Medipixel, Inc. (hereinafter referred to as the "Company") must obtain the user's consent in advance when collecting and using personal information, and actively guarantee the user's rights (the right to self-determination of personal information).

The Company complies with relevant laws and regulations of Korea, personal information protection regulations, and guidelines, such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. (hereinafter referred to as the “Information and Communication Network Act”), and the Personal Information Protection Act.

"Personal information processing policy" means the guidelines that the company must follow to protect users' valuable personal information so that users can use the service with confidence. This privacy policy applies to the “medical image analysis service” provided by the company (hereinafter referred to as the “service”).

1. Collection of Personal Information

While registering for membership to use our service, the company may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. The personal information that the company collects when registering for membership are as follows.

• First name and last name, Company name, Nationality, Email address, Medical imaging data
• IP address and service usage records may be generated and collected during the service usage process.

2. Use of Personal Information

The company collects personal information for the following purposes, and does not use it for purposes other than those listed below.

• Identification and authentication for providing services to users
• Imaging analysis in the service according to user needs
• Inquiries or complaints for smooth service delivery, delivery to notify you about changes to our Service
• Statistical analysis such as service usage record and access frequency for the maintenance and the improvement of our service
• In terms of security, privacy, and safety, to build service environment that users can use with confidence
• To provide the information on new products or services, sending newsletters and inviting events

3. Retention period and destruction of personal information

The company retains personal information within the period of retention and use of personal information according to laws and regulations or during the period of retention and use of personal information agreed upon when collecting personal information from users. When the purpose of collecting and using personal information is achieved, the company destroys the personal information without delay.

The retention period for each type of personal information is as follows.

• First name and last name, Company name, Nationality, Email address: Until membership withdrawal
• Medical imaging data: Within 24 hours after upload
• Personal information of members who have not used the service for one year: Separately stored in accordance with Article 16 'Personal Information Expiration Date' of the Enforcement Decree of the Information and Communications Network Act in Korea. The personal information stored separately is not used for any other purpose, and after storing for 4 years and destroyed without delay in accordance with laws and regulations.
• Some information that has been anonymized so that an individual cannot be specified can be used for the purpose of maintaining and improving the service
• The method of destroying personal information used by the company is as follows
• In the case of electronic file type, it is safely deleted to prevent recovery
• In the case of other records, prints, or writing, it is destroyed by crushing or incineration

4. Provision and consignment of personal information

In principle, the company does not provide personal information to the outside without the user's consent. However, personal information may be provided to a third party only if the company has an obligation to submit personal information (Article 17 of the Personal Information Protection Act in Korea) in accordance with relevant laws and regulations.

The company does not provide or entrust personal information to third parties.

5. Measures to secure the safety of personal information

The company takes the following measures to ensure the safety of personal information.

• Management: Internal management plan establishment and implementation, regular employee training
• Technology: System access control and authority management, encryption and anonymization, security program installation
• Environment: Access control in places where personal information is stored

6. User's Rights

Users can exercise the following privacy-related rights to the company.

• Request to view, correct, and delete personal information
• Requests for such matters above can be made in writing or by e-mail
• If the user requests correction or deletion, the company will not use the personal information requested until the correction or deletion is completed

7. Personal information protection officer

The company designates a person in charge of personal information protection as follows to handle complaints and remedy of users related to personal information processing.

• Officer: Dongwook Byun
• Department in charge: The web Development Team
• Email: contact@medipixel.io

Users can get help by contacting the person in charge of personal information protection regarding personal information protection, complaint handling, damage relief, etc.

8. Cookies Policy

What is a cookie?

Cookies are very small text files sent by the server used to operate the website to the user's browser and stored on the user's computer.

Why use cookies?

In order to provide better services, the company uses cookies that store and retrieve users' information from time to time. When a user visits the website, the website server reads the contents of the cookie stored in the user's device to maintain the user's preferences. Cookies help users access and use the website as they set it up when they visit it.

Want to refuse to collect cookies?

Cookies do not automatically/actively collect personally identifiable information, and users have the option to install cookies. Therefore, the user may allow all cookies or refuse to store cookies by setting options in the web browser as shown below.

• Internet Explorer
  • Tools menu at the top of the web browser> Internet Options> Privacy> Settings
• For Chrome
  • Settings menu on the right side of the web browser> Advanced settings at the bottom of the screen> Content settings button for personal information> Cookies

9. Changes to this Policy

This policy may be modified for the purpose of reflecting changes in laws or services. If the policy is changed, the company will immediately post the changes on the homepage, and the changed policy will take effect seven days after the date of posting. However, the company will notify you at least 30 days in advance when significant changes occur in user rights, such as changes in items of the personal information to be collected and the purpose of use.

• Effective Date: 2020. 08. 22.
• Last change date: 2020. 08. 22.

10. Appendix: For users in the European Union

The company complies with the European Union General Data Protection Regulation and the laws of each Member State. When providing services to users in the European Union, the following may apply.

• Purpose and ground of personal information processing

  The company uses the collected personal information only for the purposes described in "2. Use of personal information", and notifies the user in advance and seeks consent. In addition, in accordance with applicable laws such as GDPR, the user's personal information may be processed in the following cases.

  • User consent
  • For compliance with legal obligations
  • When processing is necessary for the significant benefit of the user
  • In the case of pursuing the company's legitimate interests (unless the interests and rights or freedoms of the user are more important than those)
• Guaranteed user rights in the European Union
  • The company protects the user's personal information. In accordance with applicable laws such as GDPR, users may request that their personal information be transferred to other managers and may refuse to process their information. In addition, the user has the right to file a complaint with the authority to protect personal information.