Privacy Policy
Organon Korea Co., Ltd. (hereinafter referred to as the “Company”) attaches great importance to the protection of your personal information and complies with the Personal Information Protection Act. Through this Privacy Policy (hereinafter referred to as “the Policy”), the Company will inform you of the purpose and manner in which the personal information you provide in relation to your membership and use of My Propecia will be used, and what measures are being taken to protect your personal information.
1. Purpose of Collection and Usage of Personal Information
The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following, and when the purpose of use is changed, necessary measures will be taken in accordance with laws and regulations, such as obtaining separate consent.
- General personal information: Registration and operation, management, identity verification, and eligibility check through the My Propecia app; providing and improving membership services related to the My Propecia app; conducting member authentication procedures to prevent unauthorized use of services, all communication with the Company, including consultation and handling of complaints/requests and response to disputes; checking feedback on the information provided by the Company and keeping records of handling complaints about products and services; Customer Center services (editing and deleting member information, resetting password, searching and changing ID, and managing member data); maintenance and management of member data; data analysis, statistics, and improving products and services: improving various services on the My Propecia app and discovering new service elements, such as personalized services for members; various announcements, notices, and instructions including requests to report abnormal cases; and other matters related to the above businesses
- Sensitive information (health information such as hair-related information): Analysis of progression and improvement of hair loss of members of the My Propecia app, provision of analysis results
2. Personal Information Collected
The Company collects the minimum amount of personal information necessary to provide the services as described below.
- General personal information: Name, mobile phone number, email address, ID, password
- Prescription start date, prescribed drug, dosage, dosage cycle, information for verifying prescription (product number, etc.), photos of hair (front, top, both sides), and progression and improvement of hair loss
- Collection method: Collected through the My Propecia app; however, the prescription start date and photos of hair areas are stored only on the user’s device.
3. Period of Retention and Use of Personal Information
The Company will destroy your personal information without delay when the purpose of collecting and using personal information is achieved or when the period of retention and use of personal information agreed upon at the time of collecting personal information has elapsed.
- General personal information: Until membership is withdrawn
- Sensitive information (health information such as hair-related information): Until membership is withdrawn or information is deleted
4. Details Regarding the Destruction of Personal Information
After the purpose of collecting and using personal information has been achieved or the period of retention and use of personal information has elapsed, the company will immediately destroy the personal information in the following manner, unless necessary to preserve it in accordance with relevant laws and regulations.
- Destruction methods
- Personal information stored in the form of electronic files is destroyed using a technical method that makes the records unrecoverable
- Personal information printed on paper is shredded with a shredder or destroyed by incineration
5. Provision of Personal Information to Third Parties
In principle, the company processes your personal information within the scope specified in Article 1 of this Policy, and does not process it beyond the original scope or provide it to third parties without with your prior consent or unless stipulated by relevant laws and regulations.
In the event of an emergency, such as a disaster, an infectious disease, an event or incident that poses an imminent risk to life or body, and an imminent loss of property, the company may provide personal information to related organizations without the consent of the data subject in accordance with the Guidelines for Processing and Protecting Personal Information in Emergency Situations jointly announced by the relevant ministries of the government.
The Company provides personal information to third parties as described below.
| Receiving Party (country, contact information) | Receiving Party’s Purpose of Using Personal Information | Personal Information Details Provided | Receiving Party’s Retention and Usage Period of Personal Information |
| Organon & Co., Inc. 30 Hudson Street, Jersey City, NJ 07302 USA +1 551-430-6000 | Storing app user sign-ups, logins, notifications, analysis of hair loss progression and improvement, and related data | Name, email address, mobile phone number, ID, password, digitized metadata related to the analysis of progression and improvement of hair loss | Until the membership is withdrawn or information is deleted |
6. Handling of Personal Information Processing
For smooth handling of personal information tasks, the Company entrusts personal information processing tasks as follows.
| Consignee | Consigned Task(s) |
| Google Firebase 1600 Amphitheatre Parkway Mountain View, CA 94043 USA +1 650-253-0000 | Storing the personal information indicated in Paragraph 5 and analysis data of app users, operating the server |
If the contents of the entrusted business or the consignee are changed, they will be disclosed through this Policy.
7. Foreign transfer of personal information
| Transferee of personal information (Contact information) | Transfer country | Transferred item(s) | Transferee’s Purpose of Using Personal Information | Date and method of transfer | Transferee’s Retention and Usage Period |
| Organon & Co., Inc. (USA, +1 551-430-6000) | United States | Storing the personal information indicated in Paragraph 5 | Storing app user sign-ups, logins, notifications, analysis of hair loss progression and improvement, and related data | Frequently through an information and communications network | Until the membership is withdrawn or information is deleted |
| Google Firebase (USA, +1 650-253-0000) | United States | Same as above | Storing the personal information indicated in Paragraph 5 and analysis data of app users, operating the server | Frequently through an information and communications network | Until the membership is withdrawn or information is deleted |
You may refuse to allow foreign transfer; however, if you refuse, you will be restricted from registering for the My Propecia app and receiving services through the My Propecia app. If you do not wish to have your personal information transferred outside of Korea, you may request to withdraw your membership by sending an email to krmyppc@organon.com.
8. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
You may withdraw your consent to the collection, use, and provision of personal information at any time, may request to view, correct, suspend the processing of, or delete your personal information, and may exercise these rights through an agent, such as your legal representative or an authorized delegate. If you contact the Company in writing or by phone, email, fax, etc., the Company will take necessary measures without delay after verifying your identity. However, the exercise of certain rights may be restricted if there are obligations stipulated by laws and regulations. These rights can be exercised through an agent, such as a legal representative or an authorized delegate. In this case, you must submit a power of attorney in accordance with Attached Form No. 11 of the “Guidelines for Processing Personal Information (No. 2020-7)”.
9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company uses cookies to automatically collect personal information that is stored and retrieved from your device. Cookies are very small text files that are sent to your browser by the server used to run the Company’s website and are stored on your computer’s hard disk. Cookies are used for analyzing the frequency and time of access for members and non-members, understanding user preferences and interests, tracking user activities, assessing event participation and visit frequency, and improving the usability of the website.
You have the option to allow all cookies, receive notifications when cookies are stored, or refuse the storage of all cookies by selecting options in your web browser settings.
Example of changing settings (for web browsers): At the top of the browser, Tools > Internet Options > Privacy.
However, if you refuse to install cookies, there may be difficulties in providing services.
10. Privacy Officer
In order to protect your personal information and handle complaints related to personal information, there is a Privacy Officer as described below.
| Name | Responsible Department and Position | Contact information |
| Byunggyu Jung | Privacy Officer, Commercial Operation Department Executive Director | privacykr@organon.com, 1577-8582 |
| Youngjoo Lee | Business Practice Officer | privacykr@organon.com, 1577-8582 |
11. Personal Information Safety Measures
The Company takes the following technical, administrative, and physical measures necessary to ensure safety.
- Administrative measures: Establishment and implementation of internal management plans, and minimization of staff handling personal information, and employee training
- Technical measures: Management of access rights to personal information processing system, etc.; installation of access control systems, security measures using encryption technology, such as encryption of unique identification information such as resident registration numbers, foreigner registration numbers, driver’s license numbers, and passport numbers; installation of security programs; measures to prevent falsification or alteration of access records; retention of log records; and measures to prevent infringement by computer viruses, such as installation and operation of antivirus software
- Physical measures: Access control for computer rooms and data storage rooms
In addition, in order to ensure the safety of personal information, the Company implements the following activities in addition to those stipulated by laws and regulations.
12. Remedies for Infringement of Rights and Interests
You may contact the following organizations for damage relief and consultation regarding the infringement of personal information.
- Personal Information Dispute Mediation Committee: (no area code) 1833-6872 (www.kopico.go.kr)
- Korea Internet & Security Agency’s Personal Information Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors’ Office: (no areacode) 1301 (www.spo.go.kr)
- National Police Agency: (no area code) 182 (ecrm.cyber.go.kr)
13. Criteria for Additional Use and Provision
In accordance with Article 15 Paragraph 3 and Article 17 Paragraph 4 of the Personal Information Protection Act, the Company considers the following matters when additionally using and providing personal information without the consent of the data subject in consideration of the matters pursuant to Article14-2 of the Enforcement Decree of the Personal Information Protection Act.
- Whether the purpose of the additional useorprovision of personal information is related to the purpose for which it was originally collected
- Whether the additional use or provision can be predicted in light of thecircumstancesin which personal information was collected or the processing practices
- Whether the additional use and provision of personal information unduly infringe on the interests of the data subject
- Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption
14. Changes to the Privacy Policy
This Privacy Policy was established on August 2, 2023, and when there areadditions, deletions, or revisions to the content of this Privacy Policy, in accordance withchanges of legislation, policies, or security technology, we will notify users via the app.
Established: August 2, 2023