Beautystone Clinic informs you about the processing of your personal information.
Beautystone Clinic (hereinafter referred to as the Hospital) complies with relevant laws and regulations such as the Personal Information Protection Act and the Medical Act and manages the personal information of information subjects safely. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, we establish and disclose the personal information processing policy as follows to guide information subjects on the procedures and standards regarding the processing and protection of personal information, and to ensure prompt and smooth handling of related grievances.
Article 1 (Purpose of Processing)
The hospital processes personal information only within the scope of the following purposes.
Provision of medical services: Appointment scheduling, management of medical records, diagnosis and treatment, prescription, provision of medical services such as tests, and management of medical fees including billing, collection, and refunds. 2. Compliance with laws and regulations: Retention of medical records as required by medical law, response to requests from health authorities. 3. Utilization for marketing and advertising: Delivery of promotional information such as events, tracking access frequency, and statistical purposes regarding service usage.
※ However, the hospital website itself does not operate membership registration or reservation · inquiry forms, and reservations · consultations are handled through external platforms such as Naver Place. The collection and use of personal information through external platforms follows the policies of those platforms.
Article 2 (Items of Personal Information Processing)
The hospital collects and uses personal information solely for the purposes of medical treatment and compliance with laws and regulations.
Items collected during treatment: Name, resident registration number, address, contact information, medical records (health information), etc., required items under the Medical Service Act
Items collected when collecting medical fees: Card company name, approval number, and other payment approval information
Automatically collected items on the website: Access logs, cookies, IP, etc. (for security and quality management purposes)
Article 3 (Retention and Use Period)
The hospital processes and retains personal information within the retention and use period of personal information as stipulated by law or within the period agreed upon by the data subject when collecting personal information.
According to Article 15 of the Enforcement Rules of the Medical Service Act (Retention of medical records)
Patient register : 5 years
Medical record : 10 years
Surgical record : 10 years
Prescription : 2 years
Test findings : 5 years
Reservation·consultation records (external platform): According to the policy of the relevant platform
Information used for marketing and advertising: Until consent is withdrawn
Article 4 (Procedures and Methods for Destruction of Personal Information)
The hospital will promptly destroy the personal information after the retention period has elapsed or the purpose of processing has been achieved.
Personal information stored in electronic file format is destroyed so that it cannot be recovered.
Personal information printed on paper is shredded with a shredder or incinerated for destruction.
Article 5 (Provision of Personal Information to Third Parties)
In principle, the hospital does not provide personal information to third parties without the consent of the data subject.
However, where there is a basis in laws and regulations, or when there is a lawful request from a public institution, or to the extent necessary for medical coordination, such as the transport of emergency patients, it may be provided.
Article 6 (Measures to Ensure the Safety of Personal Information)
The hospital implements protective measures to ensure the safety of personal information through the establishment and execution of internal management plans, access rights management, encryption, retention and inspection of access logs, and administrative, technical, and physical measures including server room security.
Article 7 (Rights of the Data Subject and Legal Representative)
The data subject (and their legal representative) may request access to, correction of, deletion of, or suspension of processing of their personal information, or withdraw their consent, from the clinic at any time.
You may exercise your rights against the hospital in writing, by email, fax, telephone, etc. pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the hospital will take action without delay.
You may also exercise your rights through an agent, such as the data subject's legal representative or a person authorized by the data subject. In this case, "you must submit a power of attorney in the form prescribed in Form No. 11 of the Annex to the Notice on Methods of Processing Personal Information.
The data subject’s right to request access to and suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
If the personal information is specified as subject to collection by other laws and regulations, you cannot request deletion of the relevant personal information.
The hospital will verify whether the person exercising the rights is the data subject or a legitimate representative.
Article 8 (Personal Information Protection Officer)
The hospital is responsible for overseeing the handling of personal information and has designated a Data Protection Officer as follows to address complaints from data subjects regarding the processing of personal information and to provide remedies for any damage.
Privacy Officer: Kim Ga-eul
Contact: 02-3144-0107 / bsclinchj@naver.com
Article 9 (Methods of Remedy for Violation of Rights)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc., to receive remedies for personal information infringements. For other reports and consultations regarding personal information infringements, please contact the institutions listed below.
Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
Article 10 (Change of Privacy Policy)
This policy will be effective from **November 15, 2025** and will be notified through the website in case of changes.
The hospital has ended the homepage membership registration/login function as of November 15, 2025. Accordingly, we inform you that all personal information (ID, name, contact information, email, etc.) collected through previous membership registrations has been safely destroyed in accordance with Article 21 of the Personal Information Protection Act.