Seoul
English

Seoul
English

Seoul
English

MOMO Privacy Policy

MOMO Privacy Policy

Welcome to our website.

Privacy Policy Notice

MOMO Plastic Surgery Clinic (hereinafter referred to as "the Clinic") places the highest importance on protecting the personal information of data subjects (hereinafter referred to as "Customers"). The Clinic manages personal information securely in compliance with applicable laws and regulations, including the Personal Information Protection Act and its Enforcement Decree, the Framework Act on Telecommunications, and the Telecommunications Business Act, to safeguard the rights and interests of Customers. The Clinic hereby establishes and publishes this Privacy Policy to inform Customers of the regulations concerning the processing of their personal information, including the categories of information collected and purposes of use, and to ensure prompt and efficient handling of personal information processing operations.

■ Categories of Personal Information Collected

  • 1. The Clinic collects the following personal information for membership registration, customer consultation, and provision of various services:
    • - Individual Members: Name, date of birth, gender, address, age, contact number, mobile phone information, and email address
    • - Individual Members Under 14 Years of Age: Legal guardian information (resident registration number or i-PIN number, mobile phone information)
    • - Additional Information: Visit records, prescription information, medical treatment records, credit card company name, card number, and payment authorization information
    • - Event Participation: Name, age, contact number, email, address, gender, appointment information, medical treatment records, and consultation history
  • 2. Methods of Personal Information Collection
    • - Website, written forms, fax, telephone, bulletin boards, email, and event participation
  • 3. The following information may be automatically generated and collected during service usage:
    • - IP address, cookies, access date and time, service usage records, and records of improper use

■ Purposes of Personal Information Collection and Use

The Clinic shall not use personal information for purposes other than those specified below. In the event of any change in purpose, prior consent shall be obtained.
  • 1. Service Provision
    • - Medical Treatment Information: Provision of medical services for diagnosis and treatment, and administrative services including billing, payment processing, and refunds
    • - Appointment Information: Identity verification procedures for medical appointments, appointment inquiries, and other service utilization
    • - Consultation Information: Customer medical consultation and guidance via telephone, text message, or KakaoTalk
    • - Other Information: Facilitation of communication channels for clinic announcements, health information via text messages and social media, surveys, and complaint resolution
  • 2. Member Management
    • Identity verification for service use, personal identification, prevention of fraudulent use by delinquent members and unauthorized access, verification of legal guardian consent when collecting personal information of children under 14 years of age, subsequent legal guardian identity verification, record retention for dispute resolution, processing of complaints, delivery of notices, provision of various information for member management, newsletters, and surveys
  • 3. Development of New Services and Marketing and Advertising Purposes
    • - Development of new services and provision of customized services, delivery of event and promotional information, and participation opportunities
    • - The following information may be collected with separate member consent when participating in promotional events or using optional services:
      • • Name, age, contact number, email, address, gender, appointment information, medical treatment records, and consultation information
      • • Third-party mobile phone numbers stored in the member's mobile phone contacts (limited to services with social community features; such numbers are not stored)
      • • Credit card number, mobile phone number, ID and password of gift certificate payment partners (limited to members using paid payment services)
  • 4. Event Participation
    • - Customer consultation at MOMO Plastic Surgery Clinic (telephone and text message)

■ Personal Information Retention and Processing Period

The Clinic processes and retains personal information within the retention period prescribed by law or the period agreed upon by the data subject at the time of collection. However, personal information may be retained beyond the achievement of collection purposes if preservation is required under applicable laws, including the Commercial Act.

The processing and retention periods for each category of personal information are as follows:
  • 1) Website Membership Registration and Management: Until withdrawal from the website. However, retention shall continue until the conclusion of any of the following circumstances:
    • • Ongoing investigations or inquiries related to violations of applicable laws shall be retained until completion of such investigations or inquiries.
      • - Website Access Records
        • • Legal Basis: Protection of Communications Secrets Act
        • • Retention Period: 3 months
      • - Identity Verification Records
        • • Legal Basis: Act on Promotion of Information and Communications Network Utilization and Information Protection
        • • Retention Period: 6 months
      • - Consumer Complaint and Dispute Resolution Records
        • • Legal Basis: Act on Consumer Protection in Electronic Commerce
        • • Retention Period: 3 years
      • - Credit Information Collection, Processing, and Use Records
        • • Legal Basis: Act on the Use and Protection of Credit Information
        • • Retention Period: 3 years
  • 2) Medical Services: Retained in accordance with Article 15 of the Enforcement Rules of the Medical Service Act ("Preservation of Medical Records"):
    • • Patient Registry: 5 years
    • • Medical Records: 10 years
    • • Prescriptions: 2 years
    • • Surgical Records: 10 years
    • • Examination Results and Findings: 5 years
    • • Radiographic Images and Reports: 5 years
    • • Copies of Medical Certificates: 3 years
  • 3) Complaint Processing: 3 years from completion of complaint resolution
    • During service usage, IP addresses, cookies, service usage records, and device information may be generated and collected.
      • - Such information may or may not constitute personal information depending on whether it is linked to personal identifiers.

■ Third-Party Provision and Outsourcing of Personal Information Processing

The Clinic outsources certain tasks necessary for service provision to external companies. The Clinic stipulates necessary requirements in accordance with the Personal Information Protection Act and manages and supervises outsourced companies to ensure secure processing of personal information. Any changes to the outsourced tasks or recipients shall be promptly disclosed through this Privacy Policy.
  • Outsourcing Partners and Outsourced Tasks
    • • Personal Information Retention Period: Until termination of the outsourcing contract
Outsourced Company Outsourced Tasks Personal Information Provided Retention Period
Carelabs Co., Ltd. Customer management system operation Clinic registration number, medical treatment records, name, resident registration number, address, telephone number, email, etc. Until contract termination
Meta S&C Co., Ltd. Customer management system operation, call system operation, IT system management Clinic registration number, medical treatment records, name, resident registration number, address, telephone number, email, etc. Until contract termination
Techlabs Co., Ltd. Telemarketing customer management, marketing, IT system management Name, telephone number, address, email, medical treatment records, appointment consultation information, etc. Until contract termination
Wepick Co., Ltd. Marketing Name, telephone number, address, email, etc. Until contract termination
※ Website operation and management, event promotional information delivery, outsourced IT management services, customer management: MOMOLABS Co., Ltd., MOMOBUSAN Co., Ltd., MOMODAEGU Co., Ltd., MOMO Plastic Surgery Clinic (Seoul Branch), MOMO Clinic (Busan Branch, Daegu Branch)

■ Rights and Obligations of Data Subjects and Exercise Methods

  • 1. Request for Access to Personal Information: Customers may request access to personal information files held by the Clinic pursuant to Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, access requests may be restricted under Article 35(5) of the Personal Information Protection Act in the following cases:
    • - When access is prohibited or restricted by law
    • - When there is a risk of harm to the life or body of another person, or unfair infringement of the property or other interests of another person
  • 2. Request for Correction or Deletion of Personal Information: Customers may request the Clinic to correct or delete personal information held in files pursuant to Article 36 (Correction and Deletion of Personal Information) of the Personal Information Protection Act. However, deletion cannot be requested if the personal information is explicitly designated as a collection target under other laws.
  • 3. Request for Suspension of Personal Information Processing: Customers may request the Clinic to suspend processing of personal information held in files pursuant to Article 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act. Legal guardians of children under 14 years of age may also request access to, correction, deletion, or suspension of processing of the child's personal information. However, requests for suspension of processing may be denied under Article 37(2) of the Personal Information Protection Act in the following cases:
    • - When there are special provisions in law or compliance with legal obligations is unavoidable
    • - When there is a risk of harm to the life or body of another person, or unfair infringement of the property or other interests of another person
    • - When it is impracticable to perform the contract, such as inability to provide agreed-upon services without processing personal information, and the data subject has not clearly expressed intention to terminate the contract

■ Personal Information Destruction Procedures and Methods

The Clinic generally destroys personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when preservation is required under other laws. The destruction procedures, deadlines, and methods are as follows:
  • 1. Destruction Procedure
    • Information provided by users shall be destroyed in accordance with internal policies and applicable laws after the retention period has expired or the purpose of processing has been achieved. (Refer to Personal Information Retention and Processing Period)
  • 2. Destruction Deadline
    • When the retention period for personal information has expired, destruction shall occur within 5 days from the end of the retention period. When personal information becomes unnecessary due to achievement of processing purposes, discontinuation of services, or business termination, destruction shall occur within 5 days from the date such processing is deemed unnecessary.
  • 3. Destruction Methods
    • - Electronic Files: Permanently deleted using methods that prevent recovery
    • - Paper Documents and Other Recording Media: Shredded or incinerated

■ Measures to Ensure Personal Information Security

The Clinic implements the following technical, administrative, and physical measures necessary to ensure security pursuant to Article 29 of the Personal Information Protection Act:
  • 1. Establishment and Implementation of Internal Management Plan
    • The Clinic establishes and implements an internal management plan in accordance with Article 29 of the Personal Information Protection Act.
  • 2. Minimization and Training of Personal Information Handlers
    • The designation of personal information handlers is minimized, and regular training is conducted in accordance with the internal management plan.
  • 3. Administrative Measures
    • Upon employment, all employees execute security pledges to prevent information leakage, and internal procedures are established to audit compliance with the personal information protection policy and employee adherence thereto.
    • Handover of duties for personal information handlers is conducted under secure conditions, with clear assignment of responsibility for personal information incidents during and after employment.
  • 4. Access Control for Personal Information
    • Access to personal information is controlled through granting, modifying, and revoking access rights to database systems processing personal information. Unauthorized external access is controlled using intrusion prevention and detection systems. Access grant, modification, and revocation records are maintained for a minimum of 3 years.
  • 5. Storage of Access Records and Prevention of Falsification
    • Records of access to personal information processing systems (web logs, summary information, etc.) are stored and managed for a minimum of 6 months, with measures implemented to prevent falsification, alteration, theft, or loss of access records.
  • 6. Encryption of Personal Information
    • Personal information is stored and managed in encrypted form. Separate security features, including encryption during storage and transmission of critical data, are utilized.
  • 7. Technical Countermeasures Against Hacking
    • The Clinic installs security programs with regular updates and inspections, and deploys systems in access-controlled areas to prevent personal information leakage and damage from hacking or computer viruses, with technical and physical monitoring and blocking of such attempts.
  • 8. Access Control for Unauthorized Persons
    • The physical location of personal information storage systems is maintained separately, with established and operational access control procedures.

■ Personal Information Protection Officer

The Clinic designates the following Personal Information Protection Officers to protect personal information and handle related matters:
  • - Name: Kim Seung-jun
    - Affiliation: MOMO Plastic Surgery Clinic, Seoul Branch
    - Email: theironps@naver.com
  • - Name: Ko Sang-jin
    - Affiliation: MOMO Clinic, Busan Branch
    - Email: momohairsurgery@naver.com
  • - Name: Kang Dong-woo
    - Affiliation: MOMO Clinic, Daegu Branch
    - Email: momodaegu@naver.com

■ Amendments to the Privacy Policy

This Privacy Policy shall take effect from the enforcement date. In the event of additions, deletions, or modifications due to changes in laws or policies, notice shall be provided through announcements at least 7 days prior to implementation of the amendments.
  • - Revision Date: March 29, 2024
    - Effective Date: April 5, 2024

■ Remedies for Rights Infringement

Customers may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or other relevant organizations to seek remedies for personal information infringement. For reports or consultations regarding personal information infringement, please contact the following organizations: