Privacy Policy

Rare Dermatology Privacy Policy

This Privacy Policy explains how Rare Dermatology (hereinafter referred to as the “Clinic”) processes personal information.
All personal information handled by the Clinic is collected, retained, and processed in compliance with applicable laws, including the Personal Information Protection Act of the Republic of Korea.

The Clinic establishes this Privacy Policy to protect users’ personal information and rights, and to ensure smooth handling of related concerns.
If this Privacy Policy is amended, the Clinic will disclose the effective date and details of the changes, allowing users to easily compare the previous and revised versions.

Article 1 (Purpose of Processing, Retention Period, and Items of Personal Information)
The Clinic registers and discloses the purpose of processing, retention period, and categories of personal information in accordance with Article 32 of the Personal Information Protection Act.

Details of personal information files can be found through the Personal Information Protection Portal (www.privacy.go.kr) under:
Civil Complaints → Request for Access to Personal Information → Search Personal Information Files (by entering the relevant institution name).

Article 2 (Use Beyond Purpose and Provision to Third Parties)
The Clinic processes personal information only within the scope of the stated purpose of collection and use. Personal information will not be used beyond this scope or provided to third parties without prior consent, except in the following cases:

      When separate consent is obtained from the data subject

     When required by law

      When the data subject or legal representative is unable to express intent and it is necessary to protect urgent life, body, or property interests

     When necessary for statistical or academic purposes in a form that does not identify individuals

      When required to perform duties under other laws with approval from the relevant authority

      When required for international agreements or cooperation

      When necessary for criminal investigations or prosecution

      When required for court proceedings

      When necessary for execution of legal judgments

When providing personal information to third parties, the Clinic limits the purpose, method, and duration of use, and ensures appropriate security measures.

Article 3 (Outsourcing of Personal Information Processing)
When outsourcing personal information processing, the Clinic complies with Article 26 of the Personal Information Protection Act and includes the following in contractual agreements:

     Prohibition of use beyond the purpose of entrusted work

     Technical and administrative protection measures

      Other measures for safe management

      Scope and purpose of outsourced work

      Restrictions on re-outsourcing

      Access control and security measures

      Supervision of data management

      Liability for damages in case of violations

The Clinic discloses details of outsourced work and contractors on its website.

Article 4 (Rights and Obligations of Data Subjects and Methods of Exercise)
Data subjects may exercise the following rights. Legal representatives may exercise these rights on behalf of children under 14 years of age.

A. Request for Access
Data subjects may request access to their personal information under Article 35 of the Act. However, access may be restricted if:

      Prohibited by law

      It may harm others’ life or property

      It significantly interferes with public duties

B. Request for Correction or Deletion
Data subjects may request correction or deletion under Article 36 of the Act, except where retention is required by law.

C. Request for Suspension of Processing
Data subjects may request suspension of processing under Article 37, except when:

      Required by law

      It may harm others

      It interferes with statutory duties

     It prevents fulfillment of contractual obligations

Requests may be submitted in writing, email, or fax, and the Clinic will respond without delay.
Identity verification procedures are required for such requests.

Article 5 (Destruction of Personal Information)
The Clinic shall promptly destroy personal information when it becomes unnecessary (e.g., expiration of retention period or achievement of purpose), unless retention is required by law.

A. Procedure
Destruction is carried out under internal policies and legal procedures.

B. Timing
Personal information is destroyed without delay upon expiration or fulfillment of purpose.

C. Method
Electronic files are permanently deleted using technical methods.
Printed materials are shredded or incinerated.

Article 6 (Security Measures)
The Clinic implements the following measures to ensure security of personal information:

A. Access Control
Access rights are managed and controlled through system permissions and firewalls.

B. Log Retention
Access records are stored and managed for at least six (6) months.

C. Encryption
Personal information is securely stored and transmitted using encryption.

D. Staff Management
Only authorized personnel handle personal information, and regular training is conducted.

E. Security Programs
Security programs are installed and regularly updated.

F. Physical Security
Access to data storage facilities is restricted and controlled.

Article 7 (Remedies for Infringement of Rights)
Data subjects may seek assistance or dispute resolution through the following organizations:

Personal Information Dispute Mediation Committee: +82-2-405-5150 (www.kopico.or.kr)
Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Supreme Prosecutors’ Office Cyber Crime Division: +82-2-3480-3571
Korean National Police Agency Cyber Bureau: 182 (www.netan.go.kr)

If a data subject’s rights are infringed by the Clinic’s actions or omissions, the data subject may file an objection or administrative appeal in accordance with applicable laws.

Article 8 (Personal Information Protection Officer)
The Clinic’s Personal Information Protection Officer is as follows:
Name: Dong Young Kim
Contact: +82-2-543-2575

Article 9 (Installation and Operation of Video Information Processing Devices)
Please refer to the separate policy on the operation and management of video information processing devices.

Article 10 (Amendment of Privacy Policy)
This Privacy Policy was established on January 26, 2026.
Any changes due to laws, policies, or security updates will be announced on the Clinic’s website at least seven (7) days prior to implementation.

Effective Date: January 26, 2026

 

 

  • 3F, 21 Seolleung-ro 152-gil, Gangnam-gu, Seoul
    (Cheongdam-dong)
    5-minute walk from Apgujeong Rodeo Station · Wolfgang Steakhouse Building

  • 02.543.2575

  • Mon-Fri

    10:00 - 19:00

  • Sat

    10:00 - 16:00

  • Lunch

    13:00 - 14:00

Instagram Youtube Blog
Terms of Use Privacy Policy Non-Covered Fees Certification fee invoice

Rare Dermatology Clinic | Business Registration No. : 232-18-02575 | Representative Dong Young Kim | 3F, 21 Seolleung-ro 152-gil, Gangnam-gu, Seoul (Yeongin Building, Cheongdam-dong),

CONTACT
US CONTACT
US

Call for Consultation

02. 543. 2575