ANNE Clinic (hereinafter "Clinic") has established the following processing policy to protect users' personal information and rights in accordance with the Personal Information Protection Act and to smoothly handle users' grievances related to personal information.
The Clinic processes personal information for the following purposes. Processed personal information will not be used for purposes other than the following, and prior consent will be obtained if the purpose of use changes.
1. Website membership registration and management
• Confirmation of membership intention, identification and authentication for membership services, maintenance and management of membership status, prevention of fraudulent use, various notices and notifications, grievance handling, etc.
2. Medical service provision
• Appointment scheduling, medical guidance, procedure consultation, appointment confirmation and modification, etc.
3. Marketing and advertising (with optional consent)
• Provision of events and advertising information, confirmation of service validity, frequency of access, statistics on members' service use, etc.
The Clinic collects the following personal information for membership registration, consultation, and service applications:
1. Required items
• Name, email address, password
2. Optional items
• Gender, date of birth, contact information (mobile phone number), address
3. Information automatically collected during service use
• IP address, cookies, service usage records, visit records, etc.
The Clinic processes and retains personal information within the period of retention and use of personal information under the law or the period agreed upon when collecting personal information from the data subject.
1. Website member information: Retained for 30 days after withdrawal request, then deleted
• However, in the following cases, until the end of the relevant period:
• If investigation or inquiry is in progress due to violation of relevant laws: Until completion of investigation or inquiry
• If claims or debts remain from website use: Until settlement of such claims or debts
2. Information retention under relevant laws
• Records on contracts or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce)
• Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
• Records on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce)
• Records on display and advertising: 6 months (Act on Consumer Protection in Electronic Commerce)
• Website visit records: 3 months (Protection of Communications Secrets Act)
The Clinic, in principle, processes users' personal information within the scope of purposes specified in Article 1, and does not process beyond the original scope or provide to third parties without prior consent from users.
However, personal information may be provided to third parties in the following cases:
• When the user has consented in advance to provision to third parties
• When there is a request from investigative agencies according to procedures and methods prescribed by law for investigation purposes
The Clinic entrusts personal information processing as follows for smooth processing of personal information:
• Trustee: Hosting service provider
• Entrusted work: Server and data management
When concluding an entrustment contract, the Clinic specifies in contracts and other documents matters concerning prohibition of personal information processing beyond the purpose of entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether trustees process personal information safely.
Users may exercise the following rights as personal information subjects:
1. Request to view personal information
2. Request for correction if there are errors
3. Request for deletion
4. Request to suspend processing
Rights may be exercised through written request, telephone, or email to the Clinic, and the Clinic will take action without delay.
When a user requests correction or deletion of errors in personal information, the Clinic will not use or provide the personal information until correction or deletion is completed.
The Clinic, in principle, destroys personal information without delay when the purpose of personal information processing is achieved. The procedure, deadline, and method of destruction are as follows:
1. Destruction procedure
• Information entered by users is transferred to a separate DB (separate documents for paper) after achieving its purpose and destroyed immediately or after a certain period according to internal policies and other relevant laws.
2. Destruction deadline
• Users' personal information is destroyed within 5 days from the end of the retention period if the retention period has elapsed, and within 5 days from the date when personal information is deemed unnecessary, such as when the purpose of personal information processing is achieved, the service is discontinued, or the business is terminated.
3. Destruction method
• Information in electronic file format is destroyed using technical methods that make records irreproducible.
• Personal information printed on paper is destroyed by shredding or incineration.
The Clinic takes the following technical, administrative, and physical measures necessary to ensure security in accordance with Article 29 of the Personal Information Protection Act:
1. Minimization and training of personal information handling staff
• We are implementing measures to manage personal information by designating and limiting employees who handle personal information to minimize staff.
2. Technical measures against hacking
• The Clinic installs security programs and performs regular updates and inspections to prevent personal information leakage and damage from hacking or computer viruses, and installs systems in areas controlled from external access, monitoring and blocking technically and physically.
3. Encryption of personal information
• Users' passwords are stored and managed encrypted so only the user can know them, and important data uses separate security functions such as encrypting files and transmitted data.
4. Storage and prevention of falsification of access records
• Records of access to personal information processing systems are retained and managed for at least one year.
The Clinic designates the following Personal Information Protection Officer to be responsible for overall personal information processing and to handle data subjects' complaints and damage relief related to personal information processing:
▶ Personal Information Protection Officer
• Name: Ahn Jae-hak
• Position: Chief Director
• Contact: 02-545-2332
• Email: info@anneclinic.co.kr
Users may contact the Personal Information Protection Officer for all inquiries, complaint handling, and damage relief related to personal information protection that arise while using the Clinic's services.
To receive relief for personal information infringement, you may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, etc.
• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
• National Police Agency: 182 (ecrm.cyber.go.kr)
This Privacy Policy is effective from the enforcement date, and if there are additions, deletions, or corrections of changes according to laws and policies, notice will be given through announcements 7 days before the enforcement of changes.
Announcement date: December 1, 2025
Effective date: December 1, 2025
