address; Telephone number

2. Personal Information Processed With Consent

The Clinic processes the following personal information upon obtaining consent in accordance with Personal Information Protection Act Article 15(1)1:

(a) Website Membership Registration and Management

  • Required: Name; Mobile phone number; Login ID; Password
  • Optional: Home address; Email address

(b) Online Appointment Booking

  • Required: Name; Contact information; Appointment date; Appointment time
  • Optional: Email address; Symptoms

(c) Marketing and Advertising

  • Items: Name; Mobile phone number; Email address

Article 3 (Processing of Personal Information of Children Under 14)

1. Where processing of personal information of children under 14 requires consent, the Clinic obtains consent from the child’s legal guardian.

2. When obtaining such consent, the Clinic may require the guardian’s name and contact information, display the consent form online, and confirm that the guardian has indicated consent—in part—by sending an SMS notification to the guardian’s mobile phone.

Article 4 (Retention and Use Period of Personal Information)

1. The Clinic processes and retains personal information within the period required by law or the period agreed upon at the time of collection.

2. Pursuant to Medical Service Act Enforcement Rules Article 15, the retention periods for certain records are as follows:

(a) Patient registry: 5 years

(b) Medical records: 10 years

(c) Prescriptions: 2 years

(d) Surgical records: 10 years

(e) Examination results and reports: 5 years

(f) Radiographic images (including video) and their reports: 5 years

(g) Nursing records: 5 years

Copies of certificates (e.g., diagnosis certificates, death certificates, autopsy reports): 3 years

If continued retention is necessary for ongoing care, each category may be extended once for its specified retention period.

3. For personal information collected and stored for purposes other than those under the Medical Service Act:

(a) Website membership information: Until membership withdrawal

(b) Marketing and advertising information: Until withdrawal of consent

(c) Complaint handling information: Until purpose is fulfilled

Article 5 (Procedures and Methods for Disposal of Personal Information)

1. When personal information is no longer required—due to expiration of the retention period, achievement of the processing purpose, discontinuation of medical services, or closure of the Clinic—the Clinic will promptly destroy the relevant data.

2. If retention is required by other laws despite the lapse of the consent period or achievement of the purpose, the information will be moved to a separate database or storage location.

3. Disposal procedures and methods:

(a) Procedure

  • Identify data for disposal, obtain approval from the Privacy Officer, and carry out destruction.

(b) Method

  • Electronic data: Permanently delete so that recovery is impossible.
  • Paper documents: Shred or incinerate.

Article 6 (Provision of Personal Information to Third Parties)

1. The Clinic shall provide personal information to third parties only within the scope set out in Article 1, or when required by law (Personal Information Protection Act Articles 17 and 18), and shall not do so otherwise.

2. Under the Emergency Medical Care Act Article 11, personal medical records may be provided to another medical institution when transferring an emergency patient.

3. Under Medical Service Act Article 21(3), patients have the right to access their records or request copies.

4. Currently, the Clinic does not provide personal information to any third party. If such provision becomes necessary in the future, the Clinic will notify data subjects of the recipient, purpose, items provided, retention period, right to refuse, and any disadvantages of refusal, and obtain consent in accordance with Personal Information Protection Act Article 17(2).

(a) Recipient of personal information

(b) Purpose of use of personal information by the recipient

(c) Items of personal information provided

(d) Retention and use period of personal information by the recipient

(e) The fact that the right to refuse consent exists and the disadvantages of refusal

Article 7 (Measures to Ensure the Security of Personal Information)

To ensure the safety of personal information, the Clinic implements the following measures:

1. Administrative Measures: Establishment and enforcement of an internal management plan; appointment of responsible personnel; regular staff training.

2. Technical Measures: Access control to personal information processing systems; installation of access control systems; encryption of personal data; installation and updating of security programs.

3. Physical Measures: Access control for server rooms and document storage areas.

Article 8 (Rights and Obligations of Data Subjects and How to Exercise Them)

1. Data subjects may at any time request access to, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information.

※ For children under 14, legal guardians must make such requests; minors aged 14 or older may make requests themselves or through a legal guardian.

2. Requests may be made in writing, by email, fax, or telephone, and will be addressed without delay.

Data subjects may withdraw consent by using the “Membership Withdrawal” function after identity verification.

3. Requests may be made by authorized representatives, who must submit a power of attorney in the form prescribed by the Enforcement Decree of the Personal Information Protection Act.

4. Rights to access or suspend processing may be limited under Articles 35(4) and 37(2) of the Personal Information Protection Act.

5. Personal information required to be collected under other laws cannot be deleted upon request.

6. The Clinic will verify the identity of the requester as the data subject or an authorized representative.

7. Contact for Exercising Rights:

Department: Personal Information Access and Request Desk

Privacy Protection Officer: Mr. Lee Geon-woo

Tel: 02-543-3110

Article 9 (Operation and Management of Fixed Video Surveillance)

The Clinic’s policy on fixed video surveillance is as follows:

1. Legal Basis & Purpose

Installed and operated under Personal Information Protection Act Article 25(1) for facility safety, fire prevention, and crime prevention.

  • Facility safety and management, fire prevention, and crime prevention.

2. Number, Location & Scope: Defined installation count, locations, and camera coverage areas.

Number of Cameras

    Installation Locations and Fields of View

      3. Responsible Personnel & Access Rights

      Appointed a video surveillance manager and access controllers.

      Role

        Name

          Position

            Department

              Contact Information

                4. Recording Time, Retention, Storage & Processing

                Recording Hours

                  Retention Period

                    Storage Location

                      5. How & Where to View

                      • Upon prior appointment, data subjects may view recordings.
                      • At the Clinic’s Operations Team office.

                      6. Requests for Access or Deletion

                      Subjects may request access, confirmation of existence, or deletion of surveillance footage of themselves; the Clinic will respond promptly.

                      7. Security Measures

                      Encryption; differentiated access permissions; logging of creation time, access purpose, accessor identity, and access time; physical security locks.

                      8. Policy Updates

                      Enacted March 11, 2025. Changes due to laws, policies, or security technology will be announced on the Clinic’s website at least seven days before implementation.

                      • Announcement date: March 10, 2025 / Effective date: March 11, 2025

                      Article 10 (Personal Information Protection Officer)

                      1. The Clinic has designated the following officer responsible for personal information processing and complaints handling

                      Privacy Protection Officer

                      Name: Mr. Lee Geon-woo

                      Contact: 02-543-3110

                      2. Data subjects may direct all inquiries, complaints, or requests for relief regarding personal information protection to the Protection Officer or the relevant department, and the Clinic will respond without delay.

                      Article 11 (Remedies for Rights Infringement)

                      1. Data subjects may seek relief or consultation for personal information infringement from

                      (a) Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

                      (b) Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

                      (c) Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)

                      (d) National Police Agency: 182 (ecrm.cyber.go.kr)

                      2. The Clinic respects the right to self-determination of personal information and will assist with consultations and relief efforts.

                      Privacy Protection Officer

                      Name: Mr. Lee Geon-woo

                      Contact: 02-543-3110

                      Article 12 (Changes to the Personal Information Processing Policy)

                      1. This Personal Information Processing Policy is effective from March 11, 2025.

                      2. The previous Personal Information Processing Policy can be viewed below.

                      • Effective from July 18, 2018 to March 10, 2025 (available on the Clinic’s website)

                      View Previous Personal Information Processing Policy