Privacy Policy Terms and Conditions

Article 1 (Purpose of Processing Personal Information)

Onleaf Clinic (hereinafter referred to as the 'Clinic') processes personal information for the purposes of each of the following items, and the personal information being processed will not be used for purposes other than the following. If the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the 「Personal Information Protection Act」, will be implemented.

Website User Management
For the purposes of identifying and managing website users, preventing unauthorized use, and providing various notices and notifications.
Provision of Goods or Services
For the purposes of medical treatment/appointment, providing consultation services, accessing medical records and other information, providing health-related content, providing customized services, fee payment/settlement, debt collection, marketing/promotion/event operations, verifying the identity/complaints of complainants, and handling grievances.
Management of Executives, Employees, and Partners
For the purposes of hiring executives and employees, managing executives and employees, and managing trustees and partners.

Article 2 (Processing and Retention Period of Personal Information)

① The Clinic processes and retains personal information within the personal information retention/use period in accordance with laws and regulations or within the personal information retention/use period agreed upon when collecting personal information from the data subject.
② The processing and retention period for each type of personal information is as follows:

A. Website User Management: For 5 years from the termination of the commercial transaction relationship

However, in the event of the following circumstances, until the end of the relevant circumstance:

If an investigation or inquiry due to illegal activities is underway, until the end of the relevant investigation or inquiry
If any bond/debt relationship remains, until the settlement of the relevant bond/debt relationship

B. Provision of Goods or Services: For 5 years from the termination of the commercial transaction relationship

However, in the event of the following circumstances, until the end of the relevant period:

Records on transactions, such as labeling/advertising, contract details, and execution, in accordance with the 「Act on the Consumer Protection in Electronic Commerce, Etc.」
- Records on labeling/advertising: 6 months
- Records on contract or withdrawal of subscription, payment, and supply of services, etc.: 5 years
- Records on consumer complaints or dispute handling: 3 years
Retention of communication confirmation data in accordance with the 「Protection of Communications Secrets Act」
- Subscriber's telecommunication date/time, start/end time, counterpart subscriber number, frequency of use, and location tracking data of the transmitting base station: 1 year
- Computer communication, internet log record data, and connection location tracking data: 3 months
Retention of medical records, etc., in accordance with the 「Medical Service Act」
- Patient register: 5 years
- Medical records: 10 years
- Prescriptions: 2 years
- Operation records: 10 years
- Examination results and records of medical findings: 5 years
- Radiographs (including imaging materials) and findings: 5 years
- Nursing records: 5 years
- Duplicates of medical certificates, etc.: 3 years

C. Management of Executives, Employees, and Partners
- Executive and employee information: 3 years from the date of retirement
- Applicant information: 1 year from the completion of recruitment
- Partner and trustee contact information: 5 years from the termination of the business relationship

Article 3 (Provision of Personal Information to Third Parties)

The Clinic processes the data subject's personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases that fall under Articles 17 and 18 of the 「Personal Information Protection Act」, such as the data subject's consent or special provisions of laws.

Article 4 (Outsourcing of Personal Information Processing)

① The Clinic outsources personal information processing tasks as follows for smooth business processing of personal information.

Co., Ltd.
Onlif & Partners

Onleaf & Partners Co., Ltd.

Hospital customer management, marketing operations, payroll and accounting tasks, hospital customer management · electronic medical records · medical device system operation and maintenance,
asset (facility · equipment · medical device · system · intellectual property) management, content creation, website operation

Upon Termination
of the Consignment Agreement

Upon termination of the consignment contract

② When entering into an outsourcing contract, the Hospital specifies in documents such as the contract the matters regarding duties under Article 26 of the Personal Information Protection Act, such as the prohibition of processing personal information for purposes other than performing the outsourced tasks, technical and managerial safety measures, restrictions on re-outsourcing, management and supervision of the trustee, and liability for damages, and supervises whether the trustee processes personal information safely.

③ If the details of the outsourced tasks or the trustee change, we will disclose it through this Privacy Policy without delay.

Article 5 (Rights, Duties, and Methods of Exercise of the Information Subject and Legal Representative)

① The information subject may exercise their rights, such as requesting access to, correction of, deletion of, or suspension of processing of personal information, at any time against the Hospital.
② The exercise of rights pursuant to Paragraph 1 can be made to the Hospital in writing, by email, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Hospital will take measures immediately.
③ The exercise of rights pursuant to Paragraph 1 may be made through an agent such as a legal representative or an authorized representative of the information subject. In this case, you must submit a power of attorney in accordance with Form No. 11 of the "Notification on Methods of Processing Personal Information."
④ Requests for access to and suspension of processing of personal information may restrict the rights of the information subject under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Demands for correction or deletion of personal information cannot be made if the personal information is specified as a target for collection in other acts and subordinate statutes.
⑥ Upon request for access, correction/deletion, or suspension of processing in accordance with the rights of the information subject, the Hospital verifies whether the person requesting access, etc., is the person themselves or a legitimate representative.

Article 6 (Items of Personal Information Processed) The Hospital processes the following personal information items.

Website User Management

- Name, whether 14 years old or older, phone number, email address

Provision of Goods or Services

- Required items: Name, date of birth, gender, address, phone number, email address, payment details (credit card details, etc.) - Optional items: Area of interest for procedures, past experience with procedures, medical history, details of medications currently taking, allergic reactions

3. During the use of internet services, IP addresses, cookies, MAC addresses, service usage records, and visit history may be automatically generated and collected.
Article 7 (Destruction of Personal Information)

① The Hospital destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the retention period or completion of the purpose of processing.
② In cases where the personal information retention period consented to by the information subject has expired or the purpose of processing has been achieved, but the personal information must continue to be preserved in accordance with laws and regulations, the personal information is moved to a separate database (DB) or preserved in a different storage location.
③ The procedures and methods of destroying personal information are as follows.

Destruction Procedure

The Hospital selects personal information for which reasons for destruction have arisen and destroys the personal information with the approval of the Privacy Officer (Lee Jae-woon).

2. Destruction Method

The Hospital destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is shredded with a shredder or incinerated to be destroyed.

Article 8 (Measures to Ensure the Safety of Personal Information) The Hospital takes the following measures to ensure the safety of personal information.

1. Administrative Measures: Formulation and implementation of internal management plans, etc.
2. Technical Measures: Management of access authority such as personal information processing systems, installation of access control systems, encryption of unique identifying information, etc., and installation of security programs 1. Administrative Measures: Formulation and implementation of internal management plans, etc.
1. Administrative Measures: Formulation and implementation of internal management plans, etc.

3. Physical Measures: Control of access to computers, etc., installations containing treatment data

Article 9 (Installation, Operation, and Refusal of Automated Personal Information Collection Systems)

① The Hospital uses 'cookies' that store and load user information periodically to provide personalized custom services to users.
② A cookie is a tiny packet of information sent by the server operating the website to the browser on the user's computer, etc., and is also stored in the user's device.

A. Purpose of using cookies: Used to provide optimized information to users by understanding visits and usage types of each service and website visited by users, popular search queries, secure connections, etc.
B. Installation, operation, and refusal of cookies: Users can refuse to store cookies through option settings in Tools > Internet Options > Privacy menu at the top of the web browser.
C. If you refuse to store cookies, you may face difficulties in using customized services.

Article 10 (Privacy Officer)

① The Hospital represents and manages tasks regarding the processing of personal information and designates a Privacy Officer as follow to handle complaints and remedy damages of the information subject regarding the processing of personal information.

[Privacy Officer]
Name: Lee Jae-woon
Position: Representative Director
Contact info: <Phone Number> 1833-8171

② The information subject may inquire to the Privacy Officer and respective department regarding all privacy inquiries, complaint handling, damage remedies, etc., that occur while using the services of the Hospital. The Hospital will respond to and handle the inquiries of the information subject without delay.

Article 11 (Criteria for Determining Additional Use/Provision)

The Hospital may additionally use and provide personal information without the consent of the information subject, taking into consideration matters pursuant to Articles 15 and 17 of the Personal Information Protection Act, and Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. Accordingly, the Hospital has considered the following matters to make additional use/provision of information without the consent of the information subject.

- Whether the purpose of additionally using or providing personal information is relevant to the original purpose of collection
- Whether there is predictability for additional use or provision in light of the circumstances in which personal information is collected or processing practices
- Whether the additional use or provision of personal information unfairly infringes upon the interests of the information subject
- Whether measures necessary to ensure safety, such as pseudonymization or encryption, have been taken

Article 12 (Request for Inspection of Personal Information)

The information subject can make a request to inspect personal information under Article 35 of the Personal Information Protection Act to the personal information department in Article 10.

Article 13 (Remedies for Infringement of Rights)

The information subject may apply for dispute resolution, consultation, etc., to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Report Center, etc., to obtain remedies for personal information infringements. In addition, please contact the institutions below regarding other reports or consultations on personal information infringements.

- Personal Information Dispute Mediation Committee : (Without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center : (Without area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office : (Without area code) 1301 (www.spo.go.kr)
- National Police Agency : (Without area code) 182 (cyberbureau.police.go.kr)

Article 14 (Installation and Operation of Visual Information Processing Devices)

The Hospital installs and operates visual information processing devices as follows.

Grounds and Purpose of Installing Visual Information Processing Devices: Safety of hospital facilities and fire prevention
Number of units installed, installation locations, collection range: 65 units installed in hospital treatment rooms, hallways, etc., to film the entire range of the relevant spaces
Manager, officer in charge, and person authorized to access visual information

- Manager and Officer in charge: Lee Jae-woon
- Persons authorized to access visual information: Onlif Plastic Surgery, Onlif & Partners Co., Ltd., Hikvision Co., Ltd.

Filming hours, retention periods, storage location, processing methods of visual info

- Filming hours: 24-hour filming
- Retention period: 90 days from the time of filming
- Storage location and processing method: Stored and processed in the visual information processing device control room

5. Method and location to verify visual information: Request to the personal information department in Article 10
6. Measures in response to request for inspection of visual information by information subject: Must apply with a Request to inspect or confirm existence of personal visual information, and inspection is allowed only when the information subject themselves has been filmed or it is clearly necessary for the life, physical, or property interests of the information subject
7. Technical, administrative, and physical measures to protect visual information: formulation of internal management plans, access control and restriction of access privileges, application of safe storage and transmission technology for visual information, safekeeping of processing records and prevention of forgery/alteration, preparation of storage facilities, and installation of locking devices, etc.

Article 15 (Application and Alteration of Personal Information Processing Policy)

In case containing additions, deletions, and modifications to this Privacy Policy, users will be guided beforehand through the website.

Article 16 (Addendum)

1. This Privacy Policy (ver 2.0) is effective from September 10, 2025.
2. Version number of this Privacy Policy: v2.0
You can check the previous Privacy Policy in the link below.
Ver1.0 / Jan 01, 2021 ~ Sep 10, 2025

Story

Signature

Smooth and refine skin texture

Discover Youth

Select Language

English (United States)

Select Language

English (United States)

Select Language

English (United States)