Beauty Stone Clinic informs you about the processing of your personal information.
Beauty Stone Clinic (hereinafter referred to as "the Hospital") complies with relevant laws and regulations such as the "Personal Information Protection Act" and the "Medical Act" and manages the personal information of information subjects safely. Accordingly, in accordance with Article 30 of the "Personal Information Protection Act," we establish and disclose the personal information processing policy as follows to guide information subjects on the procedures and standards regarding the processing and protection of personal information, and to ensure prompt and smooth handling of related grievances.
Article 1 (Purpose of Processing)
The hospital processes personal information only within the scope of the following purposes.
Provision of medical services: Appointment scheduling, management of medical records, diagnosis and treatment, prescriptions, tests, etc. Providing medical services and managing medical expenses for billing, collection, and refunds.
Compliance with laws and regulations: Retention of medical records as per medical law, responding to health authority requests.
Utilization for marketing and advertising: Delivery of advertising information such as events, identifying access frequency, and statistical purposes regarding service usage.
※ However, the hospital's website does not operate its own membership registration or reservation · inquiry form, and reservations · consultations are made through external platforms such as Naver Place. The collection and use of personal information through external platforms will follow the policies of those platforms.
Article 2 (Items of Personal Information Processing)
The hospital collects and uses personal information solely for the purpose of medical treatment and legal compliance.
Items collected during treatment: Name, Resident Registration Number, Address, Contact Information, Medical Records (Health Information), etc. Required items under the 'Medical Service Act'
Items collected during charge collection: Card Issuer Name, Approval Number, etc. Payment approval information
Automatically collected items from the homepage: Access logs, Cookies, IP, etc. (For security and quality management purposes)
Article 3 (Retention and Use Period)
The hospital processes and retains personal information within the retention and use period of personal information as stipulated by law or within the period agreed upon by the data subject when collecting personal information.
Compliance with Article 15 of the Medical Law Enforcement Regulations (Preservation of Medical Records)
Patient List: 5 years
Medical Records: 10 years
Surgical Records: 10 years
Prescriptions: 2 years
Test Results: 5 years
Reservation and Consultation Records (External Platforms): Follow the policies of the respective platform
Information Used for Marketing and Advertising: Until consent is withdrawn
Article 4 (Procedures and Methods for Destruction of Personal Information)
The hospital will promptly destroy the personal information after the retention period has elapsed or the purpose of processing has been achieved.
Personal information stored in electronic file formats is disposed of in a way that cannot be recreated.
Personal information printed on paper is shredded or incinerated for disposal.
Article 5 (Provision of Personal Information to Third Parties)
The hospital does not provide personal information to third parties without the consent of the data subject in principle.
However, it may be provided within the necessary scope when based on laws or legitimate requests from public institutions, or for the purpose of medical continuity, such as the transfer of emergency patients.
Article 6 (Measures to Ensure the Safety of Personal Information)
Hospitals implement protective measures to ensure the safety of personal information through internal management plan establishment and execution, access rights management, encryption, retention and inspection of access logs, and management measures that are administrative, technical, and physical.
Article 7 (Rights of the Data Subject and Legal Representative)
The data subject (and legal representative) may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding personal information from the hospital at any time.
The exercise of rights can be made to the hospital in accordance with Article 41 (1) of the Enforcement Decree of the "Personal Information Protection Act" by written notification, email, fax, phone, etc., and the hospital will take action without delay.
The exercise of rights can also be made through a legal representative or an agent authorized by the data subject. In this case, you must submit a power of attorney in accordance with the format of Attachment No. 11 of the "Notification on the Processing of Personal Information."
The rights of the data subject to request access to and suspension of processing of personal information may be limited under Article 35 (4) and Article 37 (2) of the "Personal Information Protection Act."
If the personal information is specified as a target for collection in other laws, you cannot request the deletion of that personal information.
The hospital verifies whether the person exercising the rights is the individual or a legitimate agent.
Article 8 (Personal Information Protection Officer)
The hospital is responsible for overseeing the handling of personal information and has designated a Data Protection Officer as follows to address complaints from data subjects regarding the processing of personal information and to provide remedies for any damage.
Personal Information Protection Officer: Kim Ga-eul
Contact: 02-3144-0107 / bsclinchj@naver.com
Article 9 (Methods of Remedy for Violation of Rights)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc., to receive remedies for personal information infringements. For other reports and consultations regarding personal information infringements, please contact the institutions listed below.
Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Reporting Center: (No area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (No area code) 1301 (www.spo.go.kr)
National Police Agency: (No area code) 182 (ecrm.cyber.go.kr)
Article 10 (Change of Privacy Policy)
This policy will be effective from **November 15, 2025** and will be notified through the website in case of changes.
The hospital has ended the homepage membership registration/login function as of November 15, 2025. Accordingly, we inform you that all personal information (ID, name, contact information, email, etc.) collected through previous membership registrations has been safely destroyed in accordance with Article 21 of the Personal Information Protection Act.