Privacy Policy

CRScube inc. (hereinafter, “the company”) is setting the processing policy as follows in order to protect the personal information & rights and interests of an information object and to smoothly handle the grievances of an information object related to personal information according to the Personal Information Protection Law and the Law regarding the Promotion of Information and Communication Network Use and Protection of Information. The company shall make an announcement through our website in case of revising the personal information processing (handling) policy.This policy shall be enforced starting May 7, 2019

Article 1 Purpose of Personal Information Processing and Its Collection Method

  1. The company shall handle personal information for the purpose as follows: (The processed personal information shall not be used for anything other than the following purposes, and in case use purpose is changed, the company is going to get prior agreement.) - Medico-pharmaceutical R&D business execution, such as analysis of the data collected through Company’s medico-pharmaceutical study activities
    - Market research, such as the company’s marketing and medico-pharmaceutical information delivery business, etc
    - Marketing targeting the specialists in health and medical treatment, such as product demonstration, or acquisition of medico-pharmaceutical information & delivery activity, and execution of educational activity targeting employees of a joint marketing company, and other persons concerned
    - Identification of the other party to a contract, such conclusion & fulfillment of a contract, etc.
    - Decision on whether a contract is concluded or not
    - Product supply and receipt of payment
    - Fulfillment of a payment contract on services, such as lecturing fees, consulting fees, and other service fees
    - Business contact within the scope needed for contract fulfillment
    - Response to non-fulfillment of an obligation
    - Handling of dispute & complaints related to a contract
    - Evidence of contract conclusion and the fact of fulfillment
    - Management of computation on the other party to a contract, contract contents, and breakdown of payment provision, and so on
    - Report on side effect and abnormal reaction, such as fulfillment of the company’s legal, administrative obligation
    - Report on the result of use results investigation
    - Report & payment of various taxes, such as corporate tax, value added tax, etc.
    - Fulfillment of legal, administrative liability imposed on the company, such as receipt, issue and delivery of tax invoic
    - Replies to and handling consumers and customers’ inquiries and complaints
    - Delivery of matters of notification
    - Confirmation of visitors
    - Crime prevention and security of contact information

Article 2 Processing of Personal Information and Holding Period

Personal information of an information object shall be, in principle, possessed and used until the purpose of the collection and use written above is achieved unless there is a case of having to preserve personal information according tothe regulations of the relevant act and subordinate statute; once the purpose is achieved, the personal information shall be destroyed without delay.

Article 3 Provision of Personal Information to a Third Party

  1. Cases where an information object consents to information offering, or opening to a third party in advance
  2. Cases where information offering is required or permitted by the relevant act and subordinate statute, and so on
  3. Cases where it’s noticeably difficult to get a usual consent for economic/technical reasons as the personal information needed for fulfillment of the contract on service offering
  4. Cases where personal information is used by processing an individual into a state where no one can distinguish the individual by specifying him/her

Article 4 Information Object’s Rights and Duties & Ways of Exercising Rights

  1. An information object can ask the company to suspend the reading & handling of the personal information of his/her own or a child under 14 as a legal representative of the child; nevertheless, in cases where a situation belongs to a certain one of the following, the company can reject the request for handling suspension after notifying the information object of the relevant reason.
    - Cases where there is a special regulation in the law or it’s inevitable that the company has to legally abide by duties
    - Cases where suspension of handling is feared to do harm to other people’ lives and bodies or to unfairly infringe on other people’s property or other interests
    - Cases where an information object doesn’t clearly show his/her intention of contract cancellation when the company is faced by a difficult situation where the company might not fulfill a contract, such as failure to provide the service agreed with the information object unless it fails to handle the personal information
  2. An information object can demand correction & deletion of personal information errors of his own, or a child under 14 as a legal representative. Nevertheless, in cases where the personal information is specified as a collection object in other laws and regulations, the information object cannot request its deletion.
  3. When an information object request correction and deletion of personal information errors, the company doesn’t use or offer the proper personal information until correction and deletion are completed. In addition, if the company uses or offers the mistaken personal information, the company will correct it without delay after it is detected.
  4. Exercising rights consequent on div 1 can be done through a legal representative of an information object or a person who is delegated. In this case, the relevant information object is required to submit a letter of attorney consequent on the enforcement regulation annexed paper Form No. 11 of the Personal Information Protection Law.
  5. An information object is not allowed to infringe on the personal information or privacy of the very person as an information object or of others by violating the relevant act and subordinate statute, such as the Personal Information Protection Law, etc.

Article 5 Items of Personal Information to be Processed

  1. The items of personal information handled by the company are as follows:
    - Name of the specialist in health & medical treatment, name of the affiliated medical care institution, telephone number, mobile phone No., fax No., E-mail address
    - patient’s name(or patient ID), coded identification information, such as the initial, and so on, date of birth, gender, stature, body weight, race
    - patient’s sensitive information(smoking or not, pregnancy or not, or possible pregnancy, medical history, taking specific drugs or not, health information including physical condition, information about sex life, health information, such as family history, genetic information, such as DNA test data, etc., health information consequent on clinical research and use results investigation result, B/P, pulse, temperature test, blood test, urine test, physical examination, physical strength examination implemented related to clinical study and use results investigation, and health information, such as results of the tests implemented in other study process)
    - name of a company visitor, affiliated institution, business name, telephone no., vehicle license plate, and address
  2. An information object can demand correction & deletion of personal information errors of his/her own, or a child under 14 as a legal representative. Nevertheless, in cases where the personal information is specified as a collection object in other laws and regulations, the information object cannot request its deletion.
  3. During information object request correction and deletion of personal information errors, the Company doesn’t use or offer the proper personal information until correction and deletion. In addition, if the Company uses or offers the mistaken personal information, the Company will correct it without delay after it is detected.
  4. Exercising rights consequent on div 1 can be done through a legal representative of an information object or a person who is delegated. In this case, the relevant information object is required to submit a letter of attorney consequent on the enforcement regulation annexed paper Form No. 11 of the Personal Information Protection Law.
  5. An information object is not allowed to infringe on the personal information or privacy of the very person as an information object or of others by violating the relevant act and subordinate statute, such as the Personal Information Protection Law.

Article 6 Destruction of Personal Information

  1. Destruction Procedures
    - The information entered by an applicant member for membership is moved to a separate DB(separate filing cabinet in case of paper) after the desired purposed is achieved; then the information is destroyed after being stored for a certain period of time according to information protection reason(refer to hold & use period) according to the company’s internal policy and the relevant act and subordinate statute.
    - The personal information moved to a separate DB is not used for the purpose other than the purpose of preservation excepting the case by law.
  2. Destruction Method
    - The personal information stored in the form of an electronic file is to be deleted using a technical method that makes the personal information irreproducible as a record.
    - The personal information printed out in paper is destroyed using the paper shredder or through incineration.

Article 7 Safety-securing Measures for Personal Information

The company is taking a technical, managerial, physical measure needed for securing safety as follows according to div 29 of the Personal Information Protection Law.

  1. Establishment and Implementation of Internal Management Plan
  2. Minimization of the number of the person in charge of handling personal information and implementation of education for personal information protection
    - The company is getting only the person in charge of the relevant business to handle personal information, and periodically implementing the education for personal information protection for executives and staff members.
  3. Encryption of Personal Information
    - The company stores and manages a user password by coding it, and is planning to use separate security functions, such as encryption, at a time of transmitting the important data storage and transmission
  4. Technical Countermeasures against Hacking, etc.
    - The company, in an effort to defend off the leakage of and damage to personal information caused by hacking or a computer virus, installs a security program, does cyclical renewal and inspection, installs a system at a restricted area from outside, and monitors and blocks off any hazards technically and physically.
  5. Restriction on Access to Personal Information
    - The company is taking necessary measures to restrict access to personal information by giving, changing, and cancelling authority over personal information files and controlling an unauthorized access from outside.

Article 8 Change of Personal Information Handling Policy

The personal information handling policy shall be applied from the enforcement date, and in the case where there are additions of contents to be changed and deletion & correction of contents consequent on rules & regulations and the company’s policy, it will announce them through website notification (or individual notice) without delay before implementing the changed items.

Article 9 Remedy against Infringement on Rights and Interests

An information object can make a request for dispute settlement or counseling, etc. of the Personal Information Dispute Mediation Committee, and Report Center for Personal Information Infringement of the Korea Internet and Security Agency to be remedied from personal information infringement.In case you need to report or to have counseling in relation to personal information infringement, please make inquiries to the institution below.

Article 10 Personal Information Security Manager and Representative

In order to protect personal information and to handle complaints related to personal information, CRScube Inc. has designated a Personal Information Security Representative and Manager as follows. (Under the Act on the Protection of Personal Information_Clause 31_Article 1)

Personal Information Security Manager
Gidae Yeo(Director)
Development Division
Contact: +82-2-722-7275

Personal Information Security Representative
Sungwoo Nam(Deputy Manager)
Development Division
Contact: +82-2-722-7275


Last updated in May, 2019