This English translation is provided for convenience only. If there is any discrepancy between this translation and the Korean original, the Korean version shall prevail.
Sierra Care Advisor (the “Company”) lawfully processes personal information in accordance with the Personal Information Protection Act of Korea and related laws to protect the freedoms and rights of data subjects, and is committed to protecting the rights and interests of users. Please note that the Company’s service is not a medical service; care experts and AI provide reference recommendations based on the data you enter. This Policy covers the following matters.
Article 1 (Purposes of Processing Personal Information)
The Company processes collected personal information for the following purposes and does not use it for any purpose other than those stated.
- Receiving care consultation requests, verifying identity, and responding
- Matching (recommending and connecting) and guiding care services suited to the user’s situation
- Generating and providing recommendation information based on entered data, powered by care experts and AI
- Receiving Care Mate registration applications, verifying qualifications and documents, and managing credentials
- Analyzing service usage statistics and improving service quality
- Fulfilling obligations under applicable laws
Article 2 (Items of Personal Information Collected)
The Company collects the following information for consultation requests and use of the service.
- Required items · Name, mobile phone number, email address
- Optional items · Region of residence, applicant type (family caregiver, care professional, or the patient themselves), relationship to the patient, patient condition, care experience, preferred consultation times, consultation notes
- Care Mate registration items · Gender, date of birth, available work regions, nationality and languages, qualifications and experience, working conditions and desired compensation, self-introduction, etc.
- Sensitive information (with separate consent) · Health-related documents (health checkups, tuberculosis tests, vaccinations, etc.), identity verification documents (ID cards, etc.), and background-check information (criminal history, etc.) — see Article 3
- Automatically collected items · Service usage records, access logs, cookies, IP address, browser type and OS information, device and push tokens
Article 3 (Processing of Sensitive Information)
- The Company may process sensitive information under the Personal Information Protection Act of Korea — such as health information, identity verification information, and background-check (criminal history, etc.) information — for Care Mate credential verification and user safety. In such cases, the Company obtains separate, explicit consent, distinct from consent for general personal information.
- Sensitive information is stored in encrypted form, access is restricted to authorized personnel only, and records of viewing and downloading are kept.
- Background-check procedures, such as checks for sexual offenses or child abuse history, are conducted only through lawful procedures prescribed by applicable laws and within the scope of consent, and you have the right to refuse consent. However, if you do not consent to certain items, your use of the service — such as credential verification and matching — may be restricted.
Article 4 (Notice on AI and Other Automated Processing)
- The Company uses the data entered by users for review by care experts and for AI (artificial intelligence) analysis to generate and provide reference recommendation information about care.
- Such processing is for the purpose of providing reference material, and matters that materially affect users’ rights and obligations are not decided in a solely automated manner. The adoption of recommendation information and any resulting decisions are subject to the user’s own judgment and responsibility.
- Users may request an explanation of, or object to, automated processing; if they object, the provision of related recommendation services may be restricted.
Article 5 (Processing and Retention Period of Personal Information)
The Company processes and retains personal information within the retention and use period prescribed by law or the retention and use period consented to at the time of collection from the data subject.
- Consultation records and matching history: 1 year from the end of the consultation
- Care Mate registration and verification documents: retained for credential management; upon rejection or withdrawal, destroyed after the retention period permitted by applicable laws has elapsed
- Consent history: the period necessary to evidence consent
- Where retention is required by applicable laws (such as the E-Commerce Act and the Protection of Communications Secrets Act of Korea): the period prescribed by the relevant law
Personal information whose retention period has elapsed is destroyed without delay by secure means (electronic files are permanently deleted so they cannot be recovered or restored; printed materials are shredded or incinerated).
Article 6 (Provision of Personal Information to Third Parties)
The Company processes the personal information of data subjects only within the scope specified in this Policy, and does not provide it to third parties except with the prior consent of the data subject or where specifically required by applicable laws. During the matching process, information necessary to connect the parties is provided to the other party only within the scope of the data subject’s consent.
Article 7 (Outsourcing of Personal Information Processing)
The Company may outsource certain tasks (such as cloud infrastructure operation and email/notification delivery) to specialized external providers for smooth service delivery. In such cases, the Company specifies the matters required by applicable laws in outsourcing agreements and supervises the contractors to ensure they process personal information securely. If the details of outsourced tasks or the contractors change, the Company will disclose this through this Policy without delay.
Article 8 (Cross-Border Transfer of Personal Information)
- The Company is headquartered in the United States, and some processing — such as cloud infrastructure and email delivery — may take place overseas (including in the United States) or be handled by overseas contractors.
- Where a cross-border transfer occurs, the Company will notify in advance the items being transferred, the recipient, the destination country, the date and method of transfer, the purpose of use, and the retention period, obtain the consent required by applicable laws, and take measures necessary to ensure security. Specific details of cross-border transfers will be provided through this Policy or a separate notice.
Article 9 (Rights and Obligations of Data Subjects and Legal Representatives)
Data subjects may exercise the following rights against the Company at any time.
- Request access to their personal information
- Request correction of errors in their personal information
- Request deletion of their personal information
- Request suspension of processing of their personal information
These rights may be exercised through the customer service channel to be announced by the Company, and the Company will not refuse a data subject’s request without a legitimate reason.
Where the care recipient (patient) is a minor or a person with limited legal capacity, their guardian (legal representative) provides consent and exercises the above rights on behalf of the data subject, and manages the account and its use.
Article 10 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to process personal information securely.
- Administrative measures · Establishing and implementing an internal personal-information management plan, regular employee training
- Technical measures · Managing access rights to personal-information processing systems, retaining access logs, encrypted storage of sensitive information and contact details, encrypted communications, installing and operating security software
- Physical measures · Access control for server rooms, data storage rooms, and similar facilities
Article 11 (Installation, Operation, and Refusal of Automatic Collection Devices)
The Company may use cookies, which store and retrieve usage information, to provide individually customized services to users. Users may refuse the storage of cookies through their web browser settings; if they do, they may experience difficulties using some services.
Article 12 (Personal Information Protection Officer)
The Company has designated a personal information protection officer who takes overall responsibility for personal-information processing and handles data subjects’ complaints and remedies related to such processing. Specific contact information will be provided through the customer service menu to be introduced.
Article 13 (Remedies for Infringement of Rights)
Data subjects may report to or consult the following organizations in Korea to seek remedies for infringement of their personal information.
- Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
- KISA Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Supreme Prosecutors’ Office Cyber Investigation Division (spo.go.kr / 1301)
- National Police Agency Cyber Investigation Bureau (ecrm.cyber.go.kr / 182 without area code)
Article 14 (Changes to This Privacy Policy)
This Policy applies from its effective date. If there are additions, deletions, or corrections to its contents under laws or policies, the changes will be announced through a notice at least 7 days before they take effect.