Privacy Policy
1. Purpose of the Privacy Policy
Medit Corp. and its affiliates (hereinafter referred to as the “Company”) are committed to protecting your information and complying with the Personal Information Protection Act and other applicable data protection laws.
In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses a privacy policy to guide information subjects on the procedures and standards for processing personal information and to handle related complaints promptly and smoothly.
This Privacy Policy applies to information that you provide or we collect on, about, or from you through the Company’s websites (medit.com, support.medit.com, partner.medit.com, meditortho.com), subscription services, and software (Medit Link, colLab) during registration or usage.
2. Collection and Methods of Personal Information
The company collects the following personal information for membership registration, customer support, and service provision, including information generated during the use of the service.
The company will obtain your consent before use if personal information beyond the purposes of collection stated below is required. The Company does not sell or lease your personal information to the third parties.
The Company does not directly collect patients’ personal information. Instead, the Company may process personal information provided by clinics that use its services, where such clinics have obtained the patient’s consent, for the purpose of delivering specific services.
The patient information received is used solely within the scope of the specified purposes, such as the production of aligners, and will not be used for any other purposes.
The categories of personal information that may be provided to the Company include the patient’s name, date of birth, gender, intraoral scan data, and treatment plan files (e.g., STL files). All such information is processed securely in accordance with applicable contracts and personal data protection laws.
Personal Information Collected During Service Use
| Legal Basis | Category | Personal Information | Purpose | Retention Period |
| Article 15(1)(4) of the Personal Information Protection Act (Performance of Contract) | Medit Link Membership Management | Clinic (Laboratory) name, name, email address, password | Identity verification, confirmation of registration intent, prevention of fraud or unauthorized use | Until membership withdrawal |
| Medit Help Center (Customer Support) | Name, email address, password | Responding to user inquiries, customer support | Until membership withdrawal | |
| Partner Portal | Name, phone number, email address, shipping address, ID | Product delivery | Until membership withdrawal | |
| MEDIT M | Email address, password, chat history | Login authentication, mobile chat service | Until membership withdrawal | |
| Chat Consultation | Name, email address, country | Chatbot consultation services | Retained for 5 years after processing | |
| Aligner Manufacturing | Hospital name, name, address, phone number, patient name, patient gender, order data (STL file) | Manufacturing and delivery of aligners | Until membership withdrawal | |
| Article 15(1)(1) of the Personal Information Protection Act (Data Subject Consent) | Medit Link Profile Information Collection | Photo, phone number | Identity verification, confirmation of registration intent, prevention of fraud or unauthorized use | Until membership withdrawal |
| Medit Help Center (Profile Information Collection) | Photo, phone number | Responding to user inquiries, customer support | Until membership withdrawal | |
| Customs Clearance Processing | Personal customs clearance code | Product delivery | Until membership withdrawal | |
| Consultation and Remote Diagnosis | Phone number, TeamViewer ID | Consultation and remote support services | Retained for 5 years after processing | |
| Partner Services | Location information | Provision of personalized partner recommendations | Until membership withdrawal | |
| Aligner Manufacturing | Patient date of birth | Manufacturing and delivery of aligners | Until membership withdrawal |
* The above information includes not only the details provided at the time of registration but also any updated member information.
During service usage, the following data is collected:
| Collected Data | Purpose | Retention Period |
| IP Address, Web Browser Cookies, Device Information (Manufacturer, Model, OS Information, App Version, UUID, Advertising Identifier, etc.), Service Usage Records within the App | User Analysis and Service Improvement | Until Membership Withdrawal or as Required by Applicable Law |
The Company collects personal information through:
(1) Direct input by users during service use.
(2) Automatic generation through the device where the service is installed or used.
(3) Integration with other devices or applications.
(4) Clinic, Third-party dealers, partners, and information collection tools.
3. With Whom we may share your personal data
회사는 다음의 경우를 제외하고는 회원의 개인정보를 제3자에 제공하지 않습니다:
- 요청을 이행하기 위해 필요한 경우(예: 구매 요청 후 현지 리셀러와 정보 공유).
- 데이터 주체로부터 별도의 동의를 받은 경우
- 통계 또는 학술 연구 목적으로 익명화된 정보를 제공하는 경우.
- 조약 의무 또는 기타 국제 협정을 이행하기 위해 외국 정부 또는 국제기구에 정보를 제공해야 하는 경우.
- 범죄 수사, 사법 절차, 선고, 구금 또는 보호 조치의 집행을 위해 필요한 경우.
- 기타 법령에 따라 회원의 정보 제공이 허용되는 경우
The Company entrusts certain tasks to external service providers and ensures secure processing through agreements and oversight. The entrusted processing terminates upon membership withdrawal or contract termination.
The Company may also entrust certain service providers with the processing of patients’ personal information provided by Clinics (e.g., name, date of birth, gender, intraoral scan data, treatment plan files such as STL files) in order to deliver the services requested by the Clinics, such as aligner fabrication.
Such delegation of processing is carried out strictly within the scope of the specified purposes, and the entrusted service providers are contractually prohibited from processing the information for any purposes other than those originally intended.
Entrusted Third-Party Service Providers
| Service Provider | Entrusted Task |
| Hubspot | Email Delivery System Development, Operation, and Maintenance |
| Amazon | Infrastructure Management for Web Services |
| Zendesk | Customer Inquiry System Development, Operation, and Maintenance |
| Stripe | International Payment Processing |
| Agora | Mobile App Chat Service Development, Operation, and Maintenance |
| Twilio | Email Delivery System Development, Operation, and Maintenance |
| K Line Europe Gmbh | Aligner fabrication and delivery |
4. Data Retention and Disposal
The Company retains personal information only for the period necessary to fulfill the purpose of collection or as required by law. When the retention period expires, personal data is deleted promptly. If a user has not used the service for two years, their personal information is either archived separately or deleted.
Under Electronic Commerce Act, Electronic Financial Transactions Act, and Protection of Communications Secrets Act, certain data is retained as follows:
| Legal Basis | Retained Data | Retention Period |
| Act on the Consumer Protection in Electronic Commerce | Contract and Withdrawal Records | 5 Years |
| Payment and Supply of Goods Records | 5 Years | |
| Consumer Complaints or Dispute Records | 3 Years | |
| Advertisement and Display Records | 6 Months | |
| Protection of Communications Secrets Act | Communication Confirmation Data | 3 Months |
| Electronic Financial Transactions Act | Electronic Financial Transaction and Fraud Records | 5 Years |
If the Company retains personal data in accordance with legal requirements, such data will be transferred to a separate database and used solely for retention purposes unless otherwise mandated by law. The retained data will be permanently deleted within the specified period.
Personal data in electronic format will be irreversibly deleted using a method that prevents recovery. Non-electronic records, including printed documents, written materials, or other recorded media, will be shredded or incinerated.
5. Data Subject Rights
Your Data Protection Rights
- You have the right to request access, correction, transfer, restriction of processing, or deletion of your personal data. However, the Company may defer your request if there are special legal provisions, if compliance is necessary to fulfill legal obligations, if there is a risk of harming others, or if granting the request would unfairly infringe on the property or interests of others. Additionally, if you have not expressed an intention to terminate the contract despite the inability to provide the agreed-upon services, the Company may defer your request.
- You have the right to object to the processing of your personal data and may request restrictions on processing or data portability.
- If the Company collects and processes your personal data based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal and does not impact the processing of your personal data that is conducted based on lawful grounds other than consent.
To exercise these rights, you may send an email to privacy@medit.com to request information changes, corrections, or notifications. We will respond to your request as soon as possible.
6. Security of Personal Information
The Company takes administrative, technical, and physical measures to protect the personal information collected and prevent unauthorized access, use, or disclosure by third parties. The Company has established and implements an internal management plan for data protection. The personal information you provide is safeguarded against unauthorized access, use, or disclosure and is securely stored on our servers.
Additional technical measures include managing access permissions to personal information processing systems, installing access control systems, encrypting unique identification information, deploying security programs, maintaining access logs, and implementing encryption. Access to facilities handling personal information, such as computer rooms and data storage rooms, is strictly controlled.
7. International Data Transfers
Your personal information may be transferred to jurisdictions outside of your country of residence to facilitate the Company’s global operations. In such cases, this Privacy Policy shall continue to apply. The Company will obtain your consent for international data transfers and take appropriate protective measures to ensure the security of your personal information.
| Legal Basis | Personal Information Transferred | Destination Country | Time and Method of Transfer | Recipient | Purpose of Use | Retention and Use Period |
| Article 28-8(1)(3) of the Personal Information Protection Act (Outsourcing/Storage for Contract Performance) | Personal information categories listed in the Privacy Policy | United States | Transmitted via network upon service use | HubSpot (privacy@hubspot.com) | Email delivery | Retained until membership withdrawal or termination of service |
| Personal information categories listed in the Privacy Policy | United States, Europe | Processed for service provision | Amazon (aws-korea-privacy@amazon.com) | System operation and data storage | Retained until membership withdrawal or termination of service | |
| Name, email address, country | Japan | Transmitted via network upon service use | Zendesk (privacy@zendesk.com) | Customer inquiry management | Retained until membership withdrawal or termination of service | |
| Payment card information | United States | Transmitted via network upon service use | Stripe (privacy@stripe.com) | International credit card payment processing | Retained for 5 years, then deleted | |
| Personal information categories listed in the Privacy Policy | United States | Transmitted via network upon service use | Agora (privacy@agora.io) | Chat service | Retained for 180 days, then deleted | |
| Cookies, IP address, access logs | United States | Transmitted via network upon service use | Google (googlekrsupport@google.com) | Website usage analysis via Google Analytics | Retained until membership withdrawal or termination of service | |
| Name, email address | United States | Transmitted via network upon service use | Twilio (privacy@twilio.com) | Email transmission | Retained until membership withdrawal or termination of service | |
| Patient name, gender, date of birth, STL file collected during service provision | Germany | Transmitted via network upon service use | K Line Europe GmbH (info@clearxaligners.com) | Manufacturing and delivery of aligners | Retained for 10 years |
8. Cookie Policy
The Company’s Cookie Policy outlines the definition of cookies, how they are used, how third parties affiliated with the Company utilize cookies, your choices regarding cookies, and additional relevant information.
– What Are Cookies?
- A “cookie” is a small data file sent from an HTTP server to a user’s browser.
- Cookies are stored on a user’s computer hard drive, allowing the Company or third parties to recognize the user and facilitate future visits, enhancing the browsing experience. While cookies can identify a user’s device, they do not personally identify individuals.
- Cookies may be classified as either “persistent cookies” or “session cookies.”
– How the Company Uses Cookies
- When you access and use our services, the Company may store multiple cookies in your web browser.
- The Company uses cookies for the following purposes:
- Providing analytical insights
- Storing user preferences
- Delivering personalized advertisements based on user preferences
- The Company employs both persistent and session cookies for service operation.
- Essential Cookies: The Company uses essential cookies to authenticate users and protect user accounts from fraud.
– Third-Party Cookies
In addition to its own cookies, the Company uses various third-party cookies to generate usage statistics and deliver advertisements.
– Your Choices Regarding Cookies
- You have the right to accept or decline cookies. To delete cookies or configure your browser to refuse them, refer to your browser’s help page. Options include displaying a message whenever a cookie is stored, accepting all cookies as the default setting, or rejecting cookies entirely.
- Please note that deleting or disabling cookies may impact the functionality of certain services, prevent storage of user preferences, or cause some pages to display incorrectly.
– For more information about cookies, please visit:
- All About Cookies: http://www.allaboutcookies.org/
– How to Disable Cookies in Your Browser
- Microsoft Edge: Click the three-dot icon in the upper-right corner > Settings > Privacy, search, and services > Clear browsing data > Choose what to clear > Clear now
- Google Chrome: Click the three-dot icon in the upper-right corner > Settings > Privacy and security > Clear browsing data
- Safari: Go to Settings > Safari > Clear History and Website Data
- Mozilla Firefox: Click the three-line menu in the upper-right corner > Settings > Privacy & Security > Cookies and Site Data > Clear Data > Select “Cookies and Site Data” & “Cached Web Content” > Clear
9. Contact Information
The Company has designated the Chief Privacy Officer to safeguard your personal information and address any privacy-related complaints. You may report any concerns regarding the protection of your personal data arising from your use of the Company’s services to the designated CPO. The CPO will promptly and thoroughly respond to your inquiries.
For privacy concerns, contact:
- Name: Ki Young Hwang
- Department: Research Center 2
- Position: CPO
- Email: privacy@medit.com
기타 개인정보 침해에 대한 신고나 상담이 필요하신 경우에는 아래 기관에 문의하시기 바랍니다.
개인정보침해신고센터: privacy.kisa.or.kr / 전화번호. 118
대검찰청: spo.go.kr / 전화 번호. 1301
경찰청: ecrm.police.go.kr / 전화 번호. 182