medihi Privacy Policy
Sungjin HDS Co., Ltd. (hereinafter referred to as the "Company"), which operates the medihi service (hereinafter referred to as the "Service"), and affiliated medical institutions participating in the Service (hereinafter referred to as "Participating Institutions") value the personal information of users and comply with relevant laws such as the "Personal Information Protection Act".
This Privacy Policy applies to the use of all services provided by medihi and informs users of how their personal information is collected, used, stored, and destroyed, as well as their rights and how to exercise them.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes.
Currently, medihi operates primarily based on non-member consultation requests. Should features such as membership services, reviews, or payments be introduced in the future, this policy may be updated accordingly.
| Category | Purpose |
|---|---|
| Consultation & Reservation Request | Connecting consultations & reservations, providing hospital info, customer support & complaint handling, service quality improvement & statistical analysis |
| Member Services | Member identification, identity verification, writing reviews, reservation management, prevention of fraudulent use |
| Service Analysis & Custom Recommendation | Analyzing user service patterns, content recommendation, UI/UX improvement, quality enhancement |
| Marketing & Benefit Information | Sending events, promotions, advertising information, benefits, and newsletters |
| Contract, Settlement, Customer Management | Fulfillment of service contracts with advertising/affiliated hospitals, settlement, internal management |
| Fulfillment of Legal Obligations | Compliance with laws related to consumer protection, tax reporting, dispute resolution, etc. |
▪️ Customer Experience Satisfaction Survey & Review Request
To improve customer experience quality and services, the Company may conduct satisfaction surveys or request reviews regarding the consultation, visit, and treatment process.
Information collected in this process is used solely for service quality management. If reviews are publicly posted within the service or linked to promotional/donation programs, they will be used only after obtaining the user's optional marketing consent.
2. Items of Personal Information Processed
The Company collects and uses the following information during the service usage process.
| Category | Collection Items | Collection Method |
|---|---|---|
| Consultation Request | Name, Contact (Phone number), Treatment item (Optional: Messenger ID, Inquiry details, Age, Gender, Region, Preferred reservation date/time) | Consultation form |
| Sign Up | Name, Email, Password, Mobile phone number, Identity verification value (CI/DI) | Sign-up screen |
| Writing Reviews or Content | Name (or Nickname), Review content, Procedure info, Attached images (Optional) | Review screen |
| Automatically Collected Info | IP address, Browser & Device info, Access time, Usage records, Cookies, Event logs | Auto-collected during use |
3. Retention and Usage Period of Personal Information
| Category | Retention Period | Basis |
|---|---|---|
| Consultation & Reservation Records | Retained for 1 year from the request date, then immediately destroyed | Article 16 of the Personal Information Protection Act (Restriction on Collection) |
| Contract & Settlement Records | 5 years | Act on the Consumer Protection in Electronic Commerce (Records on contract and payment settlement) |
| Service Usage Records | 3 months | Protection of Communications Secrets Act |
| Member Information | Until membership withdrawal | |
| Upon Expiry or Purpose Achievement | Destroyed without delay (Electronic files deleted irreversibly, printed materials shredded or incinerated) |
▪️ Separate Storage for Long-term Inactive Users (Article 29, Network Act)
The Company may separately store or destroy personal information of users who have not used the service for more than 1 year.
In this case, the Company will notify the user prior to separation/storage and retain the information only for the period specified by law.
4. Provision of Personal Information to Third Parties
In principle, the Company does not provide user personal information externally.
However, it is provided as follows only with the user's prior consent.
| Recipient | Purpose | Items Provided | Retention Period |
|---|---|---|---|
| Hospitals/Clinics receiving consultation/reservation requests | Consultation/Reservation guidance, Visit management | Name, Contact (Phone number), Treatment item (Optional: Messenger ID, Inquiry details, Age, Gender, Region, Preferred reservation date/time) | 1 year from request date or period specified by relevant laws |
| Laws or Investigative Agencies | Upon request based on laws | Scope set by law | Until purpose achieved |
5. Outsourcing of Personal Information Processing
For smooth service provision, the Company outsources personal information processing as follows.
| Trustee | Outsourced Tasks | Items Provided | Retention Period |
|---|---|---|---|
| Typeform S.L. | Consultation form service provision | Consultation response data | Until purpose achieved |
| Google LLC | Web/App analysis (GA4), Cloud storage, Email service | Log data, Email | Until purpose achieved |
| Amazon Web Services (AWS) | Cloud server infrastructure provision and data storage environment operation | Service usage data | Until contract termination or purpose achievement |
| Kakao | Message delivery, notifications, authentication service | Name, Contact, Message content | Service provision period |
※ If the outsourced vendor changes, we will notify you in advance through this policy and announcements.
6. Procedure and Method of Destruction of Personal Information
The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved.
However, if retention is required by relevant laws, the information is moved to a separate database and access is restricted.
① Destruction Procedure
Information entered by users through consultation requests, membership registration, etc., is moved to a separate database after the purpose is achieved and stored for a certain period according to internal policies and laws before being destroyed.
The information is not used for any other purpose except as required by law.
② Destruction Method
- Paper documents: Shredded or incinerated
- Electronic files: Permanently deleted using irreversible technical methods
7. Rights of Users and Legal Representatives
Users may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding their personal information at any time.
Inquiries regarding personal information can be made through the contact information below.
- Email: home@sungjinhds.com
- Phone: 1833-4957
- Chief Privacy Officer (CPO): Kim Jin-young
- Reporting or consultation regarding personal information infringement:
- Personal Information Dispute Mediation Committee (1833-6972)
- Personal Information Infringement Report Center (118)
8. Use and Rejection of Cookies
The Company may use cookies to analyze user service usage patterns and provide customized information.
Cookies do not identify individuals and are used to analyze user preferences and usage patterns.
① Purpose of Cookie Use
Identify user visit records, usage patterns, and preferred content to provide customized information and statistical analysis
② Method to Reject Cookies
Users have the option to accept or reject cookie installation and can reject cookie storage through web browser settings.
- (Internet Explorer) [Tools] → [Internet Options] → [Privacy] → [Advanced]
- (Chrome) [Settings] → [Privacy and security] → [Cookies and other site data]
If you reject cookie storage, there may be limitations in using some customized services.
9. Measures to Ensure Safety of Personal Information
In accordance with Article 29 of the Personal Information Protection Act, the Company implements the following measures to ensure safety:
- Minimization of access rights and authority management
- Encryption during transmission and storage
- Retention of access logs and prevention of forgery or alteration
- Regular security inspections and mock drills
- Management, supervision, and training of trustees
10. Chief Privacy Officer (CPO)
| Category | Name | Department | Contact | |
|---|---|---|---|---|
| Chief Privacy Officer | Kim Jin-young | Management Support | 1833-4957 | home@sungjinhds.com |
11. Notice of Changes to Privacy Policy
This policy is effective from November 4, 2025.
If there are any additions, deletions, or changes to the content, we will notify you via announcements or email 7 days prior to the effective date.