medihi Privacy Policy
Sungjin HDS Co., Ltd. (hereinafter referred to as the 'Company') operating the medihi service (hereinafter referred to as the 'Service') and the affiliated medical institutions participating in the Service (hereinafter referred to as 'Participating Institutions') consider users' personal information important and comply with related laws such as the Personal Information Protection Act.
This Privacy Policy applies to the use of all services provided by medihi, and informs users of how their personal information is collected, used, stored, and destroyed, as well as the users' rights and how to exercise them.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes.
Currently, medihi operates primarily as a non-member consultation request service. If features such as member services, reviews, and payments are introduced in the future, this policy may be updated accordingly.
| Category | Purpose |
|---|---|
| Consultation & Reservation Requests | Connecting consultations and reservations, providing hospital information, customer response and complaint handling, service quality improvement and statistical analysis |
| Member Services | Member identification, identity verification, writing reviews, reservation management, prevention of unauthorized use |
| Service Analysis & Custom Recommendations | Analyzing users' service usage patterns, content recommendations, UI/UX improvements, quality enhancement |
| Marketing & Benefit Notifications | Sending events, promotions, advertising information, benefits, and newsletters |
| Contracts, Settlements & Customer Management | Fulfilling service contracts with advertising/partner hospitals, settlements, internal management |
| Compliance with Legal Obligations | Consumer protection, tax reporting, dispute resolution, and compliance with related laws |
▪️ Customer Experience Satisfaction Survey & Review Request
To improve customer experience quality and services, the Company may conduct satisfaction surveys or request reviews regarding the consultation, visit, and treatment process.
Information collected in this process is used solely for service quality management. If reviews are publicly posted within the service or linked to promotional/donation programs, they will be used only after obtaining the user's optional marketing consent.
2. Items of Personal Information Processed
The Company collects and uses the following information during the service use process.
| Category | Collection Items | Collection Method |
|---|---|---|
| Consultation Request (Required) | Name, Contact number (Phone number), Treatment items | When filling out the consultation form |
| Consultation Request (Optional) | Age, Gender, Region of residence, Consultation inquiry details, Other survey response items | When filling out the consultation form |
| Upon Membership Registration | Name, Email, Password, Mobile phone number, Identity verification value (CI/DI) | Membership registration screen |
| Upon Writing Reviews or Content | Name (or Nickname), Review content, Procedure information, Attached images (Optional) | Review writing screen |
| Automatically Collected Information | IP address, Browser and device information, Access date and time, Usage records, Cookies, Event logs | Automatically collected when using the service |
Note: Treatment items are automatically set according to the consultation context requested by the user (access path, selected treatment category, etc.) or can be directly selected by the user, and are essentially collected to connect appropriate hospitals. Users can freely decide whether to enter optional items, and non-entry does not affect the consultation request. However, if optional items are not provided, information that can be referenced when connecting consultations may be limited.
3. Retention and Use Period of Personal Information
| Category | Retention Period | Basis |
|---|---|---|
| Consultation & Reservation Request Records | Destroyed immediately after storage for 1 year from the consultation or reservation request date | Article 16 of the Personal Information Protection Act (Principle of Minimum Collection/Retention) |
| Information Consented for Marketing Use | 2 years from the date of consent or until consent is withdrawn | Based on user consent |
| Contract & Settlement Related Records | 5 years | Act on the Consumer Protection in Electronic Commerce, etc. (Records on contracts and payment) |
| Service Usage Records | 3 months | Protection of Communications Secrets Act |
| Member Information | Until membership withdrawal | |
| Cases with Separate Legal Regulations | According to the relevant laws |
The information is destroyed without delay when the retention period expires or the purpose is achieved. (Electronic files are deleted using a permanently irrecoverable method, and printed materials are shredded or incinerated.)
▪️ Separate Storage for Long-Term Inactive Users (Article 29 of the Information and Communications Network Act)
The Company may separately store or destroy the personal information of users who have not used the service for more than 1 year. In this case, the Company notifies the user in advance before separation and storage, and retains the corresponding information only for the period specified by law.
4. Provision of Personal Information to Third Parties
In principle, the Company does not provide users' personal information to external parties. However, it is provided as follows only when the user's prior consent is obtained.
| Recipient | Purpose | Items Provided | Retention Period |
|---|---|---|---|
| Consulting·Reserving Hospitals and Clinics | Conducting consultations, reservation guidance, visit management, and follow-up calls | Name, Contact number (Phone number), Treatment items, Consultation inquiry details, and all survey response values | Until the consultation/reservation purpose is achieved (However, limited to cases where preservation is required according to hospital internal regulations or related laws) |
| Relevant Laws or Investigative Agencies | Upon request based on legal grounds | Scope prescribed by law | Until the purpose is achieved |
5. Consignment of Personal Information Processing
The Company consigns personal information processing tasks as follows for smooth service provision.
| Trustee | Outsourced Tasks | Items Provided | Retention Period |
|---|---|---|---|
| Typeform S.L. | Providing form and survey services (consultation requests, customer experience surveys, satisfaction surveys, etc.) | Consultation response data | Until the purpose is achieved |
| Google LLC | Web·App analytics (GA4), cloud storage, email services | Log data, Emails | Until the purpose is achieved |
| Amazon Web Services (AWS) | Providing cloud server infrastructure and operating data storage environments | Service usage data | Until the consignment contract ends or the purpose is achieved |
| Kakao | Message delivery, notification, authentication services | Name, Contact number, Message content | Service provision period |
※ If the consigned company changes, advance notice will be given through this policy and announcements.
6. Marketing Utilization and Receipt of Advertising Information
The Company uses personal information for the following purposes only when the user's optional consent is obtained.
| Item | Content |
|---|---|
| Subject of Utilization | medihi (Sungjin HDS Co., Ltd.) |
| Purpose of Use | Guidance on medihi service benefits, events, customized treatment program information, new service announcements, and personalized content recommendations |
| Retention and Use Period | 2 years from the date of consent or until consent is withdrawn |
| Method of Withdrawing Consent | Can be withdrawn at any time through the Customer Center (1833-4957) or the opt-out link in received messages |
Marketing consent is optional, and there are no restrictions on service use even if you do not consent.
7. Marketing Utilization and Receipt of Advertising Information
The Company destroys the personal information without delay when the retention period expires or the purpose of processing is achieved. However, if it is necessary to store it for a certain period according to related laws, it is moved to a separate DB and stored, and access is restricted.
① Destruction Procedure The information entered by the user through consultation requests·membership registration, etc., is moved to a separate DB after the purpose is achieved, stored for a certain period according to internal policies and laws, and then destroyed. The relevant information will not be used for other purposes except as required by law.
② Destruction Method Paper documents: Shredded or incinerated Electronic files: Permanently deleted using technically irrecoverable methods
8. Rights of Users and Legal Representatives
Users can request to view, correct, delete, suspend processing, or withdraw consent for their personal information at any time. Inquiries related to personal information can be made through the contact information below.
| Item | Content |
|---|---|
| home@sungjinhds.com | |
| Phone | 1833-4957 |
| Privacy Officer | Kim Jin-young |
Reporting and consultation on personal information infringement: Personal Information Dispute Mediation Committee (1833-6972) Personal Information Infringement Report Center (118)
9. Use and Refusal of Cookies
The Company may use cookies to analyze users' service usage patterns and provide customized information. Cookies do not identify individuals and are utilized to analyze user preferences and usage patterns.
① Purpose of using cookies Providing customized information and statistical analysis by identifying users' visit records, usage patterns, and preferred content
② Method to refuse cookie settings Users have the right to choose whether to install cookies and can refuse to save cookies through web browser settings. Internet Explorer: [Tools] → [Internet Options] → [Privacy] → [Advanced Settings] Chrome: [Settings] → [Privacy and Security] → [Cookies and other site data] If you refuse to save cookies, there may be restrictions on using some customized services.
10. Measures to Ensure the Safety of Personal Information
The Company implements the following safety measures in accordance with Article 29 of the Personal Information Protection Act. Minimization of access rights and authority management Encryption during transmission and storage Storage of access logs and prevention of forgery and alteration Regular security checks and mock training Management·supervision of consignees and execution of training
11. Privacy Officer
| Category | Name | Department | Contact | |
|---|---|---|---|---|
| Privacy Officer | Kim Jin-young | Strategic Planning Office | 1833-4957 | home@sungjinhds.com |
12. Notification of Changes to the Privacy Policy
This policy applies from February 11, 2026. If there are additions, deletions, or changes to the content, they will be notified through announcements or email 7 days prior to implementation.