RINE Plastic Surgery (hereinafter ‘the Hospital’) considers privacy protection on the Internet very important and is doing its best to protect personal information provided.
Accordingly, the Hospital has established and complies with a privacy policy based on relevant laws that telecommunication service providers must follow.
This Privacy Policy may change from time to time due to changes in laws or internal policies, and the Hospital reflects changes immediately on the website.
Through this Privacy Policy, users can understand for what purposes and how collected personal information is used and safely protected.
Privacy Statement
Privacy Policy
[The order of this Privacy Policy is as follows:]
- Purpose of processing personal information
- Collection of personal information and methods
- Matters concerning third-party provision of personal information
- Entrustment of personal information processing work
- Processing and retention period of personal information
- Procedures and methods for destruction of personal information
- Matters concerning the rights and obligations of data subjects and methods of exercise
- Privacy protection for children
- Withdrawal of consent • Member withdrawal method
- Installation/operation of automatic personal information collection devices and rejection
- Measures to ensure the safety of personal information
- Operation/management of image information processing equipment
- Privacy Officer and Person in Charge
- Remedies for infringement of data subjects’ rights and interests
- Obligation to notify following policy changes
Article 1 (Purpose of Processing Personal Information)
The Hospital processes minimal personal information for the following purposes.
Processed information will not be used for other purposes, and if purposes change, prior consent will be obtained under Article 18 of the Personal Information Protection Act.
• Used for appointment booking, lookup, and identity verification for member services.
• Hospital information and guidance for new services and events.
• Mobile notifications for consultations, appointments, and schedules.
• Sending bills, statements, certificates, medicine, and test results.
• Diagnosis/treatment services and administrative services such as billing and refunds.
• Minimal analytical data for education, research, and clinical services.
• Basic data for outsourced tests, external tests, and clinical trials.
• Establishing communication channels for complaints and grievances.
• Providing information based on relevant laws such as the Medical Service Act.
• Providing information on pre- and post-services related to health checkups.
※ Processing may be entrusted to external professional firms, disclosed in this policy.
Article 2 (Collection of Personal Information and Methods)
The Hospital’s collection items are as follows. Service is not limited even if optional items are not filled.
| Appointment Reservation (Phone) | Required | Name, Mobile Number, Email |
|---|---|---|
| During Consultation | Required | Patient Name, Resident Registration Number, Contact Information, Address, Health Information * Health Information: Medical history, family history, and other personal information deemed necessary by medical staff for treatment |
| Optional | Address, Consent for Marketing Use, Visit Route | |
| Medical Fee Payment | Required | Card issuer name, card number, and other payment authorization details when paying by credit card |
| Application for Income Deduction Certificate | Required | Applicant Name, Patient Name, Date of Birth, Gender, Email, Phone Number, Mobile Number |
| Application for Medical Record Copy Issuance | Required | (Applicant Information) Name, Date of Birth, Mobile Number, Relationship to Patient (Patient Information) Name, Hospital Registration Number, Mobile Number |
| Optional | (Applicant Information) Phone Number, Email (Patient Information) Gender, Date of Birth, Phone Number, Email |
|
| Website Membership Registration | Required | ID, Password, Name, Contact Information |
| Optional | Email Address, Gender | |
| Board: Online Consultation | Required | Name, Contact Information, Password, Consultation Category |
| Optional | ||
| Board (Inquiry Form): Online Reservation | Required | Treatment Type, New/Returning Patient, Date, Name, Contact Information, Email, Gender, Inquiry Details |
| Inquiry Form: Real Model Application | Required | Name, Date of Birth, Contact Information, Gender, Instagram ID, Residence, Height, Weight, History of Surgery, Previous Surgery Areas, Treatment Area, Motivation for Application, Photos |
| Inquiry Form: Quick Consultation | Required | Name, Contact Information, Consultation Area |
* Short-term collection for specific purposes will be notified separately.
Article 3 (Third-party Provision of Personal Information)
In principle, this institution processes users’ personal information within the scope specified in the processing purpose and, as a general rule, does not provide users’ personal information to external parties. However, the following cases are exceptions.
• When separate consent is obtained from the data subject
• When there are special provisions in laws
• When necessary for urgent life, body, or property interests where consent cannot be obtained.
• When provided in an unidentifiable form for statistical or research purposes.
If third-party provision occurs outside these cases, it will be notified via this policy.
Article 4 (Processing and Retention Period)
The Hospital processes information within periods agreed upon or as prescribed by laws.
Retention periods are until purpose achievement from consent date.
| Item | Retention Period |
|---|---|
| Website Member Information | Deleted immediately upon account termination If unused for 1 year after registration, the account will be converted to a dormant account |
| Personal information collected for surveys, events, etc. | Until the completion of the survey, event, etc. |
| Personal information collected for medical purposes | In accordance with the Medical Service Act – Patient Register: 5 years – Medical Records: 10 years – Prescriptions: 2 years – Surgical Records: 10 years – Examination Results and Findings: 5 years – Radiographic Images (including imaging data) and Reports: 5 years – Nursing Records: 5 years – Midwifery Records: 5 years – Copies of Medical Certificates: 3 years |
| Retention in accordance with relevant laws and regulations | In accordance with applicable laws and regulations – Important business documents (Commercial Act, 5 years) – Records related to contracts or withdrawal of subscription (Act on Consumer Protection in Electronic Commerce, 5 years) – Records of payment and supply of goods/services (Act on Consumer Protection in Electronic Commerce, 5 years) – Records of electronic financial transactions (Electronic Financial Transactions Act, 5 years) – Records of consumer complaints or dispute resolution (Act on Consumer Protection in Electronic Commerce, 3 years) – Records related to advertisements (Act on Consumer Protection in Electronic Commerce, 6 months) – Website access logs (Protection of Communications Secrets Act, 3 months) |
Article 5 (Destruction Procedure and Method)
The Hospital destroys information immediately after achievement of purpose.
A. Destruction Procedure
Information entered for registration is destroyed immediately after purpose achievement.
B. Destruction Deadline
If the retention period for personal information has expired, the user’s personal information is destroyed within 5 days from the end of the retention period; if the personal information becomes unnecessary due to the achievement of the purpose of processing the personal information, the discontinuation of the relevant service, the termination of the business, etc., the personal information is destroyed within 5 days from the date it is recognized that the processing of the personal information is unnecessary.
C. Destruction Method
Electronic files are deleted using technical methods that prevent reproduction.
Personal info printed on paper is shredded or incinerated.
Article 6 (Rights and Obligations of Data Subjects)
This institution faithfully responds to and processes customer requests for access to, correction of, or deletion of personal information without delay. To protect personal information, we do not provide procedures for accessing, correcting, or deleting personal information via methods other than in-person visits, such as telephone, mail, or fax.
A. Access to Personal Information
Customers may visit this hospital to request access to or verification of their personal information. However, in order to more thoroughly protect the personal information provided by customers, access to or verification of customer personal information will not be provided through application methods other than a visit, such as telephone, mail, or fax.
B. Correction/Deletion of Personal Information
• If a customer requests the correction or deletion of personal information, this hospital verifies their identity and takes necessary measures without delay.
• When a customer requests access to or verification of their personal information, we verify their identity by requiring them to present identification documents such as a resident registration card, passport, or driver’s license (new type).
• When a customer’s representative visits and requests inspection or certification, we verify whether they are a genuine representative by receiving proof such as a power of attorney indicating the agency relationship, the name customer’s seal certificate, and the representative’s identification document.
• Even if a customer has consented to the provision of personal information to a third party, if a request for correction of an error is received, the provision of personal information will be suspended until the error is corrected; and if incorrect personal information has already been provided to a third party, the third party and the party concerned will be notified of this fact and necessary measures will be taken.
• If the Hospital has a legitimate reason to refuse access to, verification of, or correction of all or part of personal information, it shall notify the customer and explain the reason.
• Customers may request withdrawal of consent (subscription/cancellation) for the collection, use, or provision of personal information as follows, and this hospital will take the necessary measures without delay.
C. Customers can withdraw consent for collection, use, or provision.
D. A legal representative may withdraw consent for the collection, use, or provision of personal information of a child under the age of 14, and may request access to or correction of errors in personal information provided by a child under the age of 14.
Article 7 (Privacy Protection for Children)
• This hospital takes protective measures to ensure that children under the age of 14 (hereinafter referred to as ‘children’) and their legal representatives do not suffer any disadvantages due to personal information provided by children.
• This hospital requires the consent of the child’s legal representative to be obtained when performing the following actions regarding the child’s personal information.
a. In cases where personal information is collected for a child’s service registration, or where the child’s personal information is to be used or provided to a third party beyond the scope notified at the time of service registration or specified in the Terms of Service.
B. Cases where the recipient of a child’s personal information uses the personal information for a purpose other than the purpose for which it was received or provides it to a third party
• This hospital may request the minimum necessary information, such as the legal representative’s name and phone number, to obtain their consent. In this case, the child will be notified of the purpose of the collection, use, or provision of personal information and the requirement for the legal representative’s consent, using simple language that the child can easily understand.
• We do not use the personal information of legal representatives collected to obtain their consent for any purpose other than verifying whether such consent has been given, nor do we provide it to third parties.
Article 8 (Withdrawal of Consent • Member Withdrawal Method)
You may withdraw your consent to the collection, use, and provision of personal information at any time upon signing up.
To withdraw your consent (withdraw membership), please click “Withdraw Membership” on the website, go through the identity verification process, and withdraw your consent directly, or contact the Personal Information Manager, and we will take necessary measures, such as destroying your personal information, without delay.
Article 9 (Automatic Collection Devices and Rejection)
This institution uses ‘cookies,’ which store and frequently retrieve user information, to provide specialized, customized services to users. Cookies are small pieces of information that a website sends to a user’s computer web browser and are sometimes stored on the PC’s hard disk.
A. What are Cookies?
• Cookies are very small text files sent by the server operating a website to the user’s browser, which are stored on the user’s computer’s hard drive. Subsequently, when the user visits the website, the website server reads the contents of the cookie stored on the user’s hard drive to maintain the user’s settings and provide personalized services.
• Cookies do not automatically or actively collect information that identifies individuals, and users can refuse to store or delete these cookies at any time.
B. Purpose of Using Cookies
• It is used to identify visit and usage patterns, secure connection status, and user scale regarding each service and website of this hospital visited by users, in order to provide users with optimized, customized information, including advertisements.
C. Installation and Rejection of Cookies
• Users have the option to control cookie installation. Therefore, users can configure their web browser options to allow all cookies, be prompted for confirmation whenever a cookie is saved, or refuse the storage of all cookies.
However, if the user refuses the installation of cookies, there may be difficulties in providing the service.
• The method to specify whether to allow key installation (for Internet Explorer) is as follows.
[Tools > Internet Options > Privacy > Settings]
Article 10 (Measures to Ensure Safety)
A. Minimizing Staff and Education
Personnel handling information are minimized, and regular education is conducted.
B. Regular Self-inspections
To ensure the security of personal information handling, we conduct regular internal inspections at least once a year.
C. Establishment and Implementation of Internal Management Plan
We have established and are implementing an internal management plan for the safe processing of personal information.
D. Encryption of Personal Information
Among users’ personal information, passwords are encrypted and stored and managed so that only the user knows them, and separate security features, such as encrypting files and transmitted data, are used for important data.
E. Technical Measures Against Hacking
To prevent the leakage and damage of personal information caused by hacking or computer viruses, we install security programs, perform periodic updates and checks, install systems in areas where external access is controlled, and monitor and block access technically and physically.
F. Restriction of Access to Personal Information
We are taking necessary measures to control access to personal information by granting, modifying, and revoking access rights to database systems that process personal information, and we are controlling unauthorized access from the outside by using an intrusion prevention system.
G. Access Control for Unauthorized Persons
We maintain a separate physical storage location for personal information systems that store personal information and have established and operate access control procedures for it.
Article 11 (Privacy Officer and Person in Charge)
In order to protect customers’ personal information and handle complaints related to personal information, this institution has appointed a Chief Privacy Officer.
If you have any inquiries regarding personal information, please contact the Data Protection Officer listed below. We will respond to your inquiries promptly and sincerely.
A. Personal Information Manager
| Category | Name | Phone Number | Email Address |
|---|---|---|---|
| Personal Information Protection Officer | Jang Nam | 02-2135-8845 | |
| Customer Service Representative | Jang Nam | 02-2135-8845 | |
| Website Service Manager | Jang Nam | 02-2135-8845 |
Article 12 (Remedies for Infringement)
You may report all complaints related to personal information protection arising from your use of our services to the Chief Privacy Officer.
This institution will provide prompt and sufficient responses to user reports.
If you need to report or seek consultation regarding other personal information infringements, please contact the organizations below.
Personal Information Dispute Mediation Committee
Cybercrime Investigation Division, Supreme Prosecutors’ Office
Cyber Terror Response Center, National Police Agency
Article 13 (Obligation to Notify on Policy Changes)
This Privacy Policy was enacted on April 20, 2026. In the event of any additions, deletions, or modifications to the content due to changes in laws, policies, or security technologies, we will announce the reasons for the changes and the details on the hospital’s website at least 7 days prior to the implementation of the revised Privacy Policy.
Announcement Date: April 20, 2026
Implementation Date: April 20, 2026
