“KoreaMedicare Co., Ltd.” (hereinafter referred to as the Company) values the personal information of its customers who use its Internet-based news and content-related services, including kormedi.com, and complies with the Personal Information Protection Act and related laws. Through the Privacy Policy, the Company discloses how and for what purposes the personal information provided by customers is used and what measures are being taken to protect personal information.
1. Purpose of collecting and using (processing) personal information
The Company minimally collects and uses personal information for the following purposes.
1) Membership and management: Confirmation of membership intention, verification of user’s identity, management of membership activity performance, confirmation of membership withdrawal intention, and prevention of unauthorized use of services.
2) Service provision: content service, customized service based on interests, newsletter subscription
3) Service improvement: demographic analysis of service use, analysis of service visit and usage records, development of new services and improvement of existing services
4) Information delivery and product delivery: Delivery of information such as publicity/advertising and events, delivery and transmission of products/giveaways
5) Various notifications and complaint handling: Handling complaints such as various notices and notifications, complaint handling, etc.
2. Retention and use period of personal information
1) The company retains personal information collected through the user’s consent for the duration of membership. Personal information of members who have lost their membership due to the termination of the service use contract (membership withdrawal) will be deleted after a 7-day grace period.
However, items falling under the following reasons are retained for the period specified by relevant laws and regulations.
① Act on Consumer Protection in Electronic Commerce, etc.
– Records on display and advertising: 6 months
– Records of contract or subscription withdrawal, payment, and supply of goods: 5 years
– Records of consumer complaints or dispute handling: 3 years
② Act on the Protection of Communications Secrets
– Records of service visits: 3 months
2) If there is a need to continue to retain the records despite the above retention period, we will obtain your consent.
3) The Company shall notify the user in advance via email and destroy the personal information of customers (long-term non-users) who do not have a service use record for more than one year, or separately store, manage, or destroy the personal information.
3. Items of personal information to be processed
1) Collected items
① Membership registration and management, service provision and improvement
[Required] Email address (ID), password
[Optional] Name (or nickname), mobile phone number, gender, age group
* Easy login (social login)
– Naver: [Required] User identifier, email address
– Kakao: [Required] Member number, email address
– Google: [Required] Email address, name, language preference, profile picture
② Information delivery and product delivery
[Optional] Email address (ID), name (or nickname), mobile phone number
③ Various notifications and complaint handling
[Required] Email address (ID)
[Optional] Name (or nickname), mobile phone number
2) Collection Methods
The Company collects personal information through the following methods.
① Provided by users after consenting to the collection of personal information in the process of membership registration (including social login) and service use.
② Provided by customers through webpage, mail, fax, telephone, oral, etc. in the process of consultation through customer center
③ Participation in events held online and offline
In the process of using the service, device information, access logs, access IP information, cookies, visit dates, service usage records, and bad usage records may be automatically generated and collected.
4. Matters concerning the processing of personal information of children under the age of 14
Only users over the age of 14 can register for membership.
5. Provision of personal information to third parties
The Company does not provide users’ personal information to third parties in principle, except in the following cases.
– When the user has given prior consent
– When required by the provisions of laws and regulations, or when requested by an investigative agency in accordance with the procedures and methods specified in laws and regulations for the purpose of investigation.
6. Outsourcing of personal information processing
The company may entrust personal information in order to provide users with the latest technology and the stability of service provision. The Company will disclose through the Privacy Policy if it entrusts any work, or if the content of the entrusted work or the entrusted company changes.
The current status of the company’s outsourcing is as follows.
| Entrusted Company | Entrusted Business Details | Personal Information Retention and Use Period |
| Amazon Web Services Korea LLC | Cloud infrastructure management | Until the end of the consignment agreement |
| Qubit Security Inc. | Web firewall management | Until the end of the consignment agreement |
7. Overseas Transfer of Personal Information
The Company does not transfer personal information overseas.
8. Procedures and methods for destroying personal information
The Company shall destroy personal information without delay after a grace period of 7 days when the purpose of collecting and using personal information is achieved, such as withdrawal from membership.
However, if personal information must be preserved for a certain period of time in accordance with other laws and regulations (see Retention and Use Period of Personal Information), the personal information will be transferred to a separate database or stored in a different place and preserved for a certain period of time before being destroyed. Personal information preserved separately will not be used for any other purpose unless required by law.
Personal information recorded and stored in the form of electronic files shall be destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents shall be destroyed by shredding or incineration.
9. Rights of users and legal representatives and how to exercise them
1) Users may exercise their rights to view, correct, or delete personal information at any time.
2) Users may request the suspension of personal information processing at any time, and if there are special provisions in the law, we may refuse the request to suspend processing.
3) Users may exercise their rights through direct processing on the ‘Member Information’ page, etc. or by writing, calling, e-mailing, etc. to the personal information protection officer and the department in charge, and the Company will take action without delay.
4) If the user requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
5) The Company restricts membership to children under the age of 14 who require the consent of a legal representative.
6) Users shall not infringe on the personal information and privacy of themselves or others processed by the Company in violation of relevant laws and regulations such as the Personal Information Protection Act.
10. Measures to ensure the safety of personal information
In processing users’ personal information, the Company takes the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged.
1) Administrative measures: Establishment and implementation of internal management plans, operation of a dedicated organization, and regular employee training
2) Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation and update of security programs.
3) Physical measures: Access control to computer rooms, data storage rooms, etc.
11. Installation, operation and rejection of automatic personal information collection devices
In order to provide customized services to users, the Company may use ‘cookies’ that store and retrieve users’ information from time to time.
1) Purpose of using cookies: Providing targeted marketing and personalized services by analyzing the access frequency and visit time of members and non-members, identifying users’ tastes and interests and tracking their traces, identifying the degree of participation in various events and the number of visits, etc.
2) Installation, operation, and rejection of cookies: You can refuse to save cookies by setting options on the Tools > Internet Options > Privacy Menu at the top of your web browser.
3) If you refuse to save cookies, you may have difficulty using some services that require a login.
12. Processing of Pseudonymized Information
The Company may pseudonymize personal information so that a specific individual cannot be recognized for statistical purposes, and use it as follows.
1) Purpose of processing: User statistics
2) Processing items: gender, age group
3) Retention and utilization period: Immediately destroyed after creating statistics
13. Operation of personal information protection officer
1) The Company shall be responsible for the processing of personal information in general, and shall designate and operate the personal information protection officer as below to handle user complaints and damage relief related to the processing of personal information.
2) You can contact the personal information protection officer and the department in charge for all personal information protection-related inquiries, complaints, and damage relief that occurred while using the Company’s services. The Company will answer and process your inquiries without delay.
▶Personal information protection officer and department in charge of personal information protection
Name: Choi Seungsik
Contact: 02-2052-8200, kormedi@kormedi.com
※ You will be connected to the department in charge of personal information protection.
14. Consultation and Report of Personal Information Infringement
If you need to report or consult about personal information infringement, please contact the following organizations.
1) Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2) Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
3) Supreme Prosecutors’ Office: 1301 (without area code) (www.spo.go.kr)
4) National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
15. Changes to the Privacy Policy
If we make any changes to the Privacy Policy, we will notify you through a notice on the website or individual notification at least 7 days before the change is effective.
– Effective Date: July 10, 2023 (Notice date: July 3, 2023)