Privacy Policy
Ulfit Korean Medicine Clinic Personal Information Protection and Processing Policy
Ulfit Korean Medicine Clinic (hereinafter referred to as the 'Clinic') establishes and discloses the following privacy policy in order to protect the personal information of data subjects in accordance with Article 30 of the 「Personal Information Protection Act」 and to quickly and smoothly handle grievances related thereto.
Article 1 (Purpose of Processing Personal Information)
The Clinic processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented.
- 1. Member Registration and Management: Identification of individuals through SNS simple login (Naver, Kakao, etc.), maintenance and management of membership status
- 2. Treatment Reservation and Management: Information on treatment reservation schedules, processing of reservation changes and cancellations
- 3. Provision of Medical Services: Confirmation of preliminary information for diagnosis and consultation, provision of customized medical services
- 4. AI Chatbot Service Operation: Understanding the consultation context based on chatbot conversation content and linking with reservations
Article 2 (Items of Personal Information Processed)
The Clinic collects the minimum amount of personal information necessary to provide services.
- 1. Required Items:
- During treatment/consultation: Name, contact information (email, mobile phone number), reservation date and time
- During SNS login: Email address, name, SNS provider identification value (ID)
- 2. Optional Items (Collected when using the AI chatbot):
- Full conversation history with the chatbot (symptoms, pain area, procedures of interest, consultation history, etc.)
- ※ The moment a user completes a reservation through the chatbot, the conversation log is delivered to the medical staff for medical reference purposes.
- 3. Automatically Collected Items: IP address, cookies, service usage records, access logs
Article 3 (Processing and Retention Period of Personal Information)
Personal information is processed and retained within the period of retention and use of personal information according to statutes or within the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
Retention Period
- Website member information: Until membership withdrawal (However, if an investigation or inquiry due to violation of relevant laws is in progress, until the end of the investigation/inquiry)
- Medical reservation information and chatbot consultation logs: Until the medical purpose is achieved or from the reservation date for [3 years/5 years] (conforming to the retention period of medical records under the Medical Service Act)
- However, in the case of simple consultation/reservation cancellation without receiving medical treatment: Destruction after [1 year] from the date of collection
Article 4 (Third-Party Provision and Access Rights to Personal Information)
The Clinic provides personal information to third parties only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the consent of the data subject or special provisions of the law.
[Specification of System Access Rights]
For smooth operation of the reservation system and linkage with medical treatment, collected personal information (reservation information and chatbot conversation content) is stored in the Clinic's database and can be accessed by the following entities.
- Medical Staff (Doctors, Nurses, Consultation Managers): For the purpose of preparing for medical consultations and managing reservations
- System Administrator (Web/DB Administrator): For the purpose of system error correction, data backup, and security management
Article 5 (Entrustment and Overseas Transfer of Personal Information Processing)
For smooth service provision, the Clinic entrusts personal information processing tasks as follows, and personal information is transferred overseas due to the use of global cloud services.
1. Domestic Entrusted Company
- Entrustee: PREDAQ (or Not Applicable)
- Entrusted Task: Website maintenance, system error correction
2. Overseas Transfer of Personal Information (Using Cloud Servers)
The Clinic stores personal information overseas as follows for the operation of the member registration and login authentication system (Firebase Authentication).
| Item | Content |
|---|---|
| Transferred Country | USA |
| Recipient (Company Name) | Google LLC |
| Date/Time and Method of Transfer | Transferred via network in an encrypted state from time to time when using the service |
| Transferred Items | Email address, password (encrypted), login ID, profile picture (when set), access records |
| Purpose of Transfer | Operation of member authentication system, data backup and security management |
| Retention and Use Period | Until membership withdrawal or termination of entrustment contract |
| Contact Information of Manager in Charge | ulfitclinic@nate.com (Clinic's Privacy Officer) |
Article 6 (Rights/Obligations of Data Subjects and Method of Exercise)
Users may exercise their rights such as requesting access to, correction of, deletion of, or suspension of processing of personal information at any time, and the Clinic will take action without delay. However, the deletion of medical records that are required to be preserved in accordance with relevant laws such as the Medical Service Act may be restricted.
Article 7 (Measures to Secure the Safety of Personal Information)
The Clinic takes the following measures to ensure the safety of personal information.
- 1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training
- 2. Technical Measures: Management of access rights to personal information processing systems, etc., installation of security programs, encryption of unique identification information (HTTPS communication, etc.)
- 3. Physical Measures: Access control for computer rooms, data storage rooms, etc.
Article 8 (Privacy Officer)
The Clinic is responsible for overall management of personal information processing tasks, and has designated a Privacy Officer as follows to handle complaints and provide relief for damages related to personal information processing.
Name: Shin Jung-min (Representative Director)
Affiliation: Ulfit Korean Medicine Clinic
Contact: 02-538-7712 / ulfitclinic@nate.com
Addendum
This Privacy Policy is applicable from January 25, 2026.
