Privacy Policy

MedPacto(hereinafter “Company”) regards the protection of your Personal Information very important, and complies with relevant laws/regulations including the Personal Information Protection Act and the Act On Promotion Of Information And Communications Network Utilization And Information Protection, etc. Company hereby informs the purpose and method of using Personal Information provided by you through Company’s website, and what measures are taken to protect Personal Information.

1. Purpose of Processing Personal Information

Company processes Personal Information for the following purposes. The processed Personal Information will not be used for any purpose other than the following purposes, and if a purpose is changed, a necessary measure such as obtaining a separate consent in accordance with Article 18 of the Personal Information Protection Act will be taken.

  • A. Processing Client’s Inquiry

    Company processes Personal Information for the purpose of verifying the identity of the inquirer, confirming the content of Inquiry, contacting and notifying for the investigation of fact, and notifying of processing result, etc.

  • B. Recruitment

    Company processes Personal Information for the purpose of processing recruitment and talent pool registration , etc.

  • C. Personal Visual Data

    Company processes Personal Information for the purpose of preventing and investigating crimes, ensuring safety of facilities and preventing fire, etc.

  • D. Recording of clinical trials

    Company processes Personal Information for the purpose of preparation, storage, reporting, research, etc of records of clinical trials in accordance with the Pharmaceutical Affairs Act and other related laws/regulations.

2. Items of Personal Information processed

  • 1) Company processes the following Personal Information items for the operation of Contact(General inquiry, Business development inquiry, Personal Information inquiry, Clinical trial safety information inquiry, etc) service, etc.
  • A. Processing Client’s inquiry

    - Mandatory Information: name, phone number, e-mail address, Company/organization, content of inquiry
    - Optional Information: Date of Birth, address

  • B. Recruitment

    - Name, date of birth, address, contact number, education history (name of school, major, enrollment year/month, graduation year/month, location), employment history (employment period, company location, job title, job scope, major task), language, miscellaneous (military status, reason for exemption, veteran status)

  • C. The following information may be automatically generated and collected in the process of using the website.

    - IP Address, cookie, MAC address, records of service use, records of visit, etc

  • 2) A Data subject has the right to refuse the collection of Personal Information. If you refuse the collection of Personal Information, however, use of Contact service or other services may be restricted.
  • 3) If Company uses or provides Personal Information without the consent of the Data Subject, the Privacy Officer of Company checks whether the additional use or provision of Personal Information is being made in consideration of the following items.
  • A. Whether it is relevant to the initial purpose of the collection

    - It is judged based on whether the initial purpose of collection and purpose of the additional use or provision are related in nature or tendency.

  • B. Whether the additional use or provision of Personal Information is foreseeable in view of the circumstances in which Personal Information was collected or the processing practices

    - It is judged based on the circumstances or the general factors that have been established for a relatively long time, which include the purpose and the content of Personal Information collection, the relationship between Personal Information controller who processes the additional process and the Data Subject, the current level of technology and the speed of development of the technology, etc.

  • C. Whether the Data Subject’s interest is unreasonably infringed

    - It is judged based on whether the interest of the Data Subject is substantially infringed in relation to the purpose and intention of the additional use, and whether the infringement of interests is unfair.

  • D. Whether necessary measures are taken to secure safety, such as encryption or pseudonymizing process

    - It is judged based on the 「Guideline for processing pseudonymous information」 and 「Guideline on means of encryption for Personal Information」 published by the Personal Information Protection Commission.

3. Period of processing and retaining Personal Information

  • 1) Company processes and retains Personal Information for the period of retaining and using Personal Information in accordance with related laws/regulations, or for the period of retaining and using agreed upon when collecting Personal Information from the Data Subject.
  • 2) Each period of processing and retaining Personal Information is as follows.
  • A. Inquiry Task

    - Until 5th year from the date of consent for retaining and using

  • B. Recruitment

    - Until a reasonable period of time (if possible, 1st month) from the date of completion of recruitment

  • C. Personal visual data

    - Until 1st year from the date of records of personal visual data

  • D. Records of clinical trials

    - Until 5th year from the date of completion of the trial, or the date of product approval

  • 3) In principle, Company will destroy Personal Information without delay after the purpose of collection and use of Personal Information is achieved. However, Company may retain Personal Information for a certain period if it is necessary to retain it in accordance with the provisions of related laws/regulations.

4. Procedures and Methods of destruction of Personal Information

  • 1) A Data subject may exercise rights related to Personal Information protection to the Company at any time. Rights may be exercised to Company in writing or by e-mail, and Company will take an action without delay.
  • 2) In principle, Company will destroy Personal Information without delay after the purpose of collection and use of Personal Information is achieved. Procedures and Methods of destruction of Personal Information are as follows.
  • (1) Procedures of Destruction

    After the purpose is achieved, the entered information is moved to a separate database (in case of paper, a separate filing cabinet), and will be destroyed after being stored for a certain period of time in accordance with Company’s internal policy and other information protection grounds according to relevant laws/regulations (See Chapter 3. Period of processing and retaining Personal Information). Personal information transferred to a separate database will not be used for any other purpose than retention, unless otherwise required by law.

  • (2) Methods of Destruction

    Company destroys Personal Information recorded and stored in the form of electronic files by using a technical method that prevents recovery and revival. Personal information printed on paper is incinerated or shredded with a shredder to destroy it.

5. Provision of Personal Information to a Third party

  • 1) Company processes Personal Information of Data Subjects only within the scope specified in Article 1(Purpose of Processing Personal Information), and provides Personal Information to a Third party only under Article 17 of the Personal Information Protection Act, such as in a circumstance where a consent of the Data Subject is obtained or special provisions exist in other laws.
  • 2) Company may transfer Personal Information of Data Subjects abroad to United States or Europe for the purpose of conducting clinical trials and related research, and in this case Company will fully comply with Personal Information related laws/regulations including Personal Information Protection Acts of Korea, HIPAA rule of U.S., GDPR of EU, etc.
  • 3) If Company provides Personal Information to a Third party, Company will disclose the information about the third party receiving Personal Information without delay.

6. Rights and obligations of a Data Subject and how to exercise such rights

  • 1) A Data subject may exercise the following rights related to Personal Information protection to Company at any time.
  • A. Request access to Personal Information

  • B. Request correction of Personal Information when there is an error, etc

  • C. Request deletion of Personal Information

  • D. Request suspending the process of Personal Information

  • 2) Rights pursuant to Paragraph 1 may be exercised to Company in writing or by e-mail, and Company will take an action without delay.
  • 3) If a Data subject requests a correction or deletion of Personal Information as to error, etc., Company will not use or provide the Personal Information until the correction or deletion is completed. Also, if the incorrect Personal Information has already been provided to a third party, Company will notify the third party of the result of the correction without delay so that the Personal Information be corrected.
  • 4) The rights pursuant to Paragraph 1 may be exercised by an agent such as a legal representative of a Data Subject or a person who has been delegated by a Data Subject. In this case, the Data Subject shall submit a power of attorney according to 11th Form of the Notice on Personal Information Processing Methods.
  • 5) A Data subject shall not infringe on Personal Information and privacy processed by Company of the Data Subject him/herself or of others in violation of related laws such as the Personal Information Protection Act.

7. Measures to ensure the Safety of Personal Information

  • Company is taking measures to ensure the safety of Personal Information.
  • A. Organizational Measures

    Establishment and implementation of an internal management plan, regular training of employees, etc.

  • B. Technical Measures

    Company destroys Personal Information recorded and stored in the form of electronic files by using a technical method that prevents recovery and revival. Personal information printed on paper is incinerated or shredded with a shredder to destroy it.

  • C. Physical Measures

    Controlling access to computer rooms and data storage places, etc.

8. Privacy Officer and Help desk

  • 1) Company has designated a Privacy Officer and a Privacy Manager in charge of directing whole Personal Information process and dealing with Data Subject’s inquiry and damage relief, etc.
  • Privacy Officer

    - Name : Seon Jeong Kim
    - Title : Executive Director
    - Contact Info.: sjkim@medpacto.com, (T) 02-6938-0210

  • Privacy Manger

    - Name : Hyun Kim
    - Title: Manager
    - Contact Info. : hyun.kim@medpacto.com, (T) 02-6938-0213

  • 2) A Data subject may inquire to Privacy Officer and Privacy Manager of inquiry related to all Personal Information protection, request of access, dealing with complaint, damage relief, etc that occurs while using Company’s service (or Business). Company will provide prompt and sufficient answers to the inquiries of the Data Subject.

9. Remedies for infringement of Rights

A Data subject may contact the following organizations if he/she needs to report or consult on other Personal Information infringements. The following organizations are independent organizations from Company, so you may contact if you are not satisfied with Company’s dealing with your complaint or remedies for damage, or if you need more detailed help

  • 1. Personal Information Infringement Report Center

    - privacy.kisa.or.kr/ 118 without area code

  • 2. Personal Information Dispute Mediation Committee

    - www.kopico.go.kr / 1833-6972 without area code

  • 3. Cyber Investigation Division of Supreme Prosecutor’s Office

    - www.spo.go.kr / 1301 without area code

  • 4. National Police Agency Cyber Security Bureau

    - http://cyberbureau.police.go.kr / 182 without area code

10. Duty of Notification

If there is a change in this Privacy Policy, Company will notify you through Company’s website.

11. Other Websites

Company informs you that any collection of Personal Information by other websites which may be hyperlinked on Company’s website is not the subject of this Privacy Policy.