Curious about our products? Contact us

Privacy Policy

INTRODUCTION

      Lunit Inc. (“Lunit”, “we”, “us”, or “our”) owns and operates the websites, including without limitation, www.lunit.io and insight.lunit.io (“Websites”). Through our Websites, we offer various online services that enable visitors to the Websites (“you” or “Users”) to receive access to information about our products and services.

      Lunit understands that the privacy of information is of great importance to all Users. Thus, we are committed to protecting it through our compliance with the following privacy policy (“Privacy Policy”). This Privacy Policy is subject to change pursuant to relevant laws, regulations, and rules and Lunit’s internal operation policies, in which case the changes made to this Privacy Policy will be disclosed in accordance with the methods stipulated by relevant laws and regulations
    

Article 1. Items of Personal Information to be Processed

Lunit processes the following particulars of personal information:
  1. 1. Representative Website Product Inquiries: Name, email, phone number, country, title, organization/company name, nature of inquiry
  2. 2. Job application and recruitment inquiry on recruitment website:
    Job Application
    • Required: Name, address, phone number, cell phone number, e-mail, resume (Nationality, eligibility for veterans and disabled persons, academic background and grades, work experience, military service, overseas experiences, social activity, languages and other skills, awards, hobbies, talents, self-introduction, etc)
    • Optional: additional submissions (skills, cover letters, portfolios, etc)
  3. 3. Providing SCOPE Services
    • Required: Name, e-mail
    • Optional: cell phone number
  4. 4. Product Technical Assistance: email
  5. 5. Product Educational Assistance: email
  6. 6. Other information items that may be automatically generated and collected during service use on the Internet: IP addresses, cookie, MAC addresses, service use records, visit records, and locations

Article 2. Purpose of Processing Personal Information

Lunit processes personal information for the following purposes. Your personal information processed by Lunit is not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.
  1. 1. Representative Website Product Inquiries: Responding to inquiries about Lunit’s Products (Insight CXR, Insight MMG, SCOPE)
  2. 2. Job application and recruitment inquiry on recruitment website:
    Managing recruitment process, providing recruitment information, notification for each selection process, handling recruitment inquiries, etc.
  3. 3. Providing SCOPE Services
    Providing SCOPE Services
  4. 4. Product Technical Assistance: providing technical assistance for any of Lunit’s products
  5. 5. Product Educational Assistance: providing education and training for any of Lunit’s products

Article 3. Period of Processing and Retaining Personal Information

  1. 1. Lunit handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information or the period to which each User consents when we collect the User’s personal information.
  2. 2. The period using which a User’s personal information is handled and retained is as follows:
    1. 1)Representative Website Product Inquiries: until permission is rescinded
    2. 2)Job application and recruitment inquiry on recruitment website: until permission is rescinded
    3. 3)Providing SCOPE Services: until the end of the service
    4. 4)Product Technical Assistance: until permission is rescinded
    5. 5)Product Educational Assistance: until permission is rescinded

Article 4. Provision of Personal Information to Third Parties

      Lunit does not provide personal information to any third party without your consent. However, Lunit may provide personal information to a third party in cases falling under Article 17 of the Personal Information Protection Act, such as when there are special provisions in the law or when it is mandatory to comply with statutory obligations.
    

Article 5. Possibility of Disclosure of Sensitive Information and Method of Choosing Non-Disclosure

      Lunit does not disclose sensitive information that is deemed to pose a risk of privacy infringement during the provision of services
    

Article 6. Outsourcing of Personal Information Processing

  1. In accordance with Article 32 of the Personal Information Protection Act, Lunit outsources the processing of a User’s personal information to maintain its Websites as follows:
    Outsourced Companies Outsourced Tasks
    Workable Software Limited Operation of recruitment website and recruitment management computer system and handling of related complaints
    AWS Data archiving and infrastructure management
    Fivecloud IT System Maintenance, info infodesk
  2. When executing an outsourcing agreement, Lunit agrees on responsibilities such as the prohibition of processing of personal information other than for the purpose of performing outsourced tasks, technical and administrative protection measures, restrictions on re-outsourcing, management and supervision of the outsourced companies, and compensation for damages, in accordance with Article 25 of the Personal Information Protection Act, and supervise whether the outsourced companies handles personal information safely.
  3. In case of any change to the outsourced tasks or companies, Lunit will promptly disclose the information through this Privacy Policy.

Article 7. International Transfer of Personal Information

Lunit may transmit or manage the User’s personal information overseas for the purpose of service provision and user convenience as follows.
Name of Recipient Contact Items of Personal Information Transferred The country to which the personal information is transferred, Transferred Data, Transfer Method The purpose for transferring personal information, Retention Period
Workable Inc.
99 High St Boston MA 02110 United States
support@workable.com Name, Nationality, Address, Eligibility for Veterans and Disabled Persons, Phone numbers, Mobile numbers, Education, Grades, Military services, Work experiences, Overseas experiences, Social activity, Languages and other skills, Awards, Hobbies, Talents, Self-introduction USA, transferring data over the network to servers located in the Workable service area Operation of recruitment website and recruitment management computer system; handling of related complaints, until the end of the recruitment process
Amazon Web Services, Inc. aws-korea-privacy@amazon.com Name, E-mail, Phone number America(oregon region), Movement of Data Location through the Network Data archiving and infrastructure management, 3 years

Article 8. Destruction of Personal Information

  1. Lunit destroys a User’s personal information after the period during which the personal information is retained ends or the purposes of handling the personal information have been attained.
  2. If Lunit is required by the relevant laws or regulations to retain personal information even when the agreed retention period is over or after achieving the purpose of its collection, Lunit shall transfer the said personal information (or personal information file) to a separate database or another storage space.
  3. The procedure, deadlines, and methods for destroying it are as follows:
    1. 1. Procedure for Destruction
      Lunit selects personal information (or persona information file) subject to destruction, obtains approval from the person in charge of personal information protection, and destroys it.
    2. 2. Methods for Destruction
      Personal information stored in electronic file formats is to be deleted using technical means which makes the information unrecoverable. Personal information recorded and stored in paper is to be destroyed through shredding or incineration.

Article 9. Rights and Obligations of Information Subject

  1. An information subject may exercise the following rights regarding the protection of personal information at any time to Lunit: Request for access to his/her personal information Request for correction of errors, if any. Request for deletion Request for the suspension of processing
  2. An information subject may exercise the rights specified in paragraph (1) above via written documents or e-mail, etc. In such cases, Lunit will promptly take the required actions. Lunit will confirm whether the person who requested access, correction, deletion, or suspension of processing according to the rights of the information subject is the person or a legal representative.
  3. In case of a User requests the correction or deletion of his/her personal information, Lunit does not use or disclose the relevant personal information to any third party until the correction or deletion is complete.
  4. A User may exercise his/her rights through an agent such as his/her legal representative or a person with a mandate. In such cases, the User shall submit a power of attorney as specified in attached Form 11 of the Enforcement Rule of the Personal Information Protection Act.
  5. Users must not infringe on their own privacy or the privacy of other people collected by Lunit by violating the Act on the Protection of Personal Information.
  6. The rights of the information subject may be restricted in accordance with Article 35, Paragraph 4 or Article 37, Paragraph 2 of the Personal Information Protection Act.
  7. If the personal information is specified as the collection target in other laws, the personal information may not be deleted even if you request the deletion of the personal information.

Article 10. Measures for Ensuring Safety of Personal Information

Lunit has taken the following measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:
  1. 1. Administrative measures: Establishment/Implementation of internal management plans, regular training of employees, etc.
  2. 2. Technical measures: Management of access to systems processing personal information, installation of access control systems, encryption of identifiable information, and installation of security programs.
  3. 3. Physical measures: Access control to computer rooms and data storage rooms

Article 11. Installation and Operation of Automatic Personal Information Collection Devices

  1. Lunit uses “cookies” that store and loads user information to give you the best experience on our Website.
  2. Cookies are small pieces of information sent from the Website’s server to the browsers in the User’s computers. Some of them are stored in the User’s hard disk drive.
  3. Purpose of Using Cookies: These cookies enable Lunit to anonymously track how Users access and browse our Website, thereby enabling us to optimize and improve our service.
  4. Cookie Installation, Use, and Refusal: You can refuse to store cookies by changing the setting at the [Tools]> [Internal Option]> [Personal Information] Menu on the Top of the Web Browser Screen.
  5. Your refusal to store cookies does not disadvantageously affect your use of the Website.

Article 12. Privacy Officers

  1. Lunit has appointed the following persons as its Personal Information Protection Officer for the coordination of all tasks related to the processing of personal information, addressing information subjects’ complaints regarding the processing of personal information, and providing remedies for damages.

    Privacy Officer in Charge
    Name: Jungin-Lee
    Department: Security Department, Radiology Group
    E-mail: jilee@lunit.io

    Privacy Manager
    Name: Seungwoo Jung
    Department: Security Department, Radiology Group
    E-mail: jsw@lunit.io
  2. Please contact the Privacy Officer or Privacy Manager for any question, complaint, and remedy related to personal information during the use of Lunit’s services. Lunit will promptly respond to and process your inquiry.

Article 13. Request to Inspect Personal Information

A User may request Lunit to permit him/her to inspect his/her personal information under Article 35 of the Personal Information Protection Act. Lunit will strive to ensure that such requests will be processed without delay.
Department in charge of personal information viewing
    Name: Seungwoo Jung
    Department: Security Department, Corporate Affairs Group
      E-mail: jsw@lunit.io

Article 14. Judgment Criteria for Additional Use or Provision of Personal Information without the consent of information subject

When Lunit uses personal information additionally without the consent of the information subject, the criteria for judgment are as follows:
  1. 1. The purpose of additional use and provision is substantially related to the original purpose for which the personal information was collected;
  2. 2. The additional use and provision is foreseeable in light of the circumstances and practices;
  3. 3. The additional use and provision does not unfairly infringe on the interests of the information subject or a third party; and
  4. 4. If the purpose of additional use and provision can be achieved with the personal information being pseudonymized, then the personal information must be pseudonymized.

Article 15. Remedies for Violation of Rights and Interests

Please make inquiries to the following organizations if you need to report or consult in regards to the violation of personal information.

    - Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / (Toll Free) 1833-6972)
    - Personal Information Infringement Report Center (http://privacy.kisa.or.kr / (Toll Free) 118)
    - The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office (http://www.spo.go.kr / (Toll free) 1301)
    - The Cyber Terrorism Response Center of the National Police Agency (http://cyberbureau.police.go.kr / (Toll free) 182)
    

Article 16. Modification of Privacy Policy

  1. Lunit may amend its Privacy Policy to reflect any legal or service changes. Lunit shall promptly notify such amendment in advance. Privacy Policy Version Number: v.2 Privacy Policy Notification/Effective Date: 2024.02.24.
  2. Please find the previous versions of Privacy Policy below. 2021. 10. 28. ~ 2023. 04. 18. Privacy Policy 2023. 04. 18. ~ 2024. 02. 23. Privacy Policy

For California Residents

This section supplements the information contained in our Privacy Policy and applies solely to Users who reside in the State of California. We adopt this notice in this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section.
  • Information We Collect
    Lunit collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User (“personal information”). In particular, Lunit has collected the following categories of personal information from its Users in the last twelve (12) months. We obtain the categories of personal information listed below as set forth in the methods described in our Privacy Policy.
    Category Examples Collected
    A. Identifiers A real name, alias, postal address, unique personal identifier, photos, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. YES
    B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
    C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
    D. Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
    E. Biometric Information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. YES
    F. Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a Website, application, or advertisement. YES
    G. Geolocation Data Physical location or movements. YES
    H. Sensory Data Audio, electronic, visual, thermal, olfactory, or similar information. YES
    I. Professional or employment-related information Current or past job history or performance evaluations. YES
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES
    K. Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO
  • Use of Personal Information
    We may use or disclose the personal information we collect for one or more of the business purposes indicated in Article 2 of our Privacy Policy. We will not collect additional categories of personal information or use the personal information for materially different, unrelated, or incompatible purposes without providing you notice.
  • Sharing Personal Information
    • We may disclose your personal information to a third party for business purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purposes except performing the contract. We share your personal information with the categories of third parties listed in Article 5 and Article 6 of our Privacy Policy.
    • In the preceding twelve (12) months, we have shared or disclosed the following categories of personal information for business purposes.
      • Identifiers
      • California Customer Records personal information categories
      • Protected classification characteristics under California or federal law
      • Commercial Information
      • Internet or other similar network activity
      • Geolocation Data
      • Professional or employment-related information
      • Non-public education information
    • We do not sell personal information. In the event that we do sell any personal information, we will update Privacy Policy to list the categories of Users’ personal information sold.
  • Your Rights and Choices
    The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights
    1. 1) Right to Access Specific Information and Data Portability Right
      You have the right to request that we disclose certain information to you about our collection, sharing, disclosure, or use of your personal information over the past twelve (12) months from the time of your request. Once we receive and confirm your verifiable consumer request, we will disclose to you the following information:
      • The categories of personal information we collected about you;
      • The categories of sources for the personal information we collected about you;
      • Our business or commercial purpose for collecting or selling that personal information;
      • The categories of third parties with whom we share or sell that personal information;
      • The categories of personal information sold by each third party who sold personal information;
      • The categories of personal information disclosed for business purposes or commercial purposes; and
      • The specific pieces of personal information we collected about you (also called a data portability request).
      Please note that we have not sold any personal information in the preceding twelve (12) months.
    2. 2) Right to Delete
      You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
      We may deny your deletion request if retaining the information is necessary for use or our service providers to:
      • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
      • Debug products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the rights of other consumers to exercise their free speech rights, or exercise other rights provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
      • Comply with legal obligations; or
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
    3. 3) Opt-Out Rights
      We have not sold and will not sell any personal information collected from Users.
    4. 4) Non-Discrimination
      We will not discriminate against California residents for exercising any of their rights under the CCPA. Moreover, unless permitted by the CCPA, we will not:
      • Deny you goods or services;
      • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
      • Provide you a different level or quality of goods or services; or
      • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
    5. 5) Exercising Access and Deletion Rights
      • To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by contacting us in the contact specified in Article 11 of our Privacy Policy.
      • Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information You may also make a verifiable consumer request on behalf of your minor child.
      • The verifiable consumer request must:
      - Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (e.g. a copy of your passport, residence certificate, etc.); and
      - Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond thereto.

For European Economic Area (“EEA”) Residents

This section supplements the information contained in our Privacy Policy and applies solely to Users who reside in the EEA. Lunit complies with the General Data Protection Regulation (GDPR) as well as the domestic laws of each member country. 
  • If you reside in the EEA and your personal data is covered by the EU General Data Protection Regulation (“GDPR”), subject to the limitations and exceptions provided in the applicable law, you have the rights provided under the Articles 15, 16, 17, 18, 20, 21 of the GDPR.
    • The right to obtain from Lunit a confirmation as to whether your personal data is being processed, and if so, request for access to your personal data;
    • The right to rectify your personal data that is inaccurate;
    • The right to request Lunit for the erasure of your personal data;
    • The right to restrict the processing of your personal data;
    • The right to object to the processing of your personal data for direct marketing or for any other reason relating to your particular situation;
    • The right to data portability (i.e., the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller);
    • The right to withdraw your consent, if applicable. The withdrawal of the consent does not affect the lawfulness of processing your personal data based on your consent provided prior to the withdrawal. Once you withdraw your consent, Lunit may further process your personal data only if there is other legal ground for Lunit to do so; and
    • The right to lodge a complaint with the responsible supervisory authority if you believe that our data processing is in breach of the GDPR.
  • International Transfers of Personal Data
    Please be aware that the personal data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, pursuant to Article 5 and Article 6 of our Privacy Policy. By using this Website, you agree that any of your personal data that is collected by this Website may be managed in this way.