Consent to Collection and Use of Personal Information
Metacell Privacy Policy
Metacell’s official website (hereinafter referred to as “Metacell”) establishes and discloses the following privacy policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to handle related complaints promptly and smoothly.
________________________________________
Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. Processed personal information will not be used for purposes other than those specified below. If the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Membership Registration and Management
Verification of membership intent, identification and authentication for membership-based services, maintaining and managing membership status, identity verification under the limited identity verification system, prevention of misuse, confirmation of legal guardian consent when processing information of children under 14, notifications, and handling of complaints.
2. Provision of Goods or Services
Delivery of goods, provision of services, sending of contracts and invoices, provision of content, customized services, identity verification, age verification, payment and settlement, and debt collection.
3. Handling of Complaints
Identity verification of complainants, confirmation of complaint details, contact and notifications for fact-finding, and communication of results.
________________________________________
Article 2 (Processing and Retention Period of Personal Information)
1. The company processes and retains personal information within the period agreed upon when collecting personal information from the data subject or as required by law.
2. The retention period for each type of personal information is as follows:
3. Membership Registration and Management: Until withdrawal from the website.
o However, if under investigation for violation of law, retention continues until the investigation is completed.
o If obligations and debts remain from use of the website, retention continues until settlement.
4. Provision of Goods or Services: Until supply and payment/settlement are completed.
o However, records are retained for the following periods as required by law:
Records on labeling/advertising: 6 months
Records on contracts, cancellations, payments, and supply of goods: 5 years
Records on consumer complaints and dispute resolution: 3 years
Communication confirmation data under the Telecommunications Privacy Protection Act:
Subscriber call time, start/end time, counterpart number, usage frequency, base station location: 1 year
Computer communications, internet log data, and access tracking data: 3 months
________________________________________
Article 3 (Rights of Users and Legal Guardians and How to Exercise Them)
1. Data subjects may exercise the following rights with respect to the company at any time:
o Request access to personal information
o Request correction of errors
o Request deletion
o Request suspension of processing
2. These rights may be exercised through writing, phone, email, or fax, and the company will take immediate action.
3. When correction or deletion is requested, the company will not use or provide the relevant personal information until the request is completed.
4. Rights may also be exercised through a legal representative or delegated agent, with submission of a power of attorney form (as prescribed in the Enforcement Rules of the Personal Information Protection Act).
5. Data subjects must not infringe upon the personal information or privacy of the company, themselves, or others in violation of related laws.
________________________________________
Article 4 (Items of Personal Information Processed)
1. Membership Registration and Management
o Required: Hospital name, ID, password, address, phone number, email address
2. Provision of Goods or Services
o Required: Hospital name, ID, password, address, phone number, email address
3. Automatically Collected Information During Internet Use
o IP address, cookies, MAC address, service use records, visit records, misuse records, etc.
________________________________________
Article 5 (Destruction of Personal Information)
1. The company destroys personal information without delay when the retention period has expired or the purpose of processing has been achieved.
2. If required by law to continue retaining personal information, it will be stored separately in a database (DB) or kept in a different location.
3. Destruction procedure and method:
o Procedure: The company selects information to be destroyed and obtains approval from the personal information protection manager.
o Method:
Electronic files: Permanently deleted using methods such as low-level formatting.
Paper documents: Destroyed by shredding or incineration.
________________________________________
Article 6 (Measures to Ensure Security of Personal Information)
The company takes the following measures to ensure security:
• Administrative measures: Establishment and enforcement of internal management plans, regular staff training
• Technical measures: Access control systems, encryption of unique identification information, security program installation
• Physical measures: Restricted access to server and data storage rooms
________________________________________
Article 7 (Installation, Operation, and Refusal of Automatic Collection Devices)
1. The company uses cookies to provide personalized services.
2. Cookies are small pieces of data sent to the user’s browser by the server and stored on the user’s hard drive.
o Purpose: To analyze usage, popular searches, and security status for optimized service.
o Refusal: Cookies can be disabled via browser settings (Tools > Internet Options > Privacy).
o Note: Refusal may cause difficulties in using personalized services.
________________________________________
Article 8 (Remedies for Rights Infringement)
Data subjects may contact the following agencies for consultation or dispute resolution:
• Personal Information Infringement Report Center (KISA)
o Website: privacy.kisa.or.kr
o Phone: 118
o Address: 9 Jinheung-gil, Naju-si, Jeonnam, 3rd floor, 58324, Korea
• Personal Information Dispute Mediation Committee
o Website: www.kopico.go.kr
o Phone: 1833-6972
o Address: 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Korea
• Supreme Prosecutors’ Office Cybercrime Investigation Unit: +82-2-3480-3573 (www.spo.go.kr)
• National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)
________________________________________
Article 9 (Implementation and Changes to the Privacy Policy)
This privacy policy is effective from June 1, 2025.
"I agree to the collection and use of personal information."
