MediAccess (hereinafter "MediAccess") is committed to the lawful and secure processing of personal information in compliance with relevant laws including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and related regulations.
This Privacy Policy explains the purposes and methods of personal information collection, use, and protection pursuant to Article 30 of the Personal Information Protection Act. It governs the processing of personal data within the scope of services offered by MediAccess.
MediAccess may update this Privacy Policy to reflect changes in laws, internal policies, or service enhancements. Users are encouraged to review this policy periodically. Major changes will be communicated via the MediAccess website.
MediAccess collects and uses personal information solely for legitimate purposes, including:
a) Membership Registration and Management: Verifying identity, managing membership status, preventing unauthorized use, processing complaints, retaining records for dispute resolution, and communicating notices and content.
b) Supporter and Donor Services: Processing donations, issuing tax deduction receipts, managing donor records, complying with financial and tax regulations (e.g., year-end tax settlements), and managing volunteer services.
c) Service Development and Marketing: Developing new services and providing personalized content, conducting statistical analyses for service improvement, providing targeted promotions and event information, and monitoring service usage patterns.
Collected personal information includes but is not limited to items categorized by service type, with a principle of collecting the minimum required information.
Retention Periods: Personal information is retained within the period agreed upon by the data subject or as mandated by law. For example, records related to contracts, payments, or donation receipts are kept for 3 to 5 years, while records related to donation carry-over deductions or tax documents may be kept for up to 10 years.
For users under the age of 14, MediAccess collects the minimum necessary personal data required for service provision with verifiable parental or guardian consent. Such information is used exclusively for verifying consent and is retained until the child's membership or support ends. Legal representatives have the right to request access, correction, deletion, or withdrawal of consent regarding the child's personal information.
Personal information is provided to third parties or outsourced only with the data subject's explicit consent or under special provisions of the law, pursuant to Articles 17 and 18 of the Personal Information Protection Act.
1. Third-Party Provision (Sharing): Includes sharing with financial and payment processing partners for account transfer and electronic payments (e.g., Korea Financial Telecommunications and Clearings Institute, NICE Payments, KakaoPay, Naver Financial). Refusing consent will prevent donations via bank transfer or electronic payment.
2. Outsourcing (Processing): Includes delegation of specific tasks such as identity verification and sending SMS notifications to specialized contractors. MediAccess strictly supervises all contractors to ensure the security of the entrusted information.
Upon expiration of the legally mandated retention period or when the purpose of collection has been fulfilled, personal information is destroyed without delay. Electronic files are deleted using technical methods that render the record irreversible, and paper documents are destroyed by shredding or incineration.
MediAccess operates cookies to store and retrieve user information for the purpose of analyzing access frequency and usage patterns, enabling the provision of personalized and convenient services. Users may manage cookie preferences (allow, confirm, or refuse) via their web browser settings.
MediAccess implements technical, administrative, and physical safeguards to prevent the loss, theft, leakage, alteration, or damage of user personal information. These include:
Data subjects (users) have the right to request access, correction, deletion, or suspension of processing of their personal information. Requests will be processed within 10 days upon identity verification or submission of a legal power of attorney.
For inquiries, complaints, or requests for access regarding personal information, users may contact the designated department:
Users may seek recourse through the following external authorities in cases of privacy infringement or dispute resolution:
| Institution | Role | Phone / Website |
|---|---|---|
| Personal Information Infringement Report Center (KISA) | Reporting infringements, consultation | 118 / privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee | Dispute resolution, collective dispute resolution | 1833-6972 / www.kopico.go.kr |
| Supreme Prosecutors' Office (Cybercrime) | Criminal investigation | 1301 / www.spo.go.kr |
| National Police Agency (Cyber Safety) | Criminal investigation | 182 / cyberbureau.police.go.kr |
This Privacy Policy applies to the MediAccess website and all associated services (including mobile web/app). The policy will be revised and announced at least 7 days in advance, with major changes to user rights announced at least 30 days in advance.
Addendum: This Privacy Policy shall be effective from July 1, 2025.