Article 1 (Collection of Personal Data and Purpose of Processing)
In order to provide customers with enhanced and high-quality services, including online business activities, the Institute collects the personal data of users through membership registration on its website.Furthermore, in order to provide users with faster responses and to prevent irresponsible and defamatory statements, the Institute requires users to log in when writing posts on the website. The personal data collected through user consent during membership registration on the Institute’s website is as follows.
- Website Name: Main Website, Online Consultation/Registration, Education Academy, Chemical Regulation Support Center, Skill Development Center
| Mandatory items: | Optional items: |
|---|---|
| Name, gender, date of birth, email, mobile phone number, password | Company name, business registration number, company address, company phone number, representative name |
Article 2 (Collection Method of Personal Data)
The Institute collects personal data in the following ways.
- Website, paper forms, fax, telephone, email
Article 3 (Processing, Retention Period, and Disposal of Personal Data)
The personal data held by the Institute and the retention period are as follows: The Institute, in principle, disposes of personal data without delay when the retention period for personal data expires orthe purpose of processing personal data is achieved. The procedures, deadline, and methods for the disposal of personal data are as follows.
Disposal Process
Personal data will be immediately transferred to a separate location or destroyed in accordance with internal policies and other relevant laws and regulations after its purpose has been achieved.Personal data transferred to a separate location will not be used for any other purpose unless required by law.
Disposal Deadline and Disposal Methods
When the retention period has expired, the purpose of processing personal data has been achieved, or the personal data has become unnecessary due to the termination of relevant business, it will be promptly disposed of without delay.Information in electronic file format is disposed of using technically irreversible methods that prevent the records from being reproduced.Personal data printed on paper is destroyed by shredding or incineration.
| Data type | Retention period | Remarks |
|---|---|---|
| Inquiries, seminar, and newsletter subscription information | 5 years | Personal data related to inquiries, seminars, and newsletter subscriptions will be retained until the personal data provider requests disposal. |
| Contract-related information | 5 years | No contents |
| Website membership registration information | Until withdrawal from membership | No contents |
Article 4 (Provision of Personal Data to Third Parties)
The Institute only provides personal data to third parties with the consent of the data subject or in cases stipulated by special provisions of the Personal Information Protection Act, including Articles 17 and 18.
Legal basis for provision
Article 18(2) 2 of the Personal Information Protection Act: When separate consent has been obtained from the data subject, and there are special provisions in other laws
- In cases where the data subject or their legal representative is unable to express their intention or where obtaining prior consent is not possible due to unknown address, etc., and it is deemed necessary for the urgent interests of the data subject or a third party regarding their life, body, or property
- In cases where it is necessary to provide personal data in a form that cannot identify specific individuals for the purpose of statistical compilation, academic research, etc.
- In cases where the performance of tasks prescribed by other laws is impossible unless personal data is used or provided to third parties for purposes other than the originally intended purpose, and the matter has been deliberated on and decided by the Personal Information Protection Commission
- In cases where it is necessary to provide personal data to a foreign government or international organization for the purpose of implementing a treaty or other international agreements
- In cases where it is necessary for the investigation, indictment, and maintenance of criminal prosecution
- In cases where it is necessary for the performance of judicial duties by a court
- In cases where it is necessary for the execution of punishments, supervision, and protective measures
The Institute provides personal data to third parties as follows.
- 1Recipient of the personal data: National Tax Service
- 2Purpose of using the personal data by the recipient: Reporting the taxes withheld at the source to customers
- 3Personal data items provided: Name, Resident Registration Number
- 4Duration of Personal Data Retention and Use by the Recipient: Until the purpose of using the personal data is achieved
- 5Refusal of Consent and Disadvantages of Refusal: The provider of personal data has the right to refuse to provide consent for the provision of personal data. However, if consent is refused, there may be omissions in the income tax declaration to the National Tax Service.
Article 5 (Rights, Obligations, and Methods of Exercise of the Data Subject)
The data subject may exercise the following rights related to the protection of personal data against the Institute at any time, and the legal representative of a child under the age of 14 may request access, correction, deletion, or suspension of processing of the child’s personal data.
Request for access to personal data
You have the right to request access to your personal data held by the Institute in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, please note that your request for access to personal data may be subject to the following limitations under Article 35(5) of the law:
- Cases where access is prohibited or restricted by law
- Cases where there is a concern that it may harm or endanger the life or body of another person, or unreasonably infringe upon the property and other interests of another person
- Cases where if personal data is not processed, it would be difficult to perform the contracted services agreed upon with the data subject, and the data subject has not clearly expressed an intention to terminate the contract.
Request for Suspension of Processing Personal Information
You have the right to request the suspension of processing of personal data held by the Institute in accordance with Article 37 (Suspension of Processing Personal Information, etc.) of the Personal Information Protection Act.However, please note that your request for suspension of processing of personal data may be refused under Article 37(2) of the law.
- Cases where there are specific provisions in the law or where it is necessary to comply with legal obligations
- Cases where there is a concern that it may harm or endanger the life or body of another person, or unreasonably infringe upon the property and other interests of another person
- Cases where if personal data is not processed, it would be difficult to perform the contracted services agreed upon with the data subject, and the data subject has not clearly expressed an intention to terminate the contract
Article 6 (Measures to Ensure the Security of Personal Data)
The Institute takes the following technical, administrative, and physical measures to ensure the security of personal data in accordance with Article 29 of the Personal Information Protection Act:
Minimization and education of personnel handling personal data
- The Institute designates and manages only the necessary personnel to handle personal data and provides education on safe management to employees handling personal data.
Restricted access to personal data
- The Institute takes necessary measures to restrict access to personal data by granting, changing, and revoking access rights to the database system that processes personal data.
- The Institute controls unauthorized access from external sources by utilizing an intrusion prevention system.
Retention of access logs
- The Institute retains and manages records of access to the personal data processing system (such as web logs and summary information) for a minimum of six months.
- The Institute conducts regular checks on access logs of the personal data processing system on a semi-annual basis to respond to potential data breaches, tampering, or damages to personal data.
Encryption of personal identification information
- Personal identification information is securely stored and managed through methods including encryption Furthermore, the Institute utilizes separate security measures, such as encrypting data during transmission, to ensure its secure transfer.
Installation of security programs and regular inspection and updates
- To prevent leakage and damage of personal data caused by hacking or computer viruses, we install security programs and conduct regular updates and audits.
Access control for unauthorized individuals
- We have established and implemented access control procedures for the physical storage location of the personal data system where personal data is stored.
Regular internal audits
- The Institute regularly conducts personal data protection management audits to ensure the security of handling personal data.
Establishment and implementation of an internal management plan
- The Institute has established and implements an internal management plan for the secure handling of personal data.
Article 7 (Personal Data Protection Officer)
The Institute designates a personal data protection officer and administrators as follows in order to protect personal data and handle complaints related to personal data:
- Personal Data Protection Administrator : Information Strategy Department - Contact: +82-2-2092-3991
- Customer Information Protection Administrator : Customer Support Center - Contact: +82-2-2164-0121
- Video Information Protection Administrator : Safety and Security Team - Contact: +82-2-2164-0091
- Employee Information Protection Administrator : Human Resources Department - Contact: +82-2-2092-5821
Article 8 (Remedies for Rights Violations)
Individuals whose rights have been violated due to personal data breaches may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Report Center, or other relevant authorities.
- Personal Information Dispute Mediation Committee : 118 (no area code required) (privacy.kisa.or.kr)
- Personal Information Infringement Report Center : 118 (no area code required) (privacy.kisa.or.kr)
- Cyber Crime Investigation Unit, Supreme Prosecutors' Office : +82-2-3480-3571 (cybercid@spo.go.kr)
- National Police Agency Cyber Terrorism Response Center : +82-1566-0112 (www.netan.go.kr)
Article 9 (Amendments to the Privacy Policy)
The current Privacy Policy will be applied from Aug. 16, 2016. In case of any additions, deletions, or modifications to the content, notice will be given via website announcement at least 7 days in advance (30 days in advance for significant changes). If there are changes to the collection and utilization of personal data, provision to third parties, etc., and consent is required, a separate consent process will be established and implemented.
- Privacy Policy Version Number : 1.0
- Privacy Policy Posting Date : Aug. 16, 2016
- Privacy Policy Establishment Date : Aug. 16, 2016