This is an oncoMASTER Personal Data Processing Policy.
Privacy Policy In accordance with Article 30 of the "Korea Personal Information Protection Act," we will establish and disclose a personal information processing policy. This is intended to guide data subjects through the procedures and standards for processing personal information and to facilitate the processing of grievances in this regard.
1. Purpose of processing personal information
processes personal information for the following purposes: The personal information being processed will not be used for any purpose other than the following purposes. If the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
① Membership and management: Personal information is processed to confirm membership intention, identify and authenticate users for membership services, maintain and manage membership, prevent illegal service use, and address grievances.
② Use and delivery of services: Process personal information for the purpose of providing on-co master services.
2. Processing and Retention Period of Personal Information
① processes and retains personal information for the duration specified by the Act or the agreed-upon period when collecting personal information from the data subject.
② The processing and retention period for each piece of personal information is as follows: However, if necessary according to relevant laws and regulations, additional processing and retention may be carried out during that period.
1) Home page membership and management: Up to membership withdrawal
2) Service availability and delivery: until the service delivery is complete
3. Items of personal information to be processed
① Membership and Management
1) Personal information (required): Name, gender, date of birth, mobile phone number, and email address
2) Personal Information (optional): Address
3) Sensitive information (required): Hospital name, type of cancer, date of diagnosis, and other health-related details.
② Use and Delivery of Services
1) Personal information (required): Name, gender, date of birth, mobile phone number, and email address
2) Personal Information (optional): Address
3) Sensitive information (required): Hospital medical records, including the hospital name, carcinoma, diagnosis date, treatment history, prescription drug history,
biopsy records (including pathology records), and cancer genetic variation information (e.g., results of next-generation sequencing panel analysis (NGS)).
Service | Purpose | Collection Items | Retention and Use Period |
Membership and Management | Complaints may include issues related to identification, personal identification, prevention of illegal use of defective members, complaint handling, and notification delivery in relation to the use of membership services. | · Personal information (required): Name, gender, date of birth, mobile phone number, and email address · Personal Information (optional): Address · Sensitive information (required): Hospital name, type of cancer, date of diagnosis, and other health-related details. | Until membership is withdrawn Provided that it must be preserved without destruction according to the relevant Acts and subordinate statutes for the specified period. |
Use and Delivery of Services | Utilization and Delivery of oncoMASTER Services. | · Personal information (required): Name, gender, date of birth, mobile phone number, and email address · Personal Information (optional): Address · Sensitive information (required): Hospital medical records, including the hospital name, carcinoma, diagnosis date, treatment history, prescription drug history, biopsy records (pathological records), and cancer genetic variation information (e.g., NGS-based genetic panel test results). | Until the service is completed Provided that it must be preserved without destruction in accordance with the relevant Acts and subordinate statutes for the specified period. |
4. Matters regarding the provision of personal information to a third party
① processes the personal information of the data subject only within the specified scope for the purpose of processing the personal information. It provides personal information to a third party only if it complies with Articles 17 and 18 of the Personal Information Protection Act, such as obtaining the consent of the data subject and meeting special provisions of the Act. It does not provide personal information of the data subject to any third party beyond that.
5. Matters related to the outsourcing of personal information processing services
① entrusts the processing of personal information as follows to ensure smooth handling of personal data.
Consignee (Trustee) | Commissioned work |
Huraypositive Corp. | Website maintenance, management, and repair. |
NICE ID | Real name authentication. |
② When concluding a consignment contract, is responsible for prohibiting the processing of personal information for purposes other than performing consignment work, implementing technical and managerial protection measures, imposing restrictions on re-entrustment, managing and supervising the trustee, and providing compensation for damages in accordance with Article 26 of the Personal Information Protection Act. Matters related to this are specified in documents such as contracts, and we oversee whether the trustee handles personal information securely.
③ If the content of the entrusted work or the trustee changes, we will promptly disclose it through this personal information processing policy.
6. Matters related to procedures and methods for destroying personal information
① oncoMASTER promptly destroys personal information when it becomes unnecessary, such as when the personal information retention period expires or when the processing purpose is achieved.
② If personal information needs to be retained in compliance with other laws and regulations, even after the agreed period for retaining personal information has expired or the processing purpose has been fulfilled, the personal information will be transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for disposing of personal information are as follows.
1) The procedure for abandoning oncoMASTER involves selecting personal information that is due for destruction and obtaining approval from the personal information
protection manager before destroying the selected data.
2) The destruction method guarantees that personal information stored in electronic files cannot be replicated, and personal information recorded on paper documents is
destroyed through shredding, crushing, or incineration.
7. Matters related to the rights, obligations, and methods of exercising the data subject's rights
① The data subject may exercise their rights to access, correct, delete, and request suspension of the processing of personal information at any time.
② The exercise of rights can be done in writing or by email in accordance with Article 41 of the Enforcement Decree of the Personal Information Protection Act, and oncoMASTER will take appropriate action in accordance with this provision.
③ The exercise of rights may be carried out by a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Form 11 attached to the Notice on How to Process Personal Information (No. 2020-7).
④ Requests for suspension of access and processing of personal information may limit the rights of the data subject as outlined in Articles 35(4) and 37(2) of the Personal Information Protection Act.
⑤ Requests for the correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection in other laws and regulations.
⑥ verifies the identity of the individual making the request, whether it is for reading, correction, deletion, or suspension of processing, in accordance with the data subject's rights.
8. Measures to Ensure the Safety of Personal Information
oncoMASTER implements the following measures to ensure the security of personal information.
① Management measures: The development and implementation of internal management plans, assignment of dedicated personnel, and regular training for employees.
② Technical measures: This includes managing access rights to personal information processing systems, installing access control systems, encrypting personal information, and installing and updating security programs.
③ Physical measures: control access to computer rooms, data storage rooms, etc.
9. Matters concerning the installation and operation of devices that automatically collect personal information and the refusal thereof: oncoMASTER does not use cookies to store the subject's usage information or retrieve it periodically.
10. Matters related to the collection, use, provision, or refusal of behavioral information: oncoMASTER does not collect, use, or provide behavioral information for online customized advertisements.
11. Matters concerning the processing of pseudonym information
oncoMASTER de-identifies personal information collected for statistics creation, scientific research, and preservation of public interest records so that specific individuals cannot be identified and processes them as follows.
① Matters concerning the processing of pseudonym information
Classification | Purpose of the processing | Processing item | Retention and Usage Period |
Statistical and scientific research | Research on the treatment response and prognosis associated with each gene mutation, etc. | Gender, date of birth, and hospital medical records, hospital name, type of cancer, diagnosis date, treatment history, prescription drug history, biopsy records (including pathology records), and genetic variations in cancer genetic test results (e.g., next-generation sequencing panel analysis (NGS) results). | Until the processing purpose is achieved. |
② Matters related to ensuring the security of pseudonym information under Article 28-4 of the Act (obligations to implement security measures for pseudonym information, etc.)
1) Management measures: Establishment and implementation of internal management plans, and regular training for employees
2) Technical measures: managing access rights to personal information processing systems, installing access control systems, encrypting unique identification information, and
installing security programs.
3) Physical measures: controlling access to computer rooms, data storage rooms, etc.
12. Use and provision of personal information within the scope reasonably related to the purpose of collection.
oncoMASTER may provide personal information to users or third parties without the user's consent, considering the following criteria within the original purpose of collection and a reasonable scope.
① Whether it is related to the original purpose of collection: This can be determined by considering whether the original purpose of collection and the purpose of additional use and provision are related to the nature or trend, etc.
② Whether there is predictability for further use or disclosure of personal information based on the circumstances or processing practices in which personal information was collected: This can be assessed by considering the relationship between the personal information controller and the user, the level of technology and the pace of development, general circumstances (practices) established over a significant period of time, etc.
③ Whether the user's interests are unfairly infringed: This involves assessing whether the user's interests are genuinely affected in connection with the additional purpose of use, and whether such infringement is unfair.
④ Whether necessary measures for ensuring safety, such as pseudonymization or encryption, have been implemented: This involves assessing whether safety measures have been taken into account in light of the potential for infringement, etc.
13. Issues related to the individual responsible for safeguarding personal information
① oncoMASTER is in charge of handling personal information and designates a person responsible for personal information protection as follows for handling complaints and damage relief of data subjects related to personal information processing.
Personal Information Protection Officer | Department responsible for the protection of personal information | ||
Name | WooYoung Jang | Sector Name | Department of Big Data |
Position | CEO | Person in charge | YongHwa Choi |
contact@oncomaster.co.kr | |||
② The data subject can contact the individual responsible for personal information protection and the department handling damage relief for any inquiries or complaints related to personal information protection while using oncoMASTER's services. oncoMASTER will promptly respond to and handle the subject's inquiries.
14. The department responsible for receiving and processing requests for access to personal information
According to Article 35 of the "Personal Information Protection Act", the data subject may request access to personal information from the following departments.
oncoMASTER will make every effort to expedite the request for access to personal information by the data subject.
Personal Information Protection Officer | Department responsible for the protection of personal information | ||
Name | WooYoung Jang | Sector Name | Department of Big Data |
Position | CEO | Person in charge | YongHwa Choi |
contact@oncomaster.co.kr | |||
15. Remedy for Infringement of Data Subjects' Rights and Interests
① The data subject may seek dispute resolution or counseling from the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet Promotion Agency, etc., in order to seek redress for personal information infringement. Furthermore, please reach out to the following institutions for reports and consultations regarding other instances of personal information infringement.
1) Personal Information Dispute Mediation Committee: (without national code) 1833-6972 (www.kopico.go.kr)
2) Personal Information Infringement Reporting Center: 118 (without national code) (privacy.kisa.or.kr)
3) Supreme Prosecutors' Office: 1301 (without national code) (www.spo.go.kr)
4) Police Department: (without a national code) 182 (ecrm.cyber.go.kr)
② oncoMASTER guarantees the data subject's right to self-determination of personal information, strives to provide counseling and damage relief due to personal information infringement, and if you need to report or consult, please contact the department in charge below.
Customer consultation and reporting related to the protection of personal information | |
Sector Name | Responsible for oncoMASTER Services |
Person in charge | Naeun Lee |
contact@oncomaster.co.kr | |
If a person's rights or interests have been violated due to an action or inaction by the head of a public institution in response to a request under Article 35 (access to personal information), Article 36 (correction and deletion of personal information), and Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act, they may request an administrative trial as stipulated by the Administrative Trial Act.
‣ Central Administrative Appeals Commission: 110 (without national code) (www.simpan.go.kr)
16. Matters concerning the change of the personal information processing policy
① This privacy policy will take effect on May 3, 2023.
1. 2023. 1. 25. ~ 2023. 3. 27. Ver. 1.0 applied
2. 2023. 3. 28. ~ 2023. 5. 02 Ver. 1.1 applied
oncoMASTER Co., Ltd.
Business registration number: 108-87-02074 | CEO: Wooyoung Jang
Address: #305, Biz S Bldg, Seoul Biohub,117-3 Hoegiro, Seoul, 02455, ROK
Email: contact@oncomaster.co.kr
Copyright 2023. oncoMASTER all rights reserved.
Home