Jeju International Convention Center (hereinafter referred to as "Jeju International Convention Center Website") establishes and discloses the following personal information processing policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle related grievances. The Jeju International Convention Center will notify any revisions to the personal information processing policy through the website's announcements.
Article 1 (Purpose of Processing Personal Information)
The purpose of processing personal information files registered and disclosed by Jeju International Convention Center in accordance with the Personal Information Protection Act is as follows:
1. Membership Registration and Management on the Website
Personal information is processed to confirm the intent of membership registration, identify and authenticate members, maintain and manage membership status, prevent fraudulent use of services, analyze website usage statistics, and provide notifications related to website services.
2. Handling Civil Complaints
Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint details, contacting or notifying for fact-finding, and providing notifications of the results of handling complaints.
3. Other Purposes
Personal information is processed for purposes such as confirming venue rental application details and providing pre- and post-service information related to participation in programs or events.
Article 2 (Items of Personal Information Processed)
The items of personal information processed and the methods of collection by Jeju International Convention Center for providing customer support services are as follows:
1. Collected Items
· Required: ID, password, name, gender, date of birth, residence, contact information, email, consent to receive emails, consent to receive SMS
· Optional: Current occupation, activities of interest, purpose of use, referral source
· Program: Program type, registration date and time, and other registration details
· Video information processing devices (CCTV) for facility safety and fire prevention
· Other information generated during the course of event registration, maintenance, or management and information provided by members
2. Collection Methods
Website membership registration, visitor management logs, etc.
Article 3 (Retention and Processing Period of Personal Information)
Jeju International Convention Center processes and retains personal information within the period agreed upon by the data subject or as required by law. The respective processing and retention periods for each type of personal information are as follows:
1. Membership Registration and Management on the Website
Until the member withdraws from the Jeju International Convention Center website. However, in the following cases, personal information will be retained until the respective reason ends:
· If an investigation or inquiry related to a violation of relevant laws is in progress, until the investigation or inquiry concludes
· If there is an outstanding debt or credit relationship resulting from website usage, until the settlement of such relationship
2. Handling Civil Complaints
3 years after the conclusion of complaint handling.
3. Other Purposes
Until the member withdraws from the Jeju International Convention Center website or upon the member's request for deletion or destruction of their personal information.
Article 4 (Provision of Personal Information to Third Parties)
Jeju International Convention Center processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only when consented to by the data subject, or when required by law, as per Articles 17 and 18 of the Personal Information Protection Act. Jeju International Convention
Jeju International Convention Center provides personal information to third parties as follows:
1. Recipient of Personal Information
SCI Evaluation Information Co., Ltd.
2. Personal Information Provided
Name, date of birth, contact information
3. Purpose of Use by Recipient
I-PIN (Personal Identification Number)
4. Retention and Use Period by Recipient
Immediately destroyed after use.
Article 5 (Outsourcing of Personal Information Processing)
Jeju International Convention Center outsources personal information processing to ensure smooth operation as follows:
1. Website Maintenance and Management
· Outsourced to (Fiduciary): WebVista Co., Ltd.
· Details of outsourced tasks: Identity verification for membership services, handling complaints, delivering notifications
· Outsourcing period: Until the termination of the contract
Jeju International Convention Center, when entering into an outsourcing contract, specifies in the contract or related documents matters concerning the prohibition of processing personal information for purposes other than those specified, technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of the contractor, and liability for damages, as per Article 26 of the Personal Information Protection Act. The center also supervises the contractor to ensure safe processing of personal information.
If the contents of the outsourced tasks or the contractor change, the center will promptly disclose such changes through this personal information processing policy.
Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising Rights)
1. The data subject may exercise the right to request access, correction, deletion, and suspension of processing of their personal information at any time against Jeju International Convention Center.
2. The exercise of rights under Paragraph 1 may be made in writing, via email, or by fax, in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and Jeju International Convention Center will take action promptly.
3. The exercise of rights under Paragraph 1 may be carried out through a legal representative or an authorized agent. In such cases, a power of attorney in the form prescribed in Annex 11 of the "Notice on Personal Information Processing Methods (No. 2020-7)" must be submitted.
4. The request for access to personal information and the suspension of processing may be restricted under Articles 35, Paragraph 4, and 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made if the information is specified as a collection target by other laws.
6. Jeju International Convention Center verifies the identity of the requester or the legitimacy of their representative when a request is made for access, correction, deletion, or suspension of processing based on the rights of the data subject.
Article 7 (Destruction of Personal Information)
· Jeju International Convention Center will destroy personal information without delay when the retention period expires or the processing purpose is achieved.
· If the retention period consented by the data subject has expired, or if the processing purpose has been achieved, but other laws require the continued preservation of the personal information, the information will be moved to a separate database (DB) or stored in a different location.
· The procedures and methods for destroying personal information are as follows:
1. Destruction Procedure
Jeju International Convention Center establishes a destruction plan for personal information that needs to be destroyed and proceeds with destruction. Information entered by users is transferred to a separate database (in the case of paper, to a separate document) after the purpose is achieved, and stored for a certain period or immediately destroyed according to internal policies and other relevant laws. The personal information transferred to the database is not used for any purpose other than those specified by law.
2. Destruction Period
Personal information whose retention period has expired is destroyed within five days from the end of the retention period. Personal information that is no longer necessary due to the achievement of the processing purpose, the end of the relevant service, or the termination of the business is destroyed within five days from the date it is recognized as unnecessary.
3. Destruction Method
Electronic files are destroyed using technical methods that make the records irrecoverable. Paper documents containing personal information are shredded or incinerated.
Article 8 (Measures to Ensure the Security of Personal Information)
The Jeju International Convention Center takes the following measures to ensure the security of personal information:
1. Minimization and Training of Personnel Handling Personal Information
The center designates specific employees to handle personal information and limits access to these designated personnel to minimize the number of people managing personal information.
2. Establishment and Implementation of Internal Management Plans
The center establishes and implements internal management plans to ensure the safe processing of personal information.
3. Technical Measures Against Hacking, etc.
The Jeju International Convention Center installs security programs, conducts regular updates and inspections, and places systems in areas where access from outside is controlled to prevent the leakage or damage of personal information due to hacking or computer viruses. Technical and physical monitoring and blocking are also implemented.
4. Encryption of Personal Information
Personal information is encrypted and stored, ensuring that only the individual can access it. Important data is encrypted for storage and transmission, or special security features such as file locking are employed.
5. Retention and Prevention of Falsification of Access Records
Records of access to the personal information processing system are kept and managed for at least one year. However, if the center processes personal information of over 50,000 subjects or handles unique identification information or sensitive information, the records are kept for at least two years. Security functions are used to prevent these records from being falsified, stolen, or lost.
6. Restriction on Access to Personal Information
Access control measures, such as granting, changing, and deleting access rights to the database system processing personal information, are implemented. Unauthorized access from outside is controlled using an intrusion prevention system.
7. Use of Locking Devices for Document Security
Documents and auxiliary storage media containing personal information are stored in a secure location with a locking device.
8. Access Control for Unauthorized Persons
A separate physical storage location is designated for storing personal information, and procedures are established and operated to control access to this location.
Article 9 (Matters Concerning the Installation and Operation of Automatic Personal Information Collection Devices and Refusal)
The Jeju International Convention Center does not use 'cookies,' which are tools to store and frequently retrieve user information.
Article 10 (Personal Information Protection Officer)
The Jeju International Convention Center designates a personal information protection officer who is responsible for overseeing the overall processing of personal information, handling complaints, and providing relief related to personal information.
Article 11 (Changes to the Personal Information Processing Policy)
This personal information processing policy will be applied from the effective date, and any additions, deletions, or corrections based on changes in laws or policies will be notified through the website's announcement section at least seven days before implementation.
Article 12 (Request for Access to Personal Information)
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act from the following department. The Jeju International Convention Center will strive to process requests for access promptly.
Department in Charge of Receiving and Processing Requests for Access to Personal Information:
· Department Name: Operations Support Team
· Contact Person: IT Management Representative
· Contact Information: 070-0000-0000
· Email: mobenaclinic@naver.com
· Fax: 02-2611-8134
Article 13 (Remedies for Infringement of Rights)
Data subjects can apply for dispute resolution or consultation regarding personal information infringement to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, or other related institutions. For further reports or consultations on personal information infringement, you may contact the following institutions:
1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)
Persons whose rights or interests have been violated by a public institution’s disposition or failure to act on requests made under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), or 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.