Privacy Policy
FILLMAN (hereinafter referred to as 'FILLMAN' or 'Company') collects, uses, and provides personal information based on user consent. FILLMAN provides this Privacy Policy in compliance with domestic laws and regulations, personal information protection regulations, and guidelines that personal information processors must comply with to protect users' rights.
1. Collection of Personal Information
FILLMAN operates as a membership-based service and collects the minimum necessary personal information through websites, application programs, etc., during membership registration or service use to provide services. The personal information collected from users to use FILLMAN services is as follows.
Personal Information Collected by Service
Service Category
Collected Items
Individual Membership Registration (Email)
[Required] Email Address/Password/Passport English Name
[Optional] Nationality/Gender/Date of Birth/Mobile Phone Number
Partnership/Hospital Entry Inquiry
[Required] Company Name/Contact Person Name/Mobile Phone Number/Email
Hospital Entry Contract (Hospital Member)
Applicant
[Required] Contact Person Name/Representative Name/Mobile Phone Number/Email/Address/Representative Number
Application Information
[Required] Hospital Name/Contact Person Name/Mobile Phone Number/Email/Administrator ID
When Using Content
Procedure Review (Sensitive Information)
[Required] Procedure Information/Post-Procedure Photo
[Optional] Pre-Procedure Photo
Post Suspension Request Service (Identity Verification Documents)
Individual
[Required] Name/Mobile Phone Number/Email/Masked ID Copy/Power of Attorney
Organization
[Required] Name/Mobile Phone Number/Email/Masked ID Copy/Organization Business Registration Copy/Power of Attorney
When Using Location-Based Services
Location Information
Methods of Collecting Personal Information
When collecting personal information, FILLMAN notifies users in advance and obtains consent. The collection methods are as follows.
- Collected when users consent to personal information collection and directly enter information during membership registration and service use.
- May be collected through webpages, email, fax, phone calls, etc., during consultation through CS.
- Personal information may be collected through events, seminars, etc., conducted online/offline.
- Generated information such as device information is automatically generated and collected during PC web, mobile web/app use.
Automatically Collected and Generated Information
Personal information automatically generated and collected from users during service use is as follows.
- Device information (OS, device ID, phone model, device model name), IP address, cookies, visit date/time, fraudulent use records, service use records, etc., during PC web, mobile web/app use
2. Use of Personal Information
FILLMAN uses personal information only for the following purposes: member management, service development, provision and improvement, and building a safe internet usage environment for FILLMAN and all related services (including mobile web/app).
- Member management such as member identification, membership intention confirmation, identity/age verification, user identification
- Handling inquiries or complaints, delivering notices
- Content transmission or fee settlement when using paid services
- Prevention and sanctions against acts that interfere with the smooth operation of services (including account theft and fraudulent use)
- Utilization in marketing such as customized content recommendations and events, advertisements through estimation of demographic characteristics and user interests, preferences, and tendencies
- New service development and service improvement, building service environment for privacy protection
- Statistics on service use records, access frequency, and service use
3. Provision and Consignment of Personal Information
Third-Party Provision of Personal Information
FILLMAN does not provide users' personal information to third parties except when users have separately consented or when required by law.
Consignment of Personal Information Processing
FILLMAN may consign some personal information processing tasks to external parties when necessary to provide services. FILLMAN manages and supervises whether consigned companies comply with personal information protection laws, including security measures and restrictions on re-consignment.
Personal Information Processing Consignment Status (Korea)
Consignee
Details of Consigned Work
Amazon Web Service
System provision and management
Apple
Check SNS subscription status and account information
Check SNS subscription status and account information
Personal Information Processing Consignment Status (Countries Other Than Korea)
Consignee
Purpose of Transfer
Service usage statistics and analysis
Entrusted Personal Information Items
Gender, region, sign-up date, in-app behavior logs
Entrustment Date and Method
Transfer via network at the time of service use
Company Location (Country)
USA (1600 Amphitheatre Parkway Mountain View, California 94043 USA)
Contact Information
google_da_kr@dagent.co.kr
Personal Information Usage Period
Matches the retention period specified in this personal information processing policy
- Users can refuse the transfer of personal information abroad through the company's personal information protection officer and responsible department.
- If a user refuses the transfer of personal information abroad, the company excludes that user's personal information from overseas transfer targets. In this case, the use of services that necessarily involve the transfer of personal information abroad may be restricted.
4. Destruction of Personal Information
When the purpose of collecting and using personal information is achieved, FILLMAN destroys the collected personal information without delay. The procedures and methods are as follows.
- When a reason for destruction occurs, such as achievement of the purpose of collection and use or member withdrawal, the destruction method is determined considering the form of personal information. For electronic file forms, they are safely deleted so that they cannot be recovered or reproduced, and for other records, printed materials, written documents, etc., they are destroyed by shredding or incineration.
Information Retained for a Certain Period and Then Destroyed According to Internal Policy
- Personal information retained for 30 days after member withdrawal and then destroyed
- Proxy surgery safety zone application information: Retained until withdrawal of safety zone application and then destroyed
- Hospital entry application information: Destroyed immediately after completion of entry application consultation
- Hospital entry contract information: Destroyed immediately upon termination of consignment contract
- Consultation application information: Retained for 1 year after consultation ends and then destroyed
- Abusing and fraudulent use records: Retained for 3 years and then destroyed
Personal Information Retention According to Related Laws
Retention Item
Legal Basis
Retention Period
Records related to contracts or withdrawal of offers
Act on Consumer Protection in Electronic Commerce, etc., National Tax Basic Act
5 years
Records related to payment and supply of goods, etc.
Same as above
5 years
Records related to consumer complaints or dispute resolution
Same as above
3 years
Records related to display/advertisement
Same as above
6 months
Ledgers and evidentiary documents related to all transactions stipulated by tax law
Same as above
5 years
Records related to electronic financial transactions
Electronic Financial Transactions Act
5 years
Service visit records
Protection of Communications Secrets Act
3 months
5. Rights of Users and Legal Representatives
Users or legal representatives can exercise their rights related to personal information protection against the company at any time. If users or legal representatives do not agree to the company's personal information processing, they can request withdrawal of consent or membership withdrawal. However, in this case, use of some or all services may be difficult.
- To view or modify personal information, use "Personal Information Change" (or 'Member Information Modification', etc.), and to withdraw membership, use the "Membership Withdrawal" function provided in the app.
- If a user requests correction of errors in personal information, the company will not use or provide the personal information until the correction is completed. Also, if incorrect personal information has already been provided to a third party, the company will notify the third party of the correction processing results without delay so that the correction can be made.
- The company processes personal information that has been terminated or deleted at the request of users or legal representatives in accordance with the personal information processing policy, and processes it so that it cannot be viewed or used for other purposes.
- If a user wishes to delete personal information, they can delete personal information through membership withdrawal.
6. Matters Concerning Automatic Collection Devices for Personal Information (Installation, Operation, and Rejection)
Cookies may be installed and operated to provide web-based services.
What are Cookies
Cookies are text files sent from a website to a user's browser when the user accesses the website, and are stored on the user's PC.
Purpose of Use
Cookies are used to store and retrieve user information to provide personalized and customized services. When visiting a website, cookies stored on the user's device are read to maintain the user's settings and provide customized services. Cookies do not automatically or actively collect information that identifies individuals, and users can refuse or delete such cookies at any time. However, if you refuse to store cookies, use of some services may be difficult.
Cookie Collection Rejection
Users have the right to choose whether to install cookies, and can allow or reject cookies through cookie settings in the web browser option 'Settings > Privacy > Cookies and other site data'. However, if you refuse to install cookies, web use may become inconvenient, and use of some services that require login may be difficult.
7. Matters Concerning Collection, Use, and Rejection of Behavioral Information
FILLMAN collects, uses, and processes behavioral information as follows.
Category
Content
Items of Behavioral Information Collected
User's in-service visit history, activity logs, and search history
Method of Collecting Behavioral Information
Installation and operation of cookies that store and frequently retrieve user information
Automatic collection and transmission of information generated when the user visits a web/app site through collection tools
Automatic collection and transmission of information generated when the user runs an app through collection tools
Purpose of Collecting Behavioral Information
Analysis of user behavioral information to be used as a basis for new service development, service improvements, etc.
Provision of customized advertisements and content based on estimated gender, age group, and interests derived from demographic characteristics
Retention Period for Behavioral Information
Stored for a maximum of 1 year, then completely destroyed in a way that cannot be recovered, or separately stored
Method of Exercising User Control
[Web Browser]
Choose whether to allow personalized ads
[App]
Android: Home>Settings>Google>Ads>Delete Ad ID
iOS: Home>Settings>Privacy>Tracking>Allow Apps to Request to Track (OFF)
Related Inquiries and Methods for Redress
Service department in charge: CS
Contact: all@k-doc.kr
8. Matters Concerning Measures to Ensure Security of Personal Information
The company implements the following technical and administrative measures to protect users' personal information.
Personal Information Encryption
Important information such as user passwords are encrypted and stored and managed, and personal information can only be confirmed and changed by the user themselves.
Measures Against Hacking, etc.
- The company operates an intrusion prevention system 24 hours a day to prevent leakage and damage of users' personal information due to hacking or malicious code, controlling unauthorized access from outside, and installs antivirus programs to prevent the system from being infected with malicious code or viruses.
- In addition, data is backed up regularly to prepare for damage to personal information, and encrypted communication is used to safely transmit personal information over the network.
- Furthermore, the company strives to equip the maximum technical methods for safer personal information processing.
Minimization and Education of Personal Information Processing Staff
The company manages staff who process personal information to a minimum, and separates external internet networks and internal networks for work PCs of staff who can download personal information from the personal information processing system to reduce the possibility of personal information leakage. In addition, the company recognizes the importance of personal information through regular education for personal information handlers and frequent education for all employees.
Operation of Dedicated Personnel for Personal Information Protection
The company operates dedicated personnel for personal information protection to protect personal information, and checks the implementation of the personal information processing policy and compliance of personal information processors, and strives to immediately correct and fix any problems found.
In addition to the above efforts, users themselves should be careful not to expose passwords, etc., to third parties. In particular, please always be careful not to leak passwords, etc., through PCs installed in public places. Users' IDs and passwords should only be used by the user themselves, and it is recommended to frequently change and manage passwords.
9. Processing of Personal Location Information
The company protects users' personal location information in compliance with the Act on the Protection and Use of Location Information. Detailed information on personal location information processing can be found in FILLMAN's Location-Based Service Terms of Use.
The company uses personal location information for the purpose of providing the following services to personal location information subjects, and destroys personal location information without delay when the purpose of using and providing location-based services under the K-DOC Location-Based Service Terms of Use is achieved.
- Information search results and content provision or recommendation services using location information
- Content tagging for location-based content classification
- Location-based customized advertisements
The company automatically records confirmation materials of location information use and provision for personal location information subjects in the location information system based on Article 16, Paragraph 2 of the Act on the Protection and Use of Location Information, and retains them for 6 months.
When it becomes necessary to destroy personal location information after achieving the processing purpose, the company destroys it using the following methods that cannot be recovered or reproduced.
- Personal information printed on paper: Shredded with a shredder or incinerated
- Personal information stored in electronic file format: Deleted using technical methods that cannot reuse the records
When the company provides personal location information to a third party designated by the user, it immediately notifies the user through the communication terminal device that collected the personal location information of the recipient, provision date and time, and provision purpose each time. However, in the following cases, notification is made through a communication terminal device or email address, online posting, etc., that the user has previously specified.
- When the communication terminal device that collected the personal location information does not have a function to receive text, voice, or video
- When the user has previously requested notification through a communication terminal device other than the communication terminal device that collected the user's personal location information, or through an email address, online posting, etc.
Rights, Obligations, and Methods of Exercise of Guardians of Children Aged 8 or Under, etc.
The company considers it as consent of the person concerned when a guardian (hereinafter referred to as "guardian") under Article 26, Paragraph 2 of the Act on the Protection and Use of Location Information for persons (hereinafter referred to as "children aged 8 or under, etc.") who fall under the following cases consents to the use or provision of personal location information for the protection of the life or body of children aged 8 or under, etc.
- Children aged 8 or under
- Persons under adult guardianship
- Persons with mental disabilities under Article 2, Paragraph 2, Item 2 of the Welfare of Persons with Disabilities Act who fall under persons with severe disabilities under Article 2, Item 2 of the Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities (only applicable to persons who have registered as persons with disabilities under Article 32 of the Welfare of Persons with Disabilities Act)
A guardian who wishes to consent to the use or provision of personal location information for the protection of the life or body of children aged 8 or under, etc., must submit to the company a written consent form with documents proving that they are a guardian attached.
A guardian who consents to the use or provision of personal location information of children aged 8 or under, etc., can exercise all rights of the personal location information subject.
Location Information Management Officer
The company designates a location information management officer to protect location information and handle complaints related to location information.
• Woo Jung Ho
• CEO
• all@k-doc.kr
10. Personal Information Protection Officer and Responsible Department
Users can inquire about all matters related to personal information inquiries and complaint handling that occur while using the company's services to the personal information management officer or responsible department. The company strives to provide prompt and sincere responses and processing to user inquiries.
Personal Information Management Officer
- Responsible Department: FILLMAN
- Personal Information Management Officer: Woo Jung Ho
- Personal Information Management Officer: Woo Jung Ho
- Email Address: all@k-doc.kr
If you need to report or consult on other personal information violations, please contact the following organizations.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Supreme Prosecutors' Office Cyber Investigation Division (www.spo.go.kr / 1301 without area code)
- National Police Agency Cyber Bureau (ecrm.police.go.kr / 182 without area code)
11. Notice Obligation Before Revision, etc.
- If there are changes to the personal information processing policy, the company will notify users at least 7 days before the effective date of the revised personal information processing policy through the homepage notice or email. However, if there are important changes to users' rights or obligations, notification will be made at least 30 days in advance.
- Even if the company notifies users of changes in accordance with Paragraph 1 and notifies that if no objection is expressed by the effective date of the change, it will be considered as consent, if the user does not explicitly express an objection, it is considered that the user has agreed to the changes.
- Notwithstanding Paragraph 2, if the company collects additional personal information from users or provides it to a third party, it will go through a separate consent procedure from the user themselves.
12. Revision History
This personal information processing policy takes effect from September 25, 2025.