Privacy Policy
Last Updated
Last Updated
May 01, 2025
May 01, 2025
This Privacy Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites on which this Policy is posted. In addition the Policy also explains the information which is provided or collected in the course of using the applications of the Company which exist in the websites or platforms of other company.
1. Information to be collected and method of collection
Personal information items to be collected Personal information items to be collected by the Company are as follows:
Healthcare professional: Name, gender, country, contact information (mobile or landline phone number, email), name of institution (hospital), title/position, address, photograph, account number of financial institutions such as banks and securities companies (including depositor and name of financial institution), and other information submitted or provided by the healthcare professional.
Patients: Name, age, gender, date of birth, address and telephone number, body-related information, medical history, health information such as medications, health information confirmed through medical examinations and tests conducted in the course of business such as clinical trials or adverse event investigations (height, weight, race, smoking status, fertility, health status, etc.), family information (personal information of limited family members), and other information required in connection with various businesses and programs conducted by the Company.
Business Partners: Name, contact information (mobile or landline phone number, email, fax number), social security number, details of expenses incurred in providing services, and account numbers of financial institutions such as banks and securities companies (including the name of the depositor and financial institution) of contracting parties such as wholesalers and marketing agencies.
2. Collection and Purpose of Use of Personal Information
The company processes the personal information of data subjects for the following purposes:
Medical and Pharmaceutical Research Activities: Analysis of data collected through clinical trials, post-market investigations, and other pharmaceutical and medical science research activities.
Marketing and Dissemination of Medical Information: Dissemination of pharmaceutical-related information in accordance with the Pharmaceutical Affairs Act, Fair Competition Agreement on Pharmaceutical Transactions by the Korea Pharmaceutical and Bio-Pharma Manufacturers Association, marketing activities, advertising information dissemination, and promotional activities for pharmaceutical products.
Execution of Service Contracts: Verification of the identity of the contracting party, determination of contract conclusion, payment of service fees such as lecture fees and consulting fees, communication within the scope necessary for the performance of the contract, handling of disputes and complaints related to the contract, preparation and retention of evidence for the conclusion and performance of contracts.
Legal and Administrative Obligations of the Company: Reporting of side effects and adverse drug reactions in accordance with relevant laws such as the Pharmaceutical Affairs Act, submission of required documents, application for review of clinical trial plans (plan changes) under the Pharmaceutical Affairs Act, registration, implementation status, and results reporting for clinical trials, compliance with obligations to report, prepare, retain, and submit expenditure reports related to the provision of economic benefits under the Pharmaceutical Affairs Act, filing and payment of various taxes such as corporate tax and value-added tax, issuance and provision of receipts and tax invoices, and compliance with legal and administrative obligations imposed on the company.
Responding to Customer Inquiries.
Execution of Various Programs for Patients and Others.
3. Retention and Use Period of Personal Information
The company promptly destroys personal information when the purpose of collection and use is achieved or when the agreed-upon retention and use period with the data subject expires. However, if there is a need to retain information under relevant laws, the company will retain the information for the period specified by such laws.
4. Destruction Procedure and Method
Destruction Procedure: Personal information is transferred to a separate database (or filed separately for paper documents) after the purpose is achieved and is stored for a certain period in accordance with the company's internal policy and other relevant laws before being destroyed.
Destruction Method: Personal information stored electronically is permanently deleted using technically irreversible methods. Personal information on paper is shredded or incinerated to ensure it cannot be reconstructed or reproduced.
5. Provision of Personal Information to Third Parties
Except where permitted by the Personal Information Protection Act, the company does not provide the personal information of data subjects to third parties without the consent of the data subjects or as required by relevant laws. The current status of the company providing personal information to third parties is as follows:
Recipient (Contact Information)
Country of material
Purpose of use of personal information of the recipient
Items of personal information provided
Retention and use period of personal information of the recipient
National Tax Service (126)
Republic of Korea
Reporting and payment of various taxes such as income tax, and the implementation of year-end tax settlement according to the Income Tax Act.
[Partner] The name and resident registration number of the person (or their representative) who has a business relationship with the company.
Until the recipient achieves the purpose of use.
Ministry of Food and Drug Safety (1577-1255)
Korea Drug Safety Management System (1644-5223)
Health Insurance Review and Assessment Service (1644-2000)
National Health Insurance Service (1577-1000)
Other Relevant Public Institutions
Republic of Korea
Application for review of clinical trial protocol (protocol amendment) according to the Pharmaceutical Affairs Act and related laws, confirmation of first patient registration in clinical trials, verification of clinical trial implementation circumstances, confirmation of adverse drug reactions, review of clinical trial results, collection and analysis of adverse events, and tasks related to re-examination.
[Healthcare Professional] Name, Position/Title, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Race, Smoking Status, Pregnancy Potential, Health Status, etc. Health Information
Same as above
The ethics committee of each hospital
Clinical Trial Review Committee
Republic of Korea
Compliance with various reporting obligations related to clinical trials and research
[Healthcare Professional] Name, Title/Position, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Ethnicity, Smoking Status, Pregnancy Potential, Health Status, and Other Health Information
Same as above
Ministry of Health and Welfare
Republic of Korea
Tasks related to the expenditure report on the provision of economic benefits, etc., under the Pharmaceutical Affairs Act.
[Healthcare Professional] Name, Affiliation, Amount of Support
Same as above
Korea Pharmaceutical and Bio-Pharma Association (02-6301-2101)
Republic of Korea
Status of compliance with the quarterly reporting obligations based on the Fair Competition Code for Pharmaceuticals and Bioindustry of the Korea Pharmaceutical and Bio-Pharma Manufacturers Association and verification of adherence to the maximum limits for lectures/advisory fees under the Fair Competition Code.
[Healthcare professionals] Name, affiliation, payment amount, lecture/advisory location, lecture/advisory topic
Same as above
6. Outsourcing of Personal Information Processing Tasks
The company may entrust the processing of personal information of data subjects to specialized agencies for the smooth execution of various business tasks. When outsourcing personal information processing tasks, the company complies with the provisions of relevant laws, including the Personal Information Protection Act. The company specifies in contracts or documents the prohibition of processing personal information for purposes other than the task's performance, technical and managerial protective measures for personal information, the purpose and scope of the outsourcing task, restrictions on re-outsourcing, and the management and supervision of the entrusted party. The company also monitors whether the entrusted party securely processes personal information.
7. Rights of Data Subjects and Legal Representatives and How to Exercise Them
Data subjects and legal representatives (those who, without delegated authority, have legal rights under the law, such as guardians of minors) can request the company at any time to access, correct, delete, or stop processing their personal information in accordance with the relevant laws, including the Personal Information Protection Act. They can contact the personal information protection and complaint-handling department in writing or by phone, and the company will take prompt action. However, the exercise of rights may be limited if there are legal obligations.
8. Security Measures for Personal Information
In handling the personal information of data subjects, the company establishes internal guidelines for access, use, storage, and disposal of personal information in accordance with Article 29 of the Personal Information Protection Act, aiming to prevent loss, theft, leakage, alteration, or damage to personal information. The company complies with safety measures required by law, including:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training on personal information protection, etc.
Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, safety measures for disaster preparedness, etc.
Physical Measures: Access control to places storing personal information, such as server rooms and data storage rooms.
9. Department Responsible for Personal Information Protection and Handling Complaints
The company has established a department to handle personal information protection tasks and related complaints to protect the personal information of data subjects. Data subjects can report any complaints related to personal information protection to the following department:
Personal Information Protection and Complaint Handling Department
Responsible Department: Management Support Team
Phone Number: 031-278-7064
Email: privacy@imnewrun.com
10. Remedies for Violation of Rights
Data subjects can seek remedies for personal information breaches by applying for dispute resolution or consultation with organizations such as the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Protection Center, etc. For reporting or consultation on other privacy breaches, please contact the following institutions:
Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
Korea Internet & Security Agency Personal Information Protection Center (www.eprivacy.or.kr / 02-580-0533~4)
Cyber Crime Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301)
Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182)
11. Changes to Privacy Policy
The company's privacy policy may change in accordance with relevant laws, guidelines, and internal operating policies. In case of changes to the privacy policy, the company will inform data subjects in accordance with the provisions of the Personal Information Protection Act and other relevant laws.
This Privacy Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites on which this Policy is posted. In addition the Policy also explains the information which is provided or collected in the course of using the applications of the Company which exist in the websites or platforms of other company.
1. Information to be collected and method of collection
Personal information items to be collected Personal information items to be collected by the Company are as follows:
Healthcare professional: Name, gender, country, contact information (mobile or landline phone number, email), name of institution (hospital), title/position, address, photograph, account number of financial institutions such as banks and securities companies (including depositor and name of financial institution), and other information submitted or provided by the healthcare professional.
Patients: Name, age, gender, date of birth, address and telephone number, body-related information, medical history, health information such as medications, health information confirmed through medical examinations and tests conducted in the course of business such as clinical trials or adverse event investigations (height, weight, race, smoking status, fertility, health status, etc.), family information (personal information of limited family members), and other information required in connection with various businesses and programs conducted by the Company.
Business Partners: Name, contact information (mobile or landline phone number, email, fax number), social security number, details of expenses incurred in providing services, and account numbers of financial institutions such as banks and securities companies (including the name of the depositor and financial institution) of contracting parties such as wholesalers and marketing agencies.
2. Collection and Purpose of Use of Personal Information
The company processes the personal information of data subjects for the following purposes:
Medical and Pharmaceutical Research Activities: Analysis of data collected through clinical trials, post-market investigations, and other pharmaceutical and medical science research activities.
Marketing and Dissemination of Medical Information: Dissemination of pharmaceutical-related information in accordance with the Pharmaceutical Affairs Act, Fair Competition Agreement on Pharmaceutical Transactions by the Korea Pharmaceutical and Bio-Pharma Manufacturers Association, marketing activities, advertising information dissemination, and promotional activities for pharmaceutical products.
Execution of Service Contracts: Verification of the identity of the contracting party, determination of contract conclusion, payment of service fees such as lecture fees and consulting fees, communication within the scope necessary for the performance of the contract, handling of disputes and complaints related to the contract, preparation and retention of evidence for the conclusion and performance of contracts.
Legal and Administrative Obligations of the Company: Reporting of side effects and adverse drug reactions in accordance with relevant laws such as the Pharmaceutical Affairs Act, submission of required documents, application for review of clinical trial plans (plan changes) under the Pharmaceutical Affairs Act, registration, implementation status, and results reporting for clinical trials, compliance with obligations to report, prepare, retain, and submit expenditure reports related to the provision of economic benefits under the Pharmaceutical Affairs Act, filing and payment of various taxes such as corporate tax and value-added tax, issuance and provision of receipts and tax invoices, and compliance with legal and administrative obligations imposed on the company.
Responding to Customer Inquiries.
Execution of Various Programs for Patients and Others.
3. Retention and Use Period of Personal Information
The company promptly destroys personal information when the purpose of collection and use is achieved or when the agreed-upon retention and use period with the data subject expires. However, if there is a need to retain information under relevant laws, the company will retain the information for the period specified by such laws.
4. Destruction Procedure and Method
Destruction Procedure: Personal information is transferred to a separate database (or filed separately for paper documents) after the purpose is achieved and is stored for a certain period in accordance with the company's internal policy and other relevant laws before being destroyed.
Destruction Method: Personal information stored electronically is permanently deleted using technically irreversible methods. Personal information on paper is shredded or incinerated to ensure it cannot be reconstructed or reproduced.
5. Provision of Personal Information to Third Parties
Except where permitted by the Personal Information Protection Act, the company does not provide the personal information of data subjects to third parties without the consent of the data subjects or as required by relevant laws. The current status of the company providing personal information to third parties is as follows:
Recipient (Contact Information)
Country of material
Purpose of use of personal information of the recipient
Items of personal information provided
Retention and use period of personal information of the recipient
National Tax Service (126)
Republic of Korea
Reporting and payment of various taxes such as income tax, and the implementation of year-end tax settlement according to the Income Tax Act.
[Partner] The name and resident registration number of the person (or their representative) who has a business relationship with the company.
Until the recipient achieves the purpose of use.
Ministry of Food and Drug Safety (1577-1255)
Korea Drug Safety Management System (1644-5223)
Health Insurance Review and Assessment Service (1644-2000)
National Health Insurance Service (1577-1000)
Other Relevant Public Institutions
Republic of Korea
Application for review of clinical trial protocol (protocol amendment) according to the Pharmaceutical Affairs Act and related laws, confirmation of first patient registration in clinical trials, verification of clinical trial implementation circumstances, confirmation of adverse drug reactions, review of clinical trial results, collection and analysis of adverse events, and tasks related to re-examination.
[Healthcare Professional] Name, Position/Title, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Race, Smoking Status, Pregnancy Potential, Health Status, etc. Health Information
Same as above
The ethics committee of each hospital
Clinical Trial Review Committee
Republic of Korea
Compliance with various reporting obligations related to clinical trials and research
[Healthcare Professional] Name, Title/Position, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Ethnicity, Smoking Status, Pregnancy Potential, Health Status, and Other Health Information
Same as above
Ministry of Health and Welfare
Republic of Korea
Tasks related to the expenditure report on the provision of economic benefits, etc., under the Pharmaceutical Affairs Act.
[Healthcare Professional] Name, Affiliation, Amount of Support
Same as above
Korea Pharmaceutical and Bio-Pharma Association (02-6301-2101)
Republic of Korea
Status of compliance with the quarterly reporting obligations based on the Fair Competition Code for Pharmaceuticals and Bioindustry of the Korea Pharmaceutical and Bio-Pharma Manufacturers Association and verification of adherence to the maximum limits for lectures/advisory fees under the Fair Competition Code.
[Healthcare professionals] Name, affiliation, payment amount, lecture/advisory location, lecture/advisory topic
Same as above
6. Outsourcing of Personal Information Processing Tasks
The company may entrust the processing of personal information of data subjects to specialized agencies for the smooth execution of various business tasks. When outsourcing personal information processing tasks, the company complies with the provisions of relevant laws, including the Personal Information Protection Act. The company specifies in contracts or documents the prohibition of processing personal information for purposes other than the task's performance, technical and managerial protective measures for personal information, the purpose and scope of the outsourcing task, restrictions on re-outsourcing, and the management and supervision of the entrusted party. The company also monitors whether the entrusted party securely processes personal information.
7. Rights of Data Subjects and Legal Representatives and How to Exercise Them
Data subjects and legal representatives (those who, without delegated authority, have legal rights under the law, such as guardians of minors) can request the company at any time to access, correct, delete, or stop processing their personal information in accordance with the relevant laws, including the Personal Information Protection Act. They can contact the personal information protection and complaint-handling department in writing or by phone, and the company will take prompt action. However, the exercise of rights may be limited if there are legal obligations.
8. Security Measures for Personal Information
In handling the personal information of data subjects, the company establishes internal guidelines for access, use, storage, and disposal of personal information in accordance with Article 29 of the Personal Information Protection Act, aiming to prevent loss, theft, leakage, alteration, or damage to personal information. The company complies with safety measures required by law, including:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training on personal information protection, etc.
Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, safety measures for disaster preparedness, etc.
Physical Measures: Access control to places storing personal information, such as server rooms and data storage rooms.
9. Department Responsible for Personal Information Protection and Handling Complaints
The company has established a department to handle personal information protection tasks and related complaints to protect the personal information of data subjects. Data subjects can report any complaints related to personal information protection to the following department:
Personal Information Protection and Complaint Handling Department
Responsible Department: Management Support Team
Phone Number: 031-278-7064
Email: privacy@imnewrun.com
10. Remedies for Violation of Rights
Data subjects can seek remedies for personal information breaches by applying for dispute resolution or consultation with organizations such as the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Protection Center, etc. For reporting or consultation on other privacy breaches, please contact the following institutions:
Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
Korea Internet & Security Agency Personal Information Protection Center (www.eprivacy.or.kr / 02-580-0533~4)
Cyber Crime Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301)
Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182)
11. Changes to Privacy Policy
The company's privacy policy may change in accordance with relevant laws, guidelines, and internal operating policies. In case of changes to the privacy policy, the company will inform data subjects in accordance with the provisions of the Personal Information Protection Act and other relevant laws.
This Privacy Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites on which this Policy is posted. In addition the Policy also explains the information which is provided or collected in the course of using the applications of the Company which exist in the websites or platforms of other company.
1. Information to be collected and method of collection
Personal information items to be collected Personal information items to be collected by the Company are as follows:
Healthcare professional: Name, gender, country, contact information (mobile or landline phone number, email), name of institution (hospital), title/position, address, photograph, account number of financial institutions such as banks and securities companies (including depositor and name of financial institution), and other information submitted or provided by the healthcare professional.
Patients: Name, age, gender, date of birth, address and telephone number, body-related information, medical history, health information such as medications, health information confirmed through medical examinations and tests conducted in the course of business such as clinical trials or adverse event investigations (height, weight, race, smoking status, fertility, health status, etc.), family information (personal information of limited family members), and other information required in connection with various businesses and programs conducted by the Company.
Business Partners: Name, contact information (mobile or landline phone number, email, fax number), social security number, details of expenses incurred in providing services, and account numbers of financial institutions such as banks and securities companies (including the name of the depositor and financial institution) of contracting parties such as wholesalers and marketing agencies.
2. Collection and Purpose of Use of Personal Information
The company processes the personal information of data subjects for the following purposes:
Medical and Pharmaceutical Research Activities: Analysis of data collected through clinical trials, post-market investigations, and other pharmaceutical and medical science research activities.
Marketing and Dissemination of Medical Information: Dissemination of pharmaceutical-related information in accordance with the Pharmaceutical Affairs Act, Fair Competition Agreement on Pharmaceutical Transactions by the Korea Pharmaceutical and Bio-Pharma Manufacturers Association, marketing activities, advertising information dissemination, and promotional activities for pharmaceutical products.
Execution of Service Contracts: Verification of the identity of the contracting party, determination of contract conclusion, payment of service fees such as lecture fees and consulting fees, communication within the scope necessary for the performance of the contract, handling of disputes and complaints related to the contract, preparation and retention of evidence for the conclusion and performance of contracts.
Legal and Administrative Obligations of the Company: Reporting of side effects and adverse drug reactions in accordance with relevant laws such as the Pharmaceutical Affairs Act, submission of required documents, application for review of clinical trial plans (plan changes) under the Pharmaceutical Affairs Act, registration, implementation status, and results reporting for clinical trials, compliance with obligations to report, prepare, retain, and submit expenditure reports related to the provision of economic benefits under the Pharmaceutical Affairs Act, filing and payment of various taxes such as corporate tax and value-added tax, issuance and provision of receipts and tax invoices, and compliance with legal and administrative obligations imposed on the company.
Responding to Customer Inquiries.
Execution of Various Programs for Patients and Others.
3. Retention and Use Period of Personal Information
The company promptly destroys personal information when the purpose of collection and use is achieved or when the agreed-upon retention and use period with the data subject expires. However, if there is a need to retain information under relevant laws, the company will retain the information for the period specified by such laws.
4. Destruction Procedure and Method
Destruction Procedure: Personal information is transferred to a separate database (or filed separately for paper documents) after the purpose is achieved and is stored for a certain period in accordance with the company's internal policy and other relevant laws before being destroyed.
Destruction Method: Personal information stored electronically is permanently deleted using technically irreversible methods. Personal information on paper is shredded or incinerated to ensure it cannot be reconstructed or reproduced.
5. Provision of Personal Information to Third Parties
Except where permitted by the Personal Information Protection Act, the company does not provide the personal information of data subjects to third parties without the consent of the data subjects or as required by relevant laws. The current status of the company providing personal information to third parties is as follows:
Recipient (Contact Information)
Country of material
Purpose of use of personal information of the recipient
Items of personal information provided
Retention and use period of personal information of the recipient
National Tax Service (126)
Republic of Korea
Reporting and payment of various taxes such as income tax, and the implementation of year-end tax settlement according to the Income Tax Act.
[Partner] The name and resident registration number of the person (or their representative) who has a business relationship with the company.
Until the recipient achieves the purpose of use.
Ministry of Food and Drug Safety (1577-1255)
Korea Drug Safety Management System (1644-5223)
Health Insurance Review and Assessment Service (1644-2000)
National Health Insurance Service (1577-1000)
Other Relevant Public Institutions
Republic of Korea
Application for review of clinical trial protocol (protocol amendment) according to the Pharmaceutical Affairs Act and related laws, confirmation of first patient registration in clinical trials, verification of clinical trial implementation circumstances, confirmation of adverse drug reactions, review of clinical trial results, collection and analysis of adverse events, and tasks related to re-examination.
[Healthcare Professional] Name, Position/Title, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Race, Smoking Status, Pregnancy Potential, Health Status, etc. Health Information
Same as above
The ethics committee of each hospital
Clinical Trial Review Committee
Republic of Korea
Compliance with various reporting obligations related to clinical trials and research
[Healthcare Professional] Name, Title/Position, Contact Information, Affiliated Institution (Hospital) Name and Address
[Patient] Name, Date of Birth, Height, Gender, Weight, Ethnicity, Smoking Status, Pregnancy Potential, Health Status, and Other Health Information
Same as above
Ministry of Health and Welfare
Republic of Korea
Tasks related to the expenditure report on the provision of economic benefits, etc., under the Pharmaceutical Affairs Act.
[Healthcare Professional] Name, Affiliation, Amount of Support
Same as above
Korea Pharmaceutical and Bio-Pharma Association (02-6301-2101)
Republic of Korea
Status of compliance with the quarterly reporting obligations based on the Fair Competition Code for Pharmaceuticals and Bioindustry of the Korea Pharmaceutical and Bio-Pharma Manufacturers Association and verification of adherence to the maximum limits for lectures/advisory fees under the Fair Competition Code.
[Healthcare professionals] Name, affiliation, payment amount, lecture/advisory location, lecture/advisory topic
Same as above
6. Outsourcing of Personal Information Processing Tasks
The company may entrust the processing of personal information of data subjects to specialized agencies for the smooth execution of various business tasks. When outsourcing personal information processing tasks, the company complies with the provisions of relevant laws, including the Personal Information Protection Act. The company specifies in contracts or documents the prohibition of processing personal information for purposes other than the task's performance, technical and managerial protective measures for personal information, the purpose and scope of the outsourcing task, restrictions on re-outsourcing, and the management and supervision of the entrusted party. The company also monitors whether the entrusted party securely processes personal information.
7. Rights of Data Subjects and Legal Representatives and How to Exercise Them
Data subjects and legal representatives (those who, without delegated authority, have legal rights under the law, such as guardians of minors) can request the company at any time to access, correct, delete, or stop processing their personal information in accordance with the relevant laws, including the Personal Information Protection Act. They can contact the personal information protection and complaint-handling department in writing or by phone, and the company will take prompt action. However, the exercise of rights may be limited if there are legal obligations.
8. Security Measures for Personal Information
In handling the personal information of data subjects, the company establishes internal guidelines for access, use, storage, and disposal of personal information in accordance with Article 29 of the Personal Information Protection Act, aiming to prevent loss, theft, leakage, alteration, or damage to personal information. The company complies with safety measures required by law, including:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training on personal information protection, etc.
Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, safety measures for disaster preparedness, etc.
Physical Measures: Access control to places storing personal information, such as server rooms and data storage rooms.
9. Department Responsible for Personal Information Protection and Handling Complaints
The company has established a department to handle personal information protection tasks and related complaints to protect the personal information of data subjects. Data subjects can report any complaints related to personal information protection to the following department:
Personal Information Protection and Complaint Handling Department
Responsible Department: Management Support Team
Phone Number: 031-278-7064
Email: privacy@imnewrun.com
10. Remedies for Violation of Rights
Data subjects can seek remedies for personal information breaches by applying for dispute resolution or consultation with organizations such as the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Protection Center, etc. For reporting or consultation on other privacy breaches, please contact the following institutions:
Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
Korea Internet & Security Agency Personal Information Protection Center (www.eprivacy.or.kr / 02-580-0533~4)
Cyber Crime Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301)
Cyber Safety Bureau, National Police Agency (cyberbureau.police.go.kr / 182)
11. Changes to Privacy Policy
The company's privacy policy may change in accordance with relevant laws, guidelines, and internal operating policies. In case of changes to the privacy policy, the company will inform data subjects in accordance with the provisions of the Personal Information Protection Act and other relevant laws.