Privacy Notice
CLEARMED Co., Ltd. (the "Company", "we", "us") respects your privacy and is committed to protecting personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the Korean Personal Information Protection Act ("PIPA"), and other applicable data protection laws. This Notice applies to the website cellogram.co.kr (and the alternate domain clearmed.co.kr, together the "Site").
1. Data Controller & Contact
The controller responsible for the processing of your personal data is:
CLEARMED Co., Ltd.
Representative: AN HYUN SU (CEO)
B1 171, 524 Bongeunsa-ro, Gangnam-gu, Seoul, Republic of Korea
Business Registration No.: 311-87-03494
Privacy contact: contact@clearmed.co.kr
The Company has not appointed a formal Data Protection Officer (Art. 37 GDPR), as the criteria for mandatory designation are not met. For all privacy enquiries, please contact us at the address above.
EU representative (Art. 27 GDPR): The Company has not appointed an EU representative. If EU residents become a material portion of users, this will be re-evaluated.
2. Personal Data We Process
2.1 Data you provide via the Inquiry Form
| Type | Fields | Collected when |
|---|---|---|
| Required | Name, email, phone, organisation (clinic / business name), country/region, inquiry message | When you submit an inquiry |
| Optional | Website URL, marketing-email consent | When you submit an inquiry |
2.2 Data collected automatically when you visit the Site
| Type | Fields | Method |
|---|---|---|
| Access logs | IP address, timestamp, accessed URL, User-Agent (browser / OS), Referer | Web server logs (Vercel) |
| Behavioural / analytics (cookies) | Visit and session patterns, page navigation, events | Google Analytics 4 (only after cookie consent) |
We do not process special categories of personal data (Art. 9 GDPR) such as health, biometric, racial, political, or religious data, except where you voluntarily mention it in an inquiry message and we strictly need it to respond.
3. Purposes & Legal Bases (Art. 6 GDPR)
| Purpose | Legal basis |
|---|---|
| Responding to inquiries, follow-up business communications, pre-contract steps | Art. 6(1)(b) — performance of pre-contract steps at your request Art. 6(1)(a) — your consent (Inquiry Form consent checkbox) |
| Providing product, clinical and scientific information | Art. 6(1)(b) — pre-contract steps · Art. 6(1)(f) — legitimate interests in informing professional users |
| Site operation, statistics, security (server logs, fraud prevention) | Art. 6(1)(f) — legitimate interests in operating and securing the Site |
| Marketing emails (newsletter, product updates, seminar invitations) | Art. 6(1)(a) — your explicit opt-in consent (separately collected and freely withdrawable) |
| Analytics / behavioural tracking (Google Analytics 4) | Art. 6(1)(a) — your consent via the cookie banner |
4. Retention Periods
| Data category | Retention |
|---|---|
| Inquiry Form data (required & optional) | 3 years after completion of the inquiry response |
| Marketing-consent records | Until consent is withdrawn (then erased without undue delay) |
| Access logs (IP, timestamp) | 3 months (Korean Communications Privacy Act §15-2) |
| Analytics cookies (GA4) | Up to 26 months (Google Analytics default) |
When retention ends or the purpose is fulfilled, data are erased without undue delay using methods that prevent recovery (database removal, secure deletion).
5. Recipients & Processors
We do not sell or rent personal data to third parties. We share data only with the following processors who act on our documented instructions under data-processing agreements compliant with Art. 28 GDPR:
| Processor | Service | Location |
|---|---|---|
| Vercel Inc. | Static site hosting, CDN, server logs | USA (global edge) |
| Google LLC | Google Analytics 4 (analytics, only with consent) | USA |
| NAVER Corporation | Search verification (Naver Webmaster Tools) | Republic of Korea |
| Google LLC (Fonts) | Web font delivery (Outfit) | USA |
We may also disclose personal data when required by law, court order, or to protect our rights, property, or safety, or those of others.
6. International Transfers
The Company is established in the Republic of Korea. Personal data submitted by EU/EEA users is transferred to and processed in the Republic of Korea, which has been recognised by the European Commission as providing an adequate level of data protection (Commission Implementing Decision (EU) 2022/254 of 17 December 2021). No further safeguards (Standard Contractual Clauses or Binding Corporate Rules) are therefore required for this transfer.
Transfers to our processors located in the USA (Vercel, Google) rely on:
- The EU-US Data Privacy Framework (where the processor self-certifies), and/or
- Standard Contractual Clauses adopted by the European Commission (2021 modules), and/or
- Supplementary technical measures (encryption in transit and at rest).
7. Your Rights (Art. 15-22 GDPR)
Subject to applicable conditions, you have the right to:
- Access the personal data we hold about you (Art. 15)
- Rectify inaccurate or incomplete data (Art. 16)
- Erase ("right to be forgotten") your data (Art. 17)
- Restrict processing (Art. 18)
- Data portability — receive your data in a structured, commonly used format (Art. 20)
- Object to processing based on legitimate interests, including direct marketing (Art. 21)
- Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal
- Not be subject to automated decision-making (Art. 22 — we do not carry out such processing)
To exercise these rights, please contact contact@clearmed.co.kr. We will respond without undue delay and in any event within one month (Art. 12(3) GDPR).
8. Cookies & Behavioural Tracking
We use cookies and similar technologies as follows:
| Category | Purpose | Storage / duration |
|---|---|---|
| Essential (no consent required) | Session integrity, security, language preference | Session / up to 1 year |
| Analytics (consent required) | Google Analytics 4: usage statistics, page navigation | Up to 26 months |
On your first visit you will see a cookie banner allowing you to (a) accept all categories, (b) accept only essential cookies, or (c) customise category by category. You can change your choice at any time via the "Cookie settings" link in the footer or by clearing cookies in your browser.
You may also opt out of Google Analytics globally using the Google Analytics Opt-out Browser Add-on.
9. Data Security
We implement appropriate technical and organisational measures (Art. 32 GDPR) to ensure a level of security appropriate to the risk, including:
- Transport encryption (HTTPS / TLS 1.2 or higher) for all Site traffic
- Restricted access to inquiry data (CEO / authorised staff only)
- Reliance on processors with SOC 2 / ISO 27001 certifications (Vercel, Google, NAVER)
- Regular review of access logs and detection of anomalous activity
10. Automated Decision-Making
We do not carry out solely automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR). Should we ever introduce such processing, we will provide prior notice, meaningful information about the logic involved, and the right to obtain human intervention, express your point of view, and contest the decision.
11. Minors
The Site is intended for B2B medical professionals (clinics, doctors, distributors, scholars) and is not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data, please contact us and we will erase such information.
12. Complaints & Supervisory Authorities
If you believe our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority:
- For EU/EEA residents — the supervisory authority of your habitual residence, place of work, or alleged infringement. The full list is available at edpb.europa.eu.
- For Korean residents — the Personal Information Protection Commission (PIPC) at pipc.go.kr or the Korea Internet & Security Agency (KISA) Privacy Centre at privacy.kisa.or.kr (call 118).
We would, however, appreciate the chance to deal with your concerns first. Please contact us at contact@clearmed.co.kr before going to a supervisory authority.
13. Changes to this Notice
We may update this Notice from time to time to reflect changes in our practices or in applicable law. We will notify you of material changes by posting the updated version on this page and updating the "Last revised" date. Where required by law, we will obtain your consent before applying material changes.