Article1 (Purpose of the personal information processing)
- ① Ombudsman Website processes the least amount of the personal information for limited purposes such as providing services, addressing grievances, and conducting necessary works.
- ② The purpose of the personal information handled by Ombudsman Website shall be as follows:
Name of the personal information file Grounds for operation Purpose of the processing 1 Ombudsman Website member Consent by data subject Provision of information and service regarding foreign-invested companies 2 News letter Mailing member Consent by data subject Provision of Ombudsman’s
Article 2 (Processing and retention period of the personal information)
- ① Ombudsman Website processes the personal information within the scope specified for the purpose of collection and use, and the retention period is applied as stipulated by the Personal Information Protection Act and related laws.
- ② The processing and retention period of the personal information shall be as follows:
Name of the personal information file Grounds for operationPurpose operationPurpose of the processing1I 1 Ombudsman Website member Consent by data subject 2 years 2 News letter Mailing member Consent by data subject 2 years
- ③ The Personal Information Protection Center provides a process to check the personal information files operated by KOTRA.
※ Visit the website of the Personal Information Protection Center (privacy.go.kr) to make an request to access to the personal information files of KOTRA.
Article 3 (Providing the personal information to the third party)
Ombudsman Website processes the personal information of a data subject within the scope defined in Article1 (Purpose of the personal information processing), and shall not process the information that exceeds the scope of the purpose or provide the information to the third party without the consent from the data subject excluding the following exceptions:
- 1. When Ombudsman Website obtains a separate consent from the data subject;
- 2. When there is a special regulation specified under the Act;
- 3. When Ombudsman Website clearly recognizes the need to provide the personal information to the third party for the interests of the life, physical body or property of the data subject or the third party as the data subject or legal representative is in a situation where he cannot express his intention or Ombudsman Website cannot obtain prior consent of the data subject due to the unclear address and other reasons;
- 4. When the personal information that is required for statistics and academic research is unrecognizable;
- 5. When the protection committee has reviewed and decided the case where the matters under the jurisdiction defined by a different Act cannot be executed as the personal information has been used for other purposes or has not been delivered to the third party;
- 6. When the information is needed to provide it to foreign governments or international organizations to carry out treaties and other international agreements;
- 7. When it is necessary for investigation of a crime or prosecution;
- 8. When it is necessary for a court to perform its judicial affairs; and
- 9. When it is necessary for executing a punishment, care and custody or protective disposition.
Article 4 (Entrustment of the personal information processing)
- ① Ombudsman Website entrusts the following affairs related to the processing of the personal information to smoothly process the personal information:
Entrusted affairs Company Name Tel no. Hours maintenance reveiw for
service provider entrusted
1 Operation and maintenance of the KOTRA information system SGA Co., Ltd. 070-7308-1004 09:00~18:00 passed 2 system maintenance GEISTKOREA Co.,Ltd. 02-833-1650 9:00~18:00 passed 3 Operation of the customer information center Transcosmos Korea Inc. 82-2-790-8106 9:00~18:00 passed
- ② In accordance with Article 26 of the Personal Information Protection Act, Ombudsman Website, when outsourcing personal information processing to a third party, effect such outsourcing through a document that states prevention of personal information processing for other purposes than the outsourced purpose, technical and managerial safeguards of personal information, restricions in extending contracts, management and supervision over the entrusted companies, and responsibility for demage compensation. Additionally, Ombudsman Website is monitoring the entrusted comapnies to ensure the safety of the personal information
Article 5 (Rights and duties of data subject and how to exercise them)
- ① A data subject (a legal representative shall exercise the rights if the data subject is less than 14 years old) shall exercise the following rights related to the protection of the personal information at any time:
- 1. Request for inspection of the personal information
- 2. Request for modification where there is an error
- 3. Request for deletion
- 4. Request for suspension of the processing.
- ② The data subject shall exercise his rights in accordance with Section 1 by submitting the document as provided by Annex 8. Enforcement Ordinance of the Personal Information Protection Act via mail, e-mail or fax and Ombudsman Website shall respond to the request without delay.
- ③ If the data subject of the personal information requests for modification or deletion of his personal information, Ombudsman Website shall not use or provide the personal information of the player until such modification or deletion is completed.
- ④ The data subject shall present his legal representative or agent to exercise his rights as provided by Section 1. In such case, the data subject is required to submit the power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act.
- ⑤ The request for suspending the process and inspection of the personal information could be limited in accordance with Article 35.5 and Article 37.2 of the Personal Information Protection Act.
- ⑥ For modification and deletion of personal information, if other Acts stipulate the particular personal information be collected, the information plyer shall not request for deletion thereof.
- ⑦ For request to inspect, modify, delete or suspend the process in accordance with the rights of the data subject, Ombudsman Website shall confirm if the requested person is himself or his legal representative.
* Provide any identification cards (certificate of resident registration, driver’s license, passport, etc.) to identify himself.
* If the requested person is the legal representative, any identification cards and power of attorney to identify that he is the legal representative of the data subject.
* [Form 8] Application for (Access, Correction or Deletion, and Suspension of Processing) of Personal Information, attached in the Enforcement Rules to Personal Information Protection Act
* [Form 11] Power of Attorney, attached in the Enforcement Rules to Personal Information Protection Act
- ⑧ Procedures for inspecting, modifying, deleting and suspending the personal information are as follows:
Article 6 (Items for processing the personal information)
- Ombudsman Website processes the following items for the personal information:
Name of the personal information file Items for the personal information1 1 Ombudsman Website member Required ID, password, name, email address, company registration no.,company name, company address, company no Optional department, position 2 News letter Mailing member Required real name (Korean or English), company name, email address
- Information automatically collected by Ombudsman Website : Cookie, IP Address, MAC Address, Service records, visiting history, Malfunction record
Article 7 (Procedures and methods of destructing the personal information)
- ① Ombudsman Website, in principle, shall delete the personal information without delay if its purpose to process the personal information is achieved.
However, it shall not be applied for the personal information that needs to be preserved in accordance with other Acts. The procedures, terms and methods of destructing the personal information are as follows:
Any unnecessary personal information and personal information file shall be destroyed in accordance with the below procedure of the inside policy under the responsibility of the person in charge of the personal information.
- - Destruction of the personal information
The personal information shall be destroyed without delay from the end date of its holding period.
- - Destruction of the personal information file
If the personal information file becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service and the end of the business, the personal information file shall be destroyed without delay from the day that recognizes the processing of the personal information is no longer needed.
- - Electronic data shall be destroyed by using technical methods to make it impossible to restore such data.
- - Paper documents that contain the personal information shall be shredded or incinerated.
- - Destruction of the personal information
Article 8 (Measures to secure the safety of the personal information)
Ombudsman Website shall implement the following technical, managerial and physical measures to secure the safety of the personal information in accordance with Article 29 of the Personal Information Protection Act.
- 1. Establishment and implementation of management plan
Ombudsman Website shall establish and implement its management plan in accordance with the Criteria for Securing Sagety of Personal Information by the Ministry of the Interior and Safety
- 2. Minimum number of staff in charge of the personal information processing and training
Ombudsman Website shall designate the minimum number of staff to handle the personal information.
- 3. Restricted access to the personal information
Ombudsman Website shall carry out necessary measures to restrict access to the personal information through empowerment, change and cancellation of access authorities for the database system that processes the personal information. It shall also operate intrusion prevention systems to deny any unauthorized external access.
- 4. Preservation of the access records and anti-forgery
Ombudsman Website shall store access records (weblog data, summarized information, etc.) to the personal information data system for at least 1 year. Yet, the retention period for personal information processing systems that handle personal information from more than 50,000 people or process identification information and sensitive information is at least 2 years.
- 5. Encryption of the personal information
The personal information of the users are stored and managed in an encrypted manner. Ombudsman Website also implements special security measures including encrypting important data when storing or transferring.
- 6. Installation and periodic updates of computer security programs
Ombudsman Website shall install and periodically update the computer security programs to prevent the personal information from leakage and damage due to hacking or computer viruses.
- 7. Access control of the unauthorized personnel
Ombudsman Website shall operate a separate physical storage facility for its personal information data systems and establish and operate relevant access control procedures
Article 9 (Contact points for Ombudsman Website’s personal information protection)
|Personal Information Protection Director||Foreign Investment Department Personal Information Protection Director||Personal Information Protection Manager||Personal Information Protection Officer|
EXECUTIVE VICE PRESIDENT
|Department in charge: Foreign
Department in charge: Foreign
Department in charge: Foreign
Article 10 (Request for inspection of the personal information)
- ① A data subject shall request for the inspection of the personal information in accordance with Article 35 of the Personal Information Protection Act via the following team. KOTRA shall strive to swiftly handle the request of the data subject for the inspection of the personal information.
► Department in charge
Team: Foreign Investment OMBUDSMAN
Officer: HEECHEOL KIM
Contact: Tel 82-2-3497-1827 / E-mail firstname.lastname@example.org / Fax 82-2-3497-1699
- ② The Personal Information Protection Center(www.privacy.go.kr), operating by the Personal Information Protection Commission, provides a process to access and check the personal information files.
▶ The Personal Information Protection Center → Civil affairs on the personal information → Request for the inspection of the personal information (real name authentication via public I-pin service is required.)
Article 11 (Remedies for infringement on rights and interests)
A data subject shall consult the following organizations for remedies regarding the infringement on the personal information.
- ► Personal Information Infringement Report Center (Run by the Korea Internet & Security Agency)
- Description: Report infringement on the personal information, request for consultation
- Website: http://privacy.kisa.or.kr
- Tel: 118 (without area code)
- Address: (58324) 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea, the Korea Internet & Security Agency
- ► Personal Information Dispute Resolution Committee (Run by the Korea Internet & Security Agency)
- Description: apply for the personal information dispute resolution, collective dispute resolution (civil resolution)
- Webiste: http://www.kopico.go.kr
- Tel: 1833-6972
- Address: (03171) 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea
- ► Cybercrime Investigation Department: 1301(without area code) (www.spo.go.kr, (email@example.com), 182(without area code) (cyberbureau.police.go.kr)
Also, the data subject reserves the right to demand administrative appeals in accordance with the Administrative Appeals Act for any infringement on rights and interests occurred due to the nonfeasance or measures taken by the head of a public institution for the request of the data subject for inspection, modification, deletion or suspension of the personal information processing.
- ► Please refer to the telephone numbers via the website (www.simpan.go.kr) of the Central Administrative Appeals Commission.
Article 12 (Amendment to the personal information processing policy)
- ① The policy shall take into effect on September 1, 2021.
- ② The previous document could be found below :