Privacy Policy
doinglab (hereinafter ¡®company¡¯) collects and safely
processes personal information of its service users who have signed up as a
member (hereinafter ¡®member¡¯) of SangsikPlus (hereinafter ¡®service¡¯) to protect
their rights, complying with Personal Information Protection Act and other related
laws. In accordance with Article 30 of Personal Information Protection Act, we
disclose this Privacy Policy (hereinafter ¡®policy¡¯) in order to promptly and
smoothly resolve any privacy related disputes regarding how we process personal
information. We will not hold it against you when you exercise any of your
rights.
We reserve the right to revise this policy or any part of it from time to time if there is a change in the government laws and guidelines or in the company's internal policies. We will notify all the changes made in this policy in Announcement of the service so that members can easily review and understand them.
Article 1 (Collected items and purpose of
processing)
The company collects
and processes the personal information it needs to provide the service. If the
purpose of its use changes, the company will ask its members for their consent
in advance as prescribed in Article 18 of Personal Information Protection Act.
|
Service |
Method |
Sorted as |
Collected item |
Purpose |
Processed until |
|
Membership registration & management |
App |
Required |
- Sign up with an email account: email account, password |
Confirmation of membership application, identification of members based on service provision, self-identification and age verification, prevention of unauthorized use of service, notification of various notices, handling complaints |
Membership withdrawal |
|
- Sign up with Kakao: Kakao linked ID, Kakao token, mobile number |
|||||
|
- Sign up with Naver: Naver linked ID, Naver token, mobile number |
|||||
|
- Sign up with Google: Google linked ID, Google token, mobile number |
|||||
|
- Sign up with Apple: Apple linked ID, Apple token, mobile number |
|||||
|
- Device information: |
|||||
|
- Log information: |
|||||
|
Data sharing with medical organization |
App |
Required |
- Legal name - Date of birth |
Identification and verification of the member and the medical organization |
Disconnected by administer |
|
Optional |
- Identification number within organization: patient number, membership number |
||||
|
Service provision |
App |
Optional |
- Body information: |
Personalized analysis for diet logs (recommended intake, calculation of ideal body weight, etc.), service improvement and new service launch |
Membership withdrawal |
|
- Activity information: usual activity level |
|||||
|
Marketing |
App |
Optional |
Consent to service notification |
Customized service and marketing notifications |
Membership withdrawal |
|
Consent to marketing notification |
Article 2 (Personal information processing period)
1. The company processes personal information only for the retention period prescribed in laws or for the period agreed upon by its members when they enroll in the service.
2. The company processes personal information until membership withdrawal and destroys it without delay upon the withdrawal. In the following cases, however, it will continue to process until all the related issues are resolved.
¨ç In case where the member is under investigation for violation of relevant statutes, it will process until the investigation is closed.
¨è In case where the member has issued a complaint regarding the service use, it will process until the complaint is handled and the result is notified.
3. According to the company¡¯s internal policies or relevant laws, such as Commercial Act and Consumer Protection Act in Electronic Commerce, the company may need to process personal information for a certain period of time as follows:
|
Collected item |
According to |
Processed for |
|
Record of contract or withdrawal of subscription |
Consumer Protection Act in Electronic Commerce |
5 years |
|
Record of consumer complaints or dispute settlement |
3 years |
|
|
Record of display/advertisement |
6 months |
|
|
Date and time of telecommunication, start and end of subscription, counterparty subscriber number, frequency of use, and location tracking data of the source station |
Communications Secret Protection Act |
1 year |
|
Service visit history, data of tracking access |
3 months |
¡Ø The company may preserve personal
information history for a period of time to prove its responsibility to comply
with other legal obligations.
Article 3 (Personal information disclosure to third party)
The company does not disclose and transfer the members¡¯ personal information to a third party without consent under law except in the following cases:
1. Where the member enters the referral code of an institution issued by the company and agrees to provide their personal information to the institution
|
Who receives |
For what purpose |
With what item |
For how long |
|
The institution to which the member agrees to provide |
Identify patients |
Name, date of birth, gender, height, weight, logs of blood sugar level, diet logs |
Until disconnected by its administer |
|
Track patients¡¯ diet logs |
|||
|
Review diet analysis |
2. Where other statutes falling under Article 17 and 18 of Personal Information Protection Act require the company to provide the members¡¯ personal information to a third party
¡Ø In addition to the cases described above, the company may provide a third party with personal information to the minimum extent for the purpose of academic research and statistics. In this case, the information will be provided only with the member¡¯s consent and only in a form that cannot identify its subject.
Article 4 (Procedure and method for destroying personal information)
The company will destroy the personal information without delay when it becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the processing purpose.
The procedures and methods for destroying personal information are as follows:
1. Procedure.
The personal
information that has become unnecessary will be destroyed upon the approval of
the person in charge of personal information protection.
2. Method
The personal
information stored in the form of electronic files will be deleted using a
technical method in a way that cannot be recovered and reproduced. Other personal
information stored in the form of documents will be destroyed by a physical
method which cannot be reproduced, such as shredding or incineration.
According to the company¡¯s internal policy and other related laws, however, some information can be stored and processed separately from the existing storage for a certain amount of time even after the agreed retention period expires and the purpose of processing personal information has been achieved. The details are as follows:
1. Retention of information in accordance with the company¡¯s internal policy
|
Company policy |
Retention item |
Retention period |
|
Suspension of membership and prevention of unauthorized use |
Internal identification information, Log of unauthorized use of service |
3 years after membership withdrawal |
|
Delivery of informative email and Settlement of CS inquiry |
Account information of member |
1 year after membership withdrawal |
2. Retention of information in accordance with related laws
|
Related law |
Retention item |
Retention period |
|
Protection of Communications Secrets Act |
Information including log data and IP address necessary to confirm communications |
3 months after membership withdrawal |
|
Electronic Transactions Act |
Log of contracts and withdrawals of subscription |
5 years after membership withdrawal |
|
Log of dispute settlements of service users |
3 years after membership withdrawal |
|
|
Log of displays and advertisements |
6 months after membership withdrawal |
Article 5 (Rights of member and legal representatives)
1. Members can request access to their information held by the company at any time, and if there is an error in their information, they can request correction, deletion, and suspension of processing.
2. Members can exercise their rights described in the previous paragraph by contacting the company by phone or email as prescribed in Article 41 Paragraph 1 of Enforcement Decree of the Personal Information Protection Act. If they do, the company will take action without delay.
|
Phone number for CS |
Email address for CS |
|
+82-31-698-9883 |
sales@doinglab.com |
3. Members can also delegate a legal agent or a representative to exercise their rights. If they do, they must submit a power of attorney in the attached Form 11 of Enforcement Rules of Personal Information Protection Act.
4. Requests for suspension of reading and processing personal information may be restricted in accordance with Article 35 Paragraph 5 and Article 37 Paragraph 2 of Personal Information Protection Act.
5. Requests for correction and deletion of personal information will be restricted if other laws require the company to collect and process the requested personal information.
6. The company verifies whether the person who requests an access, correction, deletion, or suspension of personal information is its member or a legitimate agent.
Article 6 (Measures to ensure the safety of personal information)
The company is taking the following measures to process personal information safely.
1. Encrypt personal information
The company
encrypts and stores personal information.
2. Minimize access to personal
information
The company grants access to personal
information to a minimum number of employees. Also, it establishes and
implements internal management plans for privacy protection, audits on a
regular basis, and trains employees on privacy obligations and security.
3. Take technical measures against hacking and computer viruses
The company has
installed its system in the area with controlled access from outside to prevent
leakage and damage of members' personal information through hacking or computer
viruses. It also updates security programs and continuously researches new
security technologies to apply to the service.
Article 7 (Matters for collection, usage, rejection of behavioral information)
The company entrusts the following personal information processing tasks for smooth processing of personal information.
|
What to collect |
-
Process data regarding service use |
|
How to collect |
- Through automatic collection and transmission using the tools below which collect all the information generated since the app runs |
|
With tools |
- Google Analytics, Firebase |
|
For what purpose |
- To provide personalized and customized service - To update and design new services |
|
For how long |
- Until membership withdrawal |
Article 8 (Personal information protection officer)
For all personal information-related inquiries, complaints, and compensation regarding the service use, please contact the person in charge of personal information protection. The company will do its best to answer your inquiries and take necessary action without delay.
|
In charge of personal information protection |
|
Hyunsuk Lee(CEO) (hyunsuk.lee@doinglab.com / 031-698-9883) |
Members can also apply for dispute resolution or counseling at the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Reporting Center for personal information infringement. For other reports and counseling on personal information infringement, please contact the following agencies.
|
Personal Information Infringement Reporting Center |
Cyber Investigation Division of Supreme Prosecutors¡¯ Office |
Cyber Investigation Bureau of the National Police Agency |
|
- 118 (with no national number) - www.privacy.kisa.or.kr |
- 1301(with no national number) - www.spo.go.kr |
- 182 (with no national number) - www.ecrm.police.go.kr |
Article 9 (Obligation to notify policy revision)
The company may modify its privacy policy to reflect changes in related laws or services. If the privacy policy is revised, members will be notified of the changes and the date of implementation at least 7 days in advance through Announcement in the service.
Date of announcement : 01.11.2024
Date of implementation : 01.12.2024