Privacy Policy

Careers Support

Daewoong Bio Privacy Policy

1. Types of Personal Information Collected

The Company collects personal information for the purposes outlined below. Personal information is not used beyond these purposes.
If usage purposes change, consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.

Category	Purpose	Data Items	Retention & Usage Period
1:1 Inquiry	To verify the identity of the inquirer, confirm inquiry details, conduct fact-finding, and notify results for the operation of customer consultation services	[Required] Name, Contact, Email Address, Password, Inquiry Details	Destroyed after completion of customer consultation (If required by law, retained for the legally mandated period)
Adverse Event Reporting	Collection and reporting of adverse drug events for safety management, in accordance with laws such as the Pharmaceutical Affairs Act and regulations on drug safety	Personal Information - Reporter : [Required] Name, Contact, Email - Patient : [Required] Gender, Age, Country Sensitive Information - Patient: [Required] Pregnancy status, breastfeeding status, existing conditions, symptoms, other health information	10 years after product approval expires
Pharmaceutical Distributor Management	issuance of wholesale system accounts	[Required] Name, Mobile Number, Email, Contact	Destroyed upon termination of contract with Daewoong Bio
Pharmaceutical Distributor Management	Issuance of accounts for data transfer programs to transmit sales and inventory data	[Required] Name, Affiliation, Mobile Number, Account Number, Resident Registration Number	Destroyed upon termination of contract with Daewoong Bio
CP Management	Payment for pharmaceutical lectures/advisory services	[Required] Name, Affiliation, Mobile Number, Account Number, Resident Registration Number	5 years (as required by law: Article 47-2 of Pharmaceutical Affairs Act, submission of expenditure reports for economic benefits, etc.)
CP Management	Management of product briefing participation history	[Required] Name, Affiliation, Hospital Name, Business Registration Number, License Number
Daewoong Group* integrated Customer Management	Customer inquiry tracking, integrated customer management across Daewoong affiliates, service improvement, development/ provision of new services, handling product complaints, and processing civil complaints	[Required] Name, Affiliation, Specialty, Mobile Number, Email, Date of Birth, Medical License Number [Optional] Position, Grade, Academic/ Medical Society Membership, Marriage Date, Hobbies, Skills, Work Experience [Optional] Financial or related information provided by Daewoong (e.g., provided products for medical institutions), participation in lectures/consultations, clinical trial info (topic/product & disease, target, clinical activity details)	Until the purpose of use is achieved or service withdrawal
Daewoong Group* integrated Customer Management	Providing information on medical education, professional development programs, Daewoong affiliate products, academic events, events, product briefings, and expert meetings for healthcare professionals		Until the purpose of use is achieved or service withdrawal
Clinical Trials	Organizing, analyzing, and reporting data from clinical trials	· Personal Information - [Required] Name (including initials), Gender, Date of Birth, Address, Contact, Bank Account Number · Sensitive Information - [Required] Medical records and test results related to health	3 years from product approval for the purpose of clinical trials

*Daewoong Group: Daewoong Pharmaceutical, Daewoong Bio, Sisbiopharm, DNC, Emsher, MDwell, idsTrust, Hanall Bio, Daewoong Pet

2. Provision of Personal Information to Third Parties

The company processes users' personal information strictly within the scope of the stated purpose, and only provides personal information to third parties with
the user’s consent or as required by law under the Personal Information Protection Act (Articles 17 and 18). The details of personal information provided to third parties are as follows:

Recipient Organization	Purpose of Provision	Items Provided	Retention / Usage Period
Korea Pharmaceutical & Bio-Pharma Association	Report to the review body by period in accordance with Article 16 of the “Fair Trade Rules on Pharmaceutical Transactions”	Name, affiliated organization, lecture fee, date of lecture payment, lecture content, and photos	5 years
Ministry of Food and Drug Safety	Verification of clinical trial procedures and data reliability	Personal and sensitive information collected for clinical trial purposes	3 years from product approval date
Clinical Trial Hospital / Clinical Trial Review Board	Verification of research procedures and data reliability; report and store any safety information identified		3 years from product approval date
Drug Safety Nara	Report based on regulations on drug safety	Name, resident registration number, (pharmacist/doctor) license number, workplace, position, email, address	semi-permanent
Korea Institute of Drug Safety & Risk Management	Report to national regulatory authorities on adverse events	① Patient Information – Country, sex, date of birth (age), pregnancy/breastfeeding status, detailed information on adverse events, start date of event, recovery symptoms, initial test results, current illness, suspected product causing the event, reason for administration (indication), dose per administration, number of administrations, administration period, product used with other drugs at time of event ② Reporter Information – Name (initials), qualifications of medical professional, country	10 years
Daewoong Partners	Provide adverse event information to companies with Daewoong product license agreements	Country, sex, age, symptoms *Compliant with CIOMS forms; may vary by partner contract	10 years
KB Insurance	Compensation in case of adverse effects from clinical trials	effects from clinical trials Age, pre-existing conditions, medical history/ surgery, lab tests, adverse reaction data, physical exams, urinalysis, post-trial recovery, etc. (*Information may vary by research study)	Destroy immediately after achieving processing purpose

3. Delegation of Personal Information Processing

To ensure smooth handling of personal information, the company delegates the following personal information processing tasks:

Category	Service Provider (Delegate)	Delegated Task
Main Website Customer Support	idsTrust	Name, affiliated organization, lecture fee, lecture payment date, lecture content, and photos
Clinical Trials	Hanyang University Guri Hospital, Kodae Ansan Hospital, Catholic University Eunpyeong St. Mary’s Hospital, Konkuk University Hospital, Ewha Womans University Mokdong Hospital, Korea University Medical Center, Hallym University Medical Industry Cooperation Foundation, LSK Global Pharma Co., Ltd., Hyundai EMD Bio, Seoul National University Hospital, (Catholic University St. Mary’s Hospital), Seoul Asan Medical Center, Inje University Medical Industry Cooperation Foundation, Bundang Seoul National University Hospital, Inbiotics Bio Co., Ltd., Soonchunhyang University Bucheon Hospital, Changwon Fatima Hospital, Daegu Fatima Hospital, Berry Brain, (Ltd.) CicioTech, Nobletek Rubber Korea Co., Ltd., Bundang CHA Hospital, Uijeongbu St. Mary’s Hospital, Yangsan Busan National University Hospital, Inha University Hospital, Kyemyung University Dongsan Hospital, Catholic University Jeongbu St. Mary’s Hospital, (Catholic University Bucheon St. Mary’s Hospital), Pusan National University Hospital, Chung-Ang University Hospital, Dong-A University Hospital, Nowon Eulji Hospital, Yeongnam University Medical Center, Kyunghee University Hospital, Bucheon Soonchunhyang University Hospital, Sejong Chungnam National University Hospital, Gangnam Severance Hospital, Hanla Hospital, Konkuk University Hospital, Samsung Seoul Hospital, Kangwon National University Hospital, (Medical) Gil Medical Foundation, (Ltd.) Dream C&I	Organizing, analyzing, and reporting clinical trial data
Electronic Contracts	Modusign	Providing electronic contract services
Wholesale Management	idsTrust	Maintaining wholesale management system
Sales & Customer Management	idsTrust	Maintenance of sales and customer management system
Marketing & Promotion	BearBetter	Shipping of promotional products

4.Destruction of Personal Information

The company will promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or fulfillment of the processing purpose.
The procedures and methods for destroying personal information are as follows:

1) Destruction Procedure: The company selects personal information to be destroyed and separates it for a certain period in accordance with internal guidelines and related laws,
then destroys it.
2) Destruction Method: Personal information stored electronically will be destroyed so that it cannot be recovered. Personal information stored on paper will be shredded or incinerated.

However, if personal information must be retained according to other laws even after the retention period has expired or the processing purpose has been achieved,
the information will be transferred to a separate database (DB) or storage location for preservation.

Type of Information	Retention Period	Legal Basis
Records of economic benefits provided to medical personnel or institutions, including expenditure reports and related documents	5 years	Pharmaceutical Affairs Act
Records of consumer complaints or dispute resolutions	3 years	Framework Act on Consumers
Website visit logs	3 months	Telecommunications Privacy Act

5.Rights and Procedures for Exercising Rights of Users and Legal Representatives

Users may exercise their rights to request access, correction, deletion, processing suspension, or restriction of their personal information at any time.
To exercise these rights, users can submit a request in writing, via email, or by fax to the person in charge of personal information protection as outlined in Section
10, "Personal Information Protection Officer and Requests for Access to Personal Information."
The company will verify the identity of the requester or their legal representative and promptly take appropriate action in accordance with the request.
However, if the correction or deletion of personal information is restricted by other laws, the company may not be able to fulfill such requests.

6.Measures to Ensure the Security of Personal Information

The company takes the following measures to ensure the security of personal information:

- Administrative Measures : Establishment and implementation of internal management plans, regular employee training
- Technical Measures : Access control for personal information processing systems, encryption of personal information, installation and updating of security programs
- Physical Measures : Access control to computer rooms and document storage areas

7. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

The company uses cookies to store and retrieve user information in order to provide customized services.
Cookies are small pieces of information sent from the server to the user’s browser when using a website and may also be stored on the user’s PC hard drive.

- Purpose of Cookies : To understand user behavior, such as visits to websites, usage patterns, popular searches, and security access, in order to provide optimized information.- How to Refuse or Manage Cookies : Users can refuse or manage cookies via the following browser settings:Internet Explorer: Right-click the top menu > [Settings] > [Internet Options] > [Privacy] > [Advanced]Chrome: Right-click the top menu [...] > [Settings] > [Privacy and Security] > [Site Settings] > [Cookies and Site Data]MS Edge: Right-click the top menu [...] > [Settings] > [Cookies and Site Permissions] > [Manage and Delete Cookies and Site Data]

8. Criteria for Additional Use or Provision of Personal Information

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act (PIPA), and by taking into consideration the factors prescribed in Article 14-2 of the Enforcement
Decree of the PIPA, the Company may further use or provide personal information without the user’s separate consent.
When exercising this right to further use or provide personal information without consent, the Company will consider the following factors:

- Whether the purpose of the further use or provision has relevance to the original purpose for which the personal information was collected.
- Whether the further use or provision can be reasonably anticipated by the user, considering the context in which the personal information was collected or
customary data processing practices.
- Whether the further use or provision unfairly infringes upon the user's interests.
- Whether necessary safeguards have been taken, such as pseudonymization or encryption.

9. Handling of Anonymized Information

The company processes personal information collected for clinical research and clinical trials in a way that prevents identification of specific individuals.
The anonymized information is handled as follows:

· Measures Taken to Ensure Safety, such as Anonymization or Encryption

Category	Purpose of Processing	Data Items	Retention & Usage Period
Clinical Trials	Organization, analysis, and reporting of clinical trial data	Anonymized information such as name, gender, age, basic medical history, past medical history/surgeries, blood tests, adverse reaction data, physical examination results, urinalysis, and vital signs. · Anonymized information is processed per study to ensure that individuals cannot be identified.	3 years from product approval

· Outsourcing of Anonymized Data Processing

Contractor	Scope of Work	Retention & Usage Period
Hanyang University Guri Hospital, Korea University Ansan Hospital, Catholic University Incheon St. Mary’s Hospital, Konkuk University Hospital, Ewha Womans University Mokdong Hospital, Korea University Medical Center, Hallym University Medical Center, LSK Global Pharma Co., Ltd., Hyundai ID Bio, Seoul National University Hospital, (Catholic University Seoul St. Mary’s Hospital), Seoul Asan Medical Center, Inje University Sanggye Paik Hospital, Bundang Seoul National University Hospital, InVivo Co., Ltd., Soonchunhyang University Bucheon Hospital, Changwon Fatima Hospital, Daegu Fatima Hospital, Berry Brain, Ssioteck Co., Ltd., Novatek Laboratory Korea Co., Ltd., Bundang Hospital, Uijeongbu St. Mary’s Hospital, Yangsan Busan National University Hospital, Inha University Hospital, Kyung Hee University Hospital, Catholic University Bucheon St. Mary’s Hospital, Busan National University Hospital, Chung-Ang University Hospital, Dong-A University Hospital, Nowon Eulji University Hospital, Yeungnam University Medical Center, Kyung Hee Medical Center, Bucheon Soonchunhyang University Hospital, Sejong Chungnam University Hospital, Gangnam Severance Hospital, Hanla Medical Center, Konyang University Hospital, Samsung Seoul Hospital, Gangwon National University Hospital, (Medical) GIL Medical Foundation, Dream C.I.S. Co., Ltd.	Support for clinical trial operations	3 years from product approval

·Safety Measures for Anonymized Data (in accordance with Article 28-4 of the Act on Personal Information Protection)
- Administrative Measures: Establishment and implementation of internal management plans; regular employee training
- Technical Measures: Access control for personal data processing systems, encryption of personal information, installation and updating of security programs
- Physical Measures: Access restriction to server rooms and data storage areas

10. Chief Privacy Officer (CPO) and Data Privacy Contact Information

The company is responsible for the overall management of personal information processing and has designated the following Chief Privacy Officer (CPO)
and Data Privacy Contact to handle user complaints and remedy damages related to personal information. The company will make efforts to ensure prompt communication with users
and facilitate the exercise of their rights as stipulated in Article 35 of the Personal Information Protection Act.

Category	Information	Contact Information
Chief Privacy Officer (CPO)	Name: Jeong Yoomi Title: Executive Director of Management Support	Email: Yum7711@Daewoong-Bio.Co.Kr Phone: 02-550-8770
Data Privacy Department	Department: Marketing	Email: Dwibhomepage@Daewoong-Bio.Co.Kr

11. Procedures for Reporting Infringements and Seeking Redress

The company guarantees the security of users' personal information and operates a system for consultation and redress regarding damages caused by personal information infringements.
Users can report infringements or request consultation for redress by contacting the Chief Privacy Officer (CPO) and Data Privacy Contact listed in Section 10
.Users who have suffered an infringement on their personal information and wish to receive relief can file a complaint or request consultation with the Personal Information Protection
Commission (PIPC), the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or the Personal Information Dispute Mediation Committee to resolve disputes.
In addition to the above, users may file a report or seek consultation for opinions on other personal information infringements through the following organizations:

1. Personal Information Dispute Mediation Committee (Kopico): 1833-6972 (www.kopico.go.kr)
2. KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)

12. Privacy Policy Updates

This Privacy Policy will take effect on October 27, 2025.
You can review the previous versions of the Privacy Policy in advance.

Careers Support

Press Release

Privacy Policy

Daewoong Bio Privacy Policy

Daewoong Bio (hereinafter "the Company") considers users’ personal information important and complies with relevant laws,
including the “Personal Information Protection Act” and the “Act on Promotion of Information and Communications Network Utilization and Information Protection.”
This privacy policy explains how the Company collects, uses, and processes personal information and the related procedures.
It is intended to ensure that users can exercise their rights safely and conveniently.
The Company will notify users of any amendments to this privacy policy via the website or other appropriate means.
1. Types of Personal Information Collected
The Company collects personal information for the purposes outlined below. Personal information is not used beyond these purposes.
If usage purposes change, consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.
Category Purpose Data Items Retention & Usage Period
1:1 Inquiry
To verify the identity of the inquirer, confirm
inquiry details, conduct fact-finding, and
notify results for the operation of customer
consultation services
[Required] Name, Contact, Email Address, Password,
Inquiry Details
Destroyed after completion of
customer consultation
(If required by law, retained for the legally
mandated period)
Adverse Event Reporting
Collection and reporting of adverse drug events for safety management, in accordance with laws such as the Pharmaceutical Affairs Act and regulations on drug safety
Personal Information
- Reporter : [Required] Name, Contact, Email
- Patient : [Required] Gender, Age, Country
Sensitive Information - Patient:
[Required] Pregnancy status,
breastfeeding status, existing conditions, symptoms, other
health information
10 years after product approval expires
Pharmaceutical Distributor
Management
issuance of wholesale system accounts
[Required] Name, Mobile Number, Email,
Contact
Destroyed upon termination of
contract with Daewoong Bio
Issuance of accounts for data transfer
programs to transmit sales and inventory data
[Required] Name, Affiliation, Mobile Number,
Account Number, Resident Registration Number
CP Management
Payment for pharmaceutical lectures/advisory
services
[Required] Name, Affiliation, Mobile Number,
Account Number, Resident Registration Number
5 years
(as required by law: Article 47-2 of
Pharmaceutical Affairs Act, submission of
expenditure reports for economic benefits, etc.)
Management of product briefing participation
history
[Required] Name, Affiliation, Hospital Name,
Business Registration Number, License Number
Daewoong Group*
integrated Customer
Management
Customer inquiry tracking, integrated
customer management across Daewoong
affiliates, service improvement, development/
provision of new services, handling product
complaints, and processing civil complaints
[Required] Name, Affiliation, Specialty, Mobile
Number, Email, Date of Birth, Medical License
Number [Optional] Position, Grade, Academic/
Medical Society Membership, Marriage Date,
Hobbies, Skills, Work Experience

[Optional] Financial or related information
provided by Daewoong (e.g., provided
products for medical institutions), participation
in lectures/consultations, clinical trial info
(topic/product & disease, target, clinical
activity details)
Until the purpose of use is achieved
or service withdrawal
Providing information on medical education,
professional development programs,
Daewoong affiliate products, academic events,
events, product briefings, and expert meetings
for healthcare professionals
Clinical Trials
Organizing, analyzing, and reporting data
from clinical trials
· Personal Information - [Required] Name
(including initials), Gender, Date of Birth,
Address, Contact, Bank Account Number

· Sensitive Information - [Required] Medical
records and test results related to health
3 years from product approval for the
purpose of clinical trials
*Daewoong Group: Daewoong Pharmaceutical, Daewoong Bio, Sisbiopharm, DNC, Emsher, MDwell, idsTrust, Hanall Bio, Daewoong Pet
2. Provision of Personal Information to Third Parties
The company processes users' personal information strictly within the scope of the stated purpose, and only provides personal information to third parties with
the user’s consent or as required by law under the Personal Information Protection Act (Articles 17 and 18). The details of personal information provided to third parties are as follows:
Recipient Organization Purpose of Provision Items Provided Retention / Usage Period
Korea Pharmaceutical &
Bio-Pharma Association
Report to the review body by period in
accordance with Article 16 of the “Fair Trade
Rules on Pharmaceutical Transactions”
Name, affiliated organization, lecture fee,
date of lecture payment, lecture content,
and photos
5 years
Ministry of Food and Drug
Safety
Verification of clinical trial procedures and
data reliability
Personal and sensitive information collected
for clinical trial purposes
3 years from product approval date
Clinical Trial Hospital /
Clinical Trial Review Board
Verification of research procedures and data
reliability; report and store any safety
information identified
Drug Safety Nara
Report based on regulations on drug safety
Name, resident registration number,
(pharmacist/doctor) license number,
workplace, position, email, address
semi-permanent
Korea Institute of Drug Safety
& Risk Management
Report to national regulatory authorities on
adverse events
① Patient Information – Country, sex, date of
birth (age), pregnancy/breastfeeding status,
detailed information on adverse events, start
date of event, recovery symptoms, initial test
results, current illness, suspected product
causing the event, reason for administration
(indication), dose per administration, number
of administrations, administration period,
product used with other drugs at time of
event ② Reporter Information – Name (initials),
qualifications of medical professional, country
10 years
Daewoong Partners
Provide adverse event information to
companies with Daewoong product license
agreements
Country, sex, age, symptoms
*Compliant with CIOMS forms; may vary by partner contract
10 years
KB Insurance
Compensation in case of adverse effects from
clinical trials
effects from clinical trials
Age, pre-existing conditions, medical history/
surgery, lab tests, adverse reaction data,
physical exams, urinalysis, post-trial recovery,
etc.
(*Information may vary by research study)
Destroy immediately after achieving
processing purpose
3. Delegation of Personal Information Processing
To ensure smooth handling of personal information, the company delegates the following personal information processing tasks:
Category Service Provider (Delegate) Delegated Task
Main Website Customer Support
idsTrust
Name, affiliated organization, lecture fee, lecture payment
date, lecture content, and photos
Clinical Trials
Hanyang University Guri Hospital, Kodae Ansan Hospital, Catholic University
Eunpyeong St. Mary’s Hospital, Konkuk University Hospital, Ewha Womans
University Mokdong Hospital, Korea University Medical Center, Hallym
University Medical Industry Cooperation Foundation, LSK Global Pharma Co.,
Ltd., Hyundai EMD Bio, Seoul National University Hospital, (Catholic
University St. Mary’s Hospital), Seoul Asan Medical Center, Inje University
Medical Industry Cooperation Foundation, Bundang Seoul National University
Hospital, Inbiotics Bio Co., Ltd., Soonchunhyang University Bucheon Hospital,
Changwon Fatima Hospital, Daegu Fatima Hospital, Berry Brain, (Ltd.)
CicioTech, Nobletek Rubber Korea Co., Ltd., Bundang CHA Hospital,
Uijeongbu St. Mary’s Hospital, Yangsan Busan National University Hospital, Inha University Hospital, Kyemyung University Dongsan Hospital,
Catholic University Jeongbu St. Mary’s Hospital, (Catholic University Bucheon St.
Mary’s Hospital), Pusan National University Hospital, Chung-Ang University
Hospital, Dong-A University Hospital, Nowon Eulji Hospital, Yeongnam
University Medical Center, Kyunghee University Hospital, Bucheon
Soonchunhyang University Hospital, Sejong Chungnam National University
Hospital, Gangnam Severance Hospital, Hanla Hospital, Konkuk University
Hospital, Samsung Seoul Hospital, Kangwon National University Hospital,
(Medical) Gil Medical Foundation, (Ltd.) Dream C&I
Organizing, analyzing, and reporting clinical trial data
Electronic Contracts
Modusign
Providing electronic contract services
Wholesale Management
idsTrust
Maintaining wholesale management system
Sales & Customer Management
idsTrust
Maintenance of sales and customer management system
Marketing & Promotion
BearBetter
Shipping of promotional products
4.Destruction of Personal Information
The company will promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or fulfillment of the processing purpose.
The procedures and methods for destroying personal information are as follows:

1) Destruction Procedure: The company selects personal information to be destroyed and separates it for a certain period in accordance with internal guidelines and related laws,
then destroys it.
2) Destruction Method: Personal information stored electronically will be destroyed so that it cannot be recovered. Personal information stored on paper will be shredded or incinerated.

However, if personal information must be retained according to other laws even after the retention period has expired or the processing purpose has been achieved,
the information will be transferred to a separate database (DB) or storage location for preservation.
Type of Information Retention Period Legal Basis
Records of economic benefits provided to medical
personnel or institutions, including expenditure reports
and related documents
5 years
Pharmaceutical Affairs Act
Records of consumer complaints or dispute resolutions
3 years
Framework Act on Consumers
Website visit logs
3 months
Telecommunications Privacy Act
5.Rights and Procedures for Exercising Rights of Users and Legal Representatives
Users may exercise their rights to request access, correction, deletion, processing suspension, or restriction of their personal information at any time.
To exercise these rights, users can submit a request in writing, via email, or by fax to the person in charge of personal information protection as outlined in Section
10, "Personal Information Protection Officer and Requests for Access to Personal Information."
The company will verify the identity of the requester or their legal representative and promptly take appropriate action in accordance with the request.
However, if the correction or deletion of personal information is restricted by other laws, the company may not be able to fulfill such requests.
6.Measures to Ensure the Security of Personal Information
The company takes the following measures to ensure the security of personal information:

- Administrative Measures : Establishment and implementation of internal management plans, regular employee training
- Technical Measures : Access control for personal information processing systems, encryption of personal information, installation and updating of security programs
- Physical Measures : Access control to computer rooms and document storage areas
7. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The company uses cookies to store and retrieve user information in order to provide customized services.
Cookies are small pieces of information sent from the server to the user’s browser when using a website and may also be stored on the user’s PC hard drive.

- Purpose of Cookies : To understand user behavior, such as visits to websites, usage patterns, popular searches, and security access, in order to provide optimized information.- How to Refuse or Manage Cookies : Users can refuse or manage cookies via the following browser settings:Internet Explorer: Right-click the top menu > [Settings] > [Internet Options] > [Privacy] > [Advanced]Chrome: Right-click the top menu [...] > [Settings] > [Privacy and Security] > [Site Settings] > [Cookies and Site Data]MS Edge: Right-click the top menu [...] > [Settings] > [Cookies and Site Permissions] > [Manage and Delete Cookies and Site Data]
8. Criteria for Additional Use or Provision of Personal Information
In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act (PIPA), and by taking into consideration the factors prescribed in Article 14-2 of the Enforcement
Decree of the PIPA, the Company may further use or provide personal information without the user’s separate consent.
When exercising this right to further use or provide personal information without consent, the Company will consider the following factors:

- Whether the purpose of the further use or provision has relevance to the original purpose for which the personal information was collected.
- Whether the further use or provision can be reasonably anticipated by the user, considering the context in which the personal information was collected or
customary data processing practices.
- Whether the further use or provision unfairly infringes upon the user's interests.
- Whether necessary safeguards have been taken, such as pseudonymization or encryption.
9. Handling of Anonymized Information
The company processes personal information collected for clinical research and clinical trials in a way that prevents identification of specific individuals.
The anonymized information is handled as follows:
· Measures Taken to Ensure Safety, such as Anonymization or Encryption
Category Purpose of Processing Data Items Retention & Usage Period
Clinical Trials
Organization, analysis, and reporting
of clinical trial data
Anonymized information such as name,
gender, age, basic medical history,
past medical history/surgeries, blood
tests, adverse reaction data, physical
examination results, urinalysis,
and vital signs.
· Anonymized information is processed per study
to ensure that individuals cannot be identified.
3 years from product approval
· Outsourcing of Anonymized Data Processing
Contractor Scope of Work Retention & Usage Period
Hanyang University Guri Hospital, Korea University Ansan Hospital, Catholic University
Incheon St. Mary’s Hospital, Konkuk University Hospital, Ewha Womans University
Mokdong Hospital, Korea University Medical Center, Hallym University Medical Center,
LSK Global Pharma Co., Ltd., Hyundai ID Bio, Seoul National University Hospital, (Catholic
University Seoul St. Mary’s Hospital), Seoul Asan Medical Center, Inje University Sanggye
Paik Hospital, Bundang Seoul National University Hospital, InVivo Co., Ltd.,
Soonchunhyang University Bucheon Hospital, Changwon Fatima Hospital, Daegu Fatima
Hospital, Berry Brain, Ssioteck Co., Ltd., Novatek Laboratory Korea Co., Ltd., Bundang
Hospital, Uijeongbu St. Mary’s Hospital, Yangsan Busan National University Hospital, Inha
University Hospital, Kyung Hee University Hospital, Catholic University Bucheon St.
Mary’s Hospital, Busan National University Hospital, Chung-Ang University Hospital,
Dong-A University Hospital, Nowon Eulji University Hospital, Yeungnam University
Medical Center, Kyung Hee Medical Center, Bucheon Soonchunhyang University Hospital,
Sejong Chungnam University Hospital, Gangnam Severance Hospital, Hanla Medical
Center, Konyang University Hospital, Samsung Seoul Hospital, Gangwon National
University Hospital, (Medical) GIL Medical Foundation, Dream C.I.S. Co., Ltd.
Support for clinical trial operations
3 years from product approval
·Safety Measures for Anonymized Data (in accordance with Article 28-4 of the Act on Personal Information Protection)
- Administrative Measures: Establishment and implementation of internal management plans; regular employee training
- Technical Measures: Access control for personal data processing systems, encryption of personal information, installation and updating of security programs
- Physical Measures: Access restriction to server rooms and data storage areas
10. Chief Privacy Officer (CPO) and Data Privacy Contact Information
The company is responsible for the overall management of personal information processing and has designated the following Chief Privacy Officer (CPO)
and Data Privacy Contact to handle user complaints and remedy damages related to personal information. The company will make efforts to ensure prompt communication with users
and facilitate the exercise of their rights as stipulated in Article 35 of the Personal Information Protection Act.
Category Information Contact Information
Chief Privacy Officer (CPO)
Name: Jeong Yoomi
Title: Executive Director of Management Support
Email: Yum7711@Daewoong-Bio.Co.Kr
Phone: 02-550-8770
Data Privacy Department
Department: Marketing
Email: Dwibhomepage@Daewoong-Bio.Co.Kr
11. Procedures for Reporting Infringements and Seeking Redress
The company guarantees the security of users' personal information and operates a system for consultation and redress regarding damages caused by personal information infringements.
Users can report infringements or request consultation for redress by contacting the Chief Privacy Officer (CPO) and Data Privacy Contact listed in Section 10
.Users who have suffered an infringement on their personal information and wish to receive relief can file a complaint or request consultation with the Personal Information Protection
Commission (PIPC), the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center, or the Personal Information Dispute Mediation Committee to resolve disputes.
In addition to the above, users may file a report or seek consultation for opinions on other personal information infringements through the following organizations:

1. Personal Information Dispute Mediation Committee (Kopico): 1833-6972 (www.kopico.go.kr)
2. KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)
12. Privacy Policy Updates
This Privacy Policy will take effect on October 27, 2025.
You can review the previous versions of the Privacy Policy in advance.