Privacy Policy

 

1. Purpose of the Privacy Policy

Medit Corp. and its affiliates (hereinafter referred to as the “Company”) are committed to protecting your information and complying with the Personal Information Protection Act and other applicable data protection laws.

 

In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses a privacy policy to guide information subjects on the procedures and standards for processing personal information and to handle related complaints promptly and smoothly.

This Privacy Policy applies to information that you provide or we collect on, about, or from you through the Company’s websites (medit.com, support.medit.com, partner.medit.com), subscription services, and software (Medit Link, colLab) during registration or usage.

 

2. Collection and Methods of Personal Information

The company collects the following personal information for membership registration, customer support, and service provision, including information generated during the use of the service.

The company will obtain your consent before use if personal information beyond the purposes of collection stated below is required. The Company does not sell or lease your personal information to the third parties.

 

Personal Information Collected During Service Use

Category	Personal Information	Purpose	Retention Period
Medit Link Membership Management	(Required) Clinic (Laboratory) Name, Name, Email, Password (Optional) Photo, Phone Number	Identification, Confirmation of Registration Intent, Prevention of Fraudulent or Unauthorized Use	Until Membership Withdrawal
Medit Help Center (Customer Support)	(Required) Name, Email, Password (Optional) Photo, Phone Number	Response to User Inquiries, Customer Support	Until Membership Withdrawal
Medit Link Marketing	Contact Information (Email) of Consenting Members	Newsletters, Personalized Promotions, and Offers	Until Membership Withdrawal or Consent Withdrawal
Partner Portal	(Required) Name, Phone Number, Email, Address (Shipping Address), ID (Optional) Personal Customs Clearance Code	Product Delivery	Until Membership Withdrawal
MEDIT M	(Required) Email, Password, Chat History (Optional) Photo, Phone Number, Location Information	Login, Mobile Chat Service	Until Membership Withdrawal
Chat Consultation	(Required) Name, Email, Country (Optional) Phone Number, TeamViewer ID	Chatbot Consultation Service	Retained for 5 Years After Processing
Partners	(Optional) Location Information	Provision of Customized Partner Recommendations	Until Membership Withdrawal

* The above information includes not only the details provided at the time of registration but also any updated member information.

 

During service usage, the following data is collected:

Collected Data	Purpose	Retention Period
IP Address, Web Browser Cookies, Device Information (Manufacturer, Model, OS Information, App Version, UUID, Advertising Identifier, etc.), Service Usage Records within the App	User Analysis and Service Improvement	Until Membership Withdrawal or as Required by Applicable Law

 

The Company collects personal information through:

1. Direct input by users during service use.
2. Automatic generation through the device where the service is installed or used.
3. Integration with other devices or applications.
4. Third-party dealers, partners, and information collection tools.

 

3. Provision and Entrustment of Personal Information

The Company does not share users’ personal information with third parties, except in the following cases:

• When necessary to fulfill your request (e.g., sharing information with a local reseller after a purchase request).
• When required by law to provide your information.
• When separate consent has been obtained from the data subject.
• When information is anonymized and provided for statistical or academic research purposes.
• When necessary to provide information to a foreign government or an international organization to fulfill treaty obligations or other international agreements.
• When necessary for criminal investigations, judicial proceedings, sentencing, detention, or enforcement of protective measures.

 

The Company entrusts certain tasks to external service providers and ensures secure processing through agreements and oversight. The entrusted processing terminates upon membership withdrawal or contract termination.

 

Entrusted Third-Party Service Providers

Service Provider	Entrusted Task
Hubspot	Email Delivery System Development, Operation, and Maintenance
Amazon	Infrastructure Management for Web Services
Zendesk	Customer Inquiry System Development, Operation, and Maintenance
Mavenoid	Live Chat System Development, Operation, and Maintenance
Stripe	International Payment Processing
Agora	Mobile App Chat Service Development, Operation, and Maintenance
Twilio	Email Delivery System Development, Operation, and Maintenance

 

4. Data Retention and Disposal

The Company retains personal information only for the period necessary to fulfill the purpose of collection or as required by law. When the retention period expires, personal data is deleted promptly. If a user has not used the service for one year, their personal information is either archived separately or deleted.

 

Under Electronic Commerce Act, Electronic Financial Transactions Act, and Protection of Communications Secrets Act, certain data is retained as follows:

Legal Basis	Retained Data	Retention Period
Act on the Consumer Protection in Electronic Commerce	Contract and Withdrawal Records	5 Years
	Payment and Supply of Goods Records	5 Years
	Consumer Complaints or Dispute Records	3 Years
	Advertisement and Display Records	6 Months
Protection of Communications Secrets Act	Communication Confirmation Data	3 Months
Electronic Financial Transactions Act	Electronic Financial Transaction and Fraud Records	5 Years

 

If the Company retains personal data in accordance with legal requirements, such data will be transferred to a separate database and used solely for retention purposes unless otherwise mandated by law. The retained data will be permanently deleted within the specified period.

 

Personal data in electronic format will be irreversibly deleted using a method that prevents recovery. Non-electronic records, including printed documents, written materials, or other recorded media, will be shredded or incinerated.

 

5. Data Subject Rights

Your Data Protection Rights

• You have the right to request access, correction, transfer, restriction of processing, or deletion of your personal data. However, the Company may defer your request if there are special legal provisions, if compliance is necessary to fulfill legal obligations, if there is a risk of harming others, or if granting the request would unfairly infringe on the property or interests of others. Additionally, if you have not expressed an intention to terminate the contract despite the inability to provide the agreed-upon services, the Company may defer your request.
• You have the right to object to the processing of your personal data and may request restrictions on processing or data portability.
• If the Company collects and processes your personal data based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal and does not impact the processing of your personal data that is conducted based on lawful grounds other than consent.

 

To exercise these rights, you may send an email to privacy@medit.com to request information changes, corrections, or notifications. We will respond to your request as soon as possible.

 

6. Security of Personal Information

The Company takes administrative, technical, and physical measures to protect the personal information collected and prevent unauthorized access, use, or disclosure by third parties. The Company has established and implements an internal management plan for data protection. The personal information you provide is safeguarded against unauthorized access, use, or disclosure and is securely stored on our servers.

 

Additional technical measures include managing access permissions to personal information processing systems, installing access control systems, encrypting unique identification information, deploying security programs, maintaining access logs, and implementing encryption. Access to facilities handling personal information, such as computer rooms and data storage rooms, is strictly controlled.

 

7. International Data Transfers

Your personal information may be transferred to jurisdictions outside of your country of residence to facilitate the Company’s global operations. In such cases, this Privacy Policy shall continue to apply. The Company will obtain your consent for international data transfers and take appropriate protective measures to ensure the security of your personal information.

Personal Information Transferred	Destination Country	Time & Method of Transfer	Recipient	Purpose of Use	Retention & Usage Period
Name, Email	United States	Transmitted via network upon service use	Hubspot (privacy@hubspot.com)	Email delivery	Retained until membership withdrawal or service termination
All personal information collected during service provision	United States, Europe	Processed for service provision	Amazon (aws-korea-privacy@amazon.com)	System operation and data storage	Retained until membership withdrawal or service termination
Name, Email, Country	Japan	Transmitted via network upon service use	Zendesk (privacy@zendesk.com)	Customer inquiry management	Retained until membership withdrawal or service termination
Payment card information	United States	Transmitted via network upon service use	Stripe (privacy@stripe.com)	International credit card payment processing	Retained until membership withdrawal or service termination
All personal information collected during service provision	United States	Transmitted via network upon service use	Agora (privacy@agora.io)	Chat service	Retained until membership withdrawal or service termination
Name, Email, Country	Sweden	Transmitted via network upon service use	Mavenoid (legal@mavenoid.com)	Customer inquiry management	Retained until membership withdrawal or service termination
Cookies, IP information, Access logs	United States	Transmitted via network upon service use	Google (googlekrsupport@google.com)	Website usage analysis via Google Analytics	Retained until membership withdrawal or service termination
Name, Email	United States	Transmitted via network upon service use	Twilio (privacy@twilio.com)	Email delivery	Retained until membership withdrawal or service termination

 

8. Cookie Policy

The Company’s Cookie Policy outlines the definition of cookies, how they are used, how third parties affiliated with the Company utilize cookies, your choices regarding cookies, and additional relevant information.

 

– What Are Cookies?

• A “cookie” is a small data file sent from an HTTP server to a user’s browser.
• Cookies are stored on a user’s computer hard drive, allowing the Company or third parties to recognize the user and facilitate future visits, enhancing the browsing experience. While cookies can identify a user’s device, they do not personally identify individuals.
• Cookies may be classified as either “persistent cookies” or “session cookies.”

 

– How the Company Uses Cookies

• When you access and use our services, the Company may store multiple cookies in your web browser.
• The Company uses cookies for the following purposes:
  • Providing analytical insights
  • Storing user preferences
  • Delivering personalized advertisements based on user preferences
• The Company employs both persistent and session cookies for service operation.
• Essential Cookies: The Company uses essential cookies to authenticate users and protect user accounts from fraud.

 

– Third-Party Cookies

In addition to its own cookies, the Company uses various third-party cookies to generate usage statistics and deliver advertisements.

 

– Your Choices Regarding Cookies

• You have the right to accept or decline cookies. To delete cookies or configure your browser to refuse them, refer to your browser’s help page. Options include displaying a message whenever a cookie is stored, accepting all cookies as the default setting, or rejecting cookies entirely.
• Please note that deleting or disabling cookies may impact the functionality of certain services, prevent storage of user preferences, or cause some pages to display incorrectly.

 

– For more information about cookies, please visit:

• All About Cookies: http://www.allaboutcookies.org/

 

– How to Disable Cookies in Your Browser

• Microsoft Edge: Click the three-dot icon in the upper-right corner > Settings > Privacy, search, and services > Clear browsing data > Choose what to clear > Clear now
• Google Chrome: Click the three-dot icon in the upper-right corner > Settings > Privacy and security > Clear browsing data
• Safari: Go to Settings > Safari > Clear History and Website Data
• Mozilla Firefox: Click the three-line menu in the upper-right corner > Settings > Privacy & Security > Cookies and Site Data > Clear Data > Select “Cookies and Site Data” & “Cached Web Content” > Clear

 

9. Contact Information

The Company has designated the Chief Privacy Officer to safeguard your personal information and address any privacy-related complaints. You may report any concerns regarding the protection of your personal data arising from your use of the Company’s services to the designated CPO. The CPO will promptly and thoroughly respond to your inquiries.

 

10. Medit SMS Communication

• SMS Terms And Conditions  Upon messaging opt-in, the end user agrees to receive messages from Medit regarding (use-case example — communications, marketing, etc). End users can opt-out by replying STOP or request more information by replying HELP. Message frequency varies. Message and data rates may apply. If you need assistance or have questions about our SMS service, reply with “HELP” to any SMS message you receive, or contact our customer support team at  (Number).
• “No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties”.

 

 

For privacy concerns, contact:

• Name: Inhaeng Cho
• Department: Tech Ops/IT
• Position: CPO
• Email: privacy@medit.com

 

If you need to report or consult on other privacy infringements, please contact the following institutions.

 

Privacy Infringement Report Center: privacy.kisa.or.kr / Phone no. 118

Supreme Prosecutor’s Office: cybercid.spo.go.kr / Phone no. 1301

National Police Agency: ecrm.police.go.kr / Phone no. 182

 

Notification date : March 14, 2025

Effective date : March 31, 2025

Previous Privacy Policy (2024/12/18)