Privacy Policy
Article 30 of the Personal Information Protection Act establishes and discloses a personal information processing policy (hereinafter referred to as a "processing policy") as follows to protect the personal information of the data subject and to promptly and smoothly handle related grievances.
1. Purpose of processing personal information.
The company processes personal information for the following purposes. The processed personal information is not used for purposes other than the following purposes, and if the purpose of use changes, prior consent will be sought.
1) Personal information is processed for the purpose of providing services such as "Article 19 of the Human Organizational Safety and Management Act" and "Article 18 of the Rules on Human Organizational Safety" and customer inquiries, business partnership inquiries, coverage inquiries, and recruitment.
2) Contact for handling affairs of civil complaints and conducting an actual investigation.Personal information is processed for the purpose of notification, notification of processing results, etc.
3) Personal information file status.
(1) Personal information file name: Organizational transplant result record
- Personal information items: name, address, phone number, date of birth, organization identification number
- How to collect: Phone/Fax/Email
- Grounds for retention: Human Tissue Act / Rules on Human Tissue Safety
- Retention period: 15 years.
(2) Personal information file name: Application for participation in academic conferences/events
- Personal information items: company name, person in charge, company address, contact information, email
- How to collect: Email
- Grounds for possession: Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.
- Retention period: 3 years.
2. Processing and retention period of personal information.
The company processes and holds personal information within the period of possession and use of personal information under the Personal Information Protection Act or within the period of possession and use of personal information agreed upon by the data subject. However, the following information is preserved for the period specified for the following reasons.
1) Preservation items: items pursuant to Article 19 of the Human Organizational Safety and Management, etc. Act and Article 18 of the Rules on Human Organizational Safety, and personal information files necessary for handling civil complaints.
2) Grounds for retention: Article 19 of the Act on the Safety and Management of Human Organizations, Article 18 of the Rules on the Safety of Human Organizations, and Article 15 of the Regulations on the Handling and Service of Company Affairs.
3) Preservation period: 3 years from the date of consent on the collection and use of personal information and preservation period prescribed in Article 19 of the Act on the Safety and Management of Human Tissue and Article 18 of the Rules on Human Tissue Safety.
3. Providing personal information to a third party.
In principle, the company processes the user's personal information within the scope specified in Article 1 (purpose of processing personal information) of this guideline, and does not process it beyond the original scope or provide it to third parties without the user's prior consent. However, if there are special provisions in other laws or if they fall under Articles 17 and 18 of the Personal Information Protection Act, such as criminal investigations.
4. Consignment of personal information processing.
For the management of the company's website and smooth business processing, we entrust certain tasks as follows.
(1) Name of consignee: Gabia Co., Ltd.
(2) Contents of consignment work: Server hosting and web server rental and management.
(3) Period: Use and storage when achieving the provided purpose or for the period prescribed by relevant statutes.When signing a consignment contract, the company clearly stipulates compliance with laws and regulations related to personal information protection, prohibition of providing personal information to third parties, and keeps the contents of the contract. Notification through notice and this policy when changing the trustee, or written, e-mail, fax, telephone, or text message.
5. Collection and possession of personal information.
The company collects and holds personal information only with the provisions of the law and the consent of the data subject. The main personal information files collected and held by the company in accordance with the provisions of the law are as follows. Articles 19 of the Human Organizational Safety and Management, etc. Act and Article 18 of the Rules on Human Organizational Safety, and customer inquiries, business partnership inquiries, coverage inquiries, recruitment, etc.
① Grounds for retention: Article 19 of the Act on the Safety and Management of Human Organizations, Article 18 of the Rules on the Safety of Human Organizations, and consent of the data subject.
② Purpose of retention: Article 19 of the Act on the Safety and Management of Human Tissue, Article 18 of the Rules on the Safety of Human Tissue, and applications for academic societies/events and answers questions.
③ Key items: items and business name, business address, name, e-mail, contact information, etc. prescribed in Article 19 of the Human Tissue Safety and Management, etc. Act and Article 18 of the Rules on Human Tissue Safety, etc.
④ Period of retention: the part prescribed by Article 19 of the Act on the Safety and Management of Human Organizations and Article 18 of the Rules on the Safety of Human Organizations and the number of years of retention under the Personal Information Protection Act.
Matters concerning the provision of personal information to a third party.
① In the case of Article 19 of the Human Tissue Safety and Management, etc. Act and Article 18 of the Rules on Human Tissue Safety.
② In the case where a separate consent is obtained from the data subject,
③ Where there are special provisions in the law or it is inevitable to comply with the obligations under the law.
④ In a case where the data subject or its legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc., and is clearly deemed necessary for the benefit of urgent life, body, or property of the data subject or third party.
⑤ In any of the following cases, the user's personal information may be used for purposes other than purposes or provided to a third party, except when there is a risk of unfairly infringing on the interests of the data subject or a third party.
1) In the case where a separate consent is obtained from the data subject,
2) If there are special provisions in other laws,
3) In a case where the data subject or its legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc., and is clearly deemed necessary for the benefit of urgent life, body, or property of the data subject or third party.
4) Where personal information is provided in a form where a specific individual cannot be recognized as necessary for the purpose of statistics preparation and academic research.
5) In a case where personal information cannot be performed under the jurisdiction prescribed by other laws if it is not used for purposes other than its purpose or provided to a third party, and has undergone deliberation and resolution by the Protection Committee.
6) Where it is necessary to provide it to a foreign government or international organization for the implementation of treaties and other international agreements,
7) Where it is necessary to file and maintain criminal investigations and prosecutions.
8) Where necessary for the court's performance of judicial affairs,
9) Where it is necessary for the execution of punishment, protection, and protection disposition.
10) When it falls under the Act on the Safety and Management of Human Tissue and the Rules on the Safety of Human Tissue.
6. The rights and obligations of the data subject and the method of exercising them.
① Request to view personal information: Personal information files held by the company may be requested to be viewed in accordance with Article 35 of the Personal Information Protection Act (reading personal information. However, the request for access to personal information may be limited as follows under Article 35 (5) of the Personal Information Protection Act.
1) In cases where access is prohibited or restricted by law,
2) Case where there is a fear of harming another person's life and body or unfairly infringing on another person's property and other interests.
3) In a case where a public institution causes significant disruption when performing any of the following tasks:
- Business related to the imposition, collection, or refund of taxes.
- Work on grade evaluation or admission selection at schools at various levels under the Elementary and Secondary Education Act and the Higher Education Act, lifelong education facilities under the Lifelong Education Act, and other higher educational institutions established under other laws.
- Tests on academic background, skills, and recruitment, and tasks related to qualification screening.
- Business related to ongoing evaluation or judgment on the calculation of compensation and benefits, etc.
- Affairs concerning audits and investigations in progress under other laws.
② Request for correction and deletion of personal information: For personal information files held by the company, you may request the company to correct or delete personal information in accordance with Article 36 of the Personal Information Protection Act (correction or deletion of personal information). However, if the personal information is specified as the object of collection in other laws and regulations, the deletion cannot be requested.
③ Request for suspension of personal information processing: For personal information files held by the company, the company may request suspension of personal information processing pursuant to Article 37 of the Personal Information Protection Act (such as suspension of personal information processing). In addition, the legal representative of a child under the age of 14 may request the company to view, correct, delete, or suspend the processing of his or her personal information. However, if a request for suspension of personal information processing is requested, the request for suspension of processing may be rejected pursuant to Article 37 (2) of the Personal Information Protection Act.
1) Where there are special provisions in the law or it is inevitable to comply with the obligations under the law.
2) Case where there is a fear of harming another person's life and body or unfairly infringing on another person's property and other interests.
3) In a case where a public institution cannot perform its duties prescribed by other laws unless personal information is processed.
4) If personal information is not processed, it is difficult to fulfill the contract, such as not being able to provide services agreed with the information subject, and if the information subject does not clearly express his/her intention to terminate the contract,
④ For requests for viewing, correction, deletion, and suspension of processing of personal information, the company's action on the matter will be notified within 10 days. Requests for viewing, correction, deletion, and suspension of processing of personal information can be made through the relevant department.
⑤The reception and processing departments for requests for viewing, correction, deletion, and suspension of processing of personal information are as follows.
Chief of Personal Information Officer. Personal Information Management Officer.
Name: Lee Eun Hyung
Position: Director.
Department: Management Support Team
E-mail: hjyoon@coremind.co.kr
Phone: 02-2135-8455 Name: Lee Eun Hyung
Position:
Department:
E-mail: hjyoon@coremind.co.kr
Phone: 02-2135-8455
We will always guide and supervise personal information collected under the provisions of the law so that it can be used according to the purpose of collection and processing.
7. Destruction of personal information.
In principle, if the period of retention of personal information has elapsed or the purpose of processing has been achieved, the company will destroy the personal information without delay. However, this is not the case if it must be preserved under other laws. The procedure, deadline, and method of destruction are as follows.
① Destruction Procedure: Information entered by the user is destroyed in accordance with internal policies and related laws after the retention period has elapsed or the purpose of processing is achieved.
② Destroyed: The user's personal information is destroyed within five days of the end of the retention period if the personal information is deemed unnecessary, such as achieving the purpose of processing personal information.
③ Method of destruction: When destroying personal information processed by the company, it is destroyed in the following way.
1) In the case of electronic file type: permanently delete in a way that cannot be restored.
2) In the case of records, printed materials, written documents, or other recording media other than the form of electronic files: crushing or incineration
8. Measures to secure the safety of personal information.
The company is taking the following measures to ensure the safety of personal information.
1) Management measures: Establishment and implementation of internal management plans, training in charge, etc.
2) Technical measures:
(1) Daily/frequent backup of data in case personal information is damaged.
(2) Use the latest vaccine program to prevent leakage or damage of customers' personal information or data.
(3) In order to strengthen the security of web servers and prevent information leakage due to hacking, etc., unauthorized access control from the outside using an intrusion blocking system.
9. How to remedy infringement of rights and interests.
In order to receive relief from personal information infringement, the data subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Personal Information Infringement Report Center of the Korea Internet & Security Agency. In addition, please contact the institution below for reports and consultations of other personal information infringement.
▶ Personal Information Dispute Mediation Committee
- Responsible affairs: Application for personal information dispute mediation, collective dispute mediation (civil settlement)
- Homepage: www.kopico.go.kr
- Phone: 1833-6972
- Address: 4th floor of the Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
▶ Supreme Prosecutors' Office Cybercrime Investigation Team: (without a national number) 1301, cid@spo.go.kr (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: (without a national number) 182 (cyberbureau.police.go.kr)
▶ Information Protection Mark Certification Committee: 02-580-0533-4 (http://eprivacy.or.kr)
In addition, a person who has been infringed on rights or interests due to disposition or omission made by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act.
▶ Refer to the phone number guidance of the Central Administrative Appeals Commission (www.simpan.go.kr)
10. Installation, operation, and rejection of an automatic personal information collection device.
The company stores usage information and uses "cookie" from time to time for stable website operation.
Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on a hard disk in the user's PC computer.
Purpose of using cookies: It is used for stable website operation by identifying each service visited by users and the types of visits and uses to websites.
Installation, operation, and rejection of cookies: Tools at the top of the web browser>Internet Options>Setting options in the Personal Information menu allows you to refuse to save cookies.
Even if the user refuses to save cookies, there is no difficulty or disadvantage in using the website.
11. Changes in the personal information processing policy.
This policy will take effect from the date of enforcement, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, it will be notified seven days before the enforcement of the changes.
This policy will take effect on March 20, 2020.