Article 1(Purpose of processing personal information)
The Organizing Committee processes personal information for the following purposes. Data subjects’ personal information will not be used for any purpose other than the following. In the event of any change in purpose, additional measures will be implemented in order to fulfill the requirements of Article 18 of the Personal Information Protection Act.
- 1. Online membership application and management
- Personal information will be processed to confirm a user’s intent to become a member, to enable personal identification and authentication for member services, for membership maintenance and management, to enable personal identification to meet limited real-name system, to prevent unlawful use of services, to obtain and verify consent from a legal guardian in the case of a subject being under 14 years old, for notification and reporting, and for the resolution of complaints.
- 2. Recruiting, operation and management of volunteers
- Personal information will be processed in order to manage volunteer activities and for insurance purposes.
Article 2 (Processing and retention period)
- ① The Organizing Committee shall retain and processes personal information for the period specified by law, or as agreed upon by the data subject at the time of initial consent.
- ② Detailed information about the processing and retention period can be found at the following link.
Article 3 (Release of personal information to a third party)
- ① The Organizing Committee processes personal information according to the purposes stated in Article 1 (Purpose of processing personal information). The information may be provided to a third party only when consent has been received from the data subject, or if it meets the regulations of Article 17 of the Personal Information Protection Act.
- ② The following is the list of general personal information items that Gwangju Metropolitan City Government legally provides to other agencies.
Article 4 (Outsourcing of personal information processing)
- ① The Organizing Committee is outsourcing the services as set out below in order to ensure smooth processing of personal information. List of personal information outsourcing Download
- ② In accordance with Article 25 of the Personal Information Protection Act, the Organizing Committee has specified to the outsourcee in contract documents the requisite regulations for the safe processing of personal information by the outsourcee. These regulations include: prohibiting the handling of personal information for anything other than the established outsourcing purposes, technical and managerial protective measures, restricting re-outsourcing, supervision of the outsourcee, and potential compensation for damages. The Organizing Committee also supervises the safe processing of personal information by the outsourcee.
Article 5 (Data subjects’ rights, duties, and how to exercise them)
- ① The data subject can always exercise his/her rights with the Organizing Committee, such as to request to view their information, or to request corrections, removal, or suspension of processing of his/her personal information.
- ② A data subject’s rights, as laid out under Paragraph ①, can be exercised via written notice, phone, email or fax. The Organizing Committee shall take immediate measures upon receipt of such a request.
- ③ If any data subject demands the correction or removal of any mistaken personal information, the Organizing Committee shall not use the personal information, or provide it to any third party, until such correction or removal is complete.
- ④ The rights under Paragraph ① can be exercised by a legal representative of the data subject or by a duly authorized representative of the data subject, upon which the power of attorney in accordance with form No. 11 of the Enforcement Decree of the Personal Information Protection Act shall be submitted.
- ⑤ The data subject shall not infringe upon their own privacy or personal information, nor that of any other data subject processed by the Organizing Committee, in violation of the relevant laws such as the Personal Information Protection Act.
Article 6 (Personal information items to be processed)
- The Organizing Committee processes the following personal information items.
Article 7 (Destruction of personal information)
- ① The Organizing Committee shall destroy personal information without delay once the personal information is no longer required, due to the expiry of the retention period, attainment of the purpose of processing the personal information, etc.
- ② In any event where the Organizing Committee is obliged to retain personal information pursuant to the provisions of other laws, despite the expiration of the agreed retention period or when the purpose of processing the information has been attained, the relevant personal information shall be stored in a different database or kept in a different location.
- ③ The following is the process and method of destroying personal information.
- The Organizing Committee selects the personal information to be destroyed and destroys it under the authorization of the personal information protection officer.
- The Organizing Committee shall destroy personal information in electronic files to prevent restoration of data. Personal information in printouts shall be shredded or incinerated.
Article 8 (Safeguarding personal information)
The Organizing Committee is conducting the following measures in order to safeguard personal information.
- Managerial measures: Establishing and implementing internal management plans, conducting regular employee education, etc.
- Technical measures: Controlling access to personal information system, installing access control system, encrypting personal identification information, and installing security programs.
- Physical measures: Controlling access to computer centers and data storage locations, etc.
Article 9 (Matters related to establishment, operation and rejection of automatic personal information collection system)
Article 10 (Personal information protection officer)
- ① The Organizing Committee has designated a personal information officer to take charge of duties associated with processing personal information, handle any complaints, and recover damages of data subjects in relation to the processing of personal information.
- Personal information protection officer
- Name: JANG, Myung-hwan
- Position: Director, Operations HQ
- Phone: 062-616-3400
- Personal information protection department
- Department: Information & Communications
- Person in charge: CHOI, Jeong-hyeon
- Phone: 062-616-3523
- Fax: 062-616-3529
- Email: firstname.lastname@example.org
- Personal information protection officer
- ② The data subject may contact the personal information protection officer and the department responsible for personal information protection for any relevant inquires or grievances or to recover damages related to personal information protection that occurred during the process of using the services (or business) of the Organizing Committee.
Article 11 (Request to view personal information)
The data subject may request to view his/her personal information under Article 35 of the Personal Information Protection Act. The Organizing Committee shall take appropriate measures to ensure the prompt handling of the data subject’s request to view their personal information.
- Department in charge of receiving and processing requests to view personal information
- The department specified on the personal information management file (Article 2, Paragraph 2)
Article 12 (Remedy of infringement of rights and interests)
The data subject can contact the following agencies in the event of any grievances or complaints regarding personal information infringements.
<The following agencies are not affiliated with the Organizing Committee. Please contact these agencies only if the Organizing Committee’s handling of personal information infringement is unsatisfactory, or if further assistance is required.>
- Center for Cyber Difficulties (operated by Korea Internet & Security Agency)
- Personal information infringement report & counselling support
- Website: privacy.kisa.or.kr
- Phone: (without area code) 118
- Address: Center for Cyber Difficulties, Korea Internet & Security Agency, 3rd. floor, 9 Jinheung-gil (301-2 Bitgaram-dong), Naju, Jeollanam-do 58324
- Personal Information Dispute Resolution Committee (operated by Personal Information Protection Committee)
- Resolving personal information disputes & group disputes
- Website: www.kipico.go.kr
- Phone: (without area code) 1833-6972
- Address: Personal Information Protection Committee, 4th floor, Government Complex Seoul, 209 Sejong-daero, Jongro-gu, Seoul 03171
- Cyber Investigation Group, Supreme Prosecutor's Office: (without area code) 1301 (www.spo.go.kr)
- Cyber Bureau, National Police Agency: (without area code) 182 (cyberbureau.police.go.kr)