Privacy Policy
Organization Name
Document Name
Document Owner
AIRS Medical Inc.
Privacy Policy
Jonghyeng Park, CPO
Effective Date
Version
Document Approver
Novermber 13, 2024
Version 1.0
Hyeseong Lee, CEO
AIRS Medical Inc., including its affiliates and subsidiaries (collectively, “AIRS Medical” and also referred to as “we”, “us”, and “our”) respects your privacy and is committed to protecting it through our compliance with this policy. This policy provides a framework for ensuring that AIRS Medical meets its obligations under the applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
Please read this policy carefully to understand our policies and practices regarding your data and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website. By accessing or using this website, you agree to this privacy policy. This policy may change from time to time, and your continued use of this website after we make changes is deemed to be acceptance of those changes, therefore please check the policy periodically for updates.
You may click on one of the links below to jump to the listed section:
SCOPE OF PRIVACY POLICY AND DATA CONTROLLER
This policy applies to personal data we collect through your use of this website or through correspondence with us by post, phone, or email. It does not apply to personal data collected by us offline or through any other means, including on any other website operated by AIRS Medical or any third party, including through any application or content that may link to or be accessible from or through the website. This privacy policy applies only to AIRS Medical website and does not extend to the processing of personal data by third parties. We encourage you to read their privacy policies for information on how they handle your personal data.
CONTROLLER
The controller within the meaning of the GDPR and national data protection laws of the Member States of the EU as well as other data protection regulations is AIRS Medical. We have appointed a Chief Privacy Officer (CPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our CPO using information set out in the contact information section.
COLLECTION OF YOUR PERSONAL DATA
Personal data means any information relating to an individual that can be used to identify that person. We collect several types of data from and about users of our website under the legal basis for the collection and temporary storage of data. These purposes constitute our legitimate interest in data processing in accordance with Article 6 Paragraph 1(F) GDPR.
When you are asked to provide personal data, you may decline and you may use web browser or operating system controls to prevent certain types of data collection, but if you choose not to provide or allow data that is necessary for the service, the services or certain aspects of it may not be available or fully functional.
TYPES OF DATA
The personal data we collect depends on how you interact with us, the services you use, and the choices you make.
INFORMATION PROVIDED BY YOU
You may directly give us your personal data when you complete online forms on our website or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you apply for our products or services, subscribe to our publications, request marketing to be sent to you, survey, give us feedback or contact us. The personal data we collect may include the following:
- IDENTITY DATA includes [first name, last name, any previously known names, job title, your company, your country, or similar identifiers]
- CONTACT DATA includes [email address, and telephone numbers]
- MARKETING AND COMMUNICATIONS DATA includes [your preferences in receiving marketing from us]
INFORMATION COLLECTED AUTOMATICALLY
As you navigate through and interact with our website, we may automatically collect Technical Data, Geolocation Data, and Usage Data. This covers details of your visits to our website, including traffic data, location information, logs, and other communication data, as well as the resources that you access and use on the website. We collect this data by using cookies, server log files, and other similar technologies. Please see our Cookie Policy for further details. The data we collect includes:
- TECHNICAL DATA includes [Internet protocol (IP) address, internet connection, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device type and other technology on the devices you use to access this website]
- GEOLOCATION DATA includes [geographical information based on your IP address, time zone, and, if enabled, device permissions that provide location data]
- USAGE DATA includes [information about how you interact with and use our website, cookies and other tracking technologies]
INFORMATION COLLECTED FROM THIRD-PARTY SOURCES
We may receive your personal data from third-party service providers, including social media platforms, if you access our website through an advertisement on their websites or applications. These providers may also provide us with aggregated data and analytics regarding your use of our website.
COOKIES AND SIMILAR TECHNOLOGIES
- BROWSER COOKIES. Cookies are small text files that are stored by the Internet browser on your device. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
- THIRD-PARTY COOKIES. We also use third-party cookies on our website. The legal basis for the use of cookies and the subsequent data processing is your consent in accordance with Article 6(1)(a) GDPR. The following cookie-based tools are used: Elementor, WordPress, WPForms, Google Analytics (and other various services), Wordfence, CloudFlare, Complianz, Hotjar, and miscellaneous cookies. For further details, please see our Cookie Policy.
- WEB BEACONS. Pages of our website may contain small electronic files known as web beacons (also referred to as tracking pixels, such as Meta Pixel or LinkedIn insight Tag) that permit AIRS Medical to count users who have visited those pages for other related website statistics.
USE OF YOUR PERSONAL DATA
We use your personal data for the purposes we have described below in this privacy policy.
MANAGE OUR RELATIONSHIP WITH YOU
We will use your personal data: to provide our products and services to you; to identify you and authenticate your access rights to our website, systems and publications; to respond to your inquiries and provide you with information when you request it or when we believe our products and services may be of interest to you or similar to those that you have already inquired about; to invite you to provide feedback, surveys or attend events; to personalize your experience when interacting with AIRS Medical; and to report the adverse events to you. Our services and practices may evolve over time.
IMPROVE OUR PROCESSES AND BUSINESS OPERATIONS
We will use your personal data to manage our network and information systems security; to keep records related to our relationship with healthcare professionals; to perform data analysis, auditing and research to help us deliver and improve our digital platforms, content and services; to monitor and analyze trends, usage and activities in connection with our products and services to understand which parts of our products and services are of the most interest and to improve them accordingly; and to prepare and perform management reporting and analysis.
AGGREGATE DATA
We also use and share aggregated data, such as statistical or demographic data which does not constitute personal data as it cannot directly or indirectly identify you. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyze general trends in how users are interacting with our website to help improve the website and our service offering. This approach enables us to provide a better and more personalized service. By using this data, we can estimate audience size and usage patterns, store information about your preferences, customize our website according to your interests, speed up searches, and recognize you when you return to our website.
If the data is aggregated or de-identified so that it is no longer reasonably associated with an identified or an identifiable natural person, AIRS Medical may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this privacy policy as “personal data.”
OTHER NECESSARY PURPOSES
These purposes include complying with applicable laws and regulations; responding to requests from competent public authorities; informing you of the changes to our terms, conditions and policies; exercising or defending AIRS Medical against potential, threatened or litigations; investigating and taking action against illegal or harmful behavior by users; and protecting interests of AIRS Medical.
LEGAL BASIS OF PROCESSING YOUR PERSONAL DATA
The GDPR requires us to have a legal basis for collecting and using your personal data. As such, we may rely on the following legal basis.
- CONSENT (Article 6(1)(a)). We may process your personal data if you have given us permission (i.e., consent) to use your personal data for a specific purpose, for example placing cookies on your device to find out how you use our website so we can personalize what you see by tailoring content and notifications to the things you are interested in; certain situations where you share your sensitive data about yourself; before we send you certain electronic marketing communications; and in any other situation where personal data processing relies on your consent, such as contacting us for product free-trial or responding to your inquiries about our products and services. You can withdraw your consent at any time.
- PERFORMANCE OF A CONTRACT (Article 6(1)(b)). We may process your personal data when we believe it is necessary to fulfill our contractual obligations to you, including providing our products and services; identifying and authenticating your access to our website, systems, and publications; responding to your inquiries; and personalizing your experience to meet your needs within the scope of the services we offer.
- LEGITIMATE INTERESTS (Article 6(1)(f)). We may process your personal data when we believe it is reasonably necessary to achieve our legitimate business interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law. Examples of such use include selecting suitable business partners; sending direct marketing materials to you but you will always have the right to opt out of marketing and promotional communications at any time; managing our IT and communications systems and networks; planning and improving our business activities; conducting training and gathering feedback for ensuring quality control; protecting our rights, privacy, safety or property of AIRS Medical; verifying your eligibility to access to certain products and services; analyzing your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities; responding to and handling your queries or requests; providing you with related customer service; digitizing files and incoming mails; and reaching out to you to provide information about our products or request input on surveys to evaluate our products or services for quality assurance.
- LEGAL OBLIGATIONS (Article 6(1)(c)). We may process your personal data where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your personal data as evidence in litigation in which we are involved.
SHARING AND DISCLOSURE OF YOUR PERSONAL DATA
- BUSINESS PARTNERS. We may share or disclose your personal data to business partners, vicarious agents, or authorized distributors with reputation in local markets where our direct reach is limited.
- SERVICE PROVIDERS. We may share or disclose your personal data to authorized third-party service providers only when necessary for the fulfillment of the contract or at your request for the implementation of pre-contractual measures. The categories of the recipients include, but are not limited to, providers of content delivery and web hosting, analytics and marketing services (including social media platforms), and customer management systems. These providers operate on our behalf and follow our instructions under Article 28 GDPR. Data processing agreements are in place with these providers, contractually binding them to keep your personal data confidential and to use it solely for specified purposes.
- SUCCESSORS. We may share or disclose your personal data to entities such as potential acquirers of our business or brand, or a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding. In such cases, personal data held by AIRS Medical may be among the assets transferred, and the new owners may use your personal data in accordance with this privacy policy.
- LEGAL PROCESS AND ENFORCEMENT. We may share or disclose your personal data to local or foreign regulators, courts, governments, law enforcement authorities to comply with any court order, law, or legal process, including government or regulatory requests.
- PROFESSIONAL ADVISORS. We may share or disclose your personal data to professional advisors such as auditors, accountants, lawyers, or insurers, where necessary in the course of the professional services that they render to us.
- WITH CONSENT. We may share or disclose your personal data to other parties with your consent.
- FOR OTHER NECESSARY PURPOSES. If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of AIRS Medical, our customer or others, we may share or disclose your personal data. This includes enforcing our terms of use and exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Finally, we may disclose aggregated data or information that does not identify any individual without restriction.
INTERNATIONAL DATA TRANSFER TO THIRD COUNTRIES
When using our website, your personal data may be transferred outside the European Economic Area (EEA). Such processing will only take place to fulfill contractual and business obligations and to maintain your business relationship with us.
Our business operation is global and most of our services are international. We may need to transfer and use your personal data outside of the country where we collect it from you. Whenever we transfer your personal data out of the EU which have laws that do not provide the same level of data protection as the EU, we implement appropriate measures to protect your personal data when we transfer your personal data outside of your home country such as data transfer agreements that incorporate standard data protection clauses.
If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection (Adequacy Decision), or if an adequate level of data protection has been agreed with the data recipient (e.g., by means of EU standard contractual clauses or binding corporate rules). The full list of these countries is available here. If we transfer your personal data to a country not on this list, we do so based on standard contract clauses adopted by the European Commission. These enable us to make international transfers of personal data within AIRS Medical networks and meet the data protection laws of the European Union and the GDPR.
DATA RETENTION
How long we are legally required to keep your personal data depends on the specific legal requirements of the jurisdiction you are in when you share your information with us. To comply with the Principle 5 of the GDPR Data Protection, we do not keep personal data for longer than is necessary for the purpose we obtained for.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process personal data, and whether we can achieve those purposes through other means. By law and by default, we will retain your personal data only as long as necessary to fulfill the purpose for which it was collected.
Interactions with AIRS Medical website
How long we keep it
Marketing Communications including Newsletter
Your email address will be stored until you choose to unsubscribe from marketing communications.
Download the White Papers or Research Publications
Deleted as soon as it is no longer required for the purpose
for which it was collected.
Request Free Trial
Deleted as soon as it is no longer required for the purpose
for which it was collected.
Contact Us (Online)
Deleted as soon as it is no longer required to achieve the
purpose for which it was collected; this is the case when it
can be inferred from the circumstances that the matter in
question has been conclusively clarified.
Contact Us (by Email, Phone, or Post)
Deleted as soon as it is no longer required to achieve the
purpose for which it was collected; this is the case when it
can be inferred from the circumstances that the matter in
question has been conclusively clarified.
We retain cookie data in accordance with retention periods stated in the Cookie Policy.
You have the right to request deletion of your personal data at any time, subject to certain exceptions (see Your Legal Rights below).
DATA SECURITY AND SAFETY
The transmission of information via the Internet is not completely secure. However, we take the following steps to ensure the tightest security and apply suitable technical measures to protect your personal data.
- All information you provide to us is stored on encrypted storage and secure servers with up-to-date security standards.
- All communications related to the provision of services are protected using encryption technology that complies with TLS 1.2 or higher.
- Access to personal data is strictly limited to authorized personnel who have undergone regular GDPR-related training.
- Our premises, which house PCs, hard drives, and USBs used to access your personal data, are protected by a 24-hour security monitoring system and enhanced physical security measures.
- We use strong passwords generated in accordance with our internal policies and enforce two-factor authentication (2FA), which requires two pieces of information to access personal data. In addition, we ensure that passwords are updated regularly and that the same password is not used across different applications to further enhance security.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. In addition, we limit access to your personal data to employees, agents, and contractors who have a business need to know. We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal data. Under the Data Processing Agreement (DPA), they will only process your personal data on our instructions and are bound by a duty of confidentiality. We have also implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
YOUR LEGAL RIGHTS
You have a number of rights under Article 15(1) GDPR in relation to your personal data, and the right to request is available free of charge. The rights available to you depend on our reason for processing your personal data and the local law in your jurisdiction, and there are exceptions to some rights. Depending on this you may have the following:
- Right to Be Informed. Be informed about the collection and use of your personal data
- Right of Access. Have access to personal data about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to Erasure (Right to Be Forgotten). Have data about you deleted (Article 17 GDPR). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to Rectification. Have information about you corrected (Article 16 GDPR). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Right to Object or Restrict Processing. Object (Article 21 GDPR) or restrict the processing of data (Article 18 GDPR) about you where we are relying on a legitimate interest as the legal basis for that particular use of your data. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject’s interest in objecting. If the data processing is based on consent in accordance with Article 6 Paragraph 1 Lit or Article 9 Paragraph 2 Lit. GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.
- Right to Data Portability. Data portability to allow you to obtain and reuse your personal data for your own purposes, across different services (Article 20 GDPR). This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
You can withdraw your consent at any time where we are relying on consent to process your personal data. We will erase any personal data we have about you when you withdraw your consent to us having that data, where having the data is no longer necessary and where we can find no legitimate interest for processing the data any longer. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
RESERVED RIGHTS UNDER THE GDPR – EXCEPTIONS TO THE RIGHT TO ERASURE
We have the rights granted to us and we will only refuse to erase your data if
- We need your personal data in order to comply with legal obligations of the Member States
- We require your personal data for the establishment, exercise or defense of legal claims
- Your personal data is necessary for us to perform a public interest task or exercise official authority
- We need your personal data for public health reasons
- We require your personal data for archival, research or statistical purposes
- Your personal data is necessary for us to exercise our right to freedom of expression or information
DATA SUBJECTS ACCESS REQUESTS
Once we have verified your identity, we respond to and resolve all Subject Access Requests we receive from you regarding your personal data within the 30-day time limit of you making the request as outlined under the GDPR. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will send you the information you need to resolve your Subject Access Request in the format that you made the request in. For example, if you emailed us to make your Subject Access Request we will email the required information to you. We always justify why we cannot comply with your Subject Access Request. For example, if you are inquiring about personal data we had about you but have since deleted due to our 12-month data retention period, we will inform you of this.
If you want to exercise the Subjects Access Request rights, please visit here to submit an online request form. You will not have to pay a fee to access your personal data or to exercise any of the other rights.
EXCESSIVE OR UNFOUNDED REQUESTS
We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. If Subject Access Requests made by you are deemed to be excessive or unfounded we reserve the right granted to us under the GDPR to:
- Refuse to provide you with the information, always justifying in writing the reasons behind our refusal
- Charge a reasonable administration fee and again, always justifying in writing the reason for any fees
- If your Subject Access Request is particularly complex, for example, we have to go through a large sum of data to access the information necessary to resolve your Subject Access Request, we will write to you within the first 30 days of you making the Subject Access Request and inform you why it will take us longer to comply with your request. Under the GDPR, if we follow these steps, we will have a further 2 months to comply with your subject Access Request.
DATA BREACHES
In the unfortunate and rare event of a data breach that poses a risk to you, we will inform you without delay and, where feasible, within 72 hours of the breach to comply with the GDPR. This will give you an opportunity to try and take steps to protect your positions, for example, enable you to change passwords and inform your banks that you may be at risk of identity fraud.
We are exempt from informing you of any data breaches if appropriate technical and organizational procedural measures were applied after a data breach or subsequent measures were taken to ensure that the high risk no longer exists. The effort to make such a notification would be disproportionate to the risk posed by the breach. This applies when the number of people affected by the data breach is so vast that notifying people on an individual basis within the required 72-hour period is not feasible.
ADDITIONAL INFORMATION AND JURISDICTION-SPECIFIC NOTICES
CHILDREN’S PERSONAL DATA
The website of AIRS Medical is not directed toward, nor intended for use by, children under the age of 16. In certain jurisdictions, the minimum age for consent to data processing may vary, and we do not knowingly collect or process personal data from individuals under the applicable minimum age requirement, which may be as low as 13 years of age.
If you are under 16, please do not use this website, register, or participate in any of the interactive features of this website, or provide any personal data to us, including your name, postal address, telephone number, or email address.
If you believe we might have any personal data from or about a child under 16, please contact us using the contact information below. If we learn we have collected or received personal data from a child under 16 without verified parental consent, we will delete that data.
AMENDMENTS TO OUR PRIVACY POLICY
We keep our privacy policy under regular review to make sure it is up to date and accurate. The date of the last update can be found at the beginning of this privacy policy. We recommend that you visit this page regularly to check for any updates that may have been made.
CONTACT INFORMATION
- Attn: Chief Privacy Officer
- Email Address: [email protected]
- Postal Address: AIRS Medical Inc., 13-14 Floor, Keungil Tower, 223, Teheran-ro,, Gangnam-gu, Seoul, 06142, Republic of Korea
COMPLAINTS TO SUPERVISORY AUTHORITIES
If you are unhappy about how we have handled your personal data you can make a complaint to our CPO who will investigate the matter and report back to you. We would appreciate the chance to deal with your concerns before approaching the competent authorities so please contact us in the first instance.
If you are still not satisfied after our response or believe we are not using your personal data in line with the law, you have the right to make complaints to the supervisory authorities or file an action directly in court against a company.
[UK] You can complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).
[EU] You can complain to a Data Protection Authority (DPA) against a company. DPAs are the national or regional public authorities who supervise the application of data protection laws and have the power to issue fines or other penalties against companies.
Change Log
Date
Version
Description of Change(s)
Reason for Change(s)
Change(s) Made by
November 13, 2024
1.0
Initial Release
Enactment
Gyuyeon Jeong
Date
November 13, 2024
Version
1.0
Description of Change(s)
Initial Release
Reason for Change(s)
Enactment
Change(s) Made by
Gyuyeon Jeong
