Privacy Policy

Article 1. Consent to Collection of Personal Information

The Clinic provides notice of the Privacy Policy or Terms of Use at sign-up, and by clicking the “Register” button, you are deemed to have consented to the collection of personal information.

Article 2. Items and Methods of Personal Information Collection

1. 1) Items of personal information collected

   Through the website managed by the Clinic, the following personal information is collected at initial sign-up or service use; only the minimum information necessary to provide services is collected.

   1. (1) Required items

      ※ You may refuse consent to the collection/use of required items; however, these are essential for providing the service. Refusal will prevent website membership or service use.

      1. 1) Personal information required for online consultation

         - Required: Name, Email

      2. 2) Information required for each service and service usage records

         • Service usage record information — log data, cookies, usage time, user-entered search terms, etc.
         • Device information, access IP information, preference settings, etc.

   2. (2) Optional items

      ※ You may refuse consent for optional items; these are not essential for service provision. You may use the website even if you refuse. If optional collection/use is needed during service, separate notice and consent will be obtained.

2. 2) Restrictions on personal information collection

   The Clinic does not collect sensitive information via the website that may significantly infringe on privacy (e.g., thoughts/beliefs, union/party membership status, political views, biometric information).

3. 3) Protection policy for children under 14

   In principle, the Clinic does not collect personal information from users under 14. If collected for treatment, it will not be shared with third parties without parental consent, nor sold or rented.

   ※ As a rule, real-name verification is not required on the website.

4. 4) Methods of personal information collection

   1. (1) Principle of collection via the website

      In principle, the Clinic collects only via the website. When non-members post, a procedure allows users to choose “Agree” or “Disagree” for each consent form for collection/use.

   2. (2) Collection via cookies

      The Clinic uses “cookies” that store and retrieve your information. When you access the site, the web server reads cookies in your browser and can provide services without additional input (e.g., ID). Cookies identify your computer, not you personally.

      ※ A cookie is a small piece of data sent to your browser. You have choices: accept all cookies, be notified upon installation, or refuse all cookies via browser settings.

Article 3. Purpose of collection and use of personal information

The Clinic collects personal information to operate the website and provide services, and will obtain prior consent if the purposes change.

Article 4. Provision of personal information to third parties

The Clinic uses personal information only within the notified scope and does not use it beyond that scope or provide it to others, companies, or institutions without consent, except upon lawful requests by government agencies. If outsourcing processing, the items, contractor name, and tasks will be notified in advance.

Article 5. Outsourcing of collected personal information

The Clinic outsources personal information processing as below to perform services and stipulates necessary measures in contracts to ensure safety per law. The entrusted organizations and tasks are as follows.

[Processor] WEING Corporation — Name, phone number, ID, email address, cookies, log data such as navigation paths — until the end of the outsourcing contract

Article 6. Retention and use period of personal information

In principle, once the purposes are achieved, personal information is destroyed without delay; information with no login/use for one year is destroyed or stored separately.

However, when preservation is required by law, the company retains member information for the periods specified below.

• User internet log records / connection trace data: 3 months (Protection of Communications Secrets Act)
• Records of consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
• Records on collection/processing/use of credit information: 3 years (Use and Protection of Credit Information Act)
• Records of identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection)

Article 7. Procedures and methods for destruction of personal information

In principle, the Clinic destroys personal information without delay after the purposes are achieved. The procedures and methods are as follows.

1. 1) Destruction procedure

   After the purposes are achieved, personal information is stored for a period per internal policy and law (see retention/use period) and destroyed within 5 days thereafter.

   If moved to a separate DB, it is not used for purposes other than retention unless required by law.

2. 2) Destruction methods

   Electronic files are deleted using technical methods that prevent recovery. Paper records are shredded or incinerated.

Article 8. Measures to ensure security of personal information

1. 1) Technical and managerial measures for protection

   To prevent loss, theft, leakage, alteration, or damage, the Clinic implements the following technical and managerial measures.

   1. (1) Establishment and implementation of internal management plan
      1. 1) The Clinic has established and implements an internal management plan for safe processing.
      2. 2) Through an in-house data protection body, the Clinic checks implementation and compliance and takes corrective action immediately upon issues.
   2. (2) Encryption of personal information — Users’ information is protected by passwords, and critical data is protected by additional security functions.
   3. (3) Preventing exposure to search engines — Boards are managed to prevent personal data in posts/attachments from being exposed on portals like Google/Naver.
   4. (4) Admin page authentication — Increasing password complexity on admin pages to minimize leakage risk.
   5. (5) Minimizing handlers and training
      1. 1) Access to the admin page and member DB occurs only upon processing requests; a dedicated officer is appointed to ensure DB management.
      2. 2) On hiring and separation, staff must sign confidentiality pledges prohibiting disclosure of any information obtained on duty; violations may incur civil/criminal liability. 2. Post management policy — The Clinic endeavors to protect users’ posts from alteration, damage, or deletion; however, the following are exceptions.

2. 2) Post management policy

   The Clinic values users’ posts and strives to protect them, but the following cases are excluded.

   1. (1) Spam posts
   2. (2) Posts defaming others by spreading falsehoods
   3. (3) Posts disclosing others’ personal information without consent
   4. (4) Posts infringing the IP or rights of the company or third parties
   5. (5) Posts unrelated to the board’s topic

   ※ To promote sound board culture, the Clinic may delete or mask parts of posts disclosing others’ personal data without consent; other cases may be removed after explicit/individual warnings.

   ※ Ultimately, all rights and responsibilities for posts lie with the author. Information voluntarily disclosed in posts may be hard to protect; consider carefully before disclosing.

Article 9. Data subjects’ rights, duties, and exercise thereof

As data subjects, users may exercise the following rights.

1. 1) Access to and correction of personal information

   You may access or correct your personal information at any time. Click “Edit Member Info” to do so directly, or contact the privacy officer by email. If you request correction/deletion due to errors, the Clinic will not use or provide the data until completion. ※ Rights may be exercised via a legal representative or proxy with the prescribed power of attorney (Form No. 11). Data required by law to be retained cannot be altered or deleted during the retention period.

2. 2) Withdrawal of consent to collection, use, and provision

   You may withdraw at any time the consent you gave for collection/use/provision. Contact the website or privacy officer by email, and necessary measures (e.g., deletion) will be taken immediately.

3. 3) Opinions and complaint handling

   The Clinic provides a channel for opinions and complaints regarding privacy. Submit to the privacy officer; action will be taken upon receipt and results notified.

Article 10. Privacy policy and management officer

To protect personal information and handle complaints/remedies, the Clinic designates the following department and privacy officer.

1. 1) Privacy Officer

   1. (1) Name: Sangwook Lee
   2. (2) Position: Director
   3. (3) Affiliation: Yezel Clinic
   4. (4) Phone: (02) 515-7409
   5. (5) 이메일 : yezel@naver.com

2. 2) Other agencies

   You may report any privacy complaints arising from website use to the privacy officer or department. The company will respond promptly and fully. For reports or counseling on personal data breaches, contact the agencies below.

   1. (1) Personal Information Infringement Report Center (www.118.or.kr / 118)
   2. (2) Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
   3. (3) Supreme Prosecutors’ Office Cyber Investigation Dept. (www.spo.go.kr / 1301)
   4. (4) National Police Agency Cyber Bureau (www.police.go.kr/www/security/cyber.jsp / 182)

Article 11. Changes to the Privacy Policy

This policy was established on March 30, 2018. For additions, deletions, or corrections required by laws/policies, notice will be given via the website (https://yezelclinic.com) or Yezel Clinic at least 7 days before enforcement.