Join Lunit at ECR 2024 Book a meeting

Privacy Policy


Lunit Inc. (“Lunit”, “we”, “us”, or “our”) owns and operates the websites, including without limitation, and (“Websites”). Through our Websites, we offer various online services that enable visitors to the Websites (“you” or “Users”) to receive access to information about our products and services.

        Lunit understands that the privacy of information is of great importance to all Users. Thus, we are committed to protecting it through our compliance with the following privacy policy (“Privacy Policy”). This Privacy Policy is subject to change pursuant to relevant laws, regulations, and rules and Lunit’s internal operation policies, in which case the changes made to this Privacy Policy will be disclosed in accordance with the methods stipulated by relevant laws and regulations 

Article 1. Items of Personal Information to be Processed

Lunit processes the following particulars of personal information:
  1. 1. Membership Information: Name, e-mail address, occupation, country, organization/company name
  2. 2. Company’s Services: E-mail address, passwords, medical images, analysis report (medical images are automatically anonymized so that individuals cannot be identified as soon as those images are uploaded to the Website.)
  3. 3. Product Inquiries: Name, phone number, country, title, organization/company name
  4. 4. Managing Recruitment:
    Job Application
    • Required: Name, address, phone number, cell phone number, e-mail, password
    • Optional: Nationality, eligibility for veterans and disabled persons, academic background and grades, work experience, military service, overseas experiences, social activity, languages and other skills, awards, hobbies, talents, self-introduction
  5. 5. Newsletter Subscription: Name, e-mail address, occupation, country, organization/company name
  6. 6. Other information items that may be automatically generated and collected during service use on the Internet: IP addresses, cookie, MAC addresses, service use records, visit records, and records of improper use

Article 2. Purpose of Processing Personal Information

Lunit processes personal information for the following purposes. Your personal information processed by Lunit is not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.
  1. 1. Managing Membership Confirmation of intention to join membership; identification and authentication according to the provision of membership service; maintenance and management of membership; identity verification according to enforcement of limited identification system; prevention of illegal use of services; notices; handling of complaints; confirmation of intention to withdraw from membership
  2. 2. Providing Services Website service provision; service use record and access frequency analysis; service usage statistics; service maintenance and improvement Establishing a service use environment that Users can use with confidence in terms of security Repair and support in case of contract fulfillment; payment; error or failure to provide paid services
  3. 3. Product Inquiries Response to product-related inquiries, reception and support of maintenance services, identification of complainants, confirmation of complaints, notification for fact-finding, notification of processing results, product safety information and reporting of quality complaints, evaluation and management
  4. 4. Newsletter Subscription Sending newsletters, information about new products or services, event invitation
  5. 5. Managing Recruitment Managing recruitment process, providing recruitment information, notification for each selection process, handling recruitment inquiries, etc.

Article 3. Period of Processing and Retaining Personal Information

  1. Lunit handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information or the period to which each User consents when we collect the User’s personal information.
  2. The period using which a User’s personal information is handled and retained is as follows:
    1. 1. Managing Membership: Until the membership withdrawal unless: If an investigation is in progress due to a violation of the relevant laws, until the investigation ends. If the bond/debt relationship remains due to the use of the Website, until the relevant bond/debt relationship is settled
    2. 2. Providing Services: Until the completion of supply of goods or services, payment, and settlement of charges Identification and authentication for service use: until the membership withdrawal Maintenance and improvement of services: until the purpose is achieved (only de-identified information that cannot identify individuals is retained)
      However, in the case of the following reasons, until the end of the service period Records of transactions such as indication/advertisements, agreement details, and performance in accordance with 「Act on the Consumer Protection in Electronic Commerce, Etc.」
      • With regard to records of marks or advertisement: Six (6) months
      • With regard to records of contracts or withdrawal of offer: Five (5) years
      • With regard to records of payment and provision of products or services: Five (5) years
      • With regard to records of consumer’s complaints or dispute resolutions: Three (3) years
      Storage of communication confirmation data in accordance with Article 41 of the 「Protection of Communications Secrets Act」
      • Computer communication, internet log record data, access location tracking data: Three (3) months
    3. 3. Product Inquiry: Up to three (3) years after the completion of complaint handling
    4. 4. Newsletter Subscription: Until the membership withdrawal or withdrawal of consent to receive newsletters
    5. 5. Job Application and Recruitment Inquiries Job Application: For those who have joined Lunit it is kept during their tenure, and for those who have not joined Lunit, until the recruitment process is completed Recruitment related inquiries: Up to three (3) years after the completion of complaint handling

Article 4. Provision of Personal Information to Third Parties

Lunit does not provide personal information to any third party without your consent. However, Lunit may provide personal information to a third party in cases falling under Article 17 of the Personal Information Protection Act, such as when there are special provisions in the law or when it is mandatory to comply with statutory obligations.

Article 5. Outsourcing of Personal Information Processing

  1. In accordance with Article 32 of the Personal Information Protection Act, Lunit outsources the processing of a User’s personal information to maintain its Websites as follows:
    Outsourced Companies Outsourced Tasks
    Workable Software Limited Operation of recruitment website and recruitment management computer system and handling of related complaints
    ㈜KT Overseas sales agency services
    Workable re-outsources the processing of personal information. Please check the details of the re-outsourcing of personal information processing through the link below.
    Re-outsourced Company Purpose of Re-outsourcing
    Amazon Web Services, Inc. Operation of recruitment website and recruitment management system; handling of related inquiries
    Google Cloud Platform Same as above
    Elasticsearch Inc. Same as above
    MongoDB Ltd. (MongoLab) Same as above
    Mailgun Technologies, Inc. Same as above
    Honeybadger Industries, LLC Same as above
    CloudAMQP/84codes AB Same as above
    JN Projects, Inc. dba HelloSign “HelloSign” Same as above
    Zendesk, Inc. Same as above
    Deepgram Inc. Same as above
    Aiven Ltd Same as above
    Redis Labs, Inc. Same as above
  2. When executing an outsourcing agreement, Lunit agrees on responsibilities such as the prohibition of processing of personal information other than for the purpose of performing outsourced tasks, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of the outsourced companies, and compensation for damages, in accordance with Article 25 of the Personal Information Protection Act, and supervise whether the outsourced companies handles personal information safely.
  3. In case of any change to the outsourced tasks or companies, Lunit will promptly disclose the information through this Privacy Policy.

Article 6. International Transfer of Personal Information

Lunit may transmit or manage the User’s personal information overseas for the purpose of service provision and user convenience as follows.
Name of Recipient / Contact Items of Personal Information Transferred The country to which the personal information is transferred, Transferred Data, Transfer Method The purpose for transferring personal information, Retention Period
Workable Inc.
99 High St Boston MA 02110 United States
Name, Nationality, Address, Eligibility for veterans and disabled persons, phone numbers, mobile numbers, education, grades, military services, work experiences, overseas experiences, social activity, languages and other skills, awards, hobbies, talents, self-introduction USA, transferring data over the network to servers located in the Workable service area Operation of recruitment website and recruitment management computer system; handling of related complaints, until the end of the recruitment process
Google Netherland B.V.
15th floor, Claude Debussylaan 34, 1082 MD Amsterdam, Netherlands
Gender, Age, Medical Images, Analysis Report The Netherlands, transferring data locations through networks Data storage and infrastructure management, until the end of the agreement

Article 7. Destruction of Personal Information

  1. Lunit destroys a User’s personal information after the period during which the personal information is retained ends or the purposes of handling the personal information have been attained.
  2. If Lunit is required by the relevant laws or regulations to retain personal information even when the agreed retention period is over or after achieving the purpose of its collection, Lunit shall transfer the said personal information (or personal information file) to a separate database or another storage space.
  3. The procedure, deadlines, and methods for destroying it are as follows:
    1. 1. Procedure for Destruction
      Lunit selects personal information (or persona information file) subject to destruction, obtains approval from the person in charge of personal information protection, and destroys it.
    2. 2. Methods for Destruction
      Personal information stored in electronic file formats is to be deleted using technical means which makes the information unrecoverable. Personal information recorded and stored in paper is to be destroyed through shredding or incineration.

Article 8. Rights and Obligations of Information Subject

  1. An information subject may exercise the following rights regarding the protection of personal information at any time to Lunit: Request for access to his/her personal information Request for correction of errors, if any. Request for deletion Request for the suspension of processing
  2. An information subject may exercise the rights specified in paragraph (1) above via written documents or e-mail, etc. In such cases, Lunit will promptly take the required actions. Lunit will confirm whether the person who requested access, correction, deletion, or suspension of processing according to the rights of the information subject is the person or a legal representative.
  3. In case of a User requests the correction or deletion of his/her personal information, Lunit does not use or disclose the relevant personal information to any third party until the correction or deletion is complete.
  4. A User may exercise his/her rights through an agent such as his/her legal representative or a person with a mandate. In such cases, the User shall submit a power of attorney as specified in attached Form 11 of the Enforcement Rule of the Personal Information Protection Act.
  5. Users must not infringe on their own privacy or the privacy of other people collected by Lunit by violating the Act on the Protection of Personal Information.
  6. The rights of the information subject may be restricted in accordance with Article 35, Paragraph 4 or Article 37, Paragraph 2 of the Personal Information Protection Act.
  7. If the personal information is specified as the collection target in other laws, the personal information may not be deleted even if you request the deletion of the personal information.

Article 9. Measures for Ensuring Safety of Personal Information

Lunit has taken the following measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:
  1. 1. Administrative measures: Establishment/Implementation of internal management plans, regular training of employees, etc.
  2. 2. Technical measures: Management of access to systems processing personal information, installation of access control systems, encryption of identifiable information, and installation of security programs.
  3. 3. Physical measures: Access control to computer rooms and data storage rooms

Article 10. Installation and Operation of Automatic Personal Information Collection Devices

  1. Lunit uses “cookies” that store and loads user information to give you the best experience on our Website.
  2. Cookies are small pieces of information sent from the Website’s server to the browsers in the User’s computers. Some of them are stored in the User’s hard disk drive. Purpose of Using Cookies: These cookies enable Lunit to anonymously track how Users access and browse our Website, thereby enabling us to optimize and improve our service. Cookie Installation, Use, and Refusal: You can refuse to store cookies by changing the setting at the [Tools] > [Internal Option] > [Personal Information] Menu on the Top of the Web Browser Screen. Your refusal to store cookies does not disadvantageously affect your use of the Website.

Article 11. Privacy Officers

  1. Lunit has appointed the following persons as its Personal Information Protection Officer for the coordination of all tasks related to the processing of personal information, addressing information subjects’ complaints regarding the processing of personal information, and providing remedies for damages.

    Privacy Officer in Charge
    Name: Sunggyun Park
    Department: Security Department, Radiology Group

    Privacy Manager
    Name: Seungwoo Jung
    Department: Security Department, Radiology Group
  2. Please contact the Privacy Officer or Privacy Manager for any question, complaint, and remedy related to personal information during the use of Lunit’s services. Lunit will promptly respond to and process your inquiry.

Article 12. Request to Inspect Personal Information

A User may request Lunit to permit him/her to inspect his/her personal information under Article 35 of the Personal Information Protection Act. Lunit will strive to ensure that such requests will be processed without delay.
Department in charge of personal information viewing
    Name: Seungwoo Jung
    Department: Security Department, Corporate Affairs Group

Article 13. Judgment Criteria for Additional Use or Provision of Personal Information without the consent of information subject

When Lunit uses personal information additionally without the consent of the information subject, the criteria for judgment are as follows:
  1. 1. The purpose of additional use and provision is substantially related to the original purpose for which the personal information was collected;
  2. 2. The additional use and provision is foreseeable in light of the circumstances and practices;
  3. 3. The additional use and provision does not unfairly infringe on the interests of the information subject or a third party; and
  4. 4. If the purpose of additional use and provision can be achieved with the personal information being pseudonymized, then the personal information must be pseudonymized.

Article 14. Remedies for Violation of Rights and Interests

Please make inquiries to the following organizations if you need to report or consult in regards to the violation of personal information.

    - Personal Information Dispute Mediation Committee ( / (Toll Free) 1833-6972)
    - Personal Information Infringement Report Center ( / (Toll Free) 118)
    - The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office ( / (Toll free) 1301)
    - The Cyber Terrorism Response Center of the National Police Agency ( / (Toll free) 182)

Article 15. Modification of Privacy Policy

  1. Lunit may amend its Privacy Policy to reflect any legal or service changes. Lunit shall promptly notify such amendment in advance. Privacy Policy Version Number: v.2 Privacy Policy Notification/Effective Date: 2021.10.28.

For California Residents

This section supplements the information contained in our Privacy Policy and applies solely to Users who reside in the State of California. We adopt this notice in this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section.
  • Information We Collect
    Lunit collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User (“personal information”). In particular, Lunit has collected the following categories of personal information from its Users in the last twelve (12) months. We obtain the categories of personal information listed below as set forth in the methods described in our Privacy Policy.
    Category Examples Collected
    A. Identifiers A real name, alias, postal address, unique personal identifier, photos, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. YES
    B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
    C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
    D. Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
    E. Biometric Information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. YES
    F. Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a Website, application, or advertisement. YES
    G. Geolocation Data Physical location or movements. YES
    H. Sensory Data Audio, electronic, visual, thermal, olfactory, or similar information. YES
    I. Professional or employment-related information Current or past job history or performance evaluations. YES
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES
    K. Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO
  • Use of Personal Information
    We may use or disclose the personal information we collect for one or more of the business purposes indicated in Article 2 of our Privacy Policy. We will not collect additional categories of personal information or use the personal information for materially different, unrelated, or incompatible purposes without providing you notice.
  • Sharing Personal Information
    • We may disclose your personal information to a third party for business purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purposes except performing the contract. We share your personal information with the categories of third parties listed in Article 5 and Article 6 of our Privacy Policy.
    • In the preceding twelve (12) months, we have shared or disclosed the following categories of personal information for business purposes.
      • Identifiers
      • California Customer Records personal information categories
      • Protected classification characteristics under California or federal law
      • Commercial Information
      • Internet or other similar network activity
      • Geolocation Data
      • Professional or employment-related information
      • Non-public education information
    • We do not sell personal information. In the event that we do sell any personal information, we will update Privacy Policy to list the categories of Users’ personal information sold.
  • Your Rights and Choices
    The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights
    1. 1) Right to Access Specific Information and Data Portability Right
      You have the right to request that we disclose certain information to you about our collection, sharing, disclosure, or use of your personal information over the past twelve (12) months from the time of your request. Once we receive and confirm your verifiable consumer request, we will disclose to you the following information:
      • The categories of personal information we collected about you;
      • The categories of sources for the personal information we collected about you;
      • Our business or commercial purpose for collecting or selling that personal information;
      • The categories of third parties with whom we share or sell that personal information;
      • The categories of personal information sold by each third party who sold personal information;
      • The categories of personal information disclosed for business purposes or commercial purposes; and
      • The specific pieces of personal information we collected about you (also called a data portability request).
      Please note that we have not sold any personal information in the preceding twelve (12) months.
    2. 2) Right to Delete
      You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
      We may deny your deletion request if retaining the information is necessary for use or our service providers to:
      • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
      • Debug products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the rights of other consumers to exercise their free speech rights, or exercise other rights provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
      • Comply with legal obligations; or
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
    3. 3) Opt-Out Rights
      We have not sold and will not sell any personal information collected from Users.
    4. 4) Non-Discrimination
      We will not discriminate against California residents for exercising any of their rights under the CCPA. Moreover, unless permitted by the CCPA, we will not:
      • Deny you goods or services;
      • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
      • Provide you a different level or quality of goods or services; or
      • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
    5. 5) Exercising Access and Deletion Rights
      • To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by contacting us in the contact specified in Article 11 of our Privacy Policy.
      • Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information You may also make a verifiable consumer request on behalf of your minor child.
      • The verifiable consumer request must:
      - Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (e.g. a copy of your passport, residence certificate, etc.); and
      - Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

For European Economic Area (“EEA”) Residents

This section supplements the information contained in our Privacy Policy and applies solely to Users who reside in the EEA. Lunit complies with the General Data Protection Regulation (GDPR) as well as the domestic laws of each member country. 
  • If you reside in the EEA and your personal data is covered by the EU General Data Protection Regulation (“GDPR”), subject to the limitations and exceptions provided in the applicable law, you have the rights provided under the Articles 15, 16, 17, 18, 20, 21 of the GDPR.
    • The right to obtain from Lunit a confirmation as to whether your personal data is being processed, and if so, request for access to your personal data;
    • The right to rectify your personal data that is inaccurate;
    • The right to request Lunit for the erasure of your personal data;
    • The right to restrict the processing of your personal data;
    • The right to object to the processing of your personal data for direct marketing or for any other reason relating to your particular situation;
    • The right to data portability (i.e., the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller);
    • The right to withdraw your consent, if applicable. The withdrawal of the consent does not affect the lawfulness of processing your personal data based on your consent provided prior to the withdrawal. Once you withdraw your consent, Lunit may further process your personal data only if there is other legal ground for Lunit to do so; and
    • The right to lodge a complaint with the responsible supervisory authority if you believe that our data processing is in breach of the GDPR.
  • International Transfers of Personal Data
    Please be aware that the personal data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, pursuant to Article 5 and Article 6 of our Privacy Policy. By using this Website, you agree that any of your personal data that is collected by this Website may be managed in this way.