Seegene Inc. (hereinafter referred to as "Seegene") complies with the Personal Information Protection Act and related laws to protect the freedom and rights of Seegene employees and customers (hereinafter referred to as "data subjects") who use TheGene Service (hereinafter referred to as "the Service"). Seegene processes personal information lawfully and manages it safely. In accordance with Article 30 of the Personal Information Protection Act, this privacy policy is established and disclosed to inform data subjects of the procedures and standards for processing personal information and to handle related grievances promptly and smoothly.
*"Processing of personal information" refers to all actions taken by a business/entity in handling personal information, including collection, creation, recording, storage, retention, processing, editing, searching, output correction, recovery, use, provision, disclosure, destruction, and other similar actions.
Table of Contents
- Personal Information Processing Items
- Purpose of Processing Personal Information
- Processing and Retention Period of Personal Information
- Provision of Personal Information to Third Parties
- Entrustment of Personal Information Processing
- Destruction of Personal Information
- Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
- Measures to Ensure the Safety of Personal Information
- Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
- Criteria for Additional Use and Provision
- Personal Information Protection Officer
- Personal Information Access Window
- Remedies for Infringement of Data Subject Rights
- Changes to the Privacy Policy
Article 1 [Personal Information Processing Items]
Seegene processes the following personal information items:
Items by Processing Purpose
- Membership Registration and Management
- Required items: Name, position, email address
- Provision of Goods or Services
- Required items: Name, position, email address
Required Items
| Category | Personal Information Items Processed | Basis for Collection of Unique Identification Number |
|---|---|---|
| Membership Registration and Management | Name, department, position, email address | - |
| Provision of Goods or Services | Name, department, position, email address | - |
*Internet Service Usage: The following personal information items may be automatically generated and collected: IP address, cookies, MAC address, service usage records, visit records.
Note: Seegene does not collect sensitive information that may significantly infringe on the privacy of data subjects (e.g., beliefs, membership in labor unions or political parties, political opinions, health, sexual life, etc.).
Note: Seegene does not collect personal information from users under the age of 14. If it is unavoidable to collect personal information from users under the age of 14 for service use, Seegene will obtain prior consent from the legal representative and destroy the information without delay once the related tasks are completed. During the processing period, personal information will be strictly managed.
Note: TheGene Service is not available to minors under the age of 19.
Article 2 [Purpose of Processing Personal Information]
Seegene processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, Seegene will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
| Processing Purpose | Detailed Content |
|---|---|
| Membership Registration and Management | Confirming membership intention, identifying and authenticating members for membership services, maintaining and managing membership qualifications, responding to service inquiries, providing and improving services, expanding new services, preventing fraudulent use of services, various notifications and notices, and handling grievances. |
Article 3 [Processing and Retention Period of Personal Information]
Seegene processes and retains personal information within the period of retention and use of personal information agreed upon by the data subject or as required by law.
| Processing Purpose | Processing and Retention Period |
|---|---|
| Membership Registration and Management | Until membership withdrawal |
| Provision of Goods or Services | Until membership withdrawal |
| Email address, position | Until membership withdrawal |
| Name, department | 5 years after membership withdrawal |
Note: If an investigation or inquiry related to a violation of relevant laws is in progress, the personal information will be retained until the investigation or inquiry is completed.
Article 4 [Provision of Personal Information to Third Parties]
- Seegene processes personal information within the scope specified for the purpose of processing personal information and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law. Seegene does not provide personal information to third parties beyond these cases.
Article 5 [Entrustment of Personal Information Processing]
- Seegene entrusts personal information processing tasks to ensure smooth handling of personal information as follows:
| Entrusted Party (Trustee) | Content of Entrusted Tasks | Retention and Use Period |
|---|---|---|
| Amazon (Domestic Agent: Megazone) | Collection of personal information for cloud service use - Member information (name, department, position, email address) | Until the purpose of collection/use of personal information is achieved, such as service withdrawal |
- When entering into an entrustment contract for personal information processing, Seegene specifies in the contract or other documents the prohibition of personal information processing for purposes other than the performance of entrusted tasks, technical and managerial protection measures, restrictions on re-entrustment, management and supervision of trustees, and liability for damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
- If the entrusted party or the content of the entrusted tasks changes, Seegene will reflect and disclose the changes through this privacy policy posted on TheGene Service.
Article 6 [Destruction of Personal Information]
- Seegene destroys personal information without delay when the retention period of personal information has expired or the purpose of processing has been achieved.
- If personal information must be retained continuously according to other laws despite the expiration of the retention period or the achievement of the processing purpose, the personal information will be moved to a separate database (DB) or stored in a different location.
- The procedures and methods for destroying personal information are as follows:
- Destruction Procedures: Personal information for which the reason for destruction has occurred is selected, and the personal information is destroyed with the approval of Seegene's personal information protection officer.
- Destruction Methods: Personal information recorded and stored in electronic file format is destroyed so that the records cannot be reproduced, and personal information recorded and stored in paper documents is shredded with a shredder.
Article 7 [Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them]
- Data subjects can exercise their rights to request access, correction, deletion, and suspension of processing of personal information at any time.
- The exercise of rights can be made in writing, by email, or by fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and Seegene will take action without delay.
- The exercise of rights can also be made through a legal representative or an authorized agent. In this case, a power of attorney in the form specified in the "Notice on Personal Information Processing Methods (No. 2020-7)" must be submitted.
- Requests for access to personal information and suspension of processing may be restricted under Articles 35, Paragraph 4, and 37, Paragraph 2 of the Personal Information Protection Act.
- Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
- Seegene verifies whether the person making the request for access, correction, deletion, or suspension of processing is the data subject or a legitimate representative.
Article 8 [Measures to Ensure the Safety of Personal Information]
Seegene takes the following measures to ensure the safety of personal information in accordance with Article 29 of the Personal Information Protection Act and related laws:
- Administrative Measures: Establishment and implementation of internal management plans, regular personal information protection training for employees, operation of a dedicated organization.
- Technical Measures: Management of access rights to personal information processing systems, password management, installation of access control systems, encryption of personal information, installation and updating of security programs.
- Physical Measures: Access control to physical storage locations such as server rooms and security zones where personal information is stored, storage of documents and auxiliary storage media containing personal information in secure locations with locking devices.
Article 9 [Installation, Operation, and Rejection of Automatic Personal Information Collection Devices]
Seegene uses 'cookies' to store and retrieve user information from time to time to provide personalized services to users. Cookies are small pieces of information sent by the server (HTTP) used to operate the website to the user's computer browser and stored on the user's PC hard disk.
- Purpose of Using Cookies: Cookies are used for the purpose of analyzing user usage patterns to operate and improve the site and are not used for monitoring the overall internet usage behavior of users or providing personalized advertisements.
- When users access the site, the user's computer reads the contents of the cookies stored in the browser and finds additional information on the computer to provide services without additional input.
- Cookies identify the user's computer but do not personally identify the user. Users have the option to accept all cookies, receive notifications when cookies are installed, or reject all cookies by adjusting their web browser settings as follows. However, if cookies are rejected, there may be difficulties in using the services on the website.
| Type | Setting Method |
|---|---|
| Internet Explorer | Tools at the top of the browser > Internet Options > Privacy |
| Chrome | Customize and control at the top right of the browser > Settings > Privacy and Security > Clear browsing data |
| Naver Whale | Three dots icon at the top right of the browser > Settings > Privacy Protection > Clear browsing data > Delete data |
| Microsoft Edge | Three dots icon at the top right of the browser > Settings > Privacy and Services > Clear browsing data > Choose what to clear > Clear now |
Article 10 [Criteria for Additional Use and Provision]
Seegene may use and provide personal information additionally without the consent of the data subject in consideration of the matters stipulated in Article 14-2 of the Enforcement Decree of the Personal Information Protection Act, in accordance with Articles 15(3) and 17(4) of the Personal Information Protection Act. The criteria for additional use and provision without the consent of the data subject are as follows:
- Whether the purpose of additional use and provision is related to the original purpose of collection.
- Whether additional use and provision can be reasonably predicted in light of the circumstances under which the personal information was collected or processing practices.
- Whether additional use and provision unfairly infringe on the interests of the data subject.
- Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption.
Article 11 [Personal Information Protection Officer]
- Seegene has designated and operates the following personal information protection officer and department to protect the personal information of data subjects and handle inquiries and grievances related to personal information processing.
- Personal Information Protection Officer
- Name: Dongheon Shin
- Position: Head of Management Information Office
- Contact: dataprotection@seegene.com
- Personal Information Protection Department (Responsible for receiving and processing personal information access requests)
- Department: Information Strategy Team, Management Information Office
- Person in charge: Hunmi Kim
- Contact: dataprotection@seegene.com
- Personal Information Protection Officer
- Data subjects can contact the personal information protection officer and department for all inquiries, complaints, and damage relief related to personal information protection while using Seegene's services. Seegene will respond and handle inquiries without delay.
Article 12 [Personal Information Access Request]
Data subjects can request access to personal information under Article 35 of the Personal Information Protection Act from the following department. Seegene will strive to process personal information access requests promptly.
Department for Receiving and Processing Personal Information Access Requests: Same as the Personal Information Protection Department.
Article 13 [Remedies for Infringement of Data Subject Rights]
- Data subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, etc., to seek remedies for personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
- Seegene strives to guarantee the data subject's right to self-determination of personal information and to provide consultation and remedies for personal information infringement. If you need to report or consult, please contact the following department.
Department for Personal Information Protection Consultation and Reporting
- Department: Information Strategy Team
- Person in charge: Hunmi Kim
- Contact: dataprotection@seegene.com
- Persons whose rights or interests have been infringed by the disposition or omission of the head of a public institution in response to requests under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
Central Administrative Appeals Commission: 110 (www.simpan.go.kr)
Article 14 [Changes to the Privacy Policy]
Seegene's privacy policy may be changed according to related laws, guidelines, and Seegene's internal operating policies. If the privacy policy is changed, Seegene will disclose the changes in accordance with the methods prescribed by related laws.
Addendum
- This privacy policy will be effective from December 31, 2024.