PRIVACY

  • PRIVACY

Privacy Policy

AItrics Co., Ltd. (hereinafter referred to as "the Company") complies with the relevant laws and regulations related to personal data protection in South Korea, including the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as "Information and Communications Network Act") and the Personal Information Protection Act. The Company is committed to protecting the personal data of customers (hereinafter referred to as "Users") using the Company's services and ensures that any related complaints are processed quickly and smoothly.

Through the publication of this privacy policy, the Company informs Users about the purposes and methods of using their personal data and the steps being taken to protect their privacy. This Privacy Policy may change due to amendments to relevant laws or internal company policies, so we encourage Users to check this policy regularly during their use of the site.

Article 1: Types of Personal Data Collected and Collection Methods

① Types of Data Collected

  • - Website Newsletter Subscription: Email address

  • - Job Application and Recruitment Inquiries

    • • Required: Name, address, nationality, phone number, veteran status and disability status, education, grades, military service, career, intellectual property/papers/publications/research achievements, overseas experience and training activities, social/volunteer activities, language proficiency, and other qualifications.
    • • Optional: Date of birth, foreign language proficiency, other information provided by the applicant in their resume and submitted materials.

  • - General Information Related to Partner Companies

    • • Required: Name, company name, business registration number, account number, address
    • • Optional: Phone number, email, fax, login ID, password, etc.

② Collection Methods

  • - Collected during the account creation process for using the Company’s products
  • - Collected during the provision of feedback or complaints to the Company
  • - Collected during job applications or by employees during their employment
  • - Collected during partnerships or contract agreements with partner companies
Article 2: Purpose of Processing Personal Data

The Company processes personal data for the following purposes:

  • ① Membership Registration and Site Use: To confirm the User's intention to join, provide services, identify and authenticate the User, prevent fraudulent use of the service, handle complaints and other inquiries, deliver notices, and confirm the User’s intention to withdraw from membership.
  • ② Provision of Company Services: Providing services through product/service purchases and inquiries, sending emails, notices, deliveries, issuing invoices, payment and settlement of fees, recovering from errors or failures, and providing customized services (including newsletters).
  • ③ External Activities and Collaboration: Providing product-related information, information on company-hosted events like product presentations, confirming identity for research/lectures/advisory services, contract execution, and fulfilling related duties such as income tax withholding and other marketing and research activities related to products.
  • ④ Recruitment: Processing and guiding through the recruitment process, reviewing candidates for permanent positions, handling inquiries related to recruitment, and notifying applicants about results.
  • ⑤ Complaint Handling and Safety Information Management: Responding to product-related inquiries, verifying identity of complainants, conducting fact-finding for complaints, reporting and managing product safety and quality issues.
  • ⑥ Compliance with Legal and Administrative Obligations: Fulfilling obligations under laws like the Medical Service Act, Medical Device Act, Bioethics and Safety Act, etc., for clinical research, post-market safety management, tax reporting, and other legal and administrative obligations.
  • ⑦ AI Software Development and Research: The Company processes de-identified medical data for AI software development and research purposes. These datasets do not contain personal information such as names or contact details and are only used for medical/scientific research.

The company may use or provide personal information within the scope reasonably related to the original collection purpose, considering whether the data subject may suffer any disadvantage, whether measures to ensure safety, such as encryption, have been taken, and other factors. The company will carefully assess whether to use or provide the personal information based on various factors, including compliance with the Personal Information Protection Act and other relevant laws, the purpose of use and provision of personal information, the manner in which personal information is used or provided, the categories of personal information being used or provided, the content if consent was obtained or disclosed to the data subject, the impact on the data subject, and the protective measures taken for the subject information. Specific considerations include:

  • • Whether it is related to the original collection purpose.
  • • Whether additional use or provision is foreseeable based on the circumstances of collection or processing practices.
  • • Whether it unduly infringes on the data subject's rights.
  • • Whether necessary measures, such as pseudonymization or encryption, have been taken to ensure safety.
Article 3: Processing and Retention Period of Personal Information

① Identity verification and authentication related to service usage: Until membership withdrawal.

② Service maintenance and improvement: Until the purpose is achieved (only non-identifiable information is retained).

③ Customer complaints, safety information, and quality complaints: 3 years from the reported time.

④ General information about job applicants: 3 years from the date of receipt of the application.

⑤ General information about business partners: Until the completion of contract work, project work, or proposal tasks.

⑥ Newsletter distribution: 3 years from the application date.

⑦ The company retains personal information for the period specified in relevant laws such as the Commercial Act, the Telecommunications Secret Protection Act, and other relevant regulations.

- Important business documents

• Retention basis: Commercial Act

• Retention period: 10 years

- Website visit records

• Retention basis: Telecommunications Secret Protection Act

• Retention period: 3 months

Article 4: Provision of Personal Information to Third Parties

The company will not process or provide personal information to third parties beyond the original scope without prior consent from the data subject. However, exceptions are made in the following cases:

  • • If the data subject has consented to third-party provision or disclosure in advance.
  • • If required or permitted by law.
  • • Clinical trial researchers affiliated with trial institutions.
Article 5: Outsourcing of Personal Information Processing

① The company does not currently outsource personal information processing.

② In the event of outsourcing, the company will specify in the contract the prohibition on processing personal information for purposes other than the outsourced tasks, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of the processor, and matters concerning liability for damages, and will oversee the safe processing of personal information by the processor.

③ If a new outsourcing contractor or changes to outsourcing tasks occur, the company will promptly disclose this information through this policy.

Article 6: Disposal of Personal Information

① The company will promptly dispose of personal information when the retention period expires, the purpose of processing is achieved, or the information is no longer necessary.

② If personal information must be retained due to other legal requirements despite expiration of the retention period or achievement of the purpose, the personal information will be moved to a separate database (DB) or stored in a different location and will not be used for other purposes unless required by law.

- Disposal procedure and method

• Disposal procedure: Personal information subject to disposal is selected, and disposal is approved by the company’s privacy officer.

• Disposal method: Electronic files are destroyed using methods that render the information irrecoverable, and paper documents are shredded or incinerated.

Article 7: Rights, Duties, and Methods of Exercise of Data Subjects

① Data subjects may exercise the following rights regarding the company’s processing of their personal information:

  • • Request access to personal information.
  • • Request correction of errors.
  • • Request deletion.
  • • Request suspension of processing.

② Rights under paragraph 1 may be exercised by submitting a written or electronic request to the company, and the company will take prompt action.

③ These rights may also be exercised through a legal representative or an authorized person, who must submit a power of attorney following the form prescribed by the Personal Information Protection Act.

④ Data subjects must not violate the Personal Information Protection Act or other related laws by infringing on the personal information or privacy of themselves or others.

Article 8: Security Measures for Personal Information

The company has implemented the following measures to ensure the security of personal information:

  • ① Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
  • ② Technical measures: Access control of personal information processing systems, installation of access control systems, encryption of personal information files, installation of security programs.
  • ③ Physical measures: Locking and restricting access to locations where personal information is stored.
Article 9: Personal Information Protection Officer

① The company designates the following person as the Personal Information Protection Officer, who is responsible for overseeing personal information processing and handling complaints and remedying damage related to personal information:

• Name: Baek Won-joong

• Position: Coordination Manager

• Phone number and email: 02-569-5507 / privacy@aitrics.com

② Data subjects may contact the company’s Personal Information Protection Officer or the relevant department for inquiries, complaints, or to request remedy related to personal information protection. The company will respond promptly.

Article 10: Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

① The company uses cookies to provide personalized services and to operate the website reliably.

② Cookies are small pieces of information sent by the server to the user’s web browser and may be stored on the user's computer hard drive.

③ The purpose of using cookies: To analyze user visit patterns and secure access, and to provide optimized information to users.

④ Cookie setting rejection: Users can reject the storage of cookies via the browser settings.

⑤ Users will not suffer disadvantages from rejecting cookies, but this may cause difficulties in using the website or services.

⑥ Data subjects may contact the company for inquiries or complaints related to personal information protection.

Article 11: Third-Party Links

The company's website may contain links to third-party websites, plug-ins, or applications. If the user clicks on a link or connects to a third-party website, the third party may collect or use the user's personal information. The company does not control these third-party websites, plug-ins, or applications and is not responsible for the handling of personal information by these third parties.

Article 12: Changes to the Privacy Policy

The company may change this privacy policy due to legal amendments, government policies, internal policies, or security technology changes. In such cases, the company will notify users via the website.

• Effective Date: 2021.01.01