Privacy Policy

The following articles in this Privacy Policy describes how the ANRISK™ application uses, processes, protects, and manages personal information collected from data subjects for the purpose of calculating risk scores for diseases and generating results.

The application is committed to protecting the rights and interests of its users by establishing a privacy policy in accordance with relevant laws.

 

 

1. Personal Information Items

Collection and Use of Personal Information

  • The personal information collected through the application is directly received and managed by TALOS Corp. (the “Company”), which is also responsible for its future management.


Items Collected

  1. The data collected are as follows:

    • Mandatory information: Sex assigned at birth, ethnicity, date of birth, height, weight, systolic blood pressure, diastolic blood pressure.

    • Optional information: Date of screening*, Waist circumference, blood glucose, total cholesterol, triglycerides, HDL, LDL, hemoglobin, creatinine, GOT/AST, GPT/ALT, GGT/GTP, family history of stroke, family history of cardiovascular disease, family history of hypertension, family history of diabetes, smoking status *Although the Date of screening is optional information, if the date is unknown, the field will automatically be filled with the date the user fills out the form.


Method of Collection

Online form (via the application)

 

2. Purpose of Processing Personal Information

The Company processes personal information for the following purposes below. The personal information being processed will not be used for any purposes other than those listed below, and should the purpose of use change, the Company will implement necessary measures such as obtaining separate consent in accordance with relevant laws:

  1. To analyze health screening data, deliver results, save history of past analyses, and allow the sharing of results via a QR code or email in a PDF format.

 

3. Duration of Processing and Retaining Personal Information

Analysis Results

Once the analysis has been completed, the results are saved and stored for the user to view in the future. All reports are automatically saved until the user decides to permanently delete the results. Once the result is deleted, it cannot be recovered.

 

4. Provision of Personal Information to Third Parties

The Company processes personal information data only within the scope specified in Article 2, “Purpose of Processing Personal Information” and does not provide personal information to third parties.

 

5. Use and Provision of the Scope Reasonably Related to the Purpose of Collection

The Company may use or provide personal information to a third party without the user’s consent, when the following criteria are taken into consideration within the scope reasonably related to the original purpose of collection:

  1. Whether there is a relevance to the original purpose of collection: The Company will determine this based on whether the additional purpose of use/provision are in alignment with the nature or tendencies of the original purpose of collection.

  2. Whether there is a possibility of additional use or provision of personal information considering the context in which it was collected, or the processing practices. The Company will consider factors, such as the relationship between the data processor and the user, the level and speed of technological advancement, and established general circumstances (practices) over a considerable period of time.

  3. Whether it infringes unjustly on the interests of users. The Company will consider whether the user’s interests are substantively infringed upon in relation to the additional purpose of use and whether such infringement is unjust or not.

  4. Whether necessary measures, such as anonymization or encryption, have been taken to ensure security. The Company will consider whether appropriate security measures have been taken, while considering the possibility of infringement.

 

6. Delegation of Personal Information Processing

The Company does not delegate the processing of users’ personal information to any third party.

 

7. Rights and Obligations of Data Subjects and Method of Practice

  • Data subjects can exercise the following rights related to personal information protection at any time against the Company:

  1. Request to view personal information.

  2. Request correction in case of errors, etc.

  3. Request for data destruction.

  4. Personal information stored in the form of an electronic file is destroyed when the user chooses to delete an analysis result using a technical method that cannot recover deleted files. The company does not produce printouts using personal information.

  • The exercise of rights according to Article 1 “Personal Information Items” can be done through written documents, email, FAX, etc., according to Form No. 8 of the Enforcement Rules of the Personal Information Protection Act. As a result, the Company will take action without delay. If a data subject requests correction or data destruction due to errors in personal information, the Company will not use or provide the personal information until the correction or destruction is completed.

  • The exercise of rights according to Article 1 “Personal Information Items” can be made through a legal representative or an agent authorized by the data subject. In this case, a power of attorney that follows Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

 

8. Measures to Ensure the Safety of Personal Information

The Company takes the following measures to ensure the security of personal information:

Administrative Measures

  • Establishment and implementation of internal management plans for the protection of personal information.


Technical Measures

  • Management of access rights to systems that process personal information, installation of control systems to manage access rights, encryption of unique identification information, encryption of compressed files, including assessment reports, which are transmitted to institutions requesting an analysis, application of SSL certificates, and other necessary measures in accordance with relevant laws.


Physical Measures

  • Control of access to computer rooms, data storage rooms, manufacturing rooms, etc.

 

9. Technical and Administrative Protection Measures for Personal Information

The Company is taking the following technical and administrative measures to ensure that users’ personal information is not lost, stolen, leaked, altered, or damaged in the process of processing.

Countermeasures Against Hacking, etc.

The Company is doing its utmost to prevent the leakage or damage of personal information due to hacking or computer viruses, such as removing or deactivating unnecessary services, or providing information on countermeasures that should be taken upon the detection of security threats. The latest antivirus programs are used to prevent users’ personal information and data from being leaked or damaged (this is done by recording system logs for data monitoring). The Confidentiality and integrity of personal medical information transmitted over the network are ensured, and encrypted communication (using verified cryptographic algorithms with a security strength of 112 bits or more for data transmission and storage) is used to safely transmit personal (medical) information over the network. Furthermore, the Company equips all possible technical devices to secure the system (minimizing the breach of physical communication ports) and is using an intrusion prevention system to control unauthorized access from outside.

Personal Information Processor Training

The Company emphasizes compliance with the personal information processing policy through regular training of those who process personal information.

  

10. Guide on Withdrawal of Consent to Use Personal Information

  • Users can view their personal information stored in the application. Users can also request data destruction via e-mail to the administrator.

  • Users can withdraw their consent to the collection, use, and provision of personal information at any time. Withdrawal of consent can be requested at any time via e-mail to the administrator.

  • The Company has a designated personal information protection officer to protect users’ personal information and to handle complaints related to personal information.

 

13. Personal Information Protection Officer

The Company has an designated personal information protection officer to oversee and be responsible for the processing of personal information and to handle complaints and damage relief related to personal information of the data subjects.

Personal Information Protection Officer

Affiliation: TALOS Corp.
Name: Tackeun Kim
Phone: 0507-1386-4600
Email: [email protected]

Personal Information Protection Manager

Affiliation: TALOS Corp.
Name: Chan Yang Park
Phone: 0507-1386-4600
Email: [email protected]

 

14. Practices for the Relief of the Infringement of Rights and Interests

The data subject can inquire about damage relief and consultation regarding personal information infringement at the following institutions:

Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)

privacy.kisa.or.kr / (No area code) 118

Cyber Crime Investigation Unit, Supreme Prosecutors’ Office

www.spo.go.kr / 02-3480-3573

Cyber Terrorism Response Center, Korean National Police Agency

www.netan.go.kr / 1566-0112

 

15. Changes and Notification of Privacy Policy

  • This Privacy Policy was established on November 6th, 2024. In the event of additions, deletions, or modifications of the contents in accordance to the changes in laws, policies, or security technology, the Company will notify the reasons for the changes and its contents at least 7 days prior to the implementation of the changed personal information processing policy through the Company’s homepage.

  • Notice and implementation date: November 6th, 2024