Privacy Policy

BNP Clinic (“we,” “our,” or “the Clinic”), located in Gangnam-gu, Seoul, Republic of Korea, is committed to protecting the personal information of all patients and website visitors. We handle personal data in strict compliance with the Personal Information Protection Act (PIPA) of the Republic of Korea (Act No. 16930).

This Privacy Policy explains what personal information we collect, how we use it, how long we retain it, and the rights you have regarding your data. By using our website or services, you acknowledge that you have read and understood this policy.

We collect the following categories of personal information to provide and improve our medical services:

We collect personal information through the following channels:

• Website reservation form — when you book an appointment through our online system
• Phone inquiries — when you contact us by telephone to schedule or inquire about services
• In-clinic consultation — during your visit, including registration forms and medical consultation
• Messaging platforms — through WeChat, WhatsApp, or KakaoTalk when you reach out to our international patient coordinators
• Automated collection — cookies and similar technologies when you visit our website

We use your personal information for the following purposes:

• Appointment booking and management — scheduling, rescheduling, and sending appointment reminders
• Medical treatment records — maintaining accurate treatment history as required by Korean medical regulations
• Patient communication — follow-up care instructions, appointment confirmations, and responding to inquiries
• Marketing communications — promotional offers, new treatment announcements, and seasonal campaigns (only with your explicit consent)
• Service improvement — analyzing aggregated data to enhance our treatments, website experience, and patient satisfaction
• Legal compliance — fulfilling obligations under Korean medical law and tax regulations

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Once the retention period expires, your data is promptly and securely destroyed in accordance with our internal data disposal procedures.

We do not sell your personal information. We may share your data with the following parties only as necessary:

• Medical equipment and product suppliers — anonymized and aggregated treatment data for equipment calibration and safety reporting
• Payment processors — transaction data necessary to process your payments securely (e.g., credit card processors, bank transfer services)
• Government and regulatory bodies — when required by Korean law, including the Ministry of Health and Welfare, National Tax Service, or upon lawful request by judicial authorities
• IT service providers — cloud hosting, website maintenance, and appointment system providers, bound by strict data processing agreements

All third-party recipients are contractually obligated to protect your personal information and use it only for the specified purposes.

BNP Clinic primarily stores and processes all personal data within the Republic of Korea. However, for our international patients, please be aware of the following:

• Your personal information is stored on servers located in the Republic of Korea
• If you communicate with us via WeChat, your messages may be processed through servers operated by Tencent in the People’s Republic of China, subject to Tencent’s own privacy policy
• If you communicate with us via 와츠앱, your messages may be processed through Meta’s global infrastructure
• Appointment confirmation notifications may be sent via international messaging services

Where cross-border transfer of personal data occurs, we ensure appropriate safeguards are in place as required under PIPA Article 17 and relevant guidelines from the Personal Information Protection Commission (PIPC).

Under PIPA, you have the following rights regarding your personal information:

• Right of access — request a copy of the personal data we hold about you
• Right of correction — request correction of inaccurate or incomplete personal data
• Right of deletion — request deletion of your personal data, except where retention is required by law (e.g., medical records)
• Right to withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of prior processing
• Right to suspend processing — request that we stop processing your personal data
• Right to file a complaint — lodge a complaint with the Personal Information Protection Commission (PIPC) at www.pipc.go.kr

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 14 below. We will respond to your request within 10 days of receipt, as required by law.

Our website uses cookies and similar technologies to improve your browsing experience:

You can manage your cookie preferences through your browser settings at any time. Disabling certain cookies may affect the functionality of our reservation system.

We implement comprehensive technical and organizational measures to protect your personal information:

• Encryption — all personal data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access controls — role-based access ensures only authorized medical and administrative staff can view patient data
• Staff training — all employees receive annual training on personal information protection and data handling procedures
• Regular audits — internal and external security audits are conducted to identify and address vulnerabilities
• Incident response — a documented breach notification procedure ensures prompt response and reporting to the PIPC within 72 hours if a breach occurs

We only send marketing communications with your explicit opt-in consent, in compliance with PIPA and Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection.

• Marketing messages may be sent via SMS, email, KakaoTalk, or other messaging channels you have consented to
• Each message includes a clear and easy unsubscribe option
• Unsubscribe requests are processed within 5 business days
• Withdrawing marketing consent does not affect your ability to receive essential appointment-related communications

BNP Clinic’s dermatological services are intended for individuals aged 19 years and older, in accordance with the Korean age of majority for independent medical consent under the Civil Act.

We do not knowingly collect personal information from individuals under 19 without verifiable parental or legal guardian consent. If we become aware that we have collected data from a minor without appropriate consent, we will take immediate steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make changes:

• We will post the revised policy on this page with an updated effective date
• Material changes will be announced on our website at least 7 days before they take effect
• For significant changes affecting your rights, we will make reasonable efforts to notify you via email or SMS

We encourage you to review this policy periodically to stay informed about how we protect your data.

BNP Clinic has appointed a Data Protection Officer (DPO) responsible for overseeing our personal information protection practices and handling your inquiries:

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

You may also file a complaint with the following government agencies:

• Personal Information Protection Commission (PIPC): www.pipc.go.kr
• Korea Internet & Security Agency (KISA) Privacy Center: 118
• Personal Information Dispute Mediation Committee: +82 2-2100-2499