'Lollipop Plastic Surgery Clinic' (hereinafter referred to as 'Hospital') protects the personal information of the information subject in accordance with Article 30 of the Personal Information Protection Act and informs you through the Personal Information Processing Policy how the personal information you provide is used and what measures are taken to protect personal information.
To ensure that complaints related to this matter are handled promptly and smoothly, the following personal information processing guidelines have been established and disclosed.

The hospital collects only the minimum personal information necessary to provide services during consultations and uses this information for the following purposes. All information provided by users will not be used for any purpose other than those described above, and prior consent will be obtained if the purpose of use changes. The personal information collected is as follows:

○ Items collected when registering as a member on the website

1. Collected items: Name, ID, password, email, access log, cookies, contact information, access IP information

※ All public information not required for service use is automatically encrypted.

2. Personal information collection method: The following information may be automatically generated and collected during the process of using the website (membership registration, online reservation, online consultation, KakaoTalk consultation, SMS quick consultation) or during the process of providing services.

– Service usage records, access logs, cookies, and access IP information

○ Items collected during treatment

1. Required items: Name, gender, date of birth, contact information (including guardian contact information), address, email, height, weight, blood type, and previous surgical history.

2. Health information: Personal health information deemed necessary by medical staff to provide medical services, such as medical history and family history.

3. Medical information
- Collected items: name, resident registration number, address, contact information, medical records
※ Unique identification information and medical information must be retained by law (separate consent not required)

4. Items collected when paying medical expenses
– When paying by credit card: Card company name, card number, and other card payment approval information
※ In cases where personal information is collected for a short period of time for other specific purposes, separate notice will be provided and the information will be collected.

5. Personal information collection method
- Collection through website, written forms, fax, phone, consultation bulletin board, e-mail, etc.

The hospital uses the collected personal information for the following purposes. All information provided by users will not be used for any purpose other than those listed below. If the purpose of use changes, prior consent will be obtained.

○ Identity verification process for treatment/examination/reservation inquiry and treatment

○ Services for diagnosis and treatment

○ Administrative services such as billing, payment, and refund of medical expenses

○ Sending medical bills, statements, certificates, and medicines/items and results

○ Acceptance of online/offline inspections, request for external inspections

○ Securing a communication channel to assist in handling complaints/grievances

○ Legal and administrative responses and measures for quality control of medical services and hospital operation

○ Minimum analysis data required for education and research

○ Guidance on medical treatment information, academic information, and hospital information

The hospital will not use your personal information beyond the scope specified in the “Purpose of Collection and Use of Personal Information” or provide it to other persons, companies, or organizations, except with your consent or as required by applicable laws and regulations.

○ Submission of medical records to the Health Insurance Review & Assessment Service for claiming medical care benefits in accordance with the National Health Insurance Act

○ When necessary for statistical compilation or academic research, information is provided in a form that does not identify specific individuals.

○ Submission, etc. when requested by investigative agencies in accordance with the procedures and methods stipulated in the law

The hospital processes and retains personal information within the retention and use period stipulated by law or agreed to by the data subject at the time of collection. However, even after the purpose of collection or provision has been achieved, your personal information may be retained if required by laws such as the Commercial Act. The processing and retention periods for each type of personal information are as follows.

○ Medical information: Preserved in accordance with the period specified in Article 15 of the Enforcement Decree of the Medical Service Act, “Preservation of medical records” (preserved items: name, address, resident registration number, medical information)

○ In case of membership registration information: When membership is cancelled or membership is expelled

○ In case of collection for the purpose of surveys, events, etc.: When the survey, event, etc. in question has ended

○ Website consultation information

1. Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in E-commerce, etc.)

2. Records of collection/processing and use of credit information: 3 years (Act on the Use and Protection of Credit Information)

3. Records of identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)

4. Records of visits: 3 months (Communications Secrets Protection Act)

○ Information regarding the collection/processing and use of credit information: Retained for 3 years in accordance with the Credit Information Use and Protection Act (retained items: card company name, card number, and other card payment approval information)

○ Personal information destruction procedures and methods: The hospital destroys personal information immediately after the "purpose of collection and use of personal information" has been achieved. The destruction procedures and methods are as follows.

1. Destruction Procedure: Information entered by users for membership registration, etc. is immediately destroyed by the destruction method after the purpose has been achieved.

2. Destruction Method: Personal information stored in electronic files is deleted using a technical method that renders the records unrecoverable. Personal information printed on paper is destroyed by shredding or incineration.

To provide services, the hospital entrusts personal information as described below. In accordance with relevant laws and regulations, the hospital stipulates the necessary provisions to ensure the safe management of personal information when entering into an entrustment contract. The hospital's personal information entrustment agencies and the details of the entrusted work are as follows.

○ Trustee: iGenis Co., Ltd.

○ Consignment work: Website management, operation, and maintenance

○ Entrusted personal information items: Customer personal information on the website

○ Personal information retention and use period: Until the end of the consignment contract

If a customer requests to view, correct, or delete personal information, the hospital will respond faithfully and promptly. To protect personal information, the hospital does not provide access, correction, or deletion of personal information through any method other than a customer's in-person visit, such as by phone, mail, or fax.

○ Customers who wish to view their personal information may visit the hospital and request to view their personal information, and we will respond promptly.

○ Correction/deletion of personal information

1. If a customer requests correction or deletion of personal information, or if the hospital determines that correction or deletion is necessary, such as when errors are found in the personal information, the hospital will correct or delete the information without delay. The hospital may request supporting documentation to verify the accuracy of the information requested for correction or deletion.

2. When a customer requests to view, correct, or delete his or her personal information, the customer's identity will be verified by presenting an identification document, such as a resident registration card, passport, or driver's license.

3. If the hospital has a legitimate reason to refuse to view, correct, or delete all or part of personal information, it will notify the customer and explain the reason.

○ Rights of legal representatives of children under 14 years of age and methods of exercising them

1. Membership registration for children under the age of 14 (hereinafter referred to as “children”) is done through a separate form written in simple language that is easy for children to understand, and the consent of a legal representative is always obtained when collecting personal information.
2. The hospital collects the minimum information from the child, including the legal representative's name and contact information, in order to obtain the legal representative's consent, and obtains the legal representative's consent in accordance with the method stipulated in the personal information handling policy.

3. A child's legal representative may request access to, correction of, or deletion of their child's personal information. To access, correct, or delete a child's personal information, click "Edit Member Information" and complete the legal representative verification process. After that, the legal representative may directly access, correct, or delete the child's personal information. Alternatively, they may contact the Personal Information Protection Officer in writing, by phone, or by fax, and the necessary action will be taken.

4. The hospital does not provide or share information about children with third parties. If a legal representative requests correction of errors in personal information collected from a child, the hospital prohibits the use and provision of such personal information until the errors are corrected.

※ Personal information that is required to be stored by law cannot be modified or deleted within the storage period, even if requested.

You may withdraw your consent to the collection, use, and provision of your personal information at any time, provided upon registration. To withdraw your membership, click "Withdraw Membership" on the hospital website's My Page, complete the identity verification process, and then directly withdraw your membership. Alternatively, contact the Personal Information Protection Complaints Department in writing, by phone, or by fax. We will promptly take necessary measures, including destroying your personal information.

The hospital uses "cookies" to periodically store and retrieve your information. Cookies are very small text files that the server used to operate the hospital's website sends to your browser and are stored on your computer's hard drive. The hospital uses cookies for the following purposes:
You have choices regarding cookie installation. Therefore, you can configure your web browser to accept all cookies, notify you when a cookie is set, or reject all cookies.
If you refuse to install cookies, you may have difficulty providing some services.

To protect your personal information and handle complaints related to personal information, the hospital has appointed a personal information manager, as described below. You may report any privacy-related complaints arising while using the hospital's services to the manager. The hospital will provide a prompt and sufficient response to users' reports.

○ Personal Information Manager

– Name: Jeong Yeon-ju

– Contact: 02-543-1011

※ If you need to report or inquire about other personal information infringements, please contact the organizations below.

– Personal Dispute Mediation Committee (http://www.1336.or.kr / 1336)

– Supreme Prosecutors' Office Cybercrime Investigation Division (http://www.spo.go.kr / 02-3480-3573)

– National Police Agency Cyber ​​Terror Response Center (http://www.ctrc.go.kr / 02-392-0330)

The hospital has implemented various security measures to protect users' personal information. All information you submit is safely stored and managed in a security system protected by a firewall.
Additionally, as an administrative measure to protect users' personal information, the hospital has established procedures necessary for accessing and managing personal information. Furthermore, the hospital limits the number of personnel handling personal information to a minimum and provides ongoing security training. Furthermore, the hospital designates users of the personal information processing system, grants them passwords, and regularly updates them.

The hospital has installed and operates image information processing equipment as follows.

○ Basis and purpose of installing video information processing equipment: Hospital facility safety, fire prevention, and crime prevention for customer safety.

○ Number of installations: 27 S1 units, 3 units operated in-house

○ Location and shooting range: All major facilities including lobby, hallway, consultation room, treatment room, treatment room 1, treatment room 2, and treatment room 3.

○ Manager, Department in Charge, and Person with Access to Video Information: Director Jeong Yeon-ju of the Medical Team

○ Video information recording time, storage period, storage location, and processing method

- Recording time: No recording when there is no motion (automatic recording when motion is detected)

-Storage period: 30 days from the time of shooting (Storage period may vary depending on hard drive capacity.)

-Storage location and processing method: Control room storage and processing

○ Method and location for checking video information: Confirmation is possible upon visiting the hospital after contacting the manager in advance.