Haim Aesthetics Privacy Policy and Terms of Use
By accessing or using the Haim Aesthetics website or services, you agree to the terms outlined in this Privacy Policy and Terms of Use. Your consent to this policy is required to proceed, and you may withdraw it at any time as described herein.
Article 1: Consent to Collection, Use, and Processing of Personal Information
1.1 Consent Mechanism: Haim Aesthetics (hereinafter “we,” “us,” or “the Company”) provides a transparent procedure for customers to consent to the collection, use, and processing of their personal information. By clicking the “Agree” button on our website (http://www.haimaesthetics.com), you explicitly acknowledge and consent to the terms of use, the collection of your personal information, and the purposes for which it will be used, as outlined in this policy. Your affirmative action constitutes informed consent under applicable international privacy laws, including but not limited to the General Data Protection Regulation (GDPR) and the Personal Information Protection Act (PIPA) of South Korea.
1.2 Voluntary Consent: Consent is voluntary, and you may withdraw it at any time in accordance with Article 8 of this policy. We will not process your personal information without your consent, except where required by law.
Article 2: Personal Information Collected, Processed, and Purposes of Use
2.1 Definition of Personal Information: “Personal Information” refers to any data relating to an identified or identifiable natural person, including but not limited to names, email addresses, resident registration numbers (or equivalent national identification numbers), telephone numbers, addresses, or any other information that can directly or indirectly identify an individual. This includes data that, when combined with other information, could reasonably lead to identification.
2.2 Categories and Purposes of Collection:
• Members’ Personal Information
• Time of Collection: Collected upon registration for membership on our website or services.
• Mandatory Collection Items: User ID, email address, full name.
• Optional Collection Items: Date of birth, telephone number, physical address.
• Purpose of Use: To facilitate membership registration, authenticate users, provide personalized services, process transactions, and communicate regarding our medical aesthetics and dermatological products and services.
• Retention Period: Personal information will be deleted immediately upon withdrawal of membership, except for purchasing members, whose data may be retained for five (5) years to comply with applicable tax, financial, or regulatory obligations (e.g., South Korean tax laws, GDPR retention requirements). After this period, data will be securely destroyed as outlined in Article 4.
2.3 Legal Basis for Processing: We process personal information based on your explicit consent, contractual necessity (e.g., for service provision), or legal obligations (e.g., health and safety regulations in medical aesthetics). Where required by law, we will seek additional specific consent for sensitive data, such as health-related information.
Article 3: Use of Cookies and Similar Technologies
3.1 Definition and Operation: Haim Aesthetics may use cookies—small text files stored on your device’s browser (e.g., Google Chrome, Microsoft Edge)—and similar technologies (e.g., web beacons, tracking pixels) to enhance user experience, analyze website usage, and improve our services.
3.2 Purposes of Use:
• Analyze access frequency, session duration, and user behavior to optimize website performance.
• Identify user preferences to personalize content, services, and targeted marketing campaigns.
• Improve service delivery and inform product development in the medical aesthetics and dermatology fields.
3.3 Cookie Management and Rejection:
• Cookies identify devices but do not directly identify individuals unless combined with other personal data.
• You may accept, reject, or manage cookies through your browser settings. However, rejecting cookies may limit access to certain features or services requiring authentication or personalization.
3.4 Instructions for Managing Cookies:
• Google Chrome: Access settings by clicking the three-dot menu in the upper-right corner > “Settings” > “Privacy and Security” > “Cookies and Other Site Data” > Adjust preferences.
• Microsoft Edge: Navigate to “Settings and More” (three-dot menu) > “Settings” > “Cookies and Site Permissions” > “Manage and Delete Cookies and Site Data.”
• Safari: Go to “Preferences” > “Privacy” > Enable or disable “Block All Cookies.”
• For other browsers, consult the browser’s help documentation or privacy settings.
Article 4: Retention, Use, and Destruction of Personal Information
4.1 Retention Periods: Personal information will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws, regulations, or contractual obligations. Upon fulfillment of these purposes or withdrawal of consent, data will be destroyed without delay, unless retention is mandated by law (e.g., GDPR Article 17, South Korean PIPA, or U.S. HIPAA for health-related data).
4.2 Destruction Procedures:
• Process: Personal information entered during membership registration will be transferred to a secure, separate database (or a locked filing cabinet for physical records), retained for the period specified by internal policies and legal requirements, and then permanently destroyed. Such data will not be used for any purpose other than those legally permitted.
• Methods:
◦ Paper records will be shredded or incinerated to prevent reconstruction.
◦ Electronic data will be erased using irreversible technological methods (e.g., secure deletion software, data wiping) to ensure it cannot be restored or regenerated.
4.3 Dormant Members: Members who have not accessed services for twelve (12) consecutive months will be classified as “dormant.” We will notify such members of potential membership forfeiture in accordance with applicable laws (e.g., South Korean Act on Promotion of Information and Communications Network Utilization and Information Protection, Article 29.2). If no response is received, membership may be terminated at our discretion, and personal information will be securely stored separately, destroyed after the statutory retention period, or reactivated upon request if services are resumed.
Article 5: Disclosure and Transfer of Personal Information to Third Parties
5.1 Restrictions on Use and Disclosure: Haim Aesthetics will not use, disclose, or transfer your personal information to third parties beyond the purposes outlined in Article 2, except:
• With your explicit consent.
• As required by law, regulation, or legal process (e.g., court order, public health authority mandate under HIPAA or equivalent).
• To protect the safety, rights, or property of Haim Aesthetics, our users, or the public.
5.2 Data Anonymization: Where feasible, we may anonymize or pseudonymize data before sharing it for research, marketing, or statistical purposes, ensuring it cannot be linked to an identifiable individual without additional processing.
Article 6: Outsourcing of Personal Information Processing
6.1 Purpose of Outsourcing: To ensure seamless operations, enhance service quality, and improve customer convenience, Haim Aesthetics may engage third-party service providers (e.g., IT vendors, logistics partners, payment processors) to process personal information on our behalf.
6.2 Scope and Safeguards:
• Shared information will be limited to the minimum necessary to fulfill the outsourced purpose. Optional personal information may be shared only with your consent for specific services.
• Outsourcing partners are contractually bound to comply with this Privacy Policy, applicable data protection laws (e.g., GDPR, CCPA, PIPA), and maintain equivalent security standards.
• We regularly audit and monitor outsourcing partners to ensure compliance.
6.3 Notification of Changes: The list of outsourcing partners may evolve due to service updates or contractual changes. We will notify customers of such changes at least thirty (30) days in advance via website notices, email, or other direct communication, especially for participants in short-term events or promotions.
Article 7: Rights to Access, Modify, and Control Personal Information
7.1 Access and Modification: You have the right to access, review, and modify your personal information at any time. You may:
• Use the “Manage Account” or “Change Members’ Information” menu on our website to directly update your details.
• Submit a written request, email, or telephone inquiry to our Data Protection Officer (DPO) or designated privacy contact. We will process your request promptly, typically within thirty (30) days, in compliance with GDPR Article 15, CCPA, and PIPA requirements.
7.2 Correction of Errors: If you identify inaccuracies in your personal information, we will suspend its use or disclosure until the errors are corrected, notifying any third parties to whom incorrect data was previously shared.
7.3 Data Portability and Erasure: Subject to applicable law, you may request a copy of your personal data in a structured, machine-readable format (data portability) or request its erasure (right to be forgotten), except where retention is legally required.
Article 8: Withdrawal of Consent
8.1 Right to Withdraw: You may withdraw your consent to the collection, use, and processing of your personal information at any time. This can be done by:
• Navigating to the “Withdraw Consent (Membership)” option in the Personal Information Management section of our website’s homepage.
• Contacting our Data Protection Officer in writing, by telephone, or via email or the contact details listed on our website.
We will process your withdrawal request immediately, delete your personal information (subject to legal retention obligations), and notify you of the action taken, including confirmation of data destruction.
8.2 Ease of Withdrawal: We ensure that the process for withdrawing consent is as straightforward as the process for providing it, in accordance with GDPR Article 7, CCPA, and PIPA principles.
Article 9: Security Measures for Personal Information
9.1 Commitment to Security: Haim Aesthetics implements robust technological, administrative, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction, in compliance with Article 32 of the GDPR, HIPAA Security Rule, and PIPA.
9.2 Specific Measures:
• Encryption: Personal information, including passwords and sensitive health-related data, is encrypted using industry-standard algorithms (e.g., AES-256) and stored securely, accessible only to authorized users.
• Access Control: Access to personal data is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication and role-based access controls.
• Anti-Hacking Protections: We deploy, update, and monitor advanced security software to prevent data breaches, hacking, or malware attacks. Sensitive data environments are physically and technologically secured, with regular penetration testing and audits to block unauthorized access.
Article 10: Amendments to This Privacy Policy
10.1 Effective Date and Updates: This Privacy Policy takes effect on January 1st, 2025. We may update or amend this policy to reflect changes in legal requirements, operational practices, or service offerings. Any modifications will be announced at least thirty (30) days prior to implementation via prominent notices on our website, email notifications, or other direct communication channels.
10.2 Review Period: You are encouraged to review this policy periodically to stay informed of updates. Continued use of our services after modifications constitutes acceptance of the revised policy.
Acknowledgment of Consent
By clicking “I Agree” or using our services, you confirm that you have read, understood, and agree to this Privacy Policy and Terms of Use. You acknowledge your rights and our obligations under applicable international privacy laws, including GDPR, CCPA, HIPAA (where health data is involved), and PIPA.
