ANRISK^® Privacy & Cookie Policy

수집항목

1. 업로드된 엑셀 파일 내 검진데이터 건강검진기관명, 건강검진 일자, 건강검진 대상자 이름, 건강검진 정보 22종

   • 필수 정보: 연령, 성별, 신장, 체중, 수축기혈압, 이완기혈압

   • 선택 정보: 허리둘레, 혈당, 총콜레스테롤, 중성지방, HDL, LDL, 혈색소, 크레아티닌, AST, ALT, GGT, 뇌졸중가족력, 심장병가족력, 고혈압가족력, 당뇨가족력, 흡연상태

2. 고객 지원

   • 필수 정보: 고객사 담당자 성함, 고객사명, 사업자 번호, 이메일, 전화번호

1. Personal Information Items

Collection and Use of Personal Information

• The personal information collected through this website is directly received and managed by the Company, which is also responsible for its future management.

Items Collected

1. The data collected include the name of the health screening institution, the date of the screening, the name of the examinee, and 22 health screening data items.

   • 필수 정보: 연령, 성별, 신장, 체중, 수축기혈압, 이완기혈압

   • Optional Information: Waist Circumference, Blood Sugar, Total Cholesterol, Triglycerides, HDL, LDL, Hemoglobin, Creatinine, AST, ALT, GGT, Family History of Stroke, Family History of Heart Disease, Family History of Hypertension, Family History of Diabetes, Smoking Status.

2. Customer Support

   • Mandatory Information: Customer representative’s name, company name, business registration number, email, phone number.

Method of Collection

Online (via the web software platform: https://www.anrisk.taloscorp.io).

Purpose of Processing Personal Information

The Company processes personal information for the following purposes below. The personal information being processed will not be used for any purposes other than those listed below, and should the purpose of use change, the Company will implement necessary measures such as obtaining separate consent in accordance with relevant laws:

1. To analyze health screening data, deliver reports (in PDF format), and compressed files containing the calculated risk scores for diseases to the users (institutions requesting an analysis).

2. To confirm customer support inquiries, to communicate to the customer regarding the support needed, and to send notifications regarding the outcome.

3. Duration of Processing and Retaining Personal Information

It is our principle to destroy the user's personal information without delay once the purpose of its collection and use has been achieved. More specifically, the following information will be retained for the period specified below for the respective reasons:

Uploaded Excel Files:

These are automatically destroyed and made unrecoverable immediately after the necessary health screening data has been transferred for analysis.

Compressed Assessment Report Files

Once the reports have been generated and have been delivered to the users (institutions requesting an analysis) as compressed files, the files are destroyed and made unrecoverable immediately upon the user’s request. Even without a special request from the user, they are unrecoverable after 7 days of the report generation date.

Customer Support

Information related to customer support is retained for one year from the date on which customer support was provided.

4. Provision of Personal Information to Third Parties

The Company processes personal information data only within the scope specified in Article 2, “Purpose of Processing Personal Information” and does not provide personal information to third parties.

5. Use and Provision of the Scope Reasonably Related to the Purpose of Collection

The Company may use or provide personal information to a third party without the user's consent, when the following criteria are taken into consideration within the scope reasonably related to the original purpose of collection:

1. Whether there is a relevance to the original purpose of collection: The Company will determine this based on whether the additional purpose of use/provision are in alignment with the nature or tendencies of the original purpose of collection.

2. Whether there is a possibility of additional use or provision of personal information considering the context in which it was collected, or the processing practices. The Company will consider factors, such as the relationship between the data processor and the user, the level and speed of technological advancement, and established general circumstances (practices) over a considerable period of time.

3. Whether it infringes unjustly on the interests of users. The Company will consider whether the user's interests are substantively infringed upon in relation to the additional purpose of use and whether such infringement is unjust or not.

4. Whether necessary measures, such as anonymization or encryption, have been taken to ensure security. The Company will consider whether appropriate security measures have been taken, while considering the possibility of infringement.

6. Delegation of Personal Information Processing

The Company does not delegate the processing of users' personal information to any third party.

7. Rights and Obligations of Data Subjects and Method of Practice

Data subjects can exercise the following rights related to personal information protection at any time against the Company:

1. Request to view personal information.

2. Request correction in case of errors, etc.

3. Request for data destruction.

파기방법

• 전자적 파일 형태로 저장된 개인정보는 기록을 재생할 수 없는 기술적 방법을 사용하여 삭제합니다.
• 회사는 개인정보를 이용한 출력물은 생산하지 않습니다.

• The exercise of rights according to Article 1 “Personal Information Items” can be done through written documents, email, FAX, etc., according to Form No. 8 of the Enforcement Rules of the Personal Information Protection Act. As a result, the Company will take action without delay. If a data subject requests correction or data destruction due to errors in personal information, the Company will not use or provide the personal information until the correction or destruction is completed.

• The exercise of rights according to Article 1 “Personal Information Items” can be made through a legal representative or an agent authorized by the data subject. In this case, a power of attorney that follows Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

8. Destruction of Personal Information

The Company will destroy the personal information without delay when it becomes unnecessary, such as when the retention period has expired or the purpose of processing has been achieved.

The procedure and method of destruction are as follows:

• 파기절차 처리목적 달성 시 지체없이 파기하는 것이 원칙이며 예외적인 경우 내부 방침에 따라 일정 기간(7일간) 저장된 후 파기됩니다.

• 개인정보는 법률에 의한 경우가 아니고서는 보유되는 이외의 다른 목적으로 이용되지 않습니다.

• Personal information stored in the form of an electronic file is destroyed using a technical method that cannot recover deleted files. The company does not produce printouts using personal information.

9. Measures to Ensure the Safety of Personal Information

The Company takes the following measures to ensure the security of personal information:

Administrative Measures

• Establishment and implementation of internal management plans for the protection of personal information.

Technical Measures

• Management of access rights to systems that process personal information, installation of control systems to manage access rights, encryption of unique identification information, encryption of compressed files, including assessment reports, which are transmitted to institutions requesting an analysis, application of SSL certificates, and other necessary measures in accordance with relevant laws.

Physical Measures

• Control of access to computer rooms, data storage rooms, manufacturing rooms, etc.

10. Technical and Administrative Protection Measures for Personal Information

The Company is taking the following technical and administrative measures to ensure that users' personal information is not lost, stolen, leaked, altered, or damaged in the process of processing.

Countermeasures Against Hacking, etc.

The Company is doing its utmost to prevent the leakage or damage of personal information due to hacking or computer viruses, such as removing or deactivating unnecessary services, or providing information on countermeasures that should be taken upon the detection of security threats. The latest antivirus programs are used to prevent users' personal information and data from being leaked or damaged (this is done by recording system logs for data monitoring). The Confidentiality and integrity of personal medical information transmitted over the network are ensured, and encrypted communication (using verified cryptographic algorithms with a security strength of 112 bits or more for data transmission and storage) is used to safely transmit personal (medical) information over the network. Furthermore, the Company equips all possible technical devices to secure the system (minimizing the breach of physical communication ports) and is using an intrusion prevention system to control unauthorized access from outside.

Personal Information Processor Training

The Company emphasizes compliance with the personal information processing policy through regular training of those who process personal information.

11. Installation/Operation of Automatic Personal Information Collection Devices and Matters Concerning Denial

Cookies

The Company uses 'cookies' to store and retrieve users' information to provide personalized and customized services. A cookie is a very small text file sent by the server used to operate the website on the user's browser and is stored on the user's computer hard disk. When a user visits a website again, the website server reads the contents of the cookie stored on the user's hard disk to maintain the user's settings and provide customized services. Cookies do not automatically/actively collect information that identifies individuals, and users can refuse or delete the storage of such cookies at any time.

Purpose of the Company's Use of Cookies

Cookies are used to provide convenience for users who need customer support.

Installation/Operation of Cookies and Refusal

Users have the option to install cookies. Thus, users can allow all cookies, manually confirm every time a cookie is stored, or refuse the storage of all cookies by going to the settings option in their web browser. If the storage of cookies is refused, it may be difficult to use some services. The guide to manage cookies for each browser are as follows:

1. Google Chrome [View page]

2. NAVER whale [View page]

3. Microsoft Edge [View page]

4. Mozilla Firefox [View page]

12. Guide on Withdrawal of Consent to Use Personal Information

• Users can view and modify their personal information registered on the Company's website through the institution that is requesting an analysis. Users can also request data destruction via e-mail to the administrator.

• Users can withdraw their consent to the collection, use, and provision of personal information at any time. Withdrawal of consent can be requested at any time via e-mail to the administrator.

• The Company has a designated personal information protection officer to protect users' personal information and to handle complaints related to personal information.

13. Personal Information Protection Officer

The Company has an designated personal information protection officer to oversee and be responsible for the processing of personal information and to handle complaints and damage relief related to personal information of the data subjects.

Personal Information Protection Officer

Affiliation: TALOS Corp.
Name: Tackeun Kim
전화번호: +82-2-6010-4600
이메일: [email protected]

Personal Information Protection Manager

Affiliation: TALOS Corp.
Name: Chan Yang Park
전화번호: +82-2-6010-4600
Email: [email protected]

14. Practices for the Relief of the Infringement of Rights and Interests

The data subject can inquire about damage relief and consultation regarding personal information infringement at the following institutions:

Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)

privacy.kisa.or.kr / 118

Cyber Crime Investigation Unit, Supreme Prosecutors' Office

www.spo.go.kr / 02-3480-3573

Cyber Terrorism Response Center, Korean National Police Agency

www.netan.go.kr / 1566-0112

15. Changes and Notification of Privacy Policy

• 이 개인정보처리방침은 2021년 11월 22일에 제정되었으며, 추후 법령 · 정책 또는 보안기술의 변경에 따라 내용의 추가 · 삭제 및 수정이 있을 시에는 변경되는 개인정보처리방침을 시행하기 최소 7일전에 본사 홈페이지를 통해 변경이유 및 내용 등을 공지하도록 하겠습니다.

• Notice and implementation date: November 22, 2021

• Revision: October 3, 2022

• Revision: February 24, 2023