MeriTech Co., Ltd. (hereinafter referred to as "Company") establishes and discloses the following personal information processing policies in order to protect personal information of the information subject and to promptly and smoothly handle the relevant grievances pursuant to Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of processing personal information)
The company processes personal information for the following purposes. The personal information being processed is not used for any purpose other than the following purposes, and if the purpose of use is changed, we will implement necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
1. Identifying identity and real name identification according to service use
2. Securing communication channels for delivering medical information related to products and conducting further research on product injection
3. Handling consumer complaints
4. Product research and development and improvement
Article 2 (Process and retention period of personal information)
1 The company processes and holds personal information within the period of possession and use of personal information under the Act or within the period of possession and use of personal information agreed upon when collecting personal information from the information subject.
2 The period of personal information processing and retention is as follows.
- Identifying identity and real name identification based on service use: 3 years
- Record of consumer complaints or dispute handling: 5 years from the end of dispute settlement
- Medical information on products and cases of product injection: 5 years
- Product research and development and improvement: Until the end (in the case of product research and development and improvement, only abstract information that cannot be specified by an individual after five years)
Article 3 (the rights, obligations, and methods of exercise of the information subject)
1 The information entity may exercise the following rights related to personal information protection at any time for the company:
1. Requesting access to personal information
2. Request correction in case of errors, etc.
3. Request for deletion
4. Requesting suspension of processing
2 The rights under paragraph (1) can be exercised in writing, e-mail, facsimile (FAX) in accordance with attached Form 8 of the Enforcement Rules of the Personal Information Protection Act, and the company will take measures for this without delay.
3 If the information subject requests correction or deletion of personal information errors, the company shall not use or provide such personal information until the correction or deletion is completed.
4 The exercise of rights under paragraph (1) can be done through the legal representative of the information entity or through the agent of the entrusted person. In such cases, a letter of attorney under attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
Article 4 (Personal Information Items Processing)
The company handles the following personal information items.
1. Identifying and providing product-related services
Name, phone number, email address, occupation
2. The following personal information items can be automatically generated and collected in the process of using the service through the Internet.
IP address, cookie, MAC address, service use record, visit record, bad use record, etc.
Article 5 (Privacy of Personal Information)
1 The company destroys the personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
2 If personal information is to be kept in accordance with other statutes despite the expiration of the personal information retention period agreed by the information subject or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or the storage place shall be preserved differently.
3 The procedures and methods for destroying personal information are as follows.
1. Procedure for destruction (br/>)
The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
2. How to destroy it
The company shall destroy personal information recorded and stored in the form of electronic files so that records cannot be reproduced, and personal information recorded and stored in paper documents shall be destroyed by shredding or incineration.
Article 6 (matters concerning the installation, operation and refusal of an automatic personal information collection device)
1 For stable website operation, the company uses 'cookie' which stores usage information and calls it up from time to time.
2 Cookies are small amounts of information sent by the server (http) used to run the website to the user's computer browser and are sometimes stored on the hard disk within the user's PC computer.
1. Purpose of Cookie: It is used for stable homepage operation by identifying the types of visits and use of each service and website visited by the user.
2. Installation, operation, and rejection of cookies: Tools at the top of the web browser > Internet Options> Privacy menu setting allows you to refuse to save cookies.
3. There is no difficulty or disadvantage in using the website even if the user refuses to save the cookies.
Article 7 (Protection for the Safety of Personal Information)
The company is taking the following measures to ensure the safety of personal information.
1. Administrative measures: establishing and implementing an internal management plan, regular staff training, etc.
2. Technical measures: Management of access authority for personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs
3. Physical measures: Access control for computer rooms, archives, etc.
Article 8 (Personal Information Protection Officer)
1 The company is responsible for handling personal information and designates a person in charge of personal information protection as follows for handling personal information complaints and damage relief.
If you live in Europe, please contact DPO_EU@celltrion.com for all personal information protection related inquiries, complaints, and damage relief.
2 The information subject can contact the person in charge of personal information protection regarding all personal information protection related inquiries, complaints, and damages caused by using the company's service. The company will respond and process the inquiry of the information subject without delay.