PRIVACY

  • PRIVACY

AITRICS Privacy Policy

AITRICS Co., Ltd. (hereinafter, the “Company”) establishes and discloses this Privacy Policy as follows, in accordance with Article 30 of the Personal Information Protection Act, in order to protect the freedom and rights of data subjects, safeguard their personal information and interests, and smoothly handle grievances related to personal information.

1. Purposes of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those stated below. If the purpose of use changes, the Company will take necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

  • ① Provision of services in response to product inquiries
  • ② Processing and management of job applications and recruitment inquiries
2. Categories of Personal Information Processed and Retention Period

The Company processes the following categories of personal information with the consent of the data subject pursuant to Article 15(1)1 and Article 22(1)7 of the Personal Information Protection Act.

Items Collected Purpose of Collection and Use Retention and Use Period Collection Method
(Required) Name, affiliation (hospital/company), contact information, email / (Optional) region Product inquiries 3 years from the date of collection Website
(Required) Name, contact information, affiliation (hospital name), title (department/specialty), inquiry details Responding to VitalCare customer inquiries 3 years from the date of collection HiQri service (Voice Bot)
(Required) Name, contact information, email, résumé / (Optional) unstructured personal information included in attachments Job applications and recruitment inquiries 3 years from the date of collection Website
① Records regarding consumer complaints or dispute resolution in relation to product inquiries are retained for 3 years.
☞ Legal basis: Article 6(1)4 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, etc.
② Personal information of hired employees is retained for 3 years from the date of retirement.
☞ Legal basis: Article 42 of the Labor Standards Act
3. Procedures and Methods for Destruction of Personal Information

① The Company destroys the relevant personal information without delay when such personal information becomes unnecessary due to a request from the data subject, expiration of the retention period, achievement of the processing purpose, or similar reasons.

② If the retention period consented to by the data subject has expired or the processing purpose has been achieved, but the personal information must continue to be preserved pursuant to other laws and regulations, such personal information will be transferred to a separate database (DB) or stored in a different location.

③ The Company selects personal information for destruction when grounds for destruction arise and destroys such personal information upon approval of the Company’s Chief Privacy Officer.

④ The Company destroys personal information recorded and stored in electronic file format in a manner that prevents reproduction of the records, and destroys personal information recorded and stored in paper documents by shredding or incineration.

4. Matters Concerning Entrustment of Personal Information Processing

① The Company entrusts personal information processing tasks as follows for efficient handling of personal information affairs.

Entrusted Party (Processor) Entrusted Task
Suhoin Management of personal information for product use by employees with disabilities in the arts
JobKorea Co., Ltd. (NineHire) Talent recruitment management
KT CS Responding to VitalCare customer inquiries

② When entering into entrustment agreements, the Company specifies in documents such as contracts matters concerning responsibilities including prohibition of processing personal information for purposes other than performing the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the entrusted party, and compensation for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the entrusted party processes personal information safely.

③ Pursuant to Article 26(6) of the Personal Information Protection Act, where an entrusted party re-entrusts the Company’s personal information processing tasks, the Company obtains consent thereto, and discloses the sub-processors and the details of the re-entrusted tasks through this Privacy Policy.

Sub-Processor Re-entrusted Task
Amazon Web Services Inc. Cloud IT infrastructure management
NHN Cloud, BizTalk Co., Ltd. Sending Kakao notification messages
Toss Payments Co., Ltd. Online electronic payment processing
Channel Corporation Real-time chat counseling services
Bespin Global Co., Ltd. Cloud service management (MSP)
KT Cloud Use of cloud services for system operation
NESS Overall task processing related to application, change, cancellation, review, payment, refund, screening, activation and renewal of the priority number guide service, complaint handling, and customer relationship management

※ [Link to NineHire Privacy Policy]

※ [Link to KT CS Privacy Policy]

④ If the details of the entrusted tasks or the entrusted party change, the Company will disclose such changes through this Privacy Policy without delay.

5. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information:

① Administrative measures: establishment and implementation of an internal management plan and regular employee training

② Technical measures: management of access rights to personal information, encryption, and installation of security programs

③ Physical measures: access control for computer rooms, records storage rooms, and major assets

6. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

① The Company uses cookies, which store and retrieve usage information from time to time, in order to provide individualized services and convenience to users.

② Cookies are small amounts of information sent by the server (HTTP) used to operate the website to the user’s browser and may be stored on users’ PCs or mobile devices.

③ Data subjects may allow or block cookies through their web browser settings. However, if cookie storage is refused, difficulties may arise in using customized services.

▶ Allowing/Blocking Cookies in Web Browsers

• Chrome: Browser Settings > Privacy and Security > Clear browsing data

• Edge: Browser Settings > Cookies and site permissions > Manage and delete cookies and site data

▶ Allowing/Blocking Cookies in Mobile Browsers

• Chrome: Mobile Browser Settings > Privacy and Security > Clear browsing data

• Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies

• Samsung Internet: Mobile Browser Settings > Browsing history > Delete browsing history

7. Rights and Obligations of Data Subjects and Their Legal Representatives, and Methods of Exercise

① Data subjects may exercise their rights against the Company at any time, including the right to request access, correction, deletion, suspension of processing, and withdrawal of consent regarding personal information, and the right to refuse or request an explanation regarding automated decisions.

② Such rights may be exercised against the Company in writing, by email, facsimile (FAX), etc. pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.

③ The right of a data subject to request access to and suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.

④ Deletion of personal information may not be requested where such personal information is specified as a subject of collection by other laws.

⑤ When a request for access, correction/deletion, suspension of processing, or refusal/explanation regarding automated decisions is made pursuant to the rights of the data subject, the Company verifies whether the requester is the data subject or a duly authorized representative.

⑥ Requests for access to personal information, etc. may be made to the department below. The Company will endeavor to process such requests promptly.

▶ Department Responsible for Receiving and Processing Requests for Access to Personal Information

• Department: Sales Strategy & Marketing Division, HR&GA Team

• Contact / Email: 02-569-5507 / sm@aitrics.com, career@aitrics.com

8. Chief Privacy Officer

The Company is responsible for overseeing tasks related to personal information processing and has designated the following Chief Privacy Officer to handle complaints and provide remedies for damages related to personal information processing.

▶ Chief Privacy Officer

• Name : Park Jeong-ho

• Position : Chief Information Security Officer

• Contact / Email : 02-569-5507 / pjh@aitrics.com

Data subjects may contact the Chief Privacy Officer and the responsible department regarding all inquiries, complaint handling, and remedies related to personal information protection arising from the use of the Company’s services.

The Company will respond to and handle such inquiries without delay.

9. Methods of Remedy for Infringement of Rights and Interests of Data Subjects

Data subjects may contact the following institutions for damage relief or consultation regarding personal information infringement. The institutions below are separate from the Company. If you are not satisfied with the Company’s own handling of personal information complaints or damage relief, or if you require more detailed assistance, please contact the relevant institution.

• Personal Information Infringement Report Center (privacy.kisa.or.kr, without area code 118)

• Personal Information Dispute Mediation Committee (www.kopico.go.kr, without area code 1833-6972)

• Prosecution Service (www.spo.go.kr, without area code 1301)

• National Police Agency (ecrm.cyber.go.kr, without area code 182)

10. Matters Concerning Operation and Management of Fixed Video Information Processing Devices

The Company installs and operates fixed video information processing devices as follows.

① Basis and purpose of installation: facility safety and fire prevention of the Company

② Number of devices, installation locations, and recording scope

Number of Devices Installation Locations and Recording Scope
2 Recording all areas of major facilities, including the office entrance and interior

③ Person in charge of management and persons with access authority

Classification Name Department Position Contact
Manager in charge Bang Jun HR&GA Manager 02-569-5507

④ Recording hours, retention period, storage location, and processing method of personal video information

Recording Hours Retention Period Storage Location
24 hours 30 days from the date of recording Computer room
11. Changes to This Privacy Policy

① This Policy shall take effect on April 13, 2026. If any content is added, deleted, or amended due to changes in laws/policies or security technologies, the revised Privacy Policy will be announced on the website or through other means.

② Previous versions of the Privacy Policy may be found below.