FineAgain Privacy Policy

Last Updated: November 26, 2024

FineAgain ("Business" or "we") is committed to safeguarding and protecting your personal data to the fullest extent possible. This Privacy Policy ("Policy") is designed to help you understand what personal information is collected, stored, and processed when you use our website ("Website") and mobile application ("App").

1. Purpose

This Policy outlines:

The data collected during Website and App use
How and why the data is used
Where the data is stored and how it is protected
Your rights regarding your personal data

In summary:

Some data processing is essential for using our services
We always seek your prior consent when required
We do not share personal data for third-party advertising
You may exercise your personal data rights at any time

Generally, the Website can be browsed without providing personal data. However, certain features and services require personal data.

2. Data Controller Information

Controller: FineAgain (Platform Operator)
Registered Address: 707-ga24ho, 22, Harmony-ro 178beon-gil, Yeonsu-gu, Incheon, Republic of Korea
Contact: main@befineagain.com

Data Protection Officer: Seunghyeon Oh
Email: main@befineagain.com

Role Overview:

FineAgain acts as the data controller for visitors, customers, and partners.
Partnered medical institutions act as independent data controllers when providing medical services.
We comply with HIPAA obligations as a business associate when handling Protected Health Information (PHI).

3. Data Collection and Use

3.1 User Categories

We categorize users into the following four groups:

Visitors
- Anyone visiting the Website/App.
Customers
- End-users receiving medical tourism services.
Partner Medical Institutions
- Hospitals and medical institutions providing services, currently located in the US, Japan, Singapore, Germany, India, Thailand, Mexico, Turkey, and more.
Medical Professionals
- Doctors and medical experts from partnered institutions.
Agency
- Partner Medical Tourism Agency

3.2 Types of Data Collected

Category	Data Items	Purpose	Legal Basis
Automatically Collected Data	Connection logs, IP address, device info, browser info, usage patterns	Service operation, security, fraud prevention, service improvement	Legitimate interest
Essential Information	Name, email	User management, service provision, customer support	Contract performance
Medical Information	Medical records, test results, medical images, medical history, other data required for treatment	Consultation, quotes, scheduling, medical services	Explicit consent
Travel Information	Passport info, travel itinerary, accommodation info, flight details, other travel-related data	Medical tourism support, visa applications, transport/accommodation bookings	Contract performance

3.3 Processing of Sensitive Data

We process sensitive data, such as health information, for medical tourism services:

Collected with explicit consent.
Used solely for medical services.
Managed under strict security measures.
Deleted immediately upon consent withdrawal.

4. Data Sharing and Delegation

4.1 Third-Party Sharing

Recipient	Purpose	Data Shared	Retention Period
Partner Medical Institutions	Consultation and treatment	Name, contact info, medical data, other relevant personal data for treatment	Until treatment completion
Interpreters	Medical interpretation	Name, reservation info, other relevant personal data for interpretation	Until service completion
Travel Agencies	Medical tourism support	Name, travel itinerary, other relevant personal data for travel	Until travel completion

4.2 International Data Transfers

Country	Recipient	Purpose	Data Shared
United States	Partner hospitals, agencies	Medical services	Medical data
Japan	Partner hospitals, agencies	Medical services	Medical data
Thailand	Partner hospitals, agencies	Medical services	Medical data
India	Partner hospitals, agencies	Medical services	Medical data
Mexico	Partner hospitals, agencies	Medical services	Medical data
Germany	Partner hospitals, agencies	Medical services	Medical data
Singapore	Partner hospitals, agencies	Medical services	Medical data
Turkey	Partner hospitals, agencies	Medical services	Medical data
Other Destination Countries	Partner hospitals, agencies	Medical services	Medical data

All international transfers are conducted under the following safeguards:

Standard Contractual Clauses (SCCs).
Compliance with GDPR and other global privacy regulations.
Access controls and monitoring.

5. Protection of Personal Information

5.1 Technical Measures

Encryption during transmission and storage
Access control systems
Antivirus software and firewalls
Log management

5.2 Administrative Measures

Designation of personnel handling personal information
Regular security training
Establishment and implementation of internal management plans
Regular audits

6. User Rights

Right	Description	How to Exercise
Access	Confirm the personal information being processed	main@befineagain.com
Rectification	Correct inaccurate information	My Page or via email
Deletion	Request deletion of personal information	main@befineagain.com
Restriction	Restrict purposes of processing	main@befineagain.com
Portability	Transfer to another service provider	main@befineagain.com
Objection	Right to refuse processing	main@befineagain.com

7. Cookies and Tracking Technologies

7.1 Definition of Cookies

Cookies are small data files stored on a user's hard drive. They are typically not used to directly identify individuals and are mainly utilized for saving preferences and improving services.

7.2 Types of Cookies Collected

Type	Purpose	Retention Period	Collected Information
Essential Cookies	Basic website functionality	Until session ends	Login status, language, settings
Analytics Cookies	Service improvement	3 years	Visited pages, duration
Functional Cookies	Customized services	3 years	Preferences, interests
Advertising Cookies	Personalized advertising	3 years	Ad clicks, interests

7.3 Managing Cookies

You can manage cookies through your browser settings:

Chrome: Settings > Privacy and Security
Safari: Preferences > Privacy
Edge: Settings > Cookies
Firefox: Options > Privacy

8. Protection of Minors

8.1 Age Limit

Personal information of individuals under 16 is not collected in principle.
Medical tourism services for minors are only provided with legal guardian consent.

8.2 Guardian Rights

Request access to a minor's personal information
Withdraw consent for collection, use, or sharing
Request correction of errors

9. Retention and Disposal of Personal Information

9.1 Retention Period

Information Type	Retention Period	Reason for Retention
Member Information	Until membership withdrawal	Service provision
Medical Information	5 years after treatment	Medical law requirements
Payment Information	5 years	E-commerce law requirements
Consultation Records	3 years	Consumer protection

9.2 Disposal Procedure

Reason for Disposal
- Expiration of retention period
- Fulfillment of processing purposes
- Membership withdrawal
- Consent withdrawal
Disposal Methods
- Electronic files: Irretrievably deleted
- Physical documents: Shredded or incinerated

9.3 Exceptions to Retention

Information Type	Retention Period	Legal Basis
Contract/Withdrawal Records	5 years	E-commerce law
Payment Records	5 years	E-commerce law
Consumer Complaints	3 years	E-commerce law
Identity Verification	6 months	Network Act
Visit Records	3 months	Communications Act

10. HIPAA Compliance

To protect medical information, we comply with the following:

10.1 Protected Health Information (PHI)

Medical records
Test results
Treatment plans
Billing details
Insurance information

10.2 Data Subject Rights

Access and request copies of PHI
Request corrections to PHI
View disclosure history of PHI
Request restrictions on PHI usage
Request confidential communication

10.3 Security Measures

Administrative safeguards
Physical safeguards
Technical safeguards
Regular risk assessments
Staff training

11. International Data Transfers

11.1 Transfer Standards

Compliance with EU Standard Contractual Clauses (SCC)
Verification of adequacy decisions for recipient countries
Adherence to data minimization principles

11.2 Safeguards

Encrypted transfers
Restricted access rights
Transfer record maintenance
Security checks on recipients

12. Changes to the Privacy Policy

12.1 Change Procedure

Advance notice of changes
Website notice for at least 30 days
Individual notifications via email, etc.
Consent procedures for significant changes

12.2 Previous Versions

Maintenance of revision history
Storage of previous versions
Provision upon request

13. Inquiries and Complaints

13.1 Contact Information

Email: main@befineagain.com
Address: 707-ga24ho, 22, Harmony-ro 178beon-gil, Yeonsu-gu, Incheon, Republic of Korea

13.2 Complaint Handling Procedure

Respond within 24 hours of receipt
Resolve within 30 days if investigation is required
Notify the outcome individually
Archive results in the database

This Privacy Policy is effective as of November 26, 2024.