Effective as of: November 3, 2023
Need approaches its collection, use, and sharing of your Personal Information with tremendous respect and care.
You should be aware that Need Korea LLC is the data controller of the Personal Information collected by and provided to us.
We commit to treating your Personal Information lawfully and fairly; to not processing it in an inappropriate manner or beyond the purposes for which we collected it; to work with you in ensuring the accuracy of your Personal Information; to secure your data to avoid the risk of infringing upon your rights; to inform you of our privacy practices and of your rights with respect to your Personal Information held by us; to use processes such as anonymization and pseudonymization wherever reasonably practicable in order to further protect your privacy; to comply with all applicable privacy laws; and to destroy your Personal Information when it is no longer necessary for the purposes for which it was collected.
Healthcare Providers – Institutions and providers that are or have been involved with providing you with healthcare but are unaffiliated with us. Such Healthcare Providers may include but are not limited to hospitals, clinics, physicians, nurse practitioners, registered nurses, pharmacies, oncologists, pathologists, and radiologists.
Contractors – Individuals or institutions that act as service providers to Need in providing the Need Services. Such Contractors do not have a direct relationship to you.
Personal Health Information - Any Personal Information related to your health or healthcare, including information that relates to your physical or mental health and healthcare including health history, the provision of healthcare to you, screening assessments, payments or eligibility for healthcare, healthcare provider, substitute decision-maker, national health card number or other healthcare-related personal identification numbers, including resident registration numbers (subject to any applicable legal restrictions), or any other information that is collected in the course of your receiving health services from Healthcare Providers. Such information may include any of the following:
Personal Information - Any information about an identifiable individual, including any “personal information” as regulated under the Personal Information Protection Act and any other applicable data privacy laws. Personal Information includes the Policyholder App account profile and Personal Health Information.
Policyholder App - The “Need” app provided by us to individuals who have purchased a cancer insurance policy that includes the Services.
Services – All together, the information technology tools we provide to you, including the Policyholder App and the Need website, and all the tools and services offered within the Policyholder Apps or website, including, but not limited to, assessments, recommendations, appointment-scheduling, and customer support. The Services include three primary modules offered to you when you register for an account with us:
(a) “Healthy” facilitates the availability to you of the most up-to-date, guideline-based cancer screening recommendations for cancer to be detected as early as possible. Through the Policyholder App, will have access to general recommendations regarding screening based on domestic and international guidelines as well as access to a customer support team if you have any questions. In addition, in the event you suspect you may have cancer or receive a cancer diagnosis, you will have access to Need customer support to assist in collecting Personal Health Information and alerting your Healthcare Providers about how to use the resources available to them, e.g., a technology platform and Contractors.
(b) “Treatment” facilitates the availability of the most up-to-date, domestic and international guidelines for cancer treatment to your Healthcare Providers, through the following activities, systems, and feature sets: case activation; onboarding to our information technology platform for your Healthcare Providers; data collection and digitization; validation of data via our Contractors; and access to Need customer support for care navigation. Note: our Services are limited to technology-based tools. We do not provide healthcare to you.
(c) “Survivor” facilitates the availability to you of the most up-to-date, guidelines-based follow-up support and screening, aimed at enabling your Healthcare Providers to optimize treatment-related symptoms, as well as facilitating your Healthcare Providers’ detection of cancer recurrence or new cancers. This module incorporates resources to help your Healthcare Providers to prepare, organize and administer personalized guidelines-based survivorship plans, symptoms monitoring and reporting, as well as support from Need customer support.
We collect Personal Information to establish and maintain a relationship with you, to provide you our Services, to develop and enhance our products and services, and to maintain and improve the security and functionality of the Need website and Policyholder App. We may also use your Personal Information, where permitted by law, to facilitate your Healthcare Providers’ care of you and our Contractors’ services to us and to your Healthcare Providers; for alerting you and third parties of opportunities for your health; and for communicating to you opportunities to participate in clinical trials. To the extent permissible under applicable laws, we may also use any of your Personal Information necessary to enforce our agreements, terms and policies, to comply with legal obligations, and for safety or security purposes.
We receive your Personal Information from three main sources: You, when you provide it to us directly in the Policyholder App or via other means; Your Use of the App, when you use the Policyholder App, we collect information about how you use the Policyholder App, information about the device you use to access the Policyholder App, and information from third-party apps you may connect to your account; and Third Parties, those entities or individuals who are involved in your healthcare who provide us, with your consent, your Personal Information (by the means and to the extent permissible under law) to assist in your use of the Need Services.
We do not accept registrations for the Service by, and will not knowingly collect Personal Information of, individuals under the age of 14.
We collect and use the following categories of Personal Information from you directly and for the purposes specified:
Name and Contact Information. We may collect information when you create an account or use our Services, such as first and last name, birthdate, gender, email address, postal address, phone number, and other similar contact data. We collect this category of information to establish and maintain a relationship with you and to provide you with access to the Services you request. We may use your contact information to send you electronic messages related to the Services, e.g., notify you that you are eligible for the Treatment or Survivor module. If you have consented to receive marketing messages, we may send you marketing messages related to products or services we think you may be interested in. You may withdraw your consent to receive marketing messages at any time. Such withdrawal of consent will not impact your receipt of purely service-related electronic messages.
Credentials. We may collect passwords, password hints, and similar security information used for authentication and account access if you create an online account. We collect this information for security, authentication, and verification purposes..
Your Communications with Us. We may collect Personal Information, such as email address, phone number, or mailing address, along with the content of your communications, including, in some instances, Personal Health Information, when you request information about our Services, request customer or technical support, or otherwise communicate with us.
We collect the following categories of Personal Information when you use the Policyholder App or our website and for the purposes specified:
Automatic Data Collection. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, unique identifiers, browser or device information (see below), location information (data processed within your smartphone, or approximate location derived from IP address), and Internet service provider. Your UserID, which is a number assigned to your account for internal purposes, may also be collected automatically when you use the Services. This information is used to maintain and improve the security, performance and functionality of the Need website and Policyholder App. Some automatically collected Personal Information may be combined with other information to help improve the Services we offer.
Data From Connected Applications. We may collect Personal Information from third-party applications if you have connected your Need account with those applications for the purpose of providing you the service or tool you have requested. For example, if you choose to connect your Apple Health app to your account in the Policyholder App, we will collect the data from that application and use it to provide you the Services you request, including analyzing the Personal Information to better provide you the Services. Such data may include “behavioral data”, such as information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use that application.
Usage Information. We may also collect information regarding your use of our Services, such as information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services. This information is collected for the purposes of developing and enhancing our products and services, including to understand what Services you may be interested in, as well as for administrative purposes. We may also use this information for research purposes. We may aggregate and de-identify the data if we share it with third parties. We also use this information for security purposes and to improve the functionality of the Need Policyholder App and website.
Device Information. Certain limited technical data is required for the Policyholder App to function on your device. The information we collect includes information about your device and operating system, such as the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the Policyholder App accesses our servers. This information is used for the purposes of delivering content appropriate for your device’s capabilities, for delivering push notifications and helping to ensure a secure experience and to detect anomalous behavior in order to protect Personal Information from unauthorized access. In addition, in the event the Policyholder App crashes on your mobile device, we may receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of the Policyholder App.
We collect the following categories of Personal Information from third parties for the purposes specified:
Personal Health Information. In accordance with required procedures under applicable law, we collect your Personal Health Information from third parties such as Healthcare Providers that may be or have been involved in your healthcare. We collect this information to provide you with the Services. We may also collect information that constitutes Personal Health Information from your health insurance provider to help us with the provision of Services to you.
Insurance-Related Information. We collect information related to your health insurance policy from your health insurance provider. This information may include information considered to be Personal Health Information, as well as contact information, policy information, credit information, claims submitted, risk assessments, and other Personal Information insurance providers have used in their decision to provide you a policy or provide coverage under your policy.
We may also use your Personal Information in the following other ways:
Consent. We may use your Personal Information for other purposes with your additional consent.
Contract. We may use your Personal Information where this is unavoidably necessary, for the purpose of entering into and performing a contract that we have with you.
Deidentified. We may deidentify your Personal Information and use it for the purposes of improving and developing our Services, to enter into partnerships, to conduct data analysis, to develop new products and services in the future, and other such uses as permitted by law.
There are various ways to configure and manage cookies. You can deactivate Need or third-party cookies using your browser settings.
We may share Personal Information with Healthcare Providers, Contractors, and others who assist in the provision of Services to you or to us.
We may share your Personal Information with our service providers, including Contractors, who are contracted by us to perform services or functions on our behalf where they require the information to assist us in providing the Services. In all instances in which we share your Personal Information with third parties providing the Services, we use contractual controls to protect this information and limit its use to what is necessary for the service provider to perform the service. Further details are set out in the Entrustment section below.
We may share your Personal Information with third parties as permitted and in the manner required by law. Further details are set out in the Third-Party Provision section below.
Whenever we share information outside of Korea, we ensure that the transfer complies with applicable laws so that your Personal Information is adequately protected.
We and our entrustee Need Inc. may entrust Personal Information to service providers specified above, for the following purposes:
Contractors. To provide our Services, we may disclose your Personal Information to Contractors, who are involved in providing the Services.
Your Personal Health Information will be accessible to Contractors who provide or assist in the provision of the Services.
Service Providers. We may share Personal Information with our suppliers, agents or other organizations or individuals who are contracted to perform services or functions on our behalf, where they require the information to assist us in serving you. For example, we may use service providers for internal administrative purposes, e.g., a customer service platform, to host our website and to store and dispose of information on our behalf. In addition, we may use service providers for our internal processes (such as internal communications platforms and customer support platforms). We strive to minimize the amount of Personal Information that we share with our service providers and partners and ensure that appropriate contractual clauses restrict what they are able to access or do with the Personal Information.
Third-party data provision
In order for your Healthcare Providers who are providing medical services to you to obtain information on optimum clinical or treatment methods, or obtain reference material from Contractors, we may provide Personal Health Information, or allow access thereto, to them in accordance with the Terms of Service for the Services and applicable laws.
Insurance Companies. We may share limited Personal Information, e.g., your policy number and your cancer diagnosis information, as well as information related to your use of the Treatment and/or Survivor module, with the insurance company through which you purchased a Need-integrated cancer insurance policy in the event you tell us you have received a cancer diagnosis. Disclosure of this personal information is subject to a privacy and security agreement that ensures the insurance company will use your data only for the purposes of administering your Need-integrated policy and will be subject to security required under the law.
Disclosures required or permitted by law or regulation. We may disclose Personal Information to the extent necessary where we are required or permitted under applicable law, such as in the event of an emergency that threatens the life, health or security of an individual. We or our service providers will also share Personal Information with law enforcement, courts, other government agencies or other parties if we are required to do so to meet our legal and regulatory requirements in the jurisdictions in which we or our service providers operate; for example, we are required to provide records to law enforcement in response to a valid court order.
Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Information may be transferred to a successor or affiliate as part of that transaction along with other assets, subject to all requirements under applicable laws.
Personal Information may be retained for a period of time mandated by law, including as specified below:
Act on Consumer Protection in Electronic Commerce
Protection of Communications Secrets Act
When we destroy your Personal Information, we will take commercially reasonable and technically feasible measures to ensure it is permanently deleted.
We delete Personal Information stored in the form of electronic files by using technical methods that render it impossible to restore the data. Personal information printed on paper is shredded or incinerated. Other types of Personal Information, if any, are permanently destroyed, in accordance with any applicable requirements under law.
We understand that data security is a critical issue and we are committed to safeguarding the Personal Information in our custody or control. We have implemented a comprehensive information security program in accordance with applicable law that includes written policies and procedures, and security controls, as well as reasonable administrative, technical and physical safeguards, in an effort to protect against unauthorized access, use, loss, modification, and disclosure of Personal Information in our custody or control as follows:
Please keep in mind that no internet or email transmission is ever fully secure or error free and no security system is impenetrable. We cannot fully guarantee the confidentiality of any information that you provide to us but we can assure you that we will use reasonable and appropriate security controls, reflective of the sensitive nature of Personal Health Information.
Access: You have the right of access to your Personal Information. For any Personal Information that is not available to you directly in your account, you may request access by contacting us at the address below.
Correction: You have the right to correct incorrect Personal Information. For any Personal Information that you cannot directly correct in your account, you may request correction by contacting us at the address below.
Deletion: You may request deletion of your Personal Information. For any Personal Information that you cannot directly delete in your account, you may request deletion by contacting us at the address below.
Suspension of Processing: You have the right to request that we stop processing your Personal Information. To make such a request, you may contact us at the address below.
We rely on you to ensure that the Personal Information in your account is accurate, complete and up-to-date.
Please be aware that we will take reasonable steps, as permissible under law, to verify your or your legal representative’s identity before providing you with access to your Personal Information or making corrections or deletions to it. In addition, your right to access, correct, or delete your Personal Information is subject to certain legal restrictions.
You and your legal representative/guardian may make requests by contacting us at the address listed in the next section.
Please contact us at the address below if:
Need has designated a chief privacy officer, to oversee processing of Personal Information and for purposes of addressing requests and issues regarding such processing. Need’s chief privacy officer is the following: