Asan Medical Center (the “Hospital” hereinafter) values your privacy and complies with the Personal Data Protection Act.
Through this Policy, the Company regards personal information of the users as important and inform them of the purpose and method of Company's using the personal information provided by the users and the measures taken by the Company for protection of those personal information.
The Hospital collects and uses personal data for the following purposes:
The Hospital agrees that it will obtain a consent from the users, if the Hospital desires to use the information other than those expressly stated in this Policy.
The Hospital will delete your personal data immediately upon fulfillment of applicable purpose for collecting or obtaining personal data.
Membership data: when a member opts out or is expelled (personal data for a member account remaining dormant for one year or longer to be stored separately and deleted upon withdrawal of membership)
Your personal data, however, may be further retained even after the purpose for collecting or obtaining personal data is fulfilled if it is still required to be retained under applicable statutory provisions in the Commercial Code, etc.
The Hospital will process your personal data only within the scope notified in the Purpose of Personal Data Collection section herein or other applicable terms and conditions of service use, and disclose such personal data to 3rd parties only when consented by applicable information subject separately, required by applicable provisions in a relevant law, or requested by law enforcement or supervisory authorities in accordance with procedures and manners specified in statutory documents for investigation and/or examination purposes.
The Hospital contracts out personal data processing operations as follows, specifying in relevant contract documents provisions banning personal data processing for non-contractual purpose, specifying technical/managerial safeguards, restricting sub-contracting practices, stipulating responsibilities and liabilities for contractor control/supervision, damage, etc. and ensuring that applicable contractor processes personal data securely according to Article 26 of the Personal Information Protection Act.
Entities to which the Hospital has contracted personal data processing operations and the scope of such operations are as follows:
|DMI Systems||Server maintenance|
|BeatRice||NT Server maintenance|
|RS IT||Server maintenance|
|AI Soft||Backup system maintenance|
|E-Active||Integrated server system maintenance|
|JB Line||Backup system maintenance|
|Zungwon Engineering & Systems||Server maintenance|
|GT Plus||Weblogic maintenance|
|Teuin Systems||DISK maintenance|
|Hyosung Information||DISK maintenance|
|SK C&C||ARIS development & administration|
|Lotte Data Communication||Clinical trial center CTMS|
|Logen||Medical check preparation kit courier service|
|Panda Biz||Translation of final test results into Chinese language|
|S Caleb ABC||Cost program|
|Hankook Research||Regular patient experience assessment & hospital medical treatment service satisfaction level survey|
|Good Medi Korea||Concierge service|
|GC Healthcare||Concierge service|
|Live Again||Concierge service|
|Korea Healthcare Service||Concierge service|
|M2-IT||AMIS administration support|
|Jieum Solution||AMIS administration support|
|SCI Information Service||Debt collection and credit check|
|SM Credit||Debt collection and credit check|
|Lab Genomics||Anticancer drug susceptibility test|
|Seoul Clinical Laboratories||Immunopathology PD-L1 test|
|BMS||Breast cancer test (Oncotype DX)|
|Hyupjin Corporation||Breast cancer test (MammaPrint)|
|Hyundai C&R||Vehicle parking administration|
|Kosses||Security and guest reception|
|Darae Parktech||Parking facility maintenance|
|Shinsung Pharm||Enteral nutrition formula courier service|
|Boxter||Dialysate courier service|
|FMC Korea||Dialysate courier service|
|Hyundai Green Food||Patient catering service|
|Hangang Process||Health lecture|
|11th Street||Financial data storage service for medical charge payment (including Hi-Pass service)|
|Care Max||Medical charge reception, refund, patient transfer, outpatient/hospitalization registration and reservation, reception of medical charge following medical treatment or discharge from hospital, AMB vehicle dispatch, etc.|
|KT IS||Phone reservation, phone exchange|
|Hunet||Online training for staff members participating in clinical trials of drugs|
|Korea Information & Communications||Payment of training charges for staff members participating in clinical trials of drugs|
|EZ Medicom||Medical supplies purchase and delivery service|
|Korean Institute of Tuberculosis||Nuclear medicine tests|
|GC Labs||Laboratory medicine/Nuclear medicine tests|
|Lab Genomics||Laboratory medicine test|
|Seoul Clinical Laboratories||Laboratory medicine test|
|Seegene Medical Foundation||Laboratory medicine test|
|EONE Laboratories||Laboratory medicine test|
|Seoul Research Institute of Public Health and Environment||Laboratory medicine test|
|KCDC||Laboratory medicine (immunity)|
|Health Insurance Review & Assessment Service||Laboratory medicine test (NGS molecular screening lab)|
|BMS||Laboratory medicine test|
|GC Genome||Laboratory medicine test|
|HDC I Service||Sports center membership administration|
|SMLab||Nuclear medicine tests|
|Korea Information & Communications||Medical charge credit card payment/refund information transfer|
|QLine||Hospital newsletter delivery (to alumni)|
|Dream Security||Website user authentication|
|SCI Information Service||Mobile phone/real name/i-PIN authentication|
1. The Hospital will respond to customer’s requests for access, correction or deletion of their personal data and comply with their requests without delay. To protect personal data, the Hospital does not support any procedure for accessing, correcting or deleting customer’s personal data by phone, mail or FAX other than in-person visit by customers.
[Access to personal data]
Customers may visit the Hospital to request access to their personal data and the Hospital will comply with such requests promptly.
[Correction/deletion of personal data]
When a customer requires his/her personal data to be corrected/deleted or it is deemed necessary to correct/delete personal data for an error, etc., the Hospital will correct/delete such personal data without delay. The Hospital may request evidence required for factual confirmation of personal data to be corrected/deleted.
2. When a customer requires his/her personal data to be accessed, corrected or deleted, customer’s identity will be verified by an identity document such as resident registration card, passport, driver’s license, etc.
3. When a representative of a customer requires the principal customer’s personal data to be accessed, corrected or deleted, the status of the representative will be verified with customer’s power of attorney, consent form and the representative’s identity document, etc.
4. If there is a legitimate ground for refusing to allow access to, correct or delete personal data in whole or in part, the Hospital will inform applicable customer of such a ground and explain the reason for refusal.
Membership application form for children aged under 14 (the “Children” hereinafter) will be developed separately in a language easy for children to understand and the consent of their legal representative will be sought in all cases in connection with the collection and use of their personal data.
The Hospital will collect minimum information such as name and contact information of children’s legal representatives and seek their consent in a manner prescribed herein.
A child’s legal representative may request access to, correction or deletion of applicable child’s personal data. If the child’s personal data is to be accessed, corrected or deleted, his/her legal representative may click Edit Member Data, verify the status of legal representative and directly access, correct or delete applicable child’s personal data.
The Hospital will collect only minimum personal data required for service use. You are requested to consent to the collection of required information data and optional data to use the Hospital’s services and you may still use the services without restriction even when not consenting to disclose optional data items.
[Data to be collected for general membership]
[Data to be collected for booking]
[Data to be collected for booking]
[Data to be collected for medical treatment]
[Data to be collected during medical charge payment]
[Data to be collected for ‘Chart in My Palm My Chart in My Hand’ service]
[Data to be collected for services available from Asan Smart Cancer Institute]
[Data to be collected for application for job opening]
[Vehicle parking registration]
[How to collect personal data]
The Hospital will destroy personal data in accordance with the following procedure and manner immediately upon the fulfillment of applicable personal data processing purpose:
You may withdraw your consent to the collection, use and disclosure of your personal data made at the time of membership subscription. When you opt-out membership by clicking on ‘Membership Opt-out’ in My Chart menu in AMC website and verifying your ID or contact the Hospital’s privacy complaint handling department by mail, phone or FAX, the Hospital will take necessary actions without delay, including the destruction of your personal data.
When you opt out of AMC website membership, you will opt out of ‘My Chart in My Hand’ and ‘Asan Smart Cancer Institute’ services at the same time.
The Hospital appoints the following Data Protection officer (DPO) and privacy protection organization to protect your personal data and handle customer complaints related to personal data.
Information subjects may consult the following authorities for violation of their privacy:
Following authorities are separate entities from the Hospital and to be consulted with if you are not satisfied with the Hospital’s customer complaint handling or remedy for damage in connection with personal data or in need of further assistance.
Privacy violation reporting center (run by Korea Internet & Security Agency (KISA))
Personal Information Dispute Mediation Committee
Cyber Crime Investigation Division, Supreme Prosecutors’ Office: 1301 (without dialing code), (www.spo.go.kr)
Cyber Security Bureau, National Policy Agency: 182 (without dialing code), (https://cyberbureau.police.go.kr/)
[Minimum designation and Education of staffs treating personal information]
[Periodic in-house audit]
[Development and enforcement of internal management plan]
[Encryption of personal data]
[Technical safeguards against hacking attempts]
[Restriction of access to personal data]
[Storing of connection log and prevention of log forgery/alteration]
[Unauthorized physical access control]
The Hospital will operate cookies that will store and retrieve your information from time to time. Cookie is a very small text file sent by the Hospital’s website hosting server to your web browser and stored in your local computer disk. The Hospital uses such cookies for the following purposes:
To analyze hit frequencies and time, etc. of members and non-members and understand users’ preference and interest to provide inputs for service renewal project, etc.
To track web page hits and user’s interest in such pages to provide personalized services when users visit the website next time.
To provide users with privileges to subscribe to events held by the Hospital differentiated based on user’s enthusiasm for participation and website hit frequency and personalize information service in line with individual user’s interest.
You can opt in/out for cookie installation. You can allow all cookies to be installed, confirmed whenever cookies are stored, or refuse to allow all cookies to be stored by setting your web browser options to your preference.
1) In Microsoft edge: Go to Tools > Setting > Update and Security
2) In Chrome: Go to Setting Menu > Setting > Personal Information and Security > Cookie and other Site Data in the right of your web browser
If you refuse to consent to cookie installation, some services may not be available to you.
AMC operates/controls image data processing systems as follows:
[Justification and purpose of system installation]
[Quantity of system units to be installed, installation location and shooting coverage]
[Responsible manager, department and employees with access authorization]
[Image data shooting time, retention period, storage location and processing method]
[How and where to request access to personal image data]
[Response to information subject’s request for access to image data]
[Technical/managerial/physical safeguards for image data]
Date of public notice: September 18, 2020
Date of effectuation: September 25, 2020