Personal information processing policy
Article 1. Purpose of Processing Personal Information
Article 2. Items to be Collected and Method and Basis and Period of Possession of Personal Information
Article 3. Provision of Personal Information to a Third Party
Article 4. Consignment of Personal Information Processing
Article 5. Rights and Duties of the Information Subject and Exercise of the Rights and Duties
Article 6. Destruction of Personal Information
Article 7. Matters on Installing, Operating, and Rejecting the Automatic Personal Information Collection Device
Article 8. Personal Information Protection Manager
Article 9. Securing of Personal Information Safety
Article 10. Remedy for Infringement of Rights and Interests
Article 11. Change of the Personal Information Processing Policy
Article 1. Purpose of Processing Personal Information
”Personal Information” shall be information on a living individual and shall mean all information (including the identification in easy combination with other information even though a specific individual cannot be identified only with the corresponding information) that can identify the individual through name, resident registration number, and video. The Center shall do processing of such information for the following purposes.
Service ProvisionPersonal information shall be processed to provide services such as boarding and reserving seats in the Zero Shuttle.
Article 2. Items to be Collected and Method and Basis and Period of Possession of Personal Information
User’s personal information shall be discarded immediately as a rule if the purpose of processing personal information is achieved or if the possession period is over. The collected items, method, and period of possession and department in charge of processing the personal information for the Center shall be as follows.
| Item to be Collected | Collection Method | Details Collected | Possession Period | Possession Department |
|---|---|---|---|---|
| Application for boarding the Zero Shuttle | Submission through the homepage | Name (or association name), e-mail address and contact information | 1 year | Operation support |
Article 3. Provision of Personal Information to a Third Party
The Center shall process users’ personal information as a rule within the scope specified in Article 1 (Purpose of Processing Personal Information) and shall not process or provide such information to a third party beyond the original scope without prior consent. However, personal information shall be possibly provided in the following cases.
A. If a separate consent is received from the information subject
B. If there is a special regulation in the law or providing such information is inevitable to observe legal duties
C. If a public agency requires such information to perform any work specified by the law
D. If it is accepted that it is clearly necessary for imminent profit in terms of life, body, or property of the information subject or a third party when the information subject or their legal representative cannot declare intention or a prior consent cannot be received due to the address being unknown
E. If the personal information is provided in a form without identifying the specific individual when it is needed for statistics work and/or academic research
Article 4. Consignment of Personal Information Processing
Regarding the Center homepage, processing the corresponding personal information shall not be consigned to another person as a rule without the user’s consent. If it is necessary to consign the processing of personal information, the consignment target, work details, period, and contract details (specifying the observation of the laws related to personal information protection, prohibition of the provision of personal information to a third party, and assumption of responsibility for personal information) shall be notified through public notice and the personal information processing policy. Furthermore, prior consent shall be received if necessary.
Article 5. Rights and Duties of the Information Subject and Exercise of the Rights and Duties
A user shall possibly exercise the following rights as the subject of information.
A. Request for Perusal of Personal Information Regarding the personal information file possessed by the Center homepage, perusal of personal information contained in it shall be possibly requested according to Article 35 (Perusal of Personal Information). However, in case of requesting personal information, perusal shall be possibly restricted according to Article 35 Provision 5 of the law.
If perusal is prohibited or restricted according to the law
If there is a concern of causing damage to the life or body of another person or unduly infringing upon the property and other profits of another person
If the work specified by another law cannot be performed when the public agency does not process personal information
If serious trouble is caused when a public agency performs work corresponding to one of the following items
- Work related to imposing, collecting, or refunding tax
- The grade assessment and selection of new students to schools based on the Elementary and Secondary Education Act and the Higher Education Act, lifelong education facilities based on the Lifelong Education Act, and the higher education agencies established according to the other laws
- Work related to qualifying tests on achievements, skills, and recruitment
- Work related to ongoing evaluation or decisions on calculating compensation and remuneration
- Work related to ongoing audit and investigation based on another law
B. Request for Suspending the Correction, Deletion, or Processing of Personal Information It shall be possible to correct or delete the personal information file possessed by the Center according to Article 36 of the Personal Information Protection Act (Correction and Deletion of Personal Information), and to request the suspension of processing according to Article 37 (Suspension of Processing of Personal Information, Etc.) of the same law. However, if the personal information is specified as the target of collection in another law, deletion shall not be possibly requested. Regarding the request for suspending the perusal, correction, deletion, or processing of personal information, the request for correction or deletion shall be considered after going through the identification procedure. [Enclosure 1 ] Request for Perusing, Correcting, or Deleting Personal Information
C. Exercise of Rights through a Representative Rights shall be possibly exercised by a representative such as the legal representative or consignee of the information subject. In this case, the power of attorney based on the enclosure no. 11 of the Enforcement Rules of the Personal Information Protection Act shall have to be submitted. [Enclosure 2] Power of Attorney for Perusing, Correcting, or Deleting Personal Information
Article 6. Destruction of Personal Information
If the purpose of processing personal information is achieved or the possession period is exceeded, the corresponding personal information shall be discarded immediately as a rule. The procedure, deadline, and method of destruction shall be as follows.
A. Destruction Procedure The information inputted by the user shall be moved to a separate DB (a separate document in case of paper) after achieving the purpose, and shall be destroyed after storage for a pre-specified fixed period based on the other relevant laws or at once. The personal information moved to the DB shall not be used for another purpose without complying with the law.
B. Destruction Deadline Users’ personal information shall be destroyed within 5 days of the end date of the possession period in case of the passage of the period of possession of personal information and within 5 days of the date not requiring the processing of personal information when the personal information is unnecessary due to achievement of the purpose of processing personal information, abolition of the corresponding service, and/or the end of business.
C. Method of Destruction For electronic file type information, technical methods for not recovering the record shall be used. The personal information outputted on paper shall be pulverized with pulverizer or destroyed through burning.
Article 7. Matters Related to Installing, Operating, and Rejecting Automatic Personal Information Collection Devices
In order to provide personalized and customized service for an individual member, ‘cookies’ saving and frequently calling member information shall be used. A cookie is a small data packet sent to the user’s browser by the server used for operating the web site, and shall be saved in the member’s computer hard disk.
A. Purpose of Using the Cookie To provide personalized customized service by analyzing the access frequency or visit time of the homepage user, by tracking user traces, and by checking various submissions, event participation, and visit frequency
B. Method for Declining the Cookie Setting A user shall have the option to install cookies. Hence, a user shall possibly permit all cookies by setting the option in the web browser, check whenever saving a cookie, or decline to save all cookies.
C. Example of Settings (In case of Internet Explorer and Chrome)
(Internet Explorer) Tool on the upper end of the web browser > Internet Options > Personal Information
(Chrome) Setting on the upper end of the web browser > Advanced > Contents Setting > Cookie
However, if cookie installation is declined, it shall be possibly difficult to use some services needed for various submissions and participation in events.
Article 8. Personal Information Protection Manager
In order to protect personal information and process complaints related to personal information, and to ensure the protection of people’s rights and interests and the suitable performance of public work, the Center shall designate a personal information protection manager and staff according to Article 32 (Work and Designation Requirements of the Personal Information Protection Manager, Etc.) Provision 2 of the Enforcement Rules of the Personal Information Protection Act as follows.
ㆍPersonal Information Protection Manager: Kim Jae Hwan
ㆍPersonal Information Protection Staff: Lim Yeonju (031-759-9042)
Article 9. Securing of Personal Information Safety
The Center shall take the managerial, technical, and physical actions needed to secure safety according to Article 29 of the Personal Information Protection Act as follows.
A. Managerial Action In order to process personal information safely, the Center shall establish and implement an internal management plan, minimize the number of personnel in charge of processing personal information, and provide relevant education.
B. Technical Action The Center shall manage the authority on accessing the personal information processing system, administer manager access control, install the required security devices (SSL, etc.) and security program enabling the safe transmission of personal information, and check and improve weak points regularly.
C. Physical Action The Center shall have a separate physical storage place for the personal information system saving personal information, and shall establish and operate appropriate procedures for access control.
Article 10. Remedy for Infringement of Rights and Interests
The personal information subject shall possibly inquire about damage relief and seek consultation on the infringement of personal information. In case of requiring more specific help than available through the Center’s response system on inquiries related to customers’ personal information, dispute resolution, or consultation shall be possible requested through the following agencies.
ㆍPersonal Information Protection Comprehensive Support Portal: 02-2100-3394 (www.privacy.go.kr)
ㆍPersonal Information Infringement Report Center: (Without the exchange number) 118 (privacy.kisa.or.kr)
ㆍPersonal Information Dispute Resolution Committee: (Without the exchange number) 1833-6972 (www.kopico.go.kr)
ㆍSupreme Prosecutors’ Office Cyber Investigation Division: (Without the exchange number) 1301 (http://www.spo.go.kr)
ㆍNational Police Agency Cyber Safety Bureau: (Without the exchange number) 182 (http://cyberbureau.police.go.kr)
Article 11. Change of the Personal Information Processing Policy
The personal information processing policy shall be applied from the date of issuing public notice (2019. 11. 1). The details of change, addition, deletion, and correction based on the applicable law and policy shall be notified within 7 days of the enforcement of the change.
