Descry Corporation Personal Information Processing Policy
In the interest of protecting users’ personal information and data and smoothly handle related grievances, Descry Co., Ltd. (hereinafter referred to as ‘THE COMPANY’) has established and disclosed its personal information processing policy as follows.
Article 1: Purpose of Personal Information Processing
THE COMPANY processes users’ personal information for the following purposes. Processing of user personal information and data will not be used for purposes other than the purposes hereafter stated. In cases of needing to process personal information for purposes other than those explicitly stated, necessary measures will be implemented, such as obtaining separate permission as detailed under Article 18 of the Personal Information Protection Act.
Article 2: Period of Processing and Retention of Personal Information
① THE COMPANY processes and retains personal information within the period of possession and use of personal information as agreed upon by the user.
② The periods of processing and retention of personal information for various cases is detailed as follows:
Article 3 Sharing of Personal Information to Third Parties
THE COMPANY processes users’ personal information within the scope stated in “Article 1: Purpose of Personal Information Processing.” Users’ personal information will not be used or shared to any third party in any form beyond the scope explicitly stated.
However, personal information may be shared to a third party in in the following specified cases.
Article 4: Consignment Processing of Personal Information
① For the purpose of providing improved services for users, THE COMPANY consigns and processes personal information as follows.
|Company of Consignment||Purpose of Consignment||Period of Retention and Use of Personal Information|
|NICEPAYMENTS Co., Ltd.||Payment and refund services (Payment methods of mobile phone payment, bank deposit, bank transfer, credit card payment, payment through gift certificates, and other payment methods)||Upon withdrawal of membership and termination of the contract (Excluding cases in which user information may need to be stored in accordance to specific laws and regulations)|
|Dream Security Co., Ltd||Mobile phone verification|
|Amazon Web Services, Inc.||Infrastructure management for the purpose of service provision|
|Mediplus Solution Co., Ltd.||Second Wind Service, including smart band provision and supply|
|NAAPIMHA||AWH Wellness Education Service|
|Wellingbe Co. Ltd.||AWH Wellness Education Service|
|Kakao Corp.||Chatbot service|
② In accordance with the Personal Information Protection Act, when THE COMPANY consigns to another service member company, outside of the specified purpose of consignment, matters concerning liability, such as prohibition of personal information processing, technical and administrative protection measures, restrictions on re-consignment, management and supervision of trustees, compensation for damages, etc. shall be specified in documents, and THE COMPANY will consistently monitor whether consignees are safely processing users’ personal information.
③ In cases in which the assigned purpose of consignment or consignees change, THE COMPANY will immediately notify its user base about the change through the personal information processing policy.
Article 5: Rights and Obligations of Users and Method of Execution of Rights and Obligations
Article 6: Items of Personal Information Processing
THE COMPANY processes the data items of personal information as described below.
1) Regular Membership
|Category||Data Items of Collection|
|Membership Registration||General||Required) Email address, nickname, name of user, phone number, usage log, DI, CI|
|Registration through Facebook||Required) ID associated with Facebook account, Facebook token, full name, profile picture|
|Registration through Google account||Required) Unique ID, nickname, profile picture, gender, email address, age group|
|Registration through Apple account||Required) Unique ID, full name
Optional) Email address
2) Provider Membership (Executives and Staff Members of Affiliated Psychiatric Organizations)
|Category||Data Items of Collection|
|Method of Membership Registration||App||Required) Invitation code, name, email address, nickname, field of specialization, phone number, usage log, DI, CI|
|Homepage||Email address, physical address, name of organization, name of organization representative, name of representative associated with company registration number, usage log, DI, CI|
|Additional Services||The data items that the user inputs directly during utilization of the chatbot feature and other features offered in-app|
Article 7: Separate Storage of Personal Information of Members with Long-term Discontinued Use of Service
Article 8: Destruction of Personal Information
① When the retention of user personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the purpose of information processing for a specified objective, THE COMPANY destroys stored personal information without delay.
② If personal information must be preserved in accordance with other laws and regulation, even if the period of personal information retention has elapsed and/or the purpose of information processing has been achieved, the personal information in question will be transferred to a separate database (DB) or stored in a separate preservation system.
③ The procedure and method for destroying personal information are as follows.
Article 9: Measures to Ensure Safety and Privacy of Personal Information
① THE COMPANY take the following technical, administrative, and physical measures to ensure safety and privacy of personal information, for the purpose of guaranteeing that personal information is not lost, stolen, leaked, altered, or damaged during the process of personal information processing.
|Category||Measure to Ensure Safety and Privacy of Personal Information|
|Administrative Measures||- Establishment and implementation of an internal management for the management of personal information
- Minimize the amount of parties handling personal information, and providing thorough education of personal information handling for those with access to personal information
- Managing new employees and employees leaving THE COMPANY
|Technical Measures||- Restricting access to personal information
- Password encoding
- Safe storage of access records and prevention of forgery and alteration of personal information
- Countermeasures against hacking, etc.
② THE COMPANY does not bear responsibility for actions of individual users, including individual mistakes due to unsafe Internet usage. Each member must individually bear responsibility of managing the safety of their ID and password to ensure the utmost security of their personal information.
Article 10: Matters Pertaining to the Installation, Operating, and Disabling of Automatic Personal Information Collection Devices
Article 11: Personal Information Security Officer
① THE COMPANY bears responsibility in handling users’ personal information. THE COMPANY designates the Personal Information Security Officer whose duty is to maintain personal information security, handle grievances and remedy damages related to personal information processing as follows.
Personal Information Security Officer
Name : Yeonha Lee (이연하)
Position : Director
Phone Number : 02-6082-6500
Email : firstname.lastname@example.org
② Users may contact the Personal Information Security Officer and the department in charge of personal information security for all inquiries, grievances, and issues regarding damage relief relating to THE COMPANY’s services. THE COMPANY will respond and handle user inquiries swiftly and without delay.
Article 12: Processing of Pseudonymous Information
THE COMPANY processes pseudonymous information for the following purposes.
Article 13: Requesting Access to Personal Information
THE COMPANY values and protects users’ personal information to the highest degree, and users always have the right to receive answers regarding any questions they may have regarding their personal information. THE COMPANY operates a customer service center for the purpose of ensuring smooth communication with users. The contact information for this customer service center is as follows.
– Name of Department : Department of Personal Information Protection
– Representative : Yeonha Lee (이연하)
– Customer Service Center Phone Number : 02-6082-6500
– Customer Service Center Email: email@example.com
Article 14: Redressing Infringement of Rights
If your rights and interests regarding personal information are violated, you can address these concerns by contacting the Personal Information Infringement Report Center, the Cyber Investigation Division of the Prosecutor’s Office, and the Cyber Safety Bureau of the National Police Agency.
– Personal Information Infringement Report Center / privacy.kisa.or.kr / 118 (No area code)
– Cyber Investigation Division of the Prosecutor’s Office / www.spo.go.kr / 1301 (No area code)
– Cyber Safety Bureau of the National Police Agency / police.go.kr / 182 (No area code)
Article 15: Compliance with GDPR
Article 16: Regarding Changes of Personal Information Policy
– Personal Information Processing Policy applicable 2020. 11. 15. ~ 2021. 10. 31.
Gideb Confidentiality Oath
At (Insert Company Name), we are unwavering in our mission to create a safe space for our clients to heal and grow. To this end, it is our topmost priority to ensure clients’ peace of mind that their privacy is treated with the utmost caution and respect. As health professionals and active partners in our clients’ journey towards achieving a healthier, manageable lifestyle, we are acutely aware that our clients place deep trust in us to keep their information and the intimate contents of their sessions absolutely confidential. Our institution vows that this trust will always be met with the highest level of respect and accountability. Given the rising concerns about confidentiality, we would like to reaffirm our commitment to keep our clients’ private information safe. In accordance with the Personal Information Protection Act, our clinic and each of the health providers under our care are solemnly bound to keep our clients’ personal record absolutely confidential. Beyond this, privacy protection is an issue all of us at (Insert Company Name) regard with paramount importance, and hence we would like to re-emphasize our commitment to upkeep this promise by vowing the following:
We hope that for both our existing clients and for individuals interested in the services our organization provides, our steadfastness and unrelenting commitment to security and client privacy will always be a steady pillar of assurance. As we continue to strengthen and build new professional relationships with clients, we hope that our pledge of confidentiality will assure peace-of-mind as our clients strive towards becoming healthier, more resilient individuals.