Lunit Inc. (“Lunit”, “we”, “us”, or “our”) owns and operates the websites, including without limitation, www.lunit.io and insight.lunit.io (“Websites”). Through our Websites, we offer various online services that enable visitors to the Websites (“you” or “Users”) to receive access to information about our products and services.
Article 1. Items of Personal Information to be Processed
Lunit processes the following particulars of personal information:
1. Product Inquiries: Name, email, phone number, country, title, organization/company name, nature of inquiry
4. Hiring Inquiries:
Required: Name, email, country Optional: work history, interested position, nature of inquiry
3. Company’s Services: name, email, job, company, country
4. Managing Recruitment:
Required: Name, address, phone number, cell phone number, e-mail, resume (Nationality, eligibility for veterans and disabled persons, academic background and grades, work experience, military service, overseas experiences, social activity, languages and other skills, awards, hobbies, talents, self-introduction)
Optional: additional submissions (skills, cover letters, portfolios, etc)
5. Product Technical Assistance: email
6. Product Educational Assistance: email
7. Other information items that may be automatically generated and collected during service use on the Internet: IP addresses, cookie, MAC addresses, service use records, visit records, and locations
Article 2. Purpose of Processing Personal Information
Lunit processes personal information for the following purposes. Your personal information processed by Lunit is not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.
1. Product Inquiries: Responding to inquiries about Lunit’s Products (Insight CXR, Insight MMG, SCOPE)
2. Hiring Inquiries: Responding to inquiries about recruitment
3. Product Inquiries: Product Demos: service provision; service use record and access frequency analysis; service usage statistics; service maintenance and improvement Establishing a service use environment that Users can use with confidence in terms of security Repair and support in case of contract fulfillment; payment; error or failure to provide paid services
4. Managing Recruitment: Managing recruitment process, providing recruitment information, notification for each selection process, handling recruitment inquiries, etc.
5. Product Technical Assistance: providing technical assistance for any of Lunit’s products
6. Product Educational Assistance: providing education and training for any of Lunit’s products
Article 3. Period of Processing and Retaining Personal Information
1. Lunit handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information or the period to which each User consents when we collect the User’s personal information.
2. The period using which a User’s personal information is handled and retained is as follows:
1)Product Inquiries : until permission is rescinded
2)Hiring Inquiries : until permission is rescinded
3)Providing Services : until the user discards his/her user account
4)Managing Recruitment : until the end of the recruitment process.
- However, for the following reasons, the information will be retained until the end of the reason: For any investigation by a government agency: until the termination of such investigation If any debt or liabilities are outstanding from the use of the website: until such debt or liabilities have been fully discharged Providing Services: Until the completion of supply of goods or services, payment, and settlement of charges
Identification and authentication for service use: until the termination of the user account
Maintenance and improvement of services: until the purpose is achieved (only de-identified information that cannot identify individuals is retained)
However, for the following reasons, the information will be retained until the end of the reason:
Records of transactions such as indication/advertisements, agreement details, and performance in accordance with 「Act on the Consumer Protection in Electronic Commerce, Etc.」
Storage of communication confirmation data in accordance with Article 41 of the 「Protection of Communications Secrets Act」
- With regard to records of marks or advertisement: Six (6) months
- With regard to records of contracts or withdrawal of offer: Five (5) years
- With regard to records of payment and provision of products or services: Five (5) years
- With regard to records of consumer’s complaints or dispute resolutions: Three (3) years
Product Inquiry: Up to three (3) years after the completion of complaint handling Newsletter Subscription: Until the membership withdrawal or withdrawal of consent to receive newsletters Job Application and Recruitment Inquiries
- Computer communication, internet log record data, access location tracking data: Three (3) months
- Job Application: For those who have joined Lunit it is kept during their tenure, and for those who have not joined Lunit, until the recruitment process is completed
- Recruitment related inquiries: Up to three (3) years after the completion of complaint handling
Article 4. Provision of Personal Information to Third Parties
Lunit does not provide personal information to any third party without your consent. However, Lunit may provide personal information to a third party in cases falling under Article 17 of the Personal Information Protection Act, such as when there are special provisions in the law or when it is mandatory to comply with statutory obligations.
Article 5. Outsourcing of Personal Information Processing
① In accordance with Article 32 of the Personal Information
Protection Act, Lunit outsources the processing of a User’s personal
information to maintain its Websites as follows:
|Outsourced Companies ||Outsourced Tasks|
|Workable Software Limited ||
Operation of recruitment website and recruitment management
computer system and handling of related complaints
IT System Maintenance, info infodesk
|㈜KT ||Overseas sales agency services|
Workable re-outsources the processing of personal information. Please check the details of the re-outsourcing of personal information processing through the link below.
|Re-outsourced Company ||Purpose of Re-outsourcing|
|Amazon Web Services, Inc. ||
Operation of recruitment website and recruitment management
system; handling of related inquiries
|Google Cloud Platform ||Same as above|
|Elasticsearch Inc. ||Same as above|
|MongoDB Ltd. (MongoLab) ||Same as above|
|Mailgun Technologies, Inc. ||Same as above|
|Honeybadger Industries, LLC ||Same as above|
|CloudAMQP/84codes AB ||Same as above|
|JN Projects, Inc. dba HelloSign “HelloSign” ||Same as above|
|Zendesk, Inc. ||Same as above|
|Deepgram Inc. ||Same as above|
|Aiven Ltd ||Same as above|
|Redis Labs, Inc. ||Same as above|
② When executing an outsourcing agreement, Lunit agrees on
responsibilities such as the prohibition of processing of personal
information other than for the purpose of performing outsourced tasks,
technical and administrative protection measures, restrictions on
re-outsourcing, management and supervision of the outsourced companies,
and compensation for damages, in accordance with Article 25 of the
Personal Information Protection Act, and supervise whether the
outsourced companies handles personal information safely.
③ In case of any change to the outsourced tasks or companies,
Lunit will promptly disclose the information through this Privacy
Article 6. International Transfer of Personal Information
Lunit may transmit or manage the User’s personal information overseas for the purpose of service provision and user convenience as follows.
|Name of Recipient / Contact ||Items of Personal Information Transferred ||
The country to which the personal information is transferred,
Transferred Data, Transfer Method
The purpose for transferring personal information, Retention Period
Workable Inc. |
99 High St Boston MA 02110 United States
Name, Nationality, Address, Eligibility for veterans and disabled
persons, phone numbers, mobile numbers, education, grades, military
services, work experiences, overseas experiences, social activity,
languages and other skills, awards, hobbies, talents,
USA, transferring data over the network to servers located in the
Workable service area
Operation of recruitment website and recruitment management computer
system; handling of related complaints, until the end of the
Google Netherland B.V. |
15th floor, Claude Debussylaan 34, 1082
MD Amsterdam, Netherlands
|Gender, Age, Medical Images, Analysis Report ||The Netherlands, transferring data locations through networks ||
Data storage and infrastructure management, until the end of the
Article 7. Destruction of Personal Information
① Lunit destroys a User’s personal information after the period
during which the personal information is retained ends or the purposes
of handling the personal information have been attained.
② If Lunit is required by the relevant laws or regulations to
retain personal information even when the agreed retention period is
over or after achieving the purpose of its collection, Lunit shall
transfer the said personal information (or personal information file) to
a separate database or another storage space.
③ The procedure, deadlines, and methods for destroying it are as
1. Procedure for Destruction
Lunit selects personal information (or persona information file)
subject to destruction, obtains approval from the person in charge
of personal information protection, and destroys it.
2. Methods for Destruction
Personal information stored in electronic file formats is to be
deleted using technical means which makes the information
unrecoverable. Personal information recorded and stored in paper is
to be destroyed through shredding or incineration.
Article 8. Rights and Obligations of Information Subject
① An information subject may exercise the following rights
regarding the protection of personal information at any time to Lunit:
Request for access to his/her personal information Request for correction of errors, if any. Request for deletion Request for the suspension of processing
② An information subject may exercise the rights specified in
paragraph (1) above via written documents or e-mail, etc. In such cases,
Lunit will promptly take the required actions. Lunit will confirm
whether the person who requested access, correction, deletion, or
suspension of processing according to the rights of the information
subject is the person or a legal representative.
③ In case of a User requests the correction or deletion of
his/her personal information, Lunit does not use or disclose the
relevant personal information to any third party until the correction or
deletion is complete.
④ A User may exercise his/her rights through an agent such as
his/her legal representative or a person with a mandate. In such cases,
the User shall submit a power of attorney as specified in attached Form
11 of the Enforcement Rule of the Personal Information Protection Act.
⑤ Users must not infringe on their own privacy or the privacy of
other people collected by Lunit by violating the Act on the Protection
of Personal Information.
⑥ The rights of the information subject may be restricted in
accordance with Article 35, Paragraph 4 or Article 37, Paragraph 2 of
the Personal Information Protection Act.
⑦ If the personal information is specified as the collection
target in other laws, the personal information may not be deleted even
if you request the deletion of the personal information.
Article 9. Measures for Ensuring Safety of Personal Information
Lunit has taken the following measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:
- 1. Administrative measures: Establishment/Implementation of
internal management plans, regular training of employees, etc.
- 2. Technical measures: Management of access to systems processing
personal information, installation of access control systems, encryption
of identifiable information, and installation of security programs.
- 3. Physical measures: Access control to computer rooms and data
Article 10. Installation and Operation of Automatic Personal Information
① Lunit uses “cookies” that store and loads user information to give you the best experience on our Website.
② Cookies are small pieces of information sent from the Website’s server to the browsers in the User’s computers. Some of them are stored in the User’s hard disk drive.
③ Purpose of Using Cookies: These cookies enable Lunit to anonymously track how Users access and browse our Website, thereby enabling us to optimize and improve our service.
④ Cookie Installation, Use, and Refusal: You can refuse to store cookies by changing the setting at the [Tools] > [Internal Option] > [Personal Information] Menu on the Top of the Web Browser Screen.
⑤ Your refusal to store cookies does not disadvantageously affect your use of the Website.
Article 11. Privacy Officers
① Lunit has appointed the following persons as its Personal
Information Protection Officer for the coordination of all tasks related
to the processing of personal information, addressing information
subjects’ complaints regarding the processing of personal information,
and providing remedies for damages.
Privacy Officer in Charge
Department: Security Department, Radiology Group
Name: Seungwoo Jung
Department: Security Department, Radiology Group
② Please contact the Privacy Officer or Privacy Manager for any
question, complaint, and remedy related to personal information during
the use of Lunit’s services. Lunit will promptly respond to and process
Article 12. Request to Inspect Personal Information
A User may request Lunit to permit him/her to inspect his/her personal information under Article 35 of the Personal Information Protection Act. Lunit will strive to ensure that such requests will be processed without delay.
Department in charge of personal information viewing
Name: Seungwoo Jung
Department: Security Department, Corporate Affairs Group
Article 13. Judgment Criteria for Additional Use or Provision of Personal
Information without the consent of information subject
When Lunit uses personal information additionally without the consent of the information subject, the criteria for judgment are as follows:
1. The purpose of additional use and provision is substantially
related to the original purpose for which the personal information was
2. The additional use and provision is foreseeable in light of
the circumstances and practices;
3. The additional use and provision does not unfairly infringe on
the interests of the information subject or a third party; and
4. If the purpose of additional use and provision can be achieved
with the personal information being pseudonymized, then the personal
information must be pseudonymized.
Article 14. Remedies for Violation of Rights and Interests
Please make inquiries to the following organizations if you need to report or consult in regards to the violation of personal information.
- Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / (Toll Free) 1833-6972)
- Personal Information Infringement Report Center (http://privacy.kisa.or.kr / (Toll Free) 118)
- The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office (http://www.spo.go.kr / (Toll free) 1301)
- The Cyber Terrorism Response Center of the National Police Agency (http://cyberbureau.police.go.kr / (Toll free) 182)
service changes. Lunit shall promptly notify such amendment in advance.
For California Residents
- Information We Collect
Lunit collects information that identifies, relates to, describes,
references, is capable of being associated with, or could reasonably be
linked, directly or indirectly, with a particular User (“personal
information”). In particular, Lunit has collected the following
categories of personal information from its Users in the last twelve
(12) months. We obtain the categories of personal information listed
|Category ||Examples ||Collected|
|A. Identifiers ||
A real name, alias, postal address, unique personal identifier,
photos, online identifier, Internet Protocol address, email
address, account name, or other similar identifiers.
B. Personal Information categories listed in the California
Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, physical characteristics or description,
address, telephone number, passport number, driver’s license or
state identification card number, insurance policy number,
education, employment, employment history, bank account number,
credit card number, debit card number, or any other financial
information, medical information, or health insurance
information. Some personal information included in this category
may overlap with other categories.
C. Protected classification characteristics under California or
Age (40 years or older), race, color, ancestry, national origin,
citizenship, religion or creed, marital status, medical
condition, physical or mental disability, sex (including gender,
gender identity, gender expression, pregnancy or childbirth and
related medical conditions), sexual orientation, veteran or
military status, genetic information (including familial genetic
|D. Commercial Information ||
Records of personal property, products or services purchased,
obtained, or considered, or other purchasing or consuming
histories or tendencies.
|E. Biometric Information ||
Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a template
or other identifier or identifying information, such as,
fingerprints, faceprints, and voiceprints, iris or retina scans,
keystroke, gait, or other physical patterns, and sleep, health,
or exercise data.
|F. Internet or other similar network activity ||
Browsing history, search history, information on a consumer’s
interaction with a Website, application, or advertisement.
|G. Geolocation Data ||Physical location or movements. ||YES|
|H. Sensory Data ||
Audio, electronic, visual, thermal, olfactory, or similar
|I. Professional or employment-related information ||Current or past job history or performance evaluations. ||YES|
J. Non-public education information (per the Family Educational
Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part
Education records directly related to a student maintained by an
educational institution or party acting on its behalf, such as
grades, transcripts, class lists, student schedules, student
identification codes, student financial information, or student
|K. Inferences drawn from other personal information ||
Profile reflecting a person’s preferences, characteristics,
psychological trends, predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes.
- Use of Personal Information
We may use or disclose the personal information we collect for one or
more of the business purposes indicated in Article 2 of our Privacy
Policy. We will not collect additional categories of personal
information or use the personal information for materially different,
unrelated, or incompatible purposes without providing you notice.
- Sharing Personal Information
We may disclose your personal information to a third party for
business purposes. When we disclose personal information for a
business purpose, we enter a contract that describes the purpose and
requires the recipient to both keep that personal information
confidential and not use it for any purposes except performing the
contract. We share your personal information with the categories of
third parties listed in Article 5 and Article 6 of our Privacy
In the preceding twelve (12) months, we have shared or disclosed the
following categories of personal information for business purposes.
California Customer Records personal information categories
Protected classification characteristics under California or
- Commercial Information
- Internet or other similar network activity
- Geolocation Data
- Professional or employment-related information
- Non-public education information
We do not sell personal information. In the event that we do sell
categories of Users’ personal information sold.
- Your Rights and Choices
The CCPA provides California residents with specific rights regarding
their personal information. This section describes your CCPA rights and
explains how to exercise those rights
- 1) Right to Access Specific Information and Data Portability
You have the right to request that we disclose certain information
to you about our collection, sharing, disclosure, or use of your
personal information over the past twelve (12) months from the time
of your request. Once we receive and confirm your verifiable
consumer request, we will disclose to you the following information:
Please note that we have not sold any personal information in the
preceding twelve (12) months.
The categories of personal information we collected about you;
The categories of sources for the personal information we
collected about you;
Our business or commercial purpose for collecting or selling
that personal information;
The categories of third parties with whom we share or sell that
The categories of personal information sold by each third party
who sold personal information;
The categories of personal information disclosed for business
purposes or commercial purposes; and
The specific pieces of personal information we collected about
you (also called a data portability request).
- 2) Right to Delete
You have the right to request that we delete any of your personal
information that we collected from you and retained, subject to
certain exceptions. Once we receive and confirm your verifiable
consumer request, we will delete (and direct our service providers
to delete) your personal information from our records, unless an
We may deny your deletion request if retaining the information is
necessary for use or our service providers to:
Complete the transaction for which we collected the personal
information, provide a good or service that you requested, take
actions reasonably anticipated within the context of our ongoing
business relationship with you, or otherwise perform our
contract with you;
Detect security incidents, protect against malicious, deceptive,
fraudulent, or illegal activity, or prosecute those responsible
for such activities;
Debug products to identify and repair errors that impair
existing intended functionality;
Exercise free speech, ensure the rights of other consumers to
exercise their free speech rights, or exercise other rights
provided for by law;
Comply with the California Electronic Communications Privacy Act
(Cal. Penal Code § 1546 et. seq.);
Engage in public or peer-reviewed scientific, historical, or
statistical research in the public interest that adheres to all
other applicable ethics and privacy laws, when the information’s
deletion may likely render impossible or seriously impair the
research’s achievement, if you previously provided informed
Enable solely internal uses that are reasonably aligned with
consumer expectations based on your relationship with us;
- Comply with legal obligations; or
Make other internal and lawful uses of that information that are
compatible with the context in which you provided it.
3) Opt-Out Rights
We have not sold and will not sell any personal information
collected from Users.
We will not discriminate against California residents for exercising
any of their rights under the CCPA. Moreover, unless permitted by
the CCPA, we will not:
- Deny you goods or services;
Charge you different prices or rates for goods or services,
including through granting discounts or other benefits, or
Provide you a different level or quality of goods or services;
Suggest that you may receive a different price or rate for goods
or services or a different level or quality of goods or
5) Exercising Access and Deletion Rights
- Provide sufficient information that allows us to reasonably verify
you are the person about whom we collected personal information or
an authorized representative (e.g. a copy of your passport,
residence certificate, etc.); and
To exercise the access and deletion rights described above,
please submit a verifiable consumer request to us by contacting
Only you, or a person registered with the California Secretary
of State that you authorize to act on your behalf, may make a
verifiable consumer request related to your personal information
You may also make a verifiable consumer request on behalf of
your minor child.
- The verifiable consumer request must:
- Describe your request with sufficient detail that allows us to
properly understand, evaluate, and respond thereto.
For European Economic Area (“EEA”) Residents
If you reside in the EEA and your personal data is covered by the EU
General Data Protection Regulation (“GDPR”), subject to the limitations
and exceptions provided in the applicable law, you have the rights
provided under the Articles 15, 16, 17, 18, 20, 21 of the GDPR.
The right to obtain from Lunit a confirmation as to whether your
personal data is being processed, and if so, request for access to
your personal data;
- The right to rectify your personal data that is inaccurate;
The right to request Lunit for the erasure of your personal data;
- The right to restrict the processing of your personal data;
The right to object to the processing of your personal data for
direct marketing or for any other reason relating to your particular
The right to data portability (i.e., the right to receive your
personal data in a structured, commonly used and machine-readable
format and to transmit those data to another controller);
The right to withdraw your consent, if applicable. The withdrawal of
the consent does not affect the lawfulness of processing your
personal data based on your consent provided prior to the
withdrawal. Once you withdraw your consent, Lunit may further
process your personal data only if there is other legal ground for
Lunit to do so; and
The right to lodge a complaint with the responsible supervisory
authority if you believe that our data processing is in breach of
- International Transfers of Personal Data
Please be aware that the personal data we collect may be transferred to
and maintained on servers or databases located outside your state,
province, country, or other jurisdiction, where the privacy laws may not
be as protective as those in your location, pursuant to Article 5 and
any of your personal data that is collected by this Website may be
managed in this way.