Search for concerns, clinics, medications

Privacy Policy

CVRN CLUB Co., Ltd. (hereinafter referred to as the 'Company') complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, the Telecommunications Business Act, and other relevant laws and regulations that information and communications service providers must observe, and establishes a privacy policy in accordance with relevant laws to protect users' rights and interests.

This privacy policy applies to the use of the 'Homepage (www.hold.hair, www.clubhold.com)' and the 'Application (HOLD)' (hereinafter collectively referred to as the 'Service') provided by the company and includes the following contents.

Article 1 Items of Personal Information Collected

(1) The company collects the following minimum personal information as required items for membership registration, smooth customer consultation, and provision of various services.

A. General Membership Registration

  • - Purpose of Collection
    · Membership registration, member identification and management, maintenance and management of membership status, identity verification, prevention and detection of fraudulent use of the service
  • - Items Collected
    · Name, ID, password, profile information for SNS registration (KakaoTalk), KakaoTalk channel addition status and history for SNS registration (KakaoTalk), Apple-linked ID for Apple registration
  • - Retention Period
    · Destroyed upon membership withdrawal

B. Identity Verification

  • - Purpose of Collection
    · Non-face-to-face medical mediation, hospital/clinic reservation service, and in-app shopping
  • - Items Collected
    · User's mobile carrier information, mobile phone number, identity verification information, name, date of birth, domestic/foreign status
  • - Retention Period
    · Retained for 6 months after membership withdrawal to prevent recurrence of abnormal use, then destroyed

C. Non-face-to-face Medical Mediation and Hospital/Clinic Reservation Service

  • - Purpose of Collection
    · Basic and optional information for medical consultation
  • - Items Collected
    · Name, mobile phone number, date of birth, gender, (optional) height, weight, health information for consultation, lifestyle information for consultation, symptom-related photos, allergies, medication status, past medical history, underlying diseases, surgery/hospitalization status, family history
  • - Retention Period
    · Retained for 6 months after membership withdrawal to prevent recurrence of abnormal use, then destroyed

D. Prescription Delivery and Drug Delivery Agency Service

  • - Purpose of Collection
    · Information for prescription delivery and drug delivery
  • - Items Collected
    · User address for delivery
  • - Retention Period
    · Retained for 6 months after membership withdrawal to prevent recurrence of abnormal use, then destroyed

E. Payment Service

  • - Purpose of Collection
    · Payment for medical fees, drug costs, and product purchases
  • - Items Collected
    · Masked card number, expiration date, first 2 digits of card password
  • - Retention Period
    · Destroyed upon membership withdrawal

(2) CVRN CLUB Co., Ltd. places great importance on the protection of your personal information and complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Personal Information Protection Guidelines established by the Ministry of the Interior and Safety and the Ministry of Information and Communication. Through this privacy policy, the company informs you of the purpose and method of using the personal information you provide and the measures taken to protect your personal information.

(3) The company makes the privacy policy available on the first page of the site and in the customer center's 'Privacy Policy' section so that users can easily view it at any time.

(4) The company has established procedures necessary to revise the privacy policy for continuous improvement. When the privacy policy is revised, version numbers, etc., are assigned so that you can easily recognize the changes.

(5) During the use of additional services or participation in events using the service ID, the following information may be collected only from users of the relevant service.

Article 2 Purpose of Collection and Use of Personal Information

The company collects your personal information as follows. The personal information processed is not used for purposes other than the following, and if the purpose of use changes, the company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

(1) Purpose of Use: The purpose of collecting personal information is to select high-quality users by identifying individuals through mobile phone numbers and authentication numbers, to provide high-quality customized services offered by the service, to prepare empirical evidence for remote medical consultations between doctors and patients and for deliveries between pharmacists and patients, and to protect doctors and patients.

(2) Items Collected

A. App

  • - Membership registration and login, member management

    · Mobile phone number, authentication number, name
  • - Remote consultation reservation

    · Consultation method, consultation time (date and time)
  • - Delivery reservation

    · Delivery method, delivery time (date and time)
  • - Consultation reservation

    · Desired consultation date and time
  • - Consultation application form

    · Whether the patient is self/family/other, symptom input, photo attachment
  • - Delivery application form

    · Whether the patient is self/family/other, symptom input, photo attachment
  • - Basic information input

    · Name, date of birth, gender, mobile phone number
  • - Health information input

    · Allergies, medication status, past medical history, underlying diseases, surgery status, hospitalization status, injury status, family history
  • - Lifestyle information input

    · Smoking, drinking, activity level, dietary habits, occupation
  • - Prescription drug receipt address

    · Address for receiving prescription drugs
  • - Product receipt address

    · Desired delivery address for purchased products
  • - Card information

    · 16-digit card number, expiration date (month/year), CVC number, first 2 digits of card password
  • - Consultation application

    · Name, date of birth, gender, mobile phone number, time
  • - Drug delivery application

    · Name, date of birth, gender, mobile phone number, time
  • - Consultation application form

    · Confirmation of whether the patient is self, family, or other; symptom input; symptom-related photos
  • - Delivery application form

    · Confirmation of whether the patient is self, family, or other; symptom input; symptom-related photos
  • - Payment management

    · 16-digit card number, expiration date (month/year), CVC number, first 2 digits of card password, whether the default payment method is registered
  • - Basic information input for consultation

    · Name, mobile phone number, date of birth, gender, height, weight, blood type, email
  • - Basic information input for delivery

    · Name, mobile phone number, date of birth, gender
  • - Health information input for consultation

    · Allergies, medication status, past medical history, underlying diseases, surgery status, hospitalization status, injury status, family history
  • - Lifestyle information input for consultation

    · Smoking, drinking, activity level, dietary habits, occupation
  • - Anonymous lifestyle information input for community activities

    · Allergies, medication status, past medical history, underlying diseases, surgery status, hospitalization status, injury status, family history, smoking, drinking, activity level, dietary habits, occupation
  • - Membership withdrawal

    · Email, name, mobile phone number, reason for withdrawal
  • - Non-face-to-face consultation application/reservation

    · Self, family, or other selection, name, date of birth, gender, mobile phone number, medical department, consulting doctor, consultation method, consultation time, consultation application form, symptom details, attached files related to symptoms, consultation reservation date and time, consultation cancellation, basic information input for consultation, health information input for consultation, lifestyle information input for consultation
  • - Home visit reservation

    · Self, family, or other selection, name, date of birth, gender, mobile phone number, medical department, consulting doctor, consultation method, consultation time, consultation application form, symptom details, attached files related to symptoms, consultation reservation date and time, consultation cancellation, basic information input for consultation, health information input for consultation, lifestyle information input for consultation
  • - Delivery application/reservation

    · Self, family, or other selection, name, date of birth, gender, mobile phone number, delivery department, delivery pharmacy, delivery method, delivery time, delivery application form, symptom details, attached files related to symptoms, delivery reservation date and time, delivery cancellation, basic information input for delivery
  • - Consultation details and prescription

    · Patient's symptoms and attached files, doctor's consultation details and prescribed medicines, prescription details, and remote consultation video
  • - Delivery details and prescription

    · Patient's symptoms and attached files, pharmacist's delivery details and prescribed medicines, prescription details

B. Homepage

  • - Prescription and consultation details, delivery details

    · Name, prescription information, doctor's consultation details on patient's symptoms, pharmacist's delivery details
  • - Doctor, pharmacist membership registration (medical institution, doctor, pharmacist)

    · Doctor's name, pharmacist's name, doctor's photo, pharmacist's photo, mobile phone number, education, career, medical department, delivery department, specialty, hospital name, pharmacy name, hospital address, pharmacy address, postal code, phone number, account information, account holder, bank name, account number, chat consultation fee, video consultation fee, phone consultation fee
  • - Remote consultation registration/reservation confirmation and delivery registration/reservation confirmation (medical institution, doctor, pharmacist)

    · Service usage records, access logs, access IP information, doctor information, pharmacist information, medical department, delivery department, specialty, consultation reservation time, delivery reservation time, doctor's name, pharmacist's name, consultation details, delivery details, prescription

(3) Purpose of Collection

A. Membership registration and login, member management

  • - Provision of membership services, personal identification, restriction of use for members who violate the terms of use of CVRN CLUB Co., Ltd., sanctions against acts that interfere with the smooth operation of the service and fraudulent use, verification of doctors and pharmacists for registration, restriction of registration and number of registrations, record retention for dispute resolution, complaint handling, notification delivery, pharmacist verification for membership withdrawal

B. Storage and sharing of doctor's consultation details with patients

  • - After remote consultation is conducted based on the application/reservation information, the doctor writes SOAP consultation details, shares them with the patient, and issues a prescription based on the details

C. Storage and sharing of pharmacist's delivery details with patients

  • - After drug delivery is conducted based on the application/reservation information, the pharmacist writes SOAP delivery details, shares them with the patient, and proceeds with delivery based on the details

D. Development of new services and use in marketing and advertising

  • - Development of new services and provision of customized services, provision of services and advertisements according to statistical characteristics, verification of service effectiveness, provision of event information and participation opportunities, provision of advertising information, analysis of access frequency, statistics on members' use of services. E. Response and handling of other inquiries and service requests
  • - Handling of hospital partnership inquiries, response and guidance for content requests, delivery of information for hospital consultation requests

Article 3 Consent to Collection and Use of Personal Information

The company provides a procedure for users to click the 'I agree' button regarding the contents of the company's privacy policy or terms of use, and clicking the 'I agree' button is considered consent to the collection and use of personal information.

Article 4 Processing and Retention Period of Personal Information

(1) In principle, the user's personal information is destroyed when the purpose of collection or provision is achieved or when the user requests termination of the use contract (membership withdrawal). In this case, the user's personal information is completely deleted from the system in a way that cannot be restored and cannot be viewed or used for any purpose. In addition, personal information entered for temporary purposes (such as surveys) is processed in the same way after the purpose is achieved.

(2) The company may retain the user's personal information for 6 months after the date of termination of the use contract (membership withdrawal) to prevent recurrence of fraudulent use. In addition, if it is necessary to preserve information in accordance with relevant laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the company retains user information for a certain period as stipulated by law. In this case, the company uses the retained information only for the purpose of retention, and the retention period is as follows.

  • – Records on contracts or withdrawal of subscription: 5 years
  • – Records on payment and supply of goods, etc.: 5 years
  • – Records on consumer complaints or dispute resolution: 3 years
  • – Records of fraudulent transactions: 6 months (retained according to company policy to prevent fraudulent transactions)
  • – Records on collection/processing and use of credit information: 3 years
  • – Service visit records: 3 months
  • – Records on electronic financial transactions: 5 years

(3) In the case of users who violate the terms of use or relevant laws, the company may retain user information for up to 6 months after withdrawal to protect other users and use as evidence for judicial investigation.

(4) If a user who joined after October 25, 2021, has no service transaction records for one year, the user's personal information will be destroyed or separately stored and managed after prior notice to the user in accordance with Article 29 of the Act on Promotion of Information and Communications Network Utilization and Information Protection. The period may be set differently at the customer's request. However, if it is necessary to preserve information in accordance with relevant laws such as the Protection of Communications Secrets Act and the Act on Consumer Protection in Electronic Commerce, the company retains user information for the period stipulated by law.

(5) The company notifies customers by email, etc., at least 30 days before the expiration of the above one-year period that personal information will be destroyed or separately stored and managed, the expiration date, and the items of personal information. Customers must provide or update accurate contact information for this purpose.

Article 5 Provision of Personal Information to Third Parties

(1) Recipients of Personal Information

  • - Medical institutions providing remote consultation services requested by the member
  • - Suppliers and shipping companies of products purchased by the member

(2) Purpose of Use of Personal Information

  • - Provision and confirmation of reservation services
  • - When necessary for settlement of fees for service provision
  • - For smooth communication between parties when consultation or delivery is completed through the company's services
  • - Delivery of products purchased

(3) Personal Information Provided

  • - Information on whether the patient is self/family/other

    1) Name 2) Date of birth 3) Gender 4) Mobile phone number 5) Visit reservation date 6) Visit reservation time 7) Previous visit status 8) Patient's basic information 9) Patient's health information 10) Patient's lifestyle information 11) Patient's symptom information 12) Attached photos related to symptoms 13) Patient's past consultation history 14) Patient's past delivery history 15) Consultation video record 16) Delivery video record
  • - 1) Product name 2) Quantity purchased 3) Delivery address 4) Delivery recipient name 5) Delivery contact 6) Mobile phone number

(4) Retention and Use Period of Personal Information

  • - Until the purpose of consultation and delivery through remote consultation and delivery services is achieved (until withdrawal from the service or termination of the use contract) (except for information separately retained in accordance with relevant laws)

(5) Disadvantages of Refusing Consent

  • - Restrictions on the use of HOLD's non-face-to-face consultation, home visit reservation, drug delivery service, and product purchase

(6) The company uses users' personal information within the scope notified in 'Purpose of Collection and Use of Personal Information' and does not use it beyond this scope or disclose it to third parties without the user's prior consent. However, the company may provide (including share) users' personal information to third parties in the following cases.

(7) In the following cases

  • – If the user separately consents to the provision of personal information to a third party, the company will inform the user in advance of the name and contact information of the recipient, the purpose of use, the items of personal information provided, the retention and use period, the existence of the right to refuse consent, and the disadvantages of refusal.
  • – If required by law or for compliance with legal obligations
  • – If requested by investigative agencies for investigation purposes in accordance with procedures prescribed by law
  • – If necessary for statistical or academic research purposes and provided in a form that cannot identify a specific individual

Article 7 Procedures and Methods for Destroying Personal Information

In principle, users' personal information is destroyed without delay when the retention period has expired, the purpose of collection and use has been achieved, or the information is no longer needed. The company's procedures and methods for destroying personal information are as follows.

(1) Destruction Procedure

  • – The company records and manages matters related to the destruction of personal information, destruction is carried out under the responsibility of the personal information protection officer, and the officer confirms the destruction results.
  • – If the company is required to retain personal information by other laws, it may exceptionally not destroy the user's personal information.

(2) Destruction Method

  • – Personal information stored on paper or other recording media is shredded or incinerated.
  • – Personal information stored in electronic file format is permanently deleted using methods that cannot be restored (technical methods that make the record unrecoverable).

(3) Preservation Method for Undestroyed Information

  • - If the company retains personal information without destroying it in accordance with laws, the information or file is stored and managed separately from other personal information. The company does not use the separately stored personal information for purposes other than those required by law.

Article 8 Rights and Obligations of Data Subjects and How to Exercise Them

(1) Users may request to view or provide their personal information registered through the HOLD service, the status of the company's use or provision of their personal information to third parties, and the status of their consent to the collection, use, and provision of personal information at any time. Users may also request correction of errors or deletion or withdrawal of membership.

(2) To view or correct personal information of users or children under 14, click 'Change Personal Information' (or 'Edit User Information', etc.), and to withdraw membership (revoke consent), click 'User Withdrawal' and go through the identity verification process to directly view, correct, or withdraw.

(3) In this case, the company will promptly investigate the personal information and take necessary measures such as correction or deletion according to the user's request, and notify the user of the result. The company will not use or provide the personal information until necessary measures are taken.

(4) Users may request the company to suspend the processing of their personal information at any time, and in this case, the company will immediately suspend all or part of the processing and take necessary measures such as destruction of the personal information without delay.

(5) If you have any objections or opinions regarding personal information, please contact the personal information protection officer and person in charge by mail, phone, or email, and we will process your request immediately and inform you of the result. Please be especially careful not to leak your personal information to others while logged in.

Article 9 Installation/Operation and Refusal of Automatic Personal Information Collection Devices

The company uses 'cookies' to store and retrieve user information from time to time to provide specialized customized services. Cookies are small amounts of information sent by the server (HTTP) used to operate the website to the user's computer browser and may be stored on the user's PC hard disk.

(1) Purpose of using cookies: To identify the visit and usage patterns of each service and website of HOLD visited by users, popular search terms, security connection status, user scale, etc., and to provide optimized information to users.

(2) Installation/Operation and Refusal of Cookies:

  • A. Users have the option to install cookies. Therefore, users can allow all cookies, check each time a cookie is stored, or refuse to store all cookies by setting options in their web browser.
  • B. To refuse cookie settings, users can select options in their web browser to allow all cookies, check each time a cookie is stored, or refuse to store all cookies.
  • C. Example of setting method (for Internet Explorer): Tools at the top of the web browser > Internet Options > Privacy
  • D. However, if you refuse to store cookies, some services that require login may be difficult to use.

Article 10 Measures to Ensure the Security of Personal Information

(1) The company takes the following technical measures to ensure the security of personal information to prevent loss, theft, leakage, alteration, or damage.

  • – Users' personal information is protected by passwords, and important data is protected by separate security functions such as encryption or file locking.
  • – The company uses antivirus programs to prevent damage from computer viruses. Antivirus programs are updated regularly, and in the event of a sudden virus outbreak, the company provides the antivirus as soon as it is available to prevent personal information from being compromised.
  • – To prevent external intrusion such as hacking, each server uses intrusion prevention systems and vulnerability analysis systems to ensure security.

(2) Administrative Measures

  • – In addition to the above efforts, users must be careful not to expose passwords, etc., to third parties. In particular, always be careful not to leak your ID and password through PCs installed in public places. Your ID and password should only be used by yourself, and it is recommended to change your password regularly.
  • – The company limits access to users' personal information to the minimum number of personnel, including those who perform marketing directly with users, the personal information protection officer and person in charge, and those who inevitably handle personal information for business purposes. The company strictly restricts access to others and emphasizes compliance with this policy through regular training for staff. However, the company is not responsible for problems caused by the user's carelessness or internet issues resulting in the leakage of ID, password, resident registration number, etc.

Article 11 Outsourcing of Personal Information Processing

The company may outsource the processing of personal information to provide services.

(1) Outsourced Personal Information Processing Services

A. Identity Verification Service

  • - Outsourced task: Identity verification via mobile phone number
  • - Trustee: Danal, NICE Information Service Co., Ltd.
  • - Information provided: Mobile phone number, date of birth, name, mobile carrier, CI, DI

B. Messaging and Consultation Service

  • - Outsourced task: Sending KakaoTalk notification, SMS, LMS
  • - Trustee: Naver Cloud, Kakao Corp.
  • - Information provided: Mobile phone number

C. Payment Information

  • - Outsourced task: Payment service
  • - Trustee: NICE Payments Co., Ltd., NHN KCP
  • - Information provided: User information (user name, mobile phone number)

D. Delivery Information

  • - Outsourced task: Delivery service
  • - Trustee: CJ Logistics, Korea Post, Binary Bridge, Haemil Logistics
  • - Information provided: Delivery information (user name, mobile phone number)

(2) To provide stable services to users, the company outsources personal information to Amazon Web Services Inc., and personal information obtained from users is stored in databases held by Amazon Web Services Inc. Amazon Web Services Inc. only manages the physical server and cannot access personal information.

(3) The company may outsource the processing of users' personal information to external professional companies to improve services. In such cases, the company will notify users in advance and obtain their consent.

(4) When outsourcing the processing of users' personal information, the company will clearly stipulate in the outsourcing contract (including prohibition of processing personal information for purposes other than performing the outsourced task, technical and administrative protection measures, purpose and scope of the outsourced task, restriction on re-outsourcing, access restrictions, supervision of the management status of personal information held in connection with the outsourced task, and compensation for damages in case of violation of obligations by the trustee) the compliance with the company's privacy-related instructions, confidentiality of personal information, prohibition of provision to third parties, and liability in case of accidents, and will keep the contract in writing or electronically. In this case, the company will continuously disclose the contents of the outsourced task and the trustee on the service so that users can easily check them at any time.

(5) The company will educate and supervise trustees to ensure that users' personal information is not lost, stolen, leaked, altered, or damaged due to outsourcing.

Article 12 Collection of Opinions and Handling of Complaints Related to Personal Information

(1) The company collects users' opinions regarding personal information protection and has established all procedures and methods to handle complaints. Users can report complaints by phone or email by referring to the 'Personal Information Protection Officer and Person in Charge' section below, and the company will respond promptly to users' reports.

(2) Users may also file complaints with the following government agencies:

  • – Personal Information Infringement Report Center (www.1336.or.kr / 1336)
  • – ePrivacy Mark Certification Committee (www.eprivacy.or.kr / 02–580–0533)
  • – Supreme Prosecutors' Office Cyber Crime Investigation Division (www.spo.go.kr / 02–3480–2000)
  • – National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / 02–393–9112)

Article 13 Personal Information Protection Officer and Person in Charge

The company does its best to ensure that users can use good information safely. The personal information protection officer is responsible for any accidents that occur in violation of the matters notified to you regarding the protection of personal information. However, the company is not responsible for any damage to personal information caused by unexpected accidents due to basic network risks such as hacking, despite technical security measures, or for various disputes arising from posts written by visitors. The person in charge of handling your personal information is as follows and responds promptly and sincerely to inquiries regarding personal information. Personal Information Protection Officer

  • – Name: Sunjoong Kim
  • – Affiliation/Position: CVRN CLUB Co., Ltd. / Security Officer
  • – Phone: 010-4786-6747
  • – Email: help@cvrn.club

Article 14 Changes to the Privacy Policy

If the company changes the privacy policy, it will continuously disclose the changes, the effective date, and the details of the changes through the service so that users, as data subjects, can easily know them at any time. In this case, the changes before and after will be compared and disclosed.

  • Announcement date: 2023-08-22
  • Effective date: 2023-09-01