We Want Healthcare Radiology Clinic (hereinafter referred to as "the Clinic") considers the protection of personal information on the internet to be extremely important and is committed to safeguarding the personal data provided by users to the Clinic. Accordingly, the Clinic has developed a privacy policy based on relevant regulations that information and communication service providers must adhere to, including the Protection of Communications Secrets Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection. This privacy policy may be updated periodically due to changes in government laws and guidelines or internal policy adjustments. Any changes will be promptly reflected on the privacy policy posted on the initial screen of the Clinic's website. This privacy policy will help users understand how their collected personal information is used and protected securely.

[The contents of this Privacy Policy are as follows:]

1. Collection Items and Methods of Personal Information
2. Purpose of Collection and Use of Personal Information
3. Provision and Sharing of Personal Information
4. Retention and Use Period of Personal Information
5. Procedures and Methods for Disposal of Personal Information
6. Rights of Users and Legal Representatives and How to Exercise Them
7. Withdrawal of Consent / Membership Termination Methods
8. Installation/Operation of Automatic Data Collection Devices and Rejection of Such Devices
9. Operation/Management of Video Information Processing Devices
10. Measures for Ensuring the Security of Personal Information
11. Personal Information Management Officer
12. Obligation to Notify of Policy Changes
13. Handling of Collected Personal Information

1. Collection Items and Methods of Personal Information

The Clinic collects only the minimum amount of personal information necessary for the use of services at the time of membership registration. The information collected for using the Clinic’s services includes both required and optional fields during membership registration. Optional fields, such as email subscription preferences, do not restrict service use if left blank.

A. Information Collected During Visit & Medical Treatment

- Required: Name (in Korean), Address, Contact Information
- Health Information: Personal health information deemed necessary by medical staff for providing medical services, such as medical history and family history.
※ Unique identification information and medical records must be retained as required by the Medical Service Act.
(No separate consent is obtained for the collection of medical information.)

B. Information Collected Upon Website Sign-Up

-Required: ID, Password, Name, Email Address
-Optional: Contact Information (Telephone Number, Mobile Number)
-Sensitive Information: Past Medical History, Surgical History, Areas of Surgical Interest
-Information Automatically Generated During Service Use: Service usage records, access logs, cookies, IP information
-Identity Verification (Mobile Phone Verification/i-PIN Verification): Name, Verification Value, i-PIN Number (for i-PIN members), Date of Birth, Gender, ID, Password, Contact Information (Email Address, Mobile Number), Legal Representative Information for individuals under 14 years old, Membership Verification Information

C. Information Collected Upon Medical Fee Payment

-Credit Card Payment: Card Issuer Name, Card Number, and other Card Payment Authorization Information

D. Methods of Collecting Personal Information

-Personal information is collected through the following methods:
Website (membership registration, real-time consultation, online reservation, online consultation, etc.), Written Forms, Fax, Phone, Email

2. Purpose of Collection and Use of Personal Information

The Clinic uses the collected personal information for the following purposes. All information provided by users is used only for these purposes, and if the purpose of use changes, prior consent will be sought.
-Verification procedures for medical treatment/inspection/reservation and identity confirmation -Services for diagnosis and treatment
-Administrative services such as billing, payment, and refunds
-Sending medical fee statements, detailed statements, and certificates, and dispatching medicines, goods, and results
-Providing medical information to other medical institutions for referral and return
-Ensuring communication channels for notifications, complaints, and issue resolution
-Handling online consultation responses
-Providing information about new services and events
-Legal and administrative actions for quality management and operation of the Clinic
-Providing minimal analysis data for education and research purposes
-Providing information on medical, academic, and Clinic-related topics
-Using reference materials to provide smooth consultation and treatment services
-Collecting information for consumers as per Article 52 of the Framework Act on Consumers

3. Provision and Sharing of Personal Information

The Clinic does not use or provide personal information to others or other companies/institutions beyond the scope notified in the 『Purpose of Collection and Use of Personal Information』 except with the user’s consent or as required by relevant laws.

However, exceptions include:
-When users have consented to disclosure in advance
-When required by law or for investigation purposes according to legal procedures and methods
-When necessary for statistical preparation, academic research, or market research, provided the information is processed in a form that does not identify specific individuals

4.Retention and Use Period of Personal Information

The Clinic promptly disposes of personal information when the purpose of collection or the provided purpose has been achieved.

A. For Membership Sign-Up Information: When a membership is terminated or expelled, or 1 year after the last login date (Article 29 of the Act On Promotion Of Information And Communications Network Utilization And Information Protection and Article 16 of the Enforcement Decree of the same Act)
B. For Information Collected for Surveys, Events, etc.: When the survey or event has concluded
C. For Information Collected for Medical Purposes: Retained in accordance with Article 15 of the Enforcement Decree of the 『Medical Service Act』 ("Retention of Medical Records") (Patient List: 5 years, Medical Records: 10 years), (Retention Items: Name, Address, Medical Information)
D. For Consumer Complaints or Dispute Resolution Records: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)
E. For Credit Information Collection/Processing and Use Records: 3 years (Credit Information Use and Protection Act)
F. For Identity Verification Records: 6 months (Act on Promotion of Information and Communication Network Utilization and Information Protection)
G. For Visit Records: 3 months (Protection of Communications Secrets Act)
※ Even if the collection or provision purpose is achieved, personal information may be retained if required by laws such as the Commercial Act.

5. Procedures and Methods for Disposal of Personal Information

The Clinic promptly disposes of personal information once the 『Purpose of Collection and Use of Personal Information』 has been achieved. The disposal procedures and methods are as follows:

A. Disposal Procedure

Information entered for membership sign-up is promptly disposed of upon achieving the purpose, according to the disposal methods below.

B. Disposal Deadline

Personal information will be disposed of within 5 days of the end of the retention period or within 5 days of recognizing the personal information as unnecessary due to the achievement of processing purposes, discontinuation of the service, business closure, etc.

C. Disposal Method

Personal information stored in electronic file format is deleted using technical methods that render the records unrecoverable. Personal information printed on paper is destroyed by shredding or incineration.

6. Rights of Users and Legal Representatives and How to Exercise Them

The Clinic respects the rights of customers regarding their personal information. If a customer requests access, correction, or deletion of their personal information, we will promptly and diligently respond to their request. To ensure the protection of personal information, we do not provide procedures for access, correction, or deletion requests made via phone, email, fax, or other methods outside of a physical visit.

A. Access to Personal Information

Customers may visit our Clinic to request access to their personal information, and we will respond to such requests promptly.

B. Correction/Deletion of Personal Information

- If a customer requests correction or deletion of their personal information, the Clinic will promptly correct or delete the information if we determine that correction or deletion is necessary due to errors. We may request supporting documentation to verify the correction or deletion request. Until the correction is complete, the relevant personal information will not be used or provided. If incorrect personal information has been provided to a third party, we will notify the third party of the correction result without delay to ensure the correction is made.
- If a customer requests access, correction, or deletion of their personal information, we will verify their identity using identification documents such as a resident registration card, passport, or driver's license.
- If a customer's representative requests access, correction, or deletion, we will verify the legitimacy of the representative by checking the customer’s power of attorney, consent form, and the representative's identification documents.
- The Clinic will notify the customer and explain the reasons if there are legitimate reasons to refuse access, correction, or deletion of all or part of the personal information.
- When we may restrict access to and correction of personal information
- When there is a risk of significant harm to the life, body, property, or rights and interests of the person or a third party
- When there is a risk of significant interference with the service provider's business
- When there is a violation of laws and regulations, etc.
- For children under the age of 14 (hereinafter referred to as "children"), membership registration is carried out through a separate form, and the collection of personal information requires consent from a legal representative.
- To obtain consent from the legal representative, the Clinic collects minimal information such as the representative’s name and contact details from the child, and obtains consent in accordance with the methods specified in our Privacy Policy.
- Users and legal representatives can contact the Clinic via the Internet, phone, or in writing to exercise their rights, and we will take prompt action.
※ Personal information that must be retained by law cannot be modified or deleted within the retention period, even if requested.

7. Withdrawal of Consent / Membership Withdrawal

You can withdraw your consent to the collection, use, and provision of personal information at any time. To withdraw consent (terminate membership), you can either click the 『Withdraw Consent (Terminate Membership)』 button on our website and follow the identity verification process, or contact the personal information manager, who will take prompt action to delete your personal information.

8. Installation/Operation and Refusal of Automatic Personal Information Collection Devices

A. Purpose of Using Cookies

- Cookies identify the user's computer but do not individually identify users. We use cookies to understand the visit and usage patterns of services, user scale, etc., to create more convenient services.
- Users can choose whether to allow the use of cookies by adjusting their web browser settings. They can either accept all cookies, set the browser to notify them when a cookie is installed, or refuse all cookies.
- However, users must allow cookies to log in and use our services.

B. Installation/Operation and Refusal of Cookies

- Users have the option to accept or reject the installation of cookies. Therefore, users can configure their web browser settings to allow all cookies, receive a notification each time a cookie is stored, or refuse the storage of all cookies.
- To reject the installation of cookies, users can adjust their web browser settings to allow all cookies, receive a notification each time a cookie is stored, or refuse the storage of all cookies.
- Example of how to configure settings:
• For Internet Explorer: Go to the "Tools" menu at the top of the web browser > "Internet Options" > "Privacy" > "Settings" • For Chrome: Click on the "Settings" menu on the right side of the web browser > Scroll down and click on "Advanced" > Under "Privacy and Security," click on "Content Settings" > "Cookies"
- However, if you refuse the storage of cookies, you may encounter difficulties in using some services on our website that require login.

9. Measures to Ensure the Security of Personal Information

The Clinic takes the following technical and administrative measures to ensure that customer personal information is not lost, stolen, leaked, altered, or damaged:

[Minimization and Training of Personal Information Handling Staff]
We minimize the number of staff handling personal information and provide regular training.

[Regular Self-Inspection]
We conduct self-inspections at least once a year to ensure the security of personal information handling.

[Establishment and Implementation of Internal Management Plan]
We have established and implemented an internal management plan for the secure handling of personal information.

[Encryption of Personal Information]
Passwords among personal information are encrypted during storage and management so that only the individual knows them, and important data is protected using additional security functions such as file and transmission encryption.

[Technical Measures Against Hacking]
To prevent leakage and damage of personal information due to hacking or computer viruses, we install security programs, perform regular updates and checks, and install systems in areas with restricted access, monitoring, and blocking both technically and physically.

[Access Restrictions to Personal Information]
We take necessary measures to control access to personal information by granting, changing, or deleting access rights to database systems and using intrusion prevention systems to block unauthorized external access.

[Access Control for Unauthorized Persons]
We maintain separate physical storage locations for personal information systems and have established and operate access control procedures.

10. Operation/Management of Video Information Processing Equipment

The Clinic operates/manages video information processing equipment as follows:

[Installation Basis and Purpose]
Patient and facility safety, fire and crime prevention

[Number of Units, Installation Location, and Coverage]
Number of units: 9 in total
Installation location and coverage: Lobby, corridors, etc.

[Management Officer]
Person in Charge: Director

[Recording Time and Processing Method]
Recording Time: 24 hours
Processing Method: Records management for use, third-party provision, destruction, access requests of personal video information, and permanent deletion using irreversible methods upon expiration of the retention period (shredding or incineration of printouts).

[Measures for Requests to View Video Information]
You may request to view or confirm the existence of your personal video information at any time from the video information processing equipment operator. However, this is limited to personal video information that is clearly necessary for the immediate protection of the life, body, or property of the information subject. Requests to view personal video information may be refused in the following cases:
- If the video information has been destroyed after the retention period has expired.
- If there are other legitimate reasons to refuse access.

[Technical, Managerial, and Physical Measures for Video Information Protection]
Video information processed by the Clinic is managed securely through encryption and other measures. We have established access controls for personal information and recorded and managed the creation time, access purpose, viewer, and viewing time of personal video information to prevent tampering. Additionally, physical security measures, such as locks, are installed for safe storage.

11. Personal Information Management Officer

To protect your personal information and address any concerns related to personal information, the Clinic has appointed the following personal information management officer:

[Personal Information Management Officer]
Manager: Director
Manager: Deputy Director
Handling Officer: Deputy Manager Kim Suk-ji, Senior Assistant Lee Won-jin
Affiliation: We Want Healthcare Radiology Clinic
Phone Number: 02-750-0045, 02-750-0043
Email Address: climax_jin@naver.com
You may report any personal information protection-related complaints arising from using our services to the personal information management officer.
The Clinic will provide prompt and sufficient responses to reports from users.
For additional reports or consultations regarding personal information breaches, please contact the following institutions:

Personal Information Dispute Mediation Committee (http://www.1336.or.kr / 1336)
Supreme Prosecutor's Office Cybercrime Investigation Division (http://www.spo.go.kr / (02) 3480-3573)
Cyber Terror Response Center (http://www.ctrc.go.kr / (02) 392-0330)

12. Notification Obligation for Policy Changes

This Privacy Policy was established on August 31, 2015, and in the event of any additions, deletions, or modifications due to changes in laws, policies, or security technologies, we will notify the changes, reasons, and content on our website at least 7 days before the revised Privacy Policy is implemented.

13. Personal Information Handling Consignment

To improve our services, we consign the collection and analysis of personal information to external companies. We establish necessary provisions in consignment contracts to ensure that personal information is safely managed according to relevant laws.
- Details regarding the consignees, scope of consignment, and shared information will be posted via email, phone, or on the website.
- Consignment contracts stipulate compliance with privacy protection instructions, confidentiality of personal information, and prohibition of third-party provision, and the contract details are stored electronically.

The Clinic consigns personal information for the execution of services as follows and establishes necessary provisions in the consignment contract to ensure safe management according to relevant laws. The consignment processing institutions and consignment details are as follows:

MediAge	Outsourced Testing Services	Date, Chart Number, Name, Gender, Age, Institution Name	Until the end of the outsourcing contract
BioAge	Outsourced Testing Services	Date, Chart Number, Name, Gender, Date of Birth, Age, Institution Name, Prescription Code	Until the end of the outsourcing contract
Samkwang Medical Foundation	Outsourced Testing Services	Date, Chart Number, Name, Gender, Date of Birth, Age, Institution Name, Prescription Code, Collection Date, Attending Physician’s Name	Until the end of the outsourcing contract
E-One Medical Foundation	Outsourced Testing Services	Date, Chart Number, Name, Gender, Date of Birth, Age, Institution Name, Prescription Code	Until the end of the outsourcing contract
MediGene HumanCare	Outsourced Testing Services	Date, Chart Number, Name, Gender, Date of Birth, Age, Institution Name, Prescription Code	Until the end of the outsourcing contract
Green Cross Medical Foundation	Outsourced Testing Services	Date, Chart Number, Name, Gender, Date of Birth, Age, Institution Name, Prescription Code	Until the end of the outsourcing contract
BML Clinic	Outsourced Testing Services	Name, Resident Registration Number, License Number, Phone Number, Medical Department, Medical Institution Name, Fax, Email	Until the end of the outsourcing contract
T&C Pathology Clinic	Outsourced Testing Services	Name, Gender, Date of Birth, Specimen Name, Medical Department, Test Name	Until the end of the outsourcing contract
SK Chemicals	Outsourced Testing Services	Date, Chart Number, Name, Gender, Age, Institution Name	Until the end of the outsourcing contract
Engitech	Health Check-up System Maintenance and Support	Name, Resident Registration Number, Address, Phone Number, Company Name, Health Check-up Record, Health Check-up Result, Consultation Information	Until the end of the outsourcing contract
Areumnuri	Health Check-up System Maintenance and Support	Name, Resident Registration Number, Address, Phone Number, Company Name, Health Check-up Record, Health Check-up Result, Consultation Information	Until the end of the outsourcing contract
LCTech	Automated Input System for Questionnaire Scanning and Maintenance	Name, Resident Registration Number, Address, Phone Number, Company Name, Past Medical History, Consultation Information	Until the end of the outsourcing contract
Infinite	Health Check-up Images and Records System Maintenance	Name, Chart Number, Date	Until the end of the outsourcing contract
S1	Security Systems and CCTV Fingerprint System	CCTV, Name, Resident Registration Number, Address, Contact Information	Until the end of the outsourcing contract
Korea Post Courier	Questionnaire and Medication Log Shipping Health Check-up Result Shipping	Name, Address, Contact Information	Until the end of the outsourcing contract
Medifix	Website Server Management and Maintenance	Website Member Information, Cookies, and Other Data	Until the end of the outsourcing contract
InfoNet	Server Hosting	Website Member Information, Cookies, and Other Data	Until the end of the outsourcing contract
Outsourced Company	Outsourced Work	Items	Retention and Usage Period

The hospital, through outsourcing contracts, ensures the compliance with relevant privacy regulations, confidentiality of personal information, prohibition of third-party provision, duration of the outsourcing, and the obligation to return or destroy personal information upon the termination of processing. These requirements are managed to be strictly followed.

Announcement Date: March 1, 2021
Implementation Date: March 1, 2021