Huinno's Privacy Policy

Huinno's Privacy Policy

Huinno Co., Ltd. (hereinafter "HUINNO") "collects, uses, and provides personal information based on a user's consent" and "actively ensures a hospital's right (right to self-determination of personal information)."

HUINNO complies with Korea's statutes, regulations, and guidelines on protection of personal information that is required by information and communications service providers.

"Privacy Policy" means a set of guidelines that HUINNO is required to comply with in order to ensure a user's safe access to services by protecting a hospital's valuable personal information. This Privacy Policy is applicable to services provided by HUINNO to users, including the HUINNO MEMO Patch (i.e., web-based diagnostic assistance software, mobile-based diagnostic assistance software, and chatbot).

Article 1 Purpose of Personal Information Processing

HUINNO processes personal information and the same is not used for any purposes other than the following; and if the purpose of use changes, HUINNO employs such necessary measures as obtaining separate consent pursuant to relevant statutes:

Creation and management of a web-based diagnostic assistance software manager account and sub-account (if any)

Personal information is processed for purposes relating to confirmation of intent of account creation; identification and authentication depending on a membership-based service provision; maintenance and management of account credentials; prevention of improper use of services; announcements and notices; and handling of complaints.

Drafting and provision of a report on arrhythmia test via the HUINNO MEMO Patch

A patient's personal information is processed for purposes relating to the drafting and provision of a test report to a medical institution depending on said medical institution's prescription and a patient's test result using the HUINNO MEMO Patch.

AI learning and data management of HUINNO MEMO Patch

HUINNO processes pseudonymized test data for the purpose of AI software research and development. Test data used for research and development excludes personally identifiable information, i.e., name and contact number. HUINNO uses relevant data only for AI software research and development purposes, and does not process pseudonymized information for the purpose of identifying a specific individual.

Article 2 Personal Information Processing and Retention Period

(1) The period of processing and retaining each personal information is as follows.

Creation and management of web-based diagnostic software manager account and sub-account (if any): until thirty (30) days from the period of ending use of the HUINNO MEMO Patch and withdrawing account
Drafting and provision of report on arrhythmia test via the HUINNO MEMO Patch: five (5) years
AI learning and data management of HUINNO MEMO Patch: until the period of completing HUINNO's AI software development (possess only unidentifiable information that does not identify a specific individual)

(2) However, if required by law, the retention period shall be until the end of the relevant period. Details are provided for in Article 6 (Procedure and Method for Destruction of Personal Information).

Article 3 Provision of Personal Information to Third Party

HUINNO uses personal information of a user within the scope expressly stated in the purpose of collection and use of personal information; and, as a matter of principle, HUINNO neither uses nor provides a user's personal information exceeding such purpose without said user's prior consent.

Article 4 Consignment of Personal Information Processing

(1) For the smooth provision of services, HUINNO consigns certain tasks necessary for personal information processing to an external company, and manages and supervises said company to ensure compliance with relevant statutes.

Name of Consignee	Consigned Task
Biztalk Co., Ltd.	Development & management of Kakao Talk Messaging platform(*Kakao Talk messaging feature is only available in South Korea. Outside of Korea, this item is not applicable)

(2) If the substance of the consigned task or the consignee changes, it shall be announced without delay pursuant to this Privacy Policy.

Article 5 Items of Personal Information to be Processed

(1) HUINNO processes the following personal information items:

Creation and management of web-based diagnostic software manager account and sub-account (if any)

Essential items: hospital name, manager's name (real name), email, telephone number, division (position)

Drafting and provision of report on arrhythmia test via the HUINNO MEMO Patch

Essential items: patient's name, patient's number, date of birth, gender, telephone number, symptom record, sleep duration record, test data

AI learning and data management of HUINNO MEMO Patch

Essential items: date of birth, gender, symptom record, sleep duration record, test data

Article 6 Procedure and Method for Destruction of Personal Information

(1) The relevant personal information is destroyed without delay in cases where a user withdraws consent on the grounds of termination of the agreement on collection and use, etc. of personal information or where the purpose of collection and use of personal information has been attained.

(2) The procedure and method for destroying personal information is as follows.

Destruction procedure: Following the realization of said purpose, a user's personal information is transferred to a separate DB (or a filing cabinet if personal information is in the form of a document), and retained for a certain period for privacy reasons before being destroyed in accordance with internal policies and other laws. Personal information transferred to a separate DB is not used for any purposes other than retention, unless required by law.
Destruction method: Personal information in the form an electronic file is safely deleted to prevent restoration and reproduction; and other records, printed materials, and written documents are either shredded or burned.

(3) Provided, however, that the following information is destroyed after retention for a certain period according to internal policies.

Retained Information	Reason for Retention	Retention Period
User (hospital)'s information and withdrawal record	Respond to customer inquiries	30 days from the date of withdrawal
User member (patient)'s personal information	Respond to customer inquiries	30 days from the date of withdrawal
User member (patient)'s arrhythmia test report	Respond to customer inquiries	30 days from the date of withdrawal

(4) Other personal information to be retained for a certain period pursuant to other laws is described in the table below.

Retained Information	Reason for Retention	Retention Period
Website visitation record	Protection of Communications Secrets Act	3 months

Article 7 User's Rights and Method of Execution

(1) A user may, at any time, exercise the following rights related to personal information protection against HUINNO:

Request perusal of personal information
Request correction of error (if any)
Request deletion of personal information
Request cessation of personal information processing

(2) Such rights pursuant to the foregoing paragraph may be exercised by using the service setting function (i.e., change of member information) or may be swiftly processed upon a request in writing, telephone or email to the customer center.

(3) Upon request for correction or deletion of an error in personal information, HUINNO neither uses nor provides the relevant personal information until such correction or deletion is completed.

Article 8 Miscellaneous

(1) In order to support a quicker and more convenient use of web services and provide customized services, HUINNO uses "cookies" from time to time, which is a mini text file that a server (http) used for website operation is transmitted to a browser and stored in a user's computer.

Purpose of using cookies: HUINNO uses cookies that store and retrieve a user's information from time to time in order to offer personalized and customized services. If a user visits a website, the website server reads the contents of the cookies stored in the user's device and thereby enables maintenance of the user's environment setting and provision of customized services. Cookies are used to help a user to conveniently access and use the website as per the environment setting. Also, cookies are used to offer customized information, i.e., optimized ads, through a user's website visitation and usage track record.
Non-consent to cookie policy: Cookies do not automatically or actively collect personally identifiable information, and a user has the option of whether to consent to the cookie policy. Thus, a user may accept all cookies by way of setting the option via the web browser, undergo confirmation whenever cookies are saved, or refuse the acceptance of all cookies. Provided, however, that non-consent to the cookie policy may subject a user to be inconvenienced when using a website and a user may have difficulty using certain services requiring log-in.

Example of Environment Setting
Internet Explorer
Chrome

(2) HUINNO has in place technical and managerial measures for the protection of personal information.

A user's personal information is encrypted.

HUINNO transmits a user's personal information by using the encrypted communication section, and material information such as a password is encrypted and saved.

HUINNO concentrates its efforts to prevent breaches resulting from hacking or computer viruses.

In order to prevent leakage or contamination of a user's personal information from hacking or computer viruses and so on, HUINNO installs systems in controlled areas where external access is restricted. The installed system is operated on a 24-hour basis to detect and block any invasion of hackers, etc. and vaccine programs are installed to prevent the newest malware attack or computer viruses.

HUINNO employs minimal number of people who has access to valuable personal information.

HUINNO employs minimum number of personnel processing personal information, establishes a systematic criteria on creation and change of passwords as well as accessibility to the database system that stores personal information and the personal information processing system, and undergoes continual inspections.

HUINNO provides regular education to executives and employees on protection of a user's personal information.

HUINNO provides education and carries out campaigning efforts on a regular basis pertaining to the duty of personal information protection and privacy for all executives and employees in charge of personal information processing.

Article 9 Chief Information Security Officer

(1) HUINNO designates the following individual as the Chief Information Security Officer (CISO) to oversee tasks related to personal information processing, and address complaints and provide remedies to an information owner with respect to personal information processing, etc.:

Chief Information Security Officer (CISO)

Name: Kim Ji-Hwan

Division: Service Platform Team

Email: [email protected]

(2) A user may contact the CISO or the division-in-charge if any inquiries, complaints, comments, and other matters related to personal information protection arise while using HUINNO's services. HUINNO will do its utmost to adhere to user needs and respond to inquiries and complaints in a swift manner.

Article 10 Remedies for Infringement of Rights

A user seeking to report or receive consultation on privacy infringement may contact HUINNO's personal information security division or the following agencies for assistance.

Personal Information Infringement Report Center	118 (no area code)	privacy.kisa.or.kr
Supreme Prosecutors' Office(Cyber Investigation Bureau)	1301 (no area code)	www.spo.go.kr
National Police Agency(Cyber Safety Bureau)	182 (no area code)	cyberbureau.police.go.kr

Article 11 Amendments to Privacy Policy

The Privacy Policy may subject to change depending on the establishment and amendment of relevant statutes, changes in government policies, and revisions in HUINNO's internal policies; and in such cases, the changes will be announced without delay on HUINNO's website.

Privacy Policy Version: v1
Date of Privacy Policy Amendment and Implementation: 1st Jan, 2022