Privacy Policy
1. General Statement
NexThera. ("we", "us", "our" or “Nexthera”) is committed to protecting and respecting your personal data. In the event that you send us any of your personal data, we are committed to collecting, maintaining, and securing personal data about you in accordance with our internal data protection policies and local laws.
This privacy policy outlines the types of personal data we collect and why and how we process your information. We advise you to carefully read this Website Privacy Notice so that you are aware of how, where and why we are using your personal data.
This website ("Site") is provided and operated by NexThera. This Site is intended for the general public, healthcare professionals and business partners. If you have any queries regarding this Privacy Notice, please contact us using one of the following email addresses:
This Privacy Notice is updated from time to time. If we update the terms, we will provide notice through our website, or by other means, so you can to review the changes. Please check back if you continue to use this website or interact with NexThera.
For purposes of this Privacy Policy, "personal data" is any information by which you can be individually identified both directly and indirectly, including, but not limited to, your name, address, e-mail address, IP address and telephone number.
2. Type of information we have; Why we collect and use it
Personal Data Obtained Through the Site. We may collect and process personal data provided by you through the Site, for example:
• Your names, contact information, email address, and other information in combination with these identifiers including your CV if you apply to NexThera via the Site;
• records of your correspondence if you contact us, such as emails;
• other technical data, such as IP address, browser type and operating system;
• communications data, such as your preferences in receiving communications from us
We do not use tracking cookies. This means we only require the minimum amount of your personal information necessary
We may process your personal data provided through the Site for many reasons, including:
• To respond to your requests or inquiries;
• To complete a transaction;
• To offer a career;
• To share with our affiliates;
• To operate, improve and maintain the website, including for security purposes.
LEGAL BASIS: If you make inquiries from our Site, we will ask your consent and we will process your personal data provided by you on your consent. If your personal data is obtained via emails sent from you to one of our official email addresses provided in the Site, the collection and process of your personal data will be done for our legitimate interests, where the legitimate interests impact assessment has been carried out. If we request further information, we will request and collect your Personal Data on your consent.
Personal Data Obtained Through our business activities. As well as information collected through this Site, we may obtain personal data in other ways during the course of our business operations such as by phone, email or in paper form including business cards. The type of personal data includes:
• names, contact information, and email address;
• records of your correspondence with us.
We may process your personal data provided to us during the business operation for many reasons, including:
• administering a contract we have entered into with you;
• providing you with information and/or services;
• understanding your business needs and improving our products and/or services;
• holding discussion forums, such as scientific advisory boards;
• communications regarding our products, therapy areas and/or services.
LEGAL BASIS: The collection and process of personal data provided by you will be done for our legitimate business interests, where the legitimate interests impact assessment has been carried out. If we request further information, we will request and collect your personal data on your consent.
If there is any valid contract in place between you and NexThera, such processing is necessary for the performance of a contract.
Personal Data obtained as a Processor. NexThera may collect your information as a processor, who process your personal data on behalf of a third-party controller, who has a legal basis for obtaining and processing your personal data. In this case, we will only use your personal data in accordance with the instructions of the data controller.
LEGAL BASIS: The collection and process of personal data provided by you will be done for performance of contractual obligation with Data Controller. We will have a valid Data Processing Agreement in place in order to undertake such service.
Personal Data obtained from Public Sources. We may collect personal data from public sources such as conferences, symposiums or training events we attend in order to stay in contact with you and manage our relationship with you or to enquire about potential services or business opportunities. The type of personal data include names, contact information and email address.
3. How We Share Your Personal Data
We may share your personal data with a member of the NexThera Group of companies around the world. Our group companies will use your Personal Data for the same purposes as we do.
We may also share your Personal Data with third parties, including our data processors, Consultants and professional advisors, certain software or IT systems services providers, for the following purposes:
• To help fulfill NexThera business transactions;
• To provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other services;
• To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which NexThera participates, or pursuant to a financial arrangement undertaken by NexThera; and
• to comply with applicable laws and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
NexThera does not sell, rent, or trade personal data it collects with third parties. Any third parties to with whom NexThera shares personal data are not permitted to sell, rent, or trade such personal data.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed without your specific authorization.
4. The Rights of Individuals
If you would like to request to review, correct, update, suppress, restrict or delete personal data that you have provided to us through the Site, or if you would like to request to receive an electronic copy of such personal data for purposes of transmitting it to another company, you may contact us at We will respond to your request consistent with applicable law.
In your request, please tell us what personal data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable, but in any case within a calendar month.
Note that the Right to be forgotten (also known as "Right of Erasure") is not absolute, and may be denied to comply with a legal obligation. Furthermore, there is no right to object to processing, because the data is necessary to be processed for the performance of a contract (the exception to this is marketing.)
At any time, you have the right to complain to NexThera's DPO or a relevant supervisory authority. This will usually be the Data Protection Authority located in the country where you are normally resident.
At any time, you have the right to complain to NexThera's DPO or a relevant supervisory authority. This will usually be the Data Protection Authority located in the country where you are normally resident.
5. How we store your Data; International Transfers
Our servers are located in South Korea.
We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.
Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
6. Security Measures
We seek to use reasonable organizational, technical and administrative measures to protect your personal data. Specific measures we use include encrypting your personal information in transit and at rest..
• Our organizational measures include establishment and implementation of internal management plans, regular employee training, etc.
• Our technical measures include installation of security programs, encryption of matters such as unique identifiers, installation of access control systems, and careful management of access authority.
• Our physical measures includes access controls for the data processing room or data storage room.
7. Data Retention
We will retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the Site Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).
Unless otherwise required by law, the general retention period for each of the personal data obtained by us is as follows:
• Personal identification number for confirmation of name: 1 years
When we have no ongoing legitimate business need to process your personal information or the applicable retention period elapses, whichever is later, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. Minors
This Site is neither designed nor intended for use by children under the age of 16. We do not knowingly collect any personal data from anyone under the age of 16 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent's or guardian's permission prior to using or disclosing any personal data on this website or online resource.
9. How to complain
You can contact our data protection officer at the following address:
Data Protection Officer
Rm 202/203, 9 Gunam-Ro, Haeundae-Gu, Busan, Korea
Tel.: +82-51-714-5348
Last updated: July 1, 2021.