top of page

CRYSTAR VISION Registration Policy


Chapter 1 General Provisions

Article 1 (Purpose)

This charter aims to regulate the rights, duties, responsibilities, and other necessary matters between the company and its members regarding the use of the AI-based fundus image interpretation solution and related services (hereinafter referred to as 'Service') provided by CRYSTAR VISION (hereinafter 'Company').

Article 2 (Definitions of Terms)

"Member" refers to a person who agrees to this charter and enters into a service agreement with the Company.

"Medical Institution Member" refers to the owner or medical professional of a medical institution who uses the Company's services (e.g., hospital, clinic, doctor, nurse, etc.).

"Corporate Member" refers to a business entity, such as a medical device manufacturer, pharmaceutical company, etc., that uses the Company's services.

"General Member" refers to a member who does not fall under the previous two categories and uses areas of the service available for general users (if applicable, further details may be added).


Chapter 2 Membership Registration

Article 3 (Membership Registration)

Membership registration is completed when a person wishing to use the service agrees to this charter and fills out the online registration form prescribed by the Company.

For medical institution members, the medical institution registration certificate or medical license must be submitted in the manner specified by the Company.

For corporate members, the business registration certificate and related permits must be submitted in the manner specified by the Company.

The Company may request additional documents for verification, and the member may be required to provide additional materials.

Article 4 (Change of Member Information)

Members must notify the Company of any changes to the information provided at the time of registration within 7 days from the date of change (or within a period designated by the Company), or directly modify the information through the member information modification page.

The Company will not be responsible for any disadvantages caused by delays in updating member information, and such responsibility lies with the member.


Chapter 3 Service Use

Article 5 (Contents and Use of Services)

The Company provides the following services to members:

AI-based fundus image interpretation solution

Medical data analysis service

Platform usage services (medical image/data sharing, other integration functions, etc.)

All AI analysis results provided by the Company are for reference purposes to assist medical judgment, and the final medical judgment and responsibility lie with a qualified medical professional such as a medical institution member. The Company is not liable for medical judgment results arising during the use of the service.

The service is available 24/7 throughout the year, but may be limited during regular maintenance or for technical reasons, and the Company will make efforts to notify users in advance.

Article 6 (Service Fees)

Service fees follow the pricing system prescribed by the Company, and detailed pricing is communicated to members through the website, email, or other methods, depending on service type, usage, and member type.

Members must pay the service fee according to the payment method specified by the Company. Failure to pay on time may result in a restriction of service usage.

Refunds and cancellations related to service fees follow the Company's refund policy, which will be communicated separately.


Chapter 4 Privacy and Medical Information Protection

Article 7 (Personal Data Protection)

The Company will make efforts to protect members' personal information in accordance with relevant laws (Personal Information Protection Act, Information and Communications Network Act, etc.).

The handling and protection of personal information are subject to the Company's 'Privacy Policy,' and members are deemed to have agreed to this upon registration.

Article 8 (Medical Information Security)

The Company and members must comply with the relevant laws, including the Medical Act, the Personal Information Protection Act, and medical information protection guidelines, to process and protect medical information.

Medical institution members must not provide or leak medical information to third parties. In the event of a leak, it must be immediately reported to the Company.

The Company will not use medical information provided by members for purposes other than the service and will not provide it to third parties without the member's consent.


Chapter 5 Termination of Contract and Restrictions on Use

Article 9 (Contract Termination and Restrictions on Use)

Members may terminate the service contract at any time through the withdrawal procedure. Upon withdrawal, their information will be handled in accordance with relevant laws and the privacy policy.

The Company may restrict service usage if any of the following situations occur, after prior notice. In urgent cases, actions may be taken without prior notice, followed by post-notification:

Use of another person's information or identity

Intentional interference with service operation or serious disruption to normal operation

Violation of medical information security guidelines, leading to a serious breach of patient data

Violation of this charter and relevant laws

If a member's service use is restricted, they may submit an appeal according to the procedures specified by the Company. If the appeal is deemed valid, service use will be resumed immediately.


Chapter 6 Miscellaneous

Article 10 (Amendment of the Charter)

The Company may amend this charter if necessary, as long as it does not violate relevant laws.

If the charter is amended, the Company will notify members of the effective date and reasons for the change at least 7 days in advance (for major changes, 30 days).

If a member does not explicitly refuse the amended charter by the day before the effective date, they are deemed to have agreed to the amended charter.

Article 11 (Dispute Resolution and Jurisdiction)

The Company and members will cooperate in good faith to resolve any disputes related to service usage.

If no agreement is reached, the case will be brought before the competent court in accordance with South Korean law, and the court having jurisdiction over the Company's main office will be the exclusive jurisdiction.




CRYSTAR VISION Privacy Policy

CRYSTAR VISION (hereinafter 'Company') complies with relevant laws such as the Personal Information Protection Act, the Information and Communications Network Act, and the Medical Act, and is committed to protecting the personal information of its members (users). This Privacy Policy outlines the processing of personal information while using the AI-based fundus image interpretation solution and related services (hereinafter 'Service').

Article 1 (Purpose of Processing Personal Information)

The Company collects and uses a minimum amount of personal information for the following purposes:

Member Management and Authentication

Confirming membership intention, verifying identity, managing membership status, preventing fraud

Examining membership qualifications and verifying documents for medical institution, corporate, and general members

Providing and Operating Services

Providing AI fundus image interpretation solution, medical data analysis and platform operation

Providing results of fundus image interpretation requested by medical institution members

Collecting service fees based on usage, processing payments

Customer Inquiries and Complaints Handling

Handling customer complaints, delivering notices, and service information

Marketing and Promotion (with optional consent)

Providing information about new and personalized services, events, and advertisements

Security and Incident Prevention

Preventing fraud and illegal activities, monitoring account theft and hacking, providing a secure service environment


Article 2 (Personal Information Items Processed)

1. During Member Registration and Service Use

Mandatory: Name, ID (email), password, phone number, position/affiliation (for medical institution and corporate members), certificate/license copies (based on membership type)

Optional: Job title, region, other information for personalized service (if entered)

2. For Medical Institution Members

Medical institution information: institution name, address, phone number, medical institution registration certificate, medical license, etc.

Providing fundus image interpretation requested by medical institution members

3. Automatically Collected Information

Information automatically generated and collected during service use:

IP address, access logs, cookies, device information (browser type, OS, etc.), visit date, usage records, user activity records


Article 3 (Personal Information Retention Period)

The Company retains and uses personal information until the purpose of collection and use is achieved. However, if there are legal requirements for retention, the Company may retain it for the required period.

Retention Under the Consumer Protection Act

Contract or withdrawal records: 5 years

Payment and supply records: 5 years

Consumer complaint or dispute records: 3 years

Retention Under the Medical Act

After achieving the purpose, personal information will be destroyed immediately, except when retention is required by internal policies or other laws.


Article 4 (Provision of Personal Information to Third Parties)

The Company does not provide members' personal information to external parties in principle. However, exceptions apply if the member gives prior consent or if there are special provisions in the law.

In cases where AI interpretation is conducted at the request of a medical institution member, patient information may be received by the Company for interpretation purposes, and it will be strictly managed in accordance with relevant laws (Medical Act, Personal Information Protection Act, etc.).

If data needs to be provided to a third party, the recipient, purpose, items, and retention period will be specified, and the member's consent will be obtained.


Article 5 (Outsourcing of Personal Information Processing)

The Company may outsource certain tasks to external professional firms to improve services and enhance operational efficiency.

When outsourcing, the Company notifies members of the recipient (contractor), the details of the outsourced tasks, and ensures that necessary measures are taken through contracts to manage personal information securely.


Article 6 (Procedures and Methods for Destroying Personal Information)

Destruction Procedures:

Personal information is destroyed upon achieving its purpose (e.g., membership withdrawal, contract termination) or at the end of the retention period.

Destruction Methods:

Electronic files: Deleted using technical methods that make recovery or reproduction impossible.


Article 7 (Rights, Obligations, and Methods of Exercising Rights of Data Subjects)

Members can exercise their rights to access, correct, delete, or suspend the processing of their personal information at any time.

These rights can be exercised through the member information modification menu or by contacting customer service, and the Company will promptly take the necessary actions.

Requests for deletion may be restricted if the retention of certain information is mandated by law.


Article 8 (Measures to Ensure the Security of Personal Information)

The Company implements the following technical and administrative measures to protect personal information:

Access Control Management:

Systematic management of granting, changing, and revoking access rights to systems processing personal information, and preventing unauthorized external access.

Personal Information Encryption:

Key personal information (passwords, medical data, etc.) is stored and transmitted in an encrypted format.

Hacking Prevention and Security Checks:

Installation of firewalls, intrusion prevention/detection systems, security programs, and regular vulnerability inspections.

Access Log Management:

Logs of system access by personnel handling personal information are retained and managed for at least six months.

Document Security:

Physical documents and storage media are kept in secure locations with locking mechanisms.

Employee Education on Personal Information Handling:

Internal training on personal information protection and regular security inspections.


Article 9 (Installation, Operation, and Rejection of Automated Data Collection Devices)
The Company may use cookies to enhance service convenience.

Details on the purpose of cookies, the information collected, retention periods, and methods of rejection can be found in the cookie policy.

Members can refuse cookie storage through browser settings, but refusal may lead to inconvenience in using the service.


Article 10 (Personal Information Protection Officer and Department in Charge)

The Company designates a personal information protection officer and a department in charge to oversee personal information processing, handle user complaints, and provide remedies for damages related to personal information processing.

Details on the purpose of cookies, the information collected, retention periods, and methods of rejection can be found in the cookie policy.

Members can refuse cookie storage through browser settings, but refusal may lead to inconvenience in using the service.

Personal Information Protection Officer

Representative: Hyeji Ahn

Position/Title: Administrative Director

Contact: (82+ 02-2001-1963)

Personal Information Department in Charge


Article 11 (Remedies for Infringement of Rights)

Members can contact the following agencies for remedies or consultation regarding personal information infringement (based on South Korean standards).

Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

Website: http://privacy.kisa.or.kr

Phone: (nationwide) 118

Supreme Prosecutors' Office Cyber Investigation Division

Website: http://spo.go.kr

Phone: (nationwide) 1301

Cyber Bureau of the Korean National Police Agency

Website: http://cyberbureau.police.go.kr

Phone: (nationwide) 182


Article 12 (Changes to the Privacy Policy)

The Company may change this privacy policy and will announce the effective date and major changes at least seven days in advance (or 30 days for significant changes) through website notices.

The latest revision and effective dates of this privacy policy are as follows:

Announcement (or revision) date: 01 21, 2025

Effective date: 01 21, 2025

크리스타비전 로고

Representative

Su Jeong Song

Business Registration Number

835-87-03137

Address

Head Office: 9F, Ilshin Building, 38 Mapo-daero, Mapo-gu, Seoul, Republic of Korea


Branch Office: B1F, 265 Baekjegobun-ro, Songpa-gu, Seoul, Republic of Korea

Contact

(+82) 02-2001-1963

Brightics RA is a device that assists with ophthalmic diagnosis and does not replace the direct diagnosis or treatment by a medical professional.
All results must ultimately be reviewed and confirmed by a healthcare provider.
Users are advised to use the information provided by Brightics RA only as a reference or supplementary material.  We prioritize the protection of patient data and privacy.
All data is processed securely in compliance with relevant privacy regulations.
All content, including images and software on this website, is the property of Crystar Vision and is protected by copyright law. Unauthorized reproduction, distribution, or use is prohibited and may result in legal action without prior consent.

Privacy Policy

ISO

© Crystar Vision(크리스타비전) All rights reserved.

  • X
  • Instagram
bottom of page