Privacy Policy
Trial Informatics Co., Ltd. (hereinafter referred to as the “Company”) has established and disclosed the following privacy policy to protect the personal information of data subjects and to ensure that any grievances related to personal information are handled swiftly and smoothly.
1. Purpose of Collecting and Using Personal Information
The Company collects and uses personal information for the following reasons:
- Statistical analysis and development related to clinical trials.
2. Items of Personal Information Collected and Collection Method
2) Collection Method of Personal Information
- Personal information is provided by hospitals through the personal (pseudonymized) information processing system.
- Personal Information Processing System (Pseudonymized):
- Mandatory Information: Gender, Age, Clinical Imaging Information
- Optional Information: None
2) Personal information is provided by individuals through solutions provided by TI.
- Trial Data Hub Membership Registration:
- Mandatory Information: Name, Email Address
- Optional Information: Phone Number
- ImageTrial Membership Registration:
- Mandatory Information: Name, Email Address, Affiliation
- Optional Information: None
- TI Official Website Contact Us:
- Mandatory Information: Name, Email Address, Affiliation
- Optional Information: None
3. Retention and Use Period of Personal Information
The Company retains the collected personal information until the purpose of collection is fully achieved. However, even after the purpose of collection or the purpose of provision is fulfilled, personal information may be retained if necessary by other legal regulations. Additionally, if a user requests the deletion of their personal information, the information will be deleted immediately unless legal requirements mandate its retention beyond the requested deletion date. No information will be retained once it is deleted upon request.
1) Clinical Information Data: 3 years as a standard (This may vary depending on the project contract).
2) Provision of Goods or Services: Until the completion of supply and payment/settlement of fees. However, in cases such as the following, personal information may be retained until the end of the respective period:
- Records of contracts or withdrawal of offers, payment, and supply of goods: 5 years
- Records related to labeling and advertising: 6 months (Consumer Protection Act in E-commerce)
- Website visit records: 3 months (Communications Privacy Protection Act)
Even if the purpose of collection or provision is fulfilled, the Company may retain personal information as required by other legal regulations.
4. Provision of Personal Information to Third Parties
The Company does not provide the collected personal information to third parties without the customer's separate consent, except in cases where there is a special provision in another law.
5. Destruction of Personal Information
2) The Company will destroy the collected personal information without delay once the purpose of use is achieved. The destruction procedure and method are as follows:
- Destruction Procedure: Collected personal (pseudonymized) information will be deleted or destroyed after the purpose of use is achieved, according to internal policies and other legal provisions for information protection.
- Destruction Method: Personal information in electronic file format will be deleted using technical methods that prevent record recovery. If printed on paper, it will be shredded or incinerated.
2) If the retention period of personal information consented by the data subject has elapsed, or if the purpose of processing has been achieved, but other laws require continuous retention of personal information, the Company will store the information by moving it to a separate database (DB) or by storing it in a different location.
6. Outsourcing of Personal Information Processing
The Company does not outsource the processing of personal information to external entities.
7. Measures to Ensure the Safety of Personal Information
The Company takes the following measures to ensure the safety of personal information:
1. Operation of a Personal Information Protection Organization:
- The Company has established a personal information protection organization and designated a person responsible to ensure internal management plans and personal information processing policies are formulated and implemented. Any issues identified are promptly addressed and rectified.
2. Minimization and Training of Personnel Handling Personal Information:
- The Company has designated personnel who handle personal information and has implemented measures to limit access to authorized personnel only.
3. Technical Measures Against Hacking, etc.:
- The Company has installed security programs to prevent the leakage and damage of personal information due to hacking or computer viruses. These programs are regularly updated and inspected, and the system is installed in an area with restricted access and monitored both technically and physically.
4. Encryption of Personal Information:
- Key personal information is securely stored and managed through encryption, and passwords are stored using one-way encryption that cannot be decrypted.
5. Retention and Protection Against Tampering of Access Records:
- Access records to the personal information processing system are stored and managed for at least one year and inspected/managed at least once a month. Security functions are used to prevent tampering, theft, or loss of access records.
6. Access Control to Personal Information:
- The Company takes necessary measures to control access to personal information by granting, changing, and removing access rights to the database system that processes personal information and uses intrusion prevention systems to prevent unauthorized access from outside.
7. Physical Security Measures:
- The personal information processing system is physically located in a separate IDC, and access control is implemented.
8. Administrative Safety Measures:
- The Company has implemented and prepared response manuals for personal information leakage incidents, risk analysis, and disaster recovery plans. The Company also oversees and supervises contractors to ensure the proper protection of personal information.
8. Installation/Operation and Rejection of Automatic Collection Devices
1. Purpose of Using Cookies:
- Cookies are used to provide users with optimized information by identifying their usage patterns, popular search terms, and security access status for each service and website visited.
2. Installation/Operation and Rejection of Cookies:
- Users can choose whether to accept cookies. By selecting options in the web browser, users can allow all cookies, go through a confirmation process whenever cookies are stored, or refuse to save all cookies.
9. Rights and Obligations of Data Subjects and How to Exercise Them
1) Users can request the suspension of the processing of their personal information held by the Company. However, the Company may refuse to suspend the processing for the following reasons:
- If there are special provisions in the law or if it is unavoidable to comply with legal obligations.
- If there is a risk of harm to another person's life or body or an undue infringement of another person’s property and other benefits.
- If it is difficult to fulfill the contract agreed with the data subject due to the non-processing of personal information, and the data subject has not clearly expressed their intention to terminate the contract.
2) How to Exercise Rights and Procedures:
- The data subject may submit a request for access, correction, deletion, or suspension of processing in writing, by email, or by fax to the personal information department.
- The Company will take the necessary measures within 10 days unless there are legitimate reasons not to do so. If there are reasons for refusal or restriction, the Company will notify the data subject of the reason and how to file an objection within 5 days.
- When the data subject or their agent requests access, correction, or deletion of personal information, the Company may confirm the identity of the data subject or agent by verifying identification such as a resident registration card or a digital signature.
- When the data subject withdraws consent to the collection, use, or provision of personal information, the Company will destroy the collected personal information without delay.
10. Designation of a Personal Information Protection Officer
The Company has designated the following personal information protection officers to protect customers' personal information and handle complaints related to personal information. Customers can report any privacy-related complaints to the personal information protection officer. The Company will respond promptly and fully to any inquiries. (Including requests for access to information)
- Personal Information Protection Officer: Head of IT Solution Division Yongbin Shin (1800-7260, cs@trialinformatics.com)
- Personal Information Protection Manager: IT Solution Division PdM Yoonjung Park (1800-7260, cs@trialinformatics.com)
11. Remedies for Rights Infringement
For other reports or consultations related to personal information infringement, you may contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cybercrime Division: 1301, cybercid@spo.go.kr (www.spo.go.kr)
- National Police Agency Cybercrime Reporting System: 182 (ecrm.police.go.kr)
Additionally, if you have been infringed upon due to a public institution's handling of your request for access, correction, deletion, or suspension of processing of personal information, you may file an administrative appeal according to the Administrative Appeals Act.
- Refer to the Central Administrative Appeals Committee (www.simpan.go.kr) for phone information.
12. Changes to the Privacy Policy
This policy is effective from August 19, 2024.