Privacy Policy V.1

Effective date: August 21st, 2024

The following is Medical Avenue’s Privacy Policy protecting the personal information of our users in accordance with Article 30 of the Personal Information Protection Act.

The table of contents is as follows:

1.  The personal information we collect

2.  The purpose of our use of personal information

3.  Personal information retention and deletion

4.  Entrustment of personal information to third party service providers

5.  Provision of personal information to third parties

6.  Rights and obligations of users

7.  Safeguarding of personal information

8.  Chief Privacy Officer

9.  Cookies

10.  Links to external sites

11.  Updates to our Privacy Policy

Section 1.  The personal information we collect

  1. When you access our website or App (including our chat function within our App) – Medical Avenue [iOS | Android]), the following are the types of personal information that we may collect:
  • Name, user ID, email, telephone number, address (home, business and billing)
  • Payment information, such as credit card number, expiration date, billing address
  • Payment transaction history
  • Birthdate and gender
  • Communications with us (such as emails and text messages)
  • Communications that occur through our website and App (including in our in-App chat)
  • Hotel-related preferences and requests
  • Transportation-related preferences and requests (such as name of airline, seating and class preference, taxi, bus or limousine preference)
  • Passport information
  • Precise location
  • In order to facilitate our service to you, we will make a separate request to you for sensitive personal medical information.  We will store this information in DropBox. DropBox will be encrypted and only accessible with a confidential password. This will include health-related information that is contained in the following formats:
  • Medical records (including previous health reports and medical diagnoses, vaccination record, record of usage of prescription medication, images of affected or injured areas on the body or face, x-rays, MRIs, endoscopy images, WBBS scans, ultrasounds, PET/CT scans)

In the course of our communication with you regarding your medical information, we may also communicate by telephone (mobile or landline) and by videoconference.  Information regarding the fact that these communications were made will be collected, and the calls themselves may be recorded and the recordings collected as personal information.

  • When you install our App or use our website, we automatically collect the following types of information from your device:
  • IP address
  • Device type
  • Unique device identification numbers
  • Internet browser-type (i.e., Chrome, Safari, Firefox, Internet Explorer)
  • Internet Service Provider
  • Operating System
  • Mobile Carrier
  • When you download the App, we collect certain technical information from your device to enable the App to work properly and as otherwise described in our Privacy Policy. That technical information includes:
  • Device and telephone connectivity information such as your carrier, network type, network operator, subscriber identity module (“SIM”) operator, and SIM country
  • Operating system and version
  • Device model
  • Performance and data usage
  • Usage data, such as dates and times the app accesses our servers, the features and links clicked in the app, searches, transactions, and the data and files downloaded to the app
  • Device settings selected or enabled, such as Wi-Fi, Global Positioning System (“GPS”), and Bluetooth (which may be used for location services, subject to your permission as explained below)
  • Mobile device settings
  • Other technical information such as app name, type, and version as needed to provide you with our services
  • We may also collect from you your fingerprint imprint in order to implement a fingerprint login function
  • Permissions for location-based services.

Depending on your device’s settings and permissions, we may collect the location of your device by using GPS signals, cell phone towers, Wi-Fi signals, Bluetooth or other technologies. We will collect this information through the App (either during your initial login or later) to enable our location-based services available within the App. To disable location capabilities of the App, you can log off or change your mobile device’s settings.

  • App analytics. 

Depending on your device’s settings and permissions, we may use technology to track where you choose to download our App and to measure advertising effectiveness. When we use this kind of technology, we will use privacy enhancing technologies such as de-identification, pseudonymization, encryption and improved notice where possible.

Section 2.  The purpose of our use of personal information

The following are the purposes for which we use your personal information.  Your prior consent will be sought before amending or adding to any purpose described below.

  1. Creating a user account, creating a user profile, user identification and verification, user management.
  2. When a user is under 18 years of age (a “minor”), verifying the identity of the legal guardian of the minor and receiving the consent of the legal guardian to collect the personal information of the minor.
  3. Preventing misuse of our website or App service, investigating misuse of our website or App service, handling of user complaints, resolving disputes and preserving records of complaints and disputes
  4. Creating a profile for medical treatment; facilitating the user’s identification and selection of medical institutions for the provision of medical services; arranging for and scheduling medical treatment at the identified medical institution; providing follow up customized user service after receiving medical treatment.
  5. Applying for a K-ETA visa.
  6. Making hotel or transportation reservations, applying for travel insurance.
  7. Marketing; analytics.

Chart: personal information (including sensitive medical information, unique personal information), purpose of collection, retention period

  Personal Information Collected    Purpose of Collection  Retention Period (Please refer to Section 3)
          Name, user ID, email address, phone number (mobile and/or land line), password, birthdate, gender  Creation of user account; user identification, user management Creation of profile for medical treatment For K-ETA application For hotel and/or airline reservation, travel insurance application Verifying identity of a legal guardian             
        Medical records (previous health reports and medical diagnoses, vaccination records, record of usage of prescription medication, images of affected or injured areas of body or face, MRIs,  endoscopy images, WBBS scans, ultrasounds, PET/CT scans)  Creation of profile for medical treatment   For upload to Dropbox for safe storage and secure and convenient access by the user   Facilitation of the user’s identification and selection of a medical institution   To convey to medical institution in order to facilitate medical treatment            Records retained by us are returned to the user (if in hard copy form and at the request of the user) or destroyed at the time of user account cancellation or earlier at the request of the user  
  IP address   Email address   Indirect identifiers (user IDs, partner IDs, device IDs) using clickstream analytics and associated with IP address (GUID, TUID, AMUC)   Security question – Two Factor Authentication            Identity verification (security)           
      Passport information  Applying for K-ETA visa Making hotel and/or airline reservation Applying for travel insurance   
  Credit card details / PCI data (expiry/CVV) / bank account   Indirect identifiers (user IDs, partner IDs, device IDs) using clickstream analytics and associated with IP address (GUID, TUID, AMUC)   Security question – Two-Factor Authentication    Fraud prevention or detection         
  Name, email address  Handling user complaints, resolving disputes 
   
  Email address   Indirect identifiers (user IDs, device IDs) using clickstream analytics and associated with IP address (GUID, TUID, AMUC)        Marketing, analytics         
  Call recordings Videoconference recordingsHandling user complaints, resolving disputes (company protection)         
      Fingerprint imprint      To enable login  Deleted immediately upon user cancellation of fingerprint login function; deletion immediately upon user cancellation of account  

Notwithstanding our receiving your consent to the collection and use of personal information as described above, we will separately request your prior consent for the collection and use of your sensitive medical information and unique identification information as described below.

Medical and Unique Personal Information CollectedPurpose of CollectionRetention Period (Please also refer to Section 3)
      Medical records (previous health reports and medical diagnoses, vaccination records, record of usage of prescription medication, images of affected or injured areas of body or face, MRIs,  endoscopy images, WBBS scans, ultrasounds, PET/CT scans)  Creation of a medical treatment profile   For upload to Dropbox for safe storage and secure and convenient access by the user   Facilitation of the user’s identification and selection of a medical institution   To convey to medical institution in order to facilitate medical treatment        Records retained by us are returned to the user (if in hard copy form and at the request of the user) or destroyed at the time of user account cancellation or earlier at the request of the user  
Passport information  Applying for K-ETA visa   
  Making hotel and/or airline reservation  
Applying for travel insurance  
      Fingerprint imprint      To enable login  Deleted immediately upon user cancellation of fingerprint login function; deletion immediately upon user cancellation of account  

You have the right to refuse consent to the collection and use of the above sensitive information and unique identification information. There are disadvantages to refusing consent (your inability to make medical appointments, apply for visas, use hotel or flight reservation services, or use the fingerprint login function).

Section 3.  Personal information retention and deletion.

We will retain your personal information for as long as necessary to provide you with our services and for legitimate and essential business purposes, and to comply with our legal obligations and resolve disputes in accordance with applicable Korean laws for as long as it may be relevant to fulfill the purposes set forth in this Privacy Policy, unless a longer retention period is required by law.

The criteria we use to determine our retention periods include:

  • The duration of our relationship with you.
  • Whether we have a legal obligation related to your personal information, such as laws requiring us to keep records of your transactions with us.
  • Whether there are any current and relevant legal obligations affecting how long we will keep your personal information, including contractual obligations and statutory requirements.
  • Whether your information is needed for secure backups of our systems.
  • When the above retention periods pass or we no longer need to retain your personal information for the purposes set forth in our Privacy Policy, we will destroy your personal information in an irrevocable manner.

Medical records. 

Regarding the medical information and records you provide to us, upon cancellation or closing of your account, we will return to you any information that is in hard copy form, or destroy them at your request.  Regarding your medical information that is in an electronic format, we will irrevocably delete them upon cancellation or closing of your account, or earlier at your request.

The process and method of destruction of your personal information are as follows:

(1) Destruction process

Once the purpose is achieved, the user’s personal data is destroyed after storage for a certain period depending on data protection reasons under our internal policy and other applicable laws and regulations.

(2) Destruction method

When we delete your personal information stored in the form of electronic files, we use industry standard methods to ensure that any recovery or retrieval of your information is impossible. We destroy your personal data through de-identification so that the individuals cannot be identified. We may keep residual copies of your personal information in backup systems to protect our systems from malicious loss.

Retention required by statute. 

Notwithstanding the above retention and deletion criteria, we must adhere to statutorily mandated retention periods for certain categories of personal information. Please refer to the chart below for the retention period of categories of information that are governed by statute:

  Categories of Information    Applicable Statute    Statutory Retention Period
  Electronic financial transaction history    Electronic Financial Transactions Act  5 years
  History of cancellations of contract or withdrawals of offer   History of cancellations of contract and supply of goods/services   History of user complaints and handling of disputes   History of advertising and display     History of compensation and return of deposits made in error                      Act on Consumer Protection in Electronic Commerce        5 years           3 years       6 months     5 years
  Login history    Protection of Communications Secrets Act    3 months
    History of payment of taxes and fees    Framework Act on National Taxes      5 years

Section 4.  Entrustment of Personal Information to Third Party Service Providers

In order to facilitate the delivery of our service to you, we entrust certain personal information to third parties for the processing of certain tasks. These third-party service providers are required to protect personal information we entrust to them and may not use any directly identifying personal information other than to provide the services for which we have entrusted the personal information. The companies with which we entrust personal information are as follows.

  Third Party Service Provider    Service ProvidedPersonal Information Provided  Retention Period
    Supabase Mailjet Hubspot        Email delivery service    Name, user ID, email address, phone number (mobile and/or land line), password, birthdate, gender      From the date of provision of the service until consent is withdrawn or until the purpose for which it was provided is completed. After consent is withdrawn or the purpose provided is completed, the information is retained/used only to the extent necessary to investigate accidents related to the purpose of use, resolve disputes, handle civil complaints, and fulfill legal obligations.  

Notwithstanding our receipt of your consent to entrust the processing of personal information as described above, we will obtain your separate prior consent for the entrustment of the processing of your sensitive medical information and unique identification information as described below.

DropboxCloud storage serviceMedical records  From the date of provision of the service until consent is withdrawn or until the purpose for which it was provided is completed. After consent is withdrawn or the purpose provided is completed, the information is retained/used only to the extent necessary to investigate accidents related to the purpose of use, resolve disputes, handle civil complaints, and fulfill legal obligations.

Section 5.  Provision of personal information to third parties.

We will not provide personal information to third parties without the user’s prior consent, and use personal information only within the scope of the purposes specified in our Privacy Policy.

However, if  

  • the user directly consents in advance to providing personal information to a third party,
  • the obligation to submit personal information to a third party arises pursuant to relevant laws and regulations, or
  • the user or his/her legal representative is unable to express his/her intention or his/her address is unknown, and the situation is such that the provision of personal information is clearly required to safeguard the interests of the life, body, or property of the user or a third party,

then personal information may be provided to a third party.

In order to provide our service seamlessly to you, we may provide your personal information to third parties with your prior consent in the following cases. We will obtain your prior consent before modifying the contents specified below or adding third party purposes.

Third Party RecipientPersonal Information ProvidedPurpose of ProvisionRetention Period (Please refer to Section 3)
  The medical institution you select  Name, user ID, email address, phone number (mobile and/or land line), password, birthdate, genderCreation of a medical treatment profileFrom the date of provision of the service until consent is withdrawn or until the purpose for which it was provided is completed. After consent is withdrawn or the purpose provided is completed, the information is retained/used only to the extent necessary to investigate accidents related to the purpose of use, resolve disputes, handle civil complaints, and fulfill legal obligations.
  The hotel you select  Making reservations
  The airline you select  Making reservations
        Insurance Company (press the link below for details)   <Link>  Applying for travel insurance

In addition to requesting and obtaining your consent to provide personal information to a third party as described above, we will separately request and obtain your prior consent for entrusting the processing of your sensitive information and unique identification information as described below.

Third Party RecipientPersonal Information ProvidedPurpose of ProvisionRetention Period (Please refer to Section 3)
              The medical institution you select        Medical records (previous health reports and medical diagnoses, vaccination records, record of usage of prescription medication, images of affected or injured areas of body or face, MRIs, endoscopy images, WBBS scans, ultrasounds, PET/CT scans)  Creation of a medical treatment profileFrom the date of provision of the service until consent is withdrawn or until the purpose for which it was provided is completed. After consent is withdrawn or the purpose provided is completed, the information is retained/used only to the extent necessary to investigate accidents related to the purpose of use, resolve disputes, handle civil complaints, and fulfill legal obligations.
  The hotel you select  Passport informationMaking reservations
  The airline you select  Making reservations
  Insurance Company (press the link below for details)   <Link>  Applying for travel insurance

Section 6.  Rights and obligations of users

Users and the legal representatives of users under the age of 18 may at any time exercise the following rights regarding their personal information that we use. (However, please note that this right may be restricted in accordance with Article 35, Paragraph 4, Article 36, Paragraph 1, and Article 37 Paragraph 2, of the Personal Information Protection Act, and the right to request deletion or suspension of the use of personal information may be limited by other laws and regulations).

  1. Right to request the perusal of personal information
  • Right to request correction of personal information if there is an error.
  • Right to request deletion of personal information.
  • Right to request cessation of processing of personal information.

Users may exercise their rights through written requests, by e-mail, fax, etc., in accordance with Article 41, Article 43 and Article 44 of the Enforcement Decree of the Personal Information Protection Act. We will comply upon receipt of such request.

When we receive a request from a user as listed above, we will confirm that the person making the request is the user or the user’s legal representative.

Section 7.  Safeguarding of personal information

In accordance with Article 29 of the Personal Information Protection Act (providing for the obligation to take safety measures), we adopt certain measures to safeguard personal information.  (Please note that users also should exercise personal caution in order to prevent their passwords and personal information from being lost, stolen, exposed, or altered by a third party. In particular, users should exercise due care in preventing passwords from being revealed through the use of public access personal computers.  It is also incumbent upon users to change passwords regularly.)

The measures we adopt are:

  1. Implementation of anti-hacking measures.
  • Encryption of personal information
  • Restriction of and limiting access to personal information
  • Restricting the number of and regularly training employees who are responsible for managing personal information

Section. 8.  Chief Privacy Officer

For inquiries regarding our Privacy Policy, or complaints related to user privacy, please contact our Chief Privacy Officer below.

Name: Eunjee Ryu

Email: assistance@medicalavenuekorea.com

Tel: +82 (02) 6336 6767

If you wish to receive consultation regarding your rights concerning your personal information, you may also direct your inquiry to the following:

  • Personal Information Dispute Mediation Committee

Tel.: 1833-6972

Homepage:  www.kopico.go.kr

  • Personal Information Infringement Report Center

Tel.: 118

Homepage: https://privacy.kisa.or.kr/

  • Supreme Prosecutors’ Office

Tel.: 1301

Homepage: www.spo.go.kr

  • Korean National Police Agency

Tel.: 182

Homepage:  https://ecrm.police.go.kr/

Section 9.  Cookies

We use cookies, web beacons such as Google tag manager, Facebook pixels and other technologies to receive and store certain types of information whenever you access our website or App.  Cookies are small pieces of text sent as files to your computer or mobile device when you visit most websites and apps. Cookies may be delivered by us (first party cookies) or delivered by a third-party partner (third-party cookies). We do not have access to the cookies these third-parties may use to collect information about your interests, and the information practices of these third-parties are not covered by our Privacy Policy.

We use cookies to help us improve your user experience when visiting our website or App, ensure that our website and App perform as intended, remember your preferences, provide you with relevant advertising and analyze the performance of the advertisements, identify errors on our website and App, assist with data protection and potential identification of fraudulent activity, help us understand traffic to our website and App, and analyze how well our website and App are performing.

You can set or amend your web browser controls to accept or refuse cookies at any time.  However, refusing cookies may affect your user experience by restricting the functionality of the App and website.

Section 10.  Links to external sites

Our App and website contain links to third party websites, including those of medical institutions. These links are meant for your reference and convenience only. Links to third party websites are not meant to and do not constitute an endorsement or approval of these websites. We are not responsible for the privacy practices of such other websites. We encourage our users to be aware, when they leave our website or App, to read the privacy statements of each and every website that collects personal information. Our Privacy Policy applies solely to information collected by our website and App.

Section 11.  Updates to our Privacy Policy

We may update our Privacy Policy in response to changing laws or technical or business developments. If we propose to make any material changes, we will notify you by means of a notice on this page.

Appendix to Section 5: Insurance Companies

Nomad Insurancehttps://www.worldnomads.com
Scroll to Top