Descry Corporation Personal Information Processing Policy

In the interest of protecting users’ personal information and data and smoothly handle related grievances, Descry Co., Ltd. (hereinafter referred to as ‘THE COMPANY’) has established and disclosed its personal information processing policy as follows.

Article 1: Purpose of Personal Information Processing

THE COMPANY processes users’ personal information for the following purposes. Processing of user personal information and data will not be used for purposes other than the purposes hereafter stated. In cases of needing to process personal information for purposes other than those explicitly stated, necessary measures will be implemented, such as obtaining separate permission as detailed under Article 18 of the Personal Information Protection Act.

  1. Member Registration and Maintenance
    Personal information is processed for the purposes of confirming membership registration, identifying and verification of members for the provision of membership services, maintaining and managing membership qualifications, preventing illegal use of services, and providing various notification services.
  2. Provision of Services
    Personal information is processed for the purpose of the provision of services (including monitoring of members’ use of services), provision of content, provision of customized services, improvement of services, delivering goods, and payment of service fees.
  3. Handling of Grievances
    Personal information is processed for the purpose of identifying civil petitioners, checking for civil complaints and grievances, contact and notification for the purpose of investigation of grievances, and notification of the results of processing.
  4. In the event that the claim-obligation relationship remains due to service use, supplies of goods, the claim-obligation will be enacted.
  5. Verification of duplicate registration and exclusions of illegal usage
  6. Restrictions on illegal subscription use of users
  7. Data learning, statistics analysis, scientific research, and public record preservation for the purpose of improving service reliability

Article 2: Period of Processing and Retention of Personal Information

① THE COMPANY processes and retains personal information within the period of possession and use of personal information as agreed upon by the user.

② The periods of processing and retention of personal information for various cases is detailed as follows:

    1. Membership registration, management, and handling of grievances: Until withdrawal of membership
      1. In the case where an investigation is warranted due to a violation of particular regulations or laws, the period of processing and retention of personal information is until the end of the investigation process
      2. Until the settlement of the claim-obligation relationship according to the use of the service
    1. Provision of service use data, information about the mobile device type and unique device ID associated with the application use, device IP address, and other related records of services: Immediately after withdrawal of membership
    2. Implementation and payment for the provision of goods or services: Until the completion of the supplying of goods and services, payment of charges, and settlement.
      However, if the specific case pertains to the following reasons or there is a relevant basis in related laws and regulations, the period of processing and retainment of information will be adjusted as follows
      1. Maintenance of records of transactions, including those used for display or advertisement, contract details, and performance as referred to in the Act on the Consumer Protection in Electronic Commerce.
        – Records of advertisement: 6 months
        – Provision records of contract or subscription withdrawal, payment, provision of goods, etc. : 5 years
        -Records of consumer complaints or disputes: 3 years
      2. Storage of communication data as stated in Article 41 of the Protection of Communications Secrets Act
        Telecommunication data of subscribers, including date and time of telecommunications use, start and end time of communication, subscription number of counterparties, frequency of use, and location tracking data based on transmission base station: 1 year
        Computer communications, Internet log record data, and connection tracking data: 3 months
  1. Verification of re-registration and exclusion of illegal use: Within 60 days of withdrawal of membership or disqualification of membership
  2. Restriction of use for subscribers who exhibit illegal activity: 1 year after the instance of the illegal act
  3. Pseudonymous data for data learning, statistics analysis, scientific research, and public record preservation to improve service reliability: In the case of having established a pseudonymous processing plan, until the set purpose of the plan is achieved

Article 3 Sharing of Personal Information to Third Parties

THE COMPANY processes users’ personal information within the scope stated in “Article 1: Purpose of Personal Information Processing.” Users’ personal information will not be used or shared to any third party in any form beyond the scope explicitly stated.

However, personal information may be shared to a third party in in the following specified cases.

  1. In cases of processing or providing information for the purpose of statistical analysis, academic research, or market research in which the personal information shared is not identifiable or traceable back to any specific individual
  2. In the case of receiving prior consent for the sharing of personal information from the specific user involved
  3. In cases which involve illegal activity, an investigative agency may request for a user’s personal information for investigative purposes following the procedures and methods stated by the law

Article 4: Consignment Processing of Personal Information

① For the purpose of providing improved services for users, THE COMPANY consigns and processes personal information as follows.

Company of Consignment Purpose of Consignment Period of Retention and Use of Personal Information
NICEPAYMENTS Co., Ltd. Payment and refund services (Payment methods of mobile phone payment, bank deposit, bank transfer, credit card payment, payment through gift certificates, and other payment methods) Upon withdrawal of membership and termination of the contract (Excluding cases in which user information may need to be stored in accordance to specific laws and regulations)
Dream Security Co., Ltd Mobile phone verification
Amazon Web Services, Inc. Infrastructure management for the purpose of service provision
Mediplus Solution Co., Ltd. Second Wind Service, including smart band provision and supply
NAAPIMHA AWH Wellness Education Service
Wellingbe Co. Ltd. AWH Wellness Education Service
Kakao Corp. Chatbot service

② In accordance with the Personal Information Protection Act, when THE COMPANY consigns to another service member company, outside of the specified purpose of consignment, matters concerning liability, such as prohibition of personal information processing, technical and administrative protection measures, restrictions on re-consignment, management and supervision of trustees, compensation for damages, etc. shall be specified in documents, and THE COMPANY will consistently monitor whether consignees are safely processing users’ personal information. 

③ In cases in which the assigned purpose of consignment or consignees change, THE COMPANY will immediately notify its user base about the change through the personal information processing policy.

Article 5: Rights and Obligations of Users and Method of Execution of Rights and Obligations

  1. Users can exercise their rights as consumers at any time, such as requesting to view, correct, delete, or suspend processing of personal information.
  2. Users’ request to exercise their rights as stated in Clause 1 can be made to THE COMPANY in writing or email in accordance with relevant laws and regulations. When such a request is made, THE COMPANY will take action without delay.
  3. The exercise of rights as stated under Clause 1 may be made through an agent such as a legal representative of the specific user or a delegated representative of the user. In this case, the user must submit a warrant of attorney in the form as specified in Article 11 of the Enforcement Rule in the Personal Information Protection Act.
  4. The rights of the user may be restricted by relevant laws and regulations (e.g. Article 35(4) and Article 37(2) of the Personal Information Protection Act.
  5. If a user’s personal information is specified as a target of information collection in other laws and regulations, the user cannot make a request to correct and/or delete the relevant information.
  6. THE COMPANY verifies that the individual requesting to correct or modify their personal information according to the rights of the data subject is verifiably the individual themselves or a legitimate delegated representative of the individual.

Article 6: Items of Personal Information Processing

THE COMPANY processes the data items of personal information as described below.

  1. Data Items Related to Member Registration

1) Regular Membership

Category Data Items of Collection
Membership Registration General Required) Email address, nickname, name of user, phone number, usage log, DI, CI
Registration through Facebook Required) ID associated with Facebook account, Facebook token, full name, profile picture
Registration through Google account Required) Unique ID, nickname, profile picture, gender, email address, age group
Registration through Apple account Required) Unique ID, full name
Optional) Email address

2) Provider Membership (Executives and Staff Members of Affiliated Psychiatric Organizations)

Category Data Items of Collection
Method of Membership Registration App Required) Invitation code, name, email address, nickname, field of specialization, phone number, usage log, DI, CI
Homepage Email address, physical address, name of organization, name of organization representative, name of representative associated with company registration number, usage log, DI, CI
Additional Services The data items that the user inputs directly during utilization of the chatbot feature and other features offered in-app
  1. Data Items Related to Service Use
    Service use history, Gender, Age, **, **
  2. Data Items Automatically Generated During Service Use
    Service use history, OS Information, hardware information, IP address, browser type and version, service page visit time and date, time spent on page, device’s unique identifier and other diagnostic information, and other information transmitted by browser
  3. Payment and Claim Collection
    Name, date of birth, gender, mobile phone number, credit card company name and credit card number and expiration date, bank name and bank account number, carrier and payment approval number, gift certificate number
  4. Verification of re-registration, exclusion of illegal use, and restriction of subscription of illegal users.

Article 7: Separate Storage of Personal Information of Members with Long-term Discontinued Use of Service

  1. In accordance with relevant laws and regulations, THE COMPANY separately stores the personal information of users with discontinued use of service for over a year in a separate storage system (access of personal information of users in this system is impossible).
  2. THE COMPANY will inform users who have long-term discontinued use of service 30 days before the date of the movement of their personal information to the aforementioned storage system by email or text message.
  3. Personal information stored in this separate storage system will be completely destroyed after 1 year. Members may change their inactive status to active any time before this 1 year mark.

Article 8: Destruction of Personal Information

① When the retention of user personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the purpose of information processing for a specified objective, THE COMPANY destroys stored personal information without delay.

② If personal information must be preserved in accordance with other laws and regulation, even if the period of personal information retention has elapsed and/or the purpose of information processing has been achieved, the personal information in question will be transferred to a separate database (DB) or stored in a separate preservation system.

③ The procedure and method for destroying personal information are as follows.

  1. Procedure of Personal Information Destruction
    THE COMPANY selects the personal information designated for destruction for a specified reason, and destroys the personal information after attaining approval of destruction from the party which bears responsibility for the personal information.
  2. Method of Personal Information Destruction
    For personal information recorded/stored in electronic form, THE COMPANY uses a technical method personal information recorded/stored in electronic forms are destroyed completely and cannot be reproduced. For personal information recorded/stored in physical paper documents, the documents are completely destroyed using a paper shredder.

Article 9: Measures to Ensure Safety and Privacy of Personal Information
① THE COMPANY take the following technical, administrative, and physical measures to ensure safety and privacy of personal information, for the purpose of guaranteeing that personal information is not lost, stolen, leaked, altered, or damaged during the process of personal information processing.

Category Measure to Ensure Safety and Privacy of Personal Information
Administrative Measures - Establishment and implementation of an internal management for the management of personal information
- Minimize the amount of parties handling personal information, and providing thorough education of personal information handling for those with access to personal information
- Managing new employees and employees leaving THE COMPANY
Technical Measures - Restricting access to personal information
- Password encoding
- Safe storage of access records and prevention of forgery and alteration of personal information
- Countermeasures against hacking, etc.

② THE COMPANY does not bear responsibility for actions of individual users, including individual mistakes due to unsafe Internet usage. Each member must individually bear responsibility of managing the safety of their ID and password to ensure the utmost security of their personal information.

Article 10: Matters Pertaining to the Installation, Operating, and Disabling of Automatic Personal Information Collection Devices 

  1. THE COMPANY uses cookies that store user information and are frequently utilized to identify users, maintain members’ login status, and provide personalized services for users. Cookies are a small unit of digital information that a website servicer sends to a user’s web browser and and sometimes stored in a storage device within a user’s computers. 
  2. Users have the option to install cookies while using services. Users can allow/disable all cookies through the settings of their web browser, or select the option of verifying cookies each time they are saved. However, if cookies are disabled, some services provided by THE COMPANY, including personalized services, may be difficult to use. 
  3. Users may disable cookies at any time using the following methods. 
    1. Internet Explorer : Select [Internet Options] from the web browser [Tools] menu > Select the [Personal Information] tab > Select the desired option from [Advanced]
    2. Chrome : Select [Settings] menu located on the right sight of the web browser > Select [Cookies and Other Site Data] located in the [Personal Information and Security] menu> Select the desired option

Article 11: Personal Information Security Officer

① THE COMPANY bears responsibility in handling users’ personal information. THE COMPANY designates the Personal Information Security Officer whose duty is to maintain personal information security, handle grievances and remedy damages related to personal information processing as follows.

Personal Information Security Officer

Name : Yeonha Lee (이연하)
Position : Director
Phone Number : 02-6082-6500
Email : tech@gieb.com

② Users may contact the Personal Information Security Officer and the department in charge of personal information security for all inquiries, grievances, and issues regarding damage relief relating to THE COMPANY’s services. THE COMPANY will respond and handle user inquiries swiftly and without delay.

Article 12: Processing of Pseudonymous Information

THE COMPANY processes pseudonymous information for the following purposes.

  1. THE COMPANY processes pseudonymous information for the purpose of developing customized care services and improving service reliability, statistics analysis, scientific research use, and preserving public records.
  2. Pseudonymous information is only retained and utilized when a specific pseudonymous information processing plan is set, and the use of pseudonymous information is terminated when the specific objective of the pseudonymous information processing plan is achieved.
  3. THE COMPANY collects and utilizes information regarding users’ gender, age, and text when collecting information through i-Test, i-Diary Journaling, Wellness Online Education, and data collected through Dofit smart band use. When collecting this information, users’ name and membership number is pseudonymized.
  4. When processing pseudonymous information, THE COMPANY separately stores and manages additional information in the case that pseudonymous information needs to be restored to its original state.

Article 13: Requesting Access to Personal Information

THE COMPANY values and protects users’ personal information to the highest degree, and users always have the right to receive answers regarding any questions they may have regarding their personal information. THE COMPANY operates a customer service center for the purpose of ensuring smooth communication with users. The contact information for this customer service center is as follows.

– Name of Department : Department of Personal Information Protection
– Representative : Yeonha Lee (이연하)

Customer Service Center Phone Number : 02-6082-6500
Customer Service Center Email: tech@gideb.com

Article 14: Redressing Infringement of Rights

If your rights and interests regarding personal information are violated, you can address these concerns by contacting the Personal Information Infringement Report Center, the Cyber Investigation Division of the Prosecutor’s Office, and the Cyber Safety Bureau of the National Police Agency.

– Personal Information Infringement Report Center / privacy.kisa.or.kr / 118 (No area code)

– Cyber Investigation Division of the Prosecutor’s Office / www.spo.go.kr / 1301 (No area code)

– Cyber Safety Bureau of the National Police Agency / police.go.kr / 182 (No area code)

Article 15: Compliance with GDPR

  1. THE COMPANY complies with the General Data Protection Regulation of the European Union and the laws of each member country. In the case that THE COMPANY’s service is provided to users in the European Union, the following may apply.
    1. THE COMPANY uses collected personal information only for the purposes stated in Article
      1. In the case of using personal information for any purpose, THE COMPANY will inform the user of its intent to use the relevant information and seek consent from the user(s) in question. In accordance with applicable laws including GDPR, THE COMPANY may process the user’s personal information if it falls under one of the following categories.
        1. Acquiring consent from the data subject
        2. In the case of making and implementing a contract with the data subject
        3. In the case of compliance with legal obligations
        4. In cases where information processing is necessary in the interest of the data subject
        5. In the case of pursuing the legal interests of THE COMPANY (excluding cases where the interests, rights, and freedoms of the data subject are more important than the legal interests of THE COMPANY)
  1. THE COMPANY values and protects users’ personal information to the highest degree. In accordance with applicable laws including GDPR, users may request to transfer their personal information to other management services and request to refuse processing of their personal information. Furthermore, users maintain the right to place a complaint to relevant authorities regarding personal information security. 
  2. THE COMPANY may use personal information for marketing purposes, such as events and advertisements, and will seek user consent prior to using personal information for this purpose. Users may withdraw their consent at any time. 
  3. For any matters relating to this article, users may contact THE COMPANY through the Customer Service Center by phone, email, or in writing, and THE COMPANY will respond and take action to each case immediately.  
  4. If users request a correct of errors relating to their personal information, the personal information in question will not be used or provided in any matter until the correction is implemented.  

Article 16: Regarding Changes of Personal Information Policy

  1. In the case of the addition, deleting, or correction of any portion of the Personal Information Processing Policy in accordance with relevant laws and policies, THE COMPANY will immediately notify its user base seven days before the changes take effect.
  2. This Personal Information Processing Policy will take effect from October 1, 2021. 
  3. You may check any previous versions of the Personal Information Processing Policy the link below.

     – Personal Information Processing Policy applicable 2020. 11. 15. ~ 2021. 10. 31.

Gideb Confidentiality Oath

At (Insert Company Name), we are unwavering in our mission to create a safe space for our clients to heal and grow. To this end, it is our topmost priority to ensure clients’ peace of mind that their privacy is treated with the utmost caution and respect. As health professionals and active partners in our clients’ journey towards achieving a healthier, manageable lifestyle, we are acutely aware that our clients place deep trust in us to keep their information and the intimate contents of their sessions absolutely confidential. Our institution vows that this trust will always be met with the highest level of respect and accountability. Given the rising concerns about confidentiality, we would like to reaffirm our commitment to keep our clients’ private information safe. In accordance with the Personal Information Protection Act, our clinic and each of the health providers under our care are solemnly bound to keep our clients’ personal record absolutely confidential. Beyond this, privacy protection is an issue all of us at (Insert Company Name) regard with paramount importance, and hence we would like to re-emphasize our commitment to upkeep this promise by vowing the following:

  • We will not share any identifying information about my client with their friends, family, employer, or community, including name, address, or phone number.
  • We will not tell anyone else any information the client chooses to share with me during sessions without explicit permission from the client themselves. 
  • We will not disclose any information the client shares to us about other people, including family, friends, co-workers, etc. to any third party.
  • We will not disclose the fact that the client is attending the organization to any third party.
  • We will not share any information regarding clients’ medical health history, health diagnoses, medications, etc. to any third party.
  • We will not share any notes or records of a client's visits or information that the client confides in me as they are kept confidential and are not shared without the client’s permission.
  • We will comply with all government regulated privacy laws and will consistently work to create the best environment for all clients through quality assurance.

We hope that for both our existing clients and for individuals interested in the services our organization provides, our steadfastness and unrelenting commitment to security and client privacy will always be a steady pillar of assurance. As we continue to strengthen and build new professional relationships with clients, we hope that our pledge of confidentiality will assure peace-of-mind as our clients strive towards becoming healthier, more resilient individuals.