Privacy Policy
1. Purpose of the Privacy Policy
Medit Corp. and its affiliates (hereinafter referred to as the “Company”) are committed to protecting your information and complying with the Personal Information Protection Act and other applicable data protection laws.
In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses a privacy policy to guide information subjects on the procedures and standards for processing personal information and to handle related complaints promptly and smoothly.
This Privacy Policy applies to information that you provide or we collect on, about, or from you through the Company’s websites (medit.com, support.medit.com, partner.medit.com, meditortho.com), subscription services, and software (Medit Link, colLab) during registration or usage.
2. Collection and Methods of Personal Information
The company collects the following personal information for membership registration, customer support, and service provision, including information generated during the use of the service.
The company will obtain your consent before use if personal information beyond the purposes of collection stated below is required. The Company does not sell or lease your personal information to the third parties.
The Company does not directly collect patients’ personal information. Instead, the Company may process personal information provided by clinics that use its services, where such clinics have obtained the patient’s consent, for the purpose of delivering specific services.
The patient information received is used solely within the scope of the specified purposes, such as the production of aligners, and will not be used for any other purposes.
The categories of personal information that may be provided to the Company include the patient’s name, date of birth, gender, intraoral scan data, and treatment plan files (e.g., STL files). All such information is processed securely in accordance with applicable contracts and personal data protection laws.
Personal Information Collected During Service Use
| Legal Basis | Category | Personal Information | Purpose | Retention Period |
| Article 15(1)(4) of the Personal Information Protection Act (Performance of Contract) | Medit Link Membership Management | Clinic (Laboratory) name, name, email address, password | Identity verification, confirmation of registration intent, prevention of fraud or unauthorized use | Until membership withdrawal |
| Medit Help Center (Customer Support) | Name, email address, password | Responding to user inquiries, customer support | Until membership withdrawal | |
| Partner Portal | Name, phone number, email address, shipping address, ID | Product delivery | Until membership withdrawal | |
| MEDIT M | Email address, password, chat history | Login authentication, mobile chat service | Until membership withdrawal | |
| Chat Consultation | Name, email address, country | Chatbot consultation services | Retained for 5 years after processing | |
| Aligner Manufacturing | Hospital name, name, address, phone number, patient name, patient gender, order data (STL file) | Manufacturing and delivery of aligners | Until membership withdrawal | |
| Article 15(1)(1) of the Personal Information Protection Act (Data Subject Consent) | Medit Link Profile Information Collection | Photo, phone number | Identity verification, confirmation of registration intent, prevention of fraud or unauthorized use | Until membership withdrawal |
| Medit Help Center (Profile Information Collection) | Photo, phone number | Responding to user inquiries, customer support | Until membership withdrawal | |
| Customs Clearance Processing | Personal customs clearance code | Product delivery | Until membership withdrawal | |
| Consultation and Remote Diagnosis | Phone number, TeamViewer ID | Consultation and remote support services | Retained for 5 years after processing | |
| Partner Services | Location information | Provision of personalized partner recommendations | Until membership withdrawal | |
| Aligner Manufacturing | Patient date of birth | Manufacturing and delivery of aligners | Until membership withdrawal |
* The above information includes not only the details provided at the time of registration but also any updated member information.
During service usage, the following data is collected:
| Collected Data | Purpose | Retention Period |
| IP Address, Web Browser Cookies, Device Information (Manufacturer, Model, OS Information, App Version, UUID, Advertising Identifier, etc.), Service Usage Records within the App | User Analysis and Service Improvement | Until Membership Withdrawal or as Required by Applicable Law |
The Company collects personal information through:
(1) Direct input by users during service use.
(2) Automatic generation through the device where the service is installed or used.
(3) Integration with other devices or applications.
(4) Clinic, Third-party dealers, partners, and information collection tools.
3. With Whom we may share your personal data
We may share or otherwise disclose your personal data only where there is a valid legal basis under applicable data protection laws, including, where required, your consent or explicit consent, performance of a contract, compliance with a legal obligation, protection of vital interests, or legitimate interests pursued by the Company or a third party, and only to the extent necessary for the purposes described below.
Depending on the nature of the services you use and the context in which your personal data was collected, we may share your personal data with the following categories of recipients:
(1) Service Providers (Processors)
We may share your personal data with third-party service providers that process personal data on our behalf for purposes such as IT hosting, cloud services, payment processing, logistics, customer support, compliance management, security monitoring, and other operational services.
Such service providers act as data processors and are contractually required to process personal data only in accordance with our instructions and applicable data protection laws.
(2) Affiliates and Related Companies
We may share or allow access to your personal data with our domestic and overseas affiliates or related companies for purposes such as fulfilling your requests, providing customer support, technical operations, and related business administration.
Not all affiliates have access to all personal data. Access is limited to what is necessary for legitimate business purposes and on a need-to-know basis.
(3) Resellers and Business Partners
We may share your personal data with resellers, distributors, sales partners, training institutions, clinical research institutions, or other business partners where necessary for product sales, installation, technical support, or the provision of integrated or related services.
Where required by applicable law, we will ensure that an appropriate legal basis applies, including obtaining your consent prior to such disclosure. In all cases, sharing will be limited to what is reasonably necessary and proportionate in connection with your request or use of our services.
(4) Event Co-Organizers
If you participate in seminars, webinars, conferences, or joint marketing events, we may share relevant personal data with co-organizers, sponsors, or external speakers to the extent necessary for event administration and follow-up communications.
(5) Your Affiliated Organization
If you use our services as an employee, contractor, or member of an organization (e.g., hospital, clinic, corporation, or other institution), we may share certain information such as training completion status, account usage status, or service-related activity with authorized representatives of your organization to the extent necessary for legitimate business or administrative purposes.
(6) Other Disclosures: The Company may disclose or share your personal data where we reasonably believe such disclosure is necessary to:
(a) comply with applicable laws, regulations, or legal obligations;
(b) respond to audits, investigations, or legal and regulatory proceedings;
(c) protect the rights, property, or legitimate interests of the Company;
(d) enforce our terms, policies, and agreements; or
(e) safeguard the rights, property, or safety of our users, customers, or the public.
The Company entrusts certain tasks to external service providers and ensures secure processing through agreements and oversight. The entrusted processing terminates upon membership withdrawal or contract termination.
The Company may also entrust certain service providers with the processing of patients’ personal information provided by Clinics (e.g., name, date of birth, gender, intraoral scan data, treatment plan files such as STL files) in order to deliver the services requested by the Clinics, such as aligner fabrication.
Such delegation of processing is carried out strictly within the scope of the specified purposes, and the entrusted service providers are contractually prohibited from processing the information for any purposes other than those originally intended.
Entrusted Third-Party Service Providers
| Service Provider | Entrusted Task |
| Hubspot | Email Delivery System Development, Operation, and Maintenance |
| Amazon | Infrastructure Management for Web Services |
| Zendesk | Customer Inquiry System Development, Operation, and Maintenance |
| Stripe | International Payment Processing |
| Agora | Mobile App Chat Service Development, Operation, and Maintenance |
| Twilio | Email Delivery System Development, Operation, and Maintenance |
| K Line Europe Gmbh | Aligner fabrication and delivery |
4. Data Retention and Disposal
The Company retains personal information only for the period necessary to fulfill the purpose of collection or as required by law. When the retention period expires, personal data is deleted promptly. If a user has not used the service for one year, their personal information is either archived separately or deleted.
Under Electronic Commerce Act, Electronic Financial Transactions Act, and Protection of Communications Secrets Act, certain data is retained as follows:
| Legal Basis | Retained Data | Retention Period |
| Act on the Consumer Protection in Electronic Commerce | Contract and Withdrawal Records | 5 Years |
| Payment and Supply of Goods Records | 5 Years | |
| Consumer Complaints or Dispute Records | 3 Years | |
| Advertisement and Display Records | 6 Months | |
| Protection of Communications Secrets Act | Communication Confirmation Data | 3 Months |
| Electronic Financial Transactions Act | Electronic Financial Transaction and Fraud Records | 5 Years |
If the Company retains personal data in accordance with legal requirements, such data will be transferred to a separate database and used solely for retention purposes unless otherwise mandated by law. The retained data will be permanently deleted within the specified period.
Personal data in electronic format will be irreversibly deleted using a method that prevents recovery. Non-electronic records, including printed documents, written materials, or other recorded media, will be shredded or incinerated.
5. Data Subject Rights
Your Data Protection Rights
- You have the right to request access, correction, transfer, restriction of processing, or deletion of your personal data. However, the Company may defer your request if there are special legal provisions, if compliance is necessary to fulfill legal obligations, if there is a risk of harming others, or if granting the request would unfairly infringe on the property or interests of others. Additionally, if you have not expressed an intention to terminate the contract despite the inability to provide the agreed-upon services, the Company may defer your request.
- You have the right to object to the processing of your personal data and may request restrictions on processing or data portability.
- If the Company collects and processes your personal data based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal and does not impact the processing of your personal data that is conducted based on lawful grounds other than consent.
To exercise these rights, you may send an email to privacy@medit.com to request information changes, corrections, or notifications. We will respond to your request as soon as possible.
6. Security of Personal Information
The Company takes administrative, technical, and physical measures to protect the personal information collected and prevent unauthorized access, use, or disclosure by third parties. The Company has established and implements an internal management plan for data protection. The personal information you provide is safeguarded against unauthorized access, use, or disclosure and is securely stored on our servers.
Additional technical measures include managing access permissions to personal information processing systems, installing access control systems, encrypting unique identification information, deploying security programs, maintaining access logs, and implementing encryption. Access to facilities handling personal information, such as computer rooms and data storage rooms, is strictly controlled.
7. International Data Transfers
Your personal information may be transferred to jurisdictions outside of your country of residence to facilitate the Company’s global operations. In such cases, this Privacy Policy shall continue to apply. The Company will obtain your consent for international data transfers and take appropriate protective measures to ensure the security of your personal information.
| Legal Basis | Personal Information Transferred | Destination Country | Time and Method of Transfer | Recipient | Purpose of Use | Retention and Use Period |
| Article 28-8(1)(3) of the Personal Information Protection Act (Outsourcing/Storage for Contract Performance) | Personal information categories listed in the Privacy Policy | United States | Transmitted via network upon service use | HubSpot (privacy@hubspot.com) | Email delivery | Retained until membership withdrawal or termination of service |
| Personal information categories listed in the Privacy Policy | United States, Europe | Processed for service provision | Amazon (aws-korea-privacy@amazon.com) | System operation and data storage | Retained until membership withdrawal or termination of service | |
| Name, email address, country | Japan | Transmitted via network upon service use | Zendesk (privacy@zendesk.com) | Customer inquiry management | Retained until membership withdrawal or termination of service | |
| Payment card information | United States | Transmitted via network upon service use | Stripe (privacy@stripe.com) | International credit card payment processing | Retained for 5 years, then deleted | |
| Personal information categories listed in the Privacy Policy | United States | Transmitted via network upon service use | Agora (privacy@agora.io) | Chat service | Retained for 180 days, then deleted | |
| Cookies, IP address, access logs | United States | Transmitted via network upon service use | Google (googlekrsupport@google.com) | Website usage analysis via Google Analytics | Retained until membership withdrawal or termination of service | |
| Name, email address | United States | Transmitted via network upon service use | Twilio (privacy@twilio.com) | Email transmission | Retained until membership withdrawal or termination of service | |
| Patient name, gender, date of birth, STL file collected during service provision | Germany | Transmitted via network upon service use | K Line Europe GmbH (info@clearxaligners.com) | Manufacturing and delivery of aligners | Retained for 10 years |
8. Cookie Policy
The Company’s Cookie Policy outlines the definition of cookies, how they are used, how third parties affiliated with the Company utilize cookies, your choices regarding cookies, and additional relevant information.
– What Are Cookies?
- A “cookie” is a small data file sent from an HTTP server to a user’s browser.
- Cookies are stored on a user’s computer hard drive, allowing the Company or third parties to recognize the user and facilitate future visits, enhancing the browsing experience. While cookies can identify a user’s device, they do not personally identify individuals.
- Cookies may be classified as either “persistent cookies” or “session cookies.”
– How the Company Uses Cookies
- When you access and use our services, the Company may store multiple cookies in your web browser.
- The Company uses cookies for the following purposes:
- Providing analytical insights
- Storing user preferences
- Delivering personalized advertisements based on user preferences
- The Company employs both persistent and session cookies for service operation.
- Essential Cookies: The Company uses essential cookies to authenticate users and protect user accounts from fraud.
– Third-Party Cookies
In addition to its own cookies, the Company uses various third-party cookies to generate usage statistics and deliver advertisements.
– Your Choices Regarding Cookies
- You have the right to accept or decline cookies. To delete cookies or configure your browser to refuse them, refer to your browser’s help page. Options include displaying a message whenever a cookie is stored, accepting all cookies as the default setting, or rejecting cookies entirely.
- Please note that deleting or disabling cookies may impact the functionality of certain services, prevent storage of user preferences, or cause some pages to display incorrectly.
– For more information about cookies, please visit:
- All About Cookies: http://www.allaboutcookies.org/
– How to Disable Cookies in Your Browser
- Microsoft Edge: Click the three-dot icon in the upper-right corner > Settings > Privacy, search, and services > Clear browsing data > Choose what to clear > Clear now
- Google Chrome: Click the three-dot icon in the upper-right corner > Settings > Privacy and security > Clear browsing data
- Safari: Go to Settings > Safari > Clear History and Website Data
- Mozilla Firefox: Click the three-line menu in the upper-right corner > Settings > Privacy & Security > Cookies and Site Data > Clear Data > Select “Cookies and Site Data” & “Cached Web Content” > Clear
9. Contact Information
The Company has designated the Chief Privacy Officer to safeguard your personal information and address any privacy-related complaints. You may report any concerns regarding the protection of your personal data arising from your use of the Company’s services to the designated CPO. The CPO will promptly and thoroughly respond to your inquiries.
For privacy concerns, contact:
- Name: Ki Young Hwang
- Department: Research Center 2
- Position: CPO
- Email: privacy@medit.com
10. Notice to California Residents (CCPA/CPRA)
If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).
Your Rights Under California Law
Subject to certain conditions and exceptions, you have the following rights:
- Right to Know
- Right to Correct
- Right to Delete
- Right to Opt-Out of Sharing
- Right to Non-Discrimination
How to Exercise Your Rights
You may submit a verifiable consumer request by contacting us at:
Email: privacy@yourcompany.com
We may need to verify your identity before processing your request. We will respond in accordance with applicable California law.
We do not sell personal information as defined under the CCPA.
If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with a competent supervisory authority in your jurisdiction.
Notification date : 2026/02/25
Effective date : 2026/03/05
Previous Privacy Policy (2025/08/19)
Previous Privacy Policy (2024/12/18)