Skip to main content

Privacy Policy

Effective Date: June 1, 2026

1. Purposes of Personal Information Processing

ABLE Dermatology Clinic (hereinafter "Medical Institution") processes personal information for the following purposes. Personal information we collect will not be used for any purpose other than those listed below.

  • Medical consultation and medical record management
  • Appointment and treatment schedule notification
  • Medical bill collection and payment management
  • Medical fee billing and payment processing
  • Consultation and complaint reception and handling
  • Reporting and notification as required by the Medical Service Act and related laws
  • Treatment-related contact and notification
  • Health examination and medical service provision
  • Follow-up observation and post-treatment care of treatment results

2. Personal Information Collection Items

The Medical Institution collects the following personal information.

Required Items

  • Name, gender, date of birth
  • Phone number, mobile phone number
  • Address
  • Medical records, medical images
  • Prescription records
  • Test results
  • Copy of health insurance card or medical aid card

Optional Items

  • Email address
  • Occupation
  • Family relationship information
  • Emergency contact
  • Medical record registration consent information

Automatically Collected Items

  • Access logs, cookies
  • Service usage records
  • Device information

3. Processing and Retention Period of Personal Information

The Medical Institution will destroy personal information without delay when the purpose of collection and use has been achieved. However, if personal information must be retained for a specific period as required by the Medical Service Act and related laws, it will be retained accordingly.

Medical Record Retention Period

  • Medical Service Act Article 47: Medical records shall be retained for 3 years from the date of final treatment
  • Cancer patient medical records: 5 years from the date of final treatment
  • Pediatric medical records: 3 years after reaching full adult age (19 years old)

Other Records

  • Health insurance billing data: 5 years
  • Medical aid billing data: 5 years
  • Medication prescription records: 3 years
  • Surgery and anesthesia-related records: 3 years

4. Third-Party Disclosure of Personal Information

The Medical Institution does not disclose personal information to third parties in principle. However, it may be disclosed in the following exceptional cases:

  • When the individual has given explicit consent
  • When there are special provisions in the Medical Service Act, Health Insurance Act, or other laws
  • When requested by government officials (Minister of Health and Welfare, governors, mayors, etc.) for public health purposes
  • When provided in a form where specific individuals cannot be identified for statistical compilation or academic research purposes
  • Reporting and billing to statutory organizations such as the Health Insurance Review and Assessment Service and the National Health Insurance Service
  • Transfer of medical information to other medical institutions with patient consent

5. Outsourcing of Personal Information Processing

The Medical Institution outsources personal information processing operations to external vendors as follows:

Outsourced Vendors and Outsourced Items

  • Electronic Medical Record (EMR) system provider: Medical record and patient information management
  • Medical insurance billing company: Insurance billing data processing
  • Medical appointment system provider: Appointment information management
  • Telecommunications company: Patient notification SMS/voice transmission
  • Delivery company: Prescription medication delivery (with patient consent)

The Medical Institution manages and supervises vendors through outsourcing agreements to ensure compliance with the Personal Information Protection Act.

6. Rights, Obligations, and Exercise Methods of Data Subjects

6.1 Rights of Data Subjects

Data subjects (patients) have the following rights:

  • Right to request access to personal information
  • Right to request correction of errors or omissions
  • Right to request deletion (except during retention periods as required by the Medical Service Act)
  • Right to request suspension of processing
  • Right to personal information portability

6.2 Methods of Exercising Rights

Data subjects may exercise their rights through the following methods:

  • Phone: Number to be announced
  • Email: [Email address]
  • In-person: 3-4F 123-7 Garak-dong, Songpa-gu, Seoul (Planned)

6.3 Obligations of Data Subjects

  • Provision of accurate and up-to-date personal information
  • Compliance with information security matters
  • Adherence to treatment-related instructions

7. Personal Information Destruction Procedures and Methods

Destruction Procedures

  • Personal information whose collection purpose has been achieved will be destroyed after the retention period expires.
  • Personal information classification and inspection → Determination of destruction targets → Determination of destruction method → Execution of destruction → Confirmation of destruction results

Destruction Methods

  • Paper documents: Destruction by shredder or incineration
  • Electronic documents: Use of secure deletion technology (Secure Deletion)
  • External storage media: Physical destruction or data deletion

8. Security Measures for Personal Information

The Medical Institution implements the following measures to protect personal information security:

Technical Measures

  • Personal information encryption: Transmission encryption through SSL/TLS protocol
  • Access control: ID and password management to ensure only authorized employees have access
  • System security: Implementation of firewalls and intrusion detection systems (IDS)
  • Security updates: Regular security patches and system updates

Administrative Measures

  • Employee training: Regular personal information protection training
  • Access authority management: Differentiated access authority based on position and duties
  • Monitoring and surveillance: Recording and management of personal information system and access logs
  • Security policy: Establishment and implementation of personal information protection policies

Physical Measures

  • Facility security: Access control and CCTV installation
  • Computer room security: Access restricted to authorized employees only
  • Document storage: Storage in lockable cabinets

9. Cookie Installation, Operation, and Refusal

The Medical Institution uses cookies for user convenience.

Purposes of Cookies

  • Maintaining login status
  • Saving user preference settings
  • Analyzing access statistics
  • Providing personalized services

Cookie Refusal Method

Users can refuse cookies by changing their web browser's cookie settings. However, refusing cookies may limit access to some services.

  • Chrome: Settings > Privacy and Security > Cookies and Other Site Data
  • Safari: Preferences > Privacy > Cookies
  • Firefox: Preferences > Privacy > Cookies
  • Internet Explorer: Tools > Internet Options > General > Delete

10. Personal Information Protection Officer

If you have any questions or complaints about the Medical Institution's personal information processing, you may contact the Personal Information Protection Officer below.

  • Personal Information Protection Officer
    Name: Jeong Kyungmuk | Title: Director
    Phone: To be announced | Email: To be announced after opening
  • Personal Information Protection Manager
    Name: Jeong Kyungmuk | Title: Director
    Phone: To be announced | Email: To be announced after opening

Remedies for Rights Violations

If you wish to receive remedies for personal information violations, you may file a claim with the agencies below with identity verification documents.

  • Personal Information Protection Commission (www.pipc.go.kr, 1336)
  • Supreme Prosecutors' Office Special Investigation Division (www.spo.go.kr)
  • National Police Agency Cyber Crime Investigation Division (www.nfcis.go.kr)

11. Changes to Privacy Policy

This privacy policy may be modified in accordance with government policies or changes in security technology.

Revision History

  • June 1, 2026: Privacy Policy Effective

When the Medical Institution changes its privacy policy, it will notify the changes through the website at least 30 days before implementation, specifying the reasons for change and the content of the changes.

12. Medical Institution Information

  • Medical Institution Name: ABLE Dermatology Clinic
  • Director: Dr. Jeong Kyungmuk
  • Business Registration No.: 666-28-02025
  • Address: 3-4F 123-7 Garak-dong, Songpa-gu, Seoul (Planned)
  • Phone: Number to be announced
  • Email: To be announced after opening
  • Medical Institution Type: Clinic
WhatsApp Instagram Call Blog Location