Article 1 (Purpose of processing personal information)
The Organizing Committee processes personal information for the following purposes. Your information will not be used other than the following purposes and there will be additional measures to meet the regulations in the article 18 of the Personal Information Protection act if any change in the purposes occurs,
- 1. Online membership application, membership management, personal identification and authentication for member services, membership maintenance, prevention of unlawful use of services or activities hindering smooth service provision, preserving records for customer service and dispute resolution, dealing with appeals, delivering notices, and confirming intent to terminate the membership of the 18th FINA World Championships Gwangju 2019 and 18th FINA World Masters Championships Gwangju 2019.
- 2. Development and provision of new services, PR and marketing.
Maintaining statistics of member's service usage such as website access frequency, developing new services and provision of customized services (provision of services, advertisement and advertisement-related information according to statistics), confirming validity of service, and providing event information and opportunity to participate in the events.
Article 2 (personal information items to be processed)
The following personal information items will be recorded in personal information files by the Organizing Committee according to the article 32 of the Personal Information Protection Act.
조직위원회가 개인정보 보호법 제32조에 따라 개인정보파일 명칭, 운영근거 처리목적, 개인정보파일에 기록되는 개인정보 항목 별 개인정보파일에 기록하는 항목을 나타낸 표입니다.
|Name of the personal information file||Legal base / Purpose of processing||Personal information items to be recorded in personal information files|
|Membership information of the official websites of the 18th FINA World Champinships Gwangju 2019 and 18th FINA World Masters Championships Gwangju 2019. ||Article 15 of the Personal Information Protection Act / To support internal customer management and advertisement of the event. ||Required items: email (username), password, Name, newsletter agreement. |
※ If you wish to view other recorded items in the Organizing Committee's personal information file, please visit Personal Data Protection portal operated by Ministry of the Interior and Safety (www.privacy.go.kr) → Personal information petitions → Request personal information reading → personal information file search menu
- 1. Upon membership application, the Organizing Committee will process the following required personal information items for membership application, expedient customer support, and provision of various services.
- Required items: email (username), password, Name
- Optional item: Agreement to receive newsletter (you can still become a member without the agreement)
- 2. The following information may be automatically generated during service usage or processing personal information.
- IP addresses, cookies, connection records, service access logs, error logs, equipment information, etc.
- 3. The following information may be collected when using additional, customized services or applying for events using your username.
- Areas of interest, intention to participate in events prepared by the Organizing Committee, additional address and contact information for mailing gift items, etc.
Article 3 (Retention period)
Fundamentally, a user's personal information will be discarded immediately once the purpose of the personal information processing is obtained.
- Membership information: When membership is terminated.
The following items will be retained for specified period.
- Personal information regarding membership: email (username), password, name, etc.
- Reason for retention: For expedient customer service, provision of various services, etc.
- Retention period: Three years from membership application (Until this web service is closed in July 2021).
- Website access record retention
- Reason for retention: When the head of an intelligence and investigative agency or a judicial police officer request measures restricting communications
- Retention period: Three months
Article 4 (Release of personal information to third party)
- ① The Organizing Committee uses personal information according to purposes stated in the Article 2. The information may be provided to a third party only when it meets the regulations in Articles 17 and 18 of the Personal Information Protection Act.
- ② The Organizing Committee will not provide personal information to a third party outside the range regulated by Items 1 and 3 of Article 17 of the Personal Information Protection Act. Notwithstanding paragraph (1), where any of the following subparagraphs applies, the Organizing Committee may provide personal information to a third party for other purpose than the intended one, unless it is likely to infringe on unfairly the interest of a data subject or third party:
- 1. Where additional consent is obtained from the data subject.
- 2. Where special provisions exist in other laws.
- 3. Where it deems necessary explicitly for the protection, from impending danger, of life, body or economic profits of the data subject or third party in case that the data subject or his/her legal representative is not in a position to express intention, or prior consent cannot be obtained owing to unknown addresses.
- 4. Where personal information is provided in a manner keeping a specific individual unidentifiable necessarily for the purposes of statistics and academic research, etc.
- 5. Where it is impossible to perform the duties under its jurisdiction as provided for in any Act unless the personal information controller uses personal information for other purpose than the intended one, or provides it to a third party, and it is subject to the deliberation and resolution of the Personal Information Protection Commission.
- 6. Where it is necessary to provide personal information to a foreign government or international organization to perform a treaty or other international convention.
- 7. Where it is necessary for the investigation of a crime, indictment and prosecution.
- 8. Where it is necessary for the court to proceed the case.
- 9. Where it is necessary for punishment, and enforcement of care and custody.
The Organizing Committee shall inform the data subject of the following matters when it obtains the consent under paragraph (2) 1. The same shall apply when any of the following is modified When the Organizing Committee provides personal information to a third party for other purpose than the intended one in any case provided for in items 2 to 6 and 8 and 9 above, the Organizing Committee shall post its legal basis, purposes and scope on the official website.
Article 5 (Outsourcing of personal information processing)
- ① The Organizing Committee is outsourcing the services below to improve service quality and safe handling of personal information. The Organizing Committee is educating the outsourcee so that personal information of data subjects may not be lost, stolen, leaked, forged, altered, or damaged owing to the outsourcing of work, and is supervising how the outsourcee processes such personal information safely.
- ② Outsourcing information
조직위원회의 개인정보 처리 위탁기관 및 위탁업무 내용을 나타낸 표입니다.
|Outsourcee||Outsourcing items||Personal Information processing and retention period|
|COMIN Information System||To develop and operate system for service provision||Follows the regulation in article 3. If outsourcing contract is terminated the period shall be until the contract is terminated. |
Article 6 (Process and method of personal information destruction)
- ① The Organizing Committee will destroy personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing the personal information, etc.
- ② Where the Organizing Committee is obliged to retain personal information pursuant to the provisions of other law, the relevant personal information or personal information files shall be stored in a different database or managed separately from other personal information.
- ③ Process and method of destroying personal information.
- 1. Process
The Organizing Committee establishes personal information destruction plan to destroy personal information or personal information files. The Organizing Committee selects personal information or personal information files to be destroyed and destroys them under authorization of personal information protection officer. The information provided by the data subject will be moved to a different database (if in a paper format, to a different document) after the stated purpose has been attained and will be retained according to internal regulations and relevant laws. The information will be destroyed without delay once the retention period has expired. The personal information moved to the database will not be used for purposes other then those regulated by law.
- 2. Destruction deadline
Personal information of the data subject will be destroyed within five days of the expiration of the retention period. If personal information of the data subject has become unnecessary due to attainment of the purpose of processing the information, service termination, or termination of the business, etc, the information will be destroyed within five days of the judgement that the personal information has become unnecessary.
- 3. Methods of destroying personal information
Personal information in printouts will be shredded or incinerated. Personal information in electronic files will be permanently erased, using technical methods to prevent restoration of data.
Article 7 (Safeguarding personal information)
The Organizing Committee is conducting technical, managerial and physical measures to safeguard personal information according to Article 29 of the Personal Information Protection Act and Article 28 of the Act on Promotion of Information and Communications Network Utilization.
- ① Establishing and implementing internal management plan: The Organizing Committee has established and implementing internal management plan to safeguard personal information processing.
- ② Minimizing number of personal information handlers. Education: The Organizing Committee has designated handlers of personal information and limits handling of personal information to the handlers. The Organizing Committee maintains regular education of the handlers to observe the personal information processing regulation.
- ③ Managing access to personal information: The Organizing Committee is taking necessary measures in granting, changing and terminating access to personal information database to control access to personal information. The Organizing Committee is using intrusion detection system to control unauthorized access from the outside.
- ④ Access control: The Organizing Committee has installed security programs and routinely making checks and updates to prevent personal information leakage or damage by hacking or viruses. The Organizing Committee has installed personal information database in a controlled area and is controlling access to the area using technical and physical methods.
- ⑤ Encryption of personal information: Data subject's personal information is stored and managed by means of encryption. When handling important data, additional security functions such as encrypting file or transfer data and file locking features are being used.
- ⑥ Storage and inspection of access log: The Organizing Committee maintains access logs to personal information database by the handlers for at least six months, and conducts half-term inspections to check for lost, stolen, leaked, forged, altered, or damaged personal information.
- ⑦ Safeguarding management terminals: The Organizing Committee applies the following safeguard measures to prevent leakage of personal information.
- 1. Measures to prevent unauthorized access and operation of management terminals.
- 2. Measures to prevent use of management terminals for purposes other than originally stated.
- 3. Security measures to prevent malicious software infection.
- ⑧ Physical safeguard: The Organizing Committee has designated exclusive personal information storage area and is controlling access to the area. Also, the Organizing Committee is storing documents and storage devices with personal information in a safe place with locks.
- ⑨ Preventing infection by malicious software: The Organizing Committee has installed security programs and routinely making checks and updates to prevent leakage or damage of personal information by hacking or computer viruses. The Organizing Committee has installed personal information database in a controlled area and is controlling access to the area using technical and physical methods. The Organizing Committee observes the following items:
- 1. Maintaining up-to-date status of security programs by using automatic update function or through daily updates.
- 2. Making immediate updates to applications or operating system when there is a malicious software alert security update notice from software makers.
- 3. Taking measures such as deleting identified malicious software, etc.
- ⑩ Operating dedicated organization to protect personal information
- The Organizing Committee is trying to immediately correct problems relating to personal information protection by establishing dedicated organization to protect personal information.
- However, the Organizing Committee shall not be held liable for user's carelessness despite the fact that the Committee has performed all its personal information protection duties or if the accident has occurred outside the boundaries of the Committee's managerial responsibilities.
- ⑪ Safeguarding measures and inspection: The Organizing Committee routinely inspects the implementation of the above measures.
Article 8 (Data subject's rights, duties and the ways to exercise those rights and duties)
- ① The data subject can always exercise the following rights with the Organizing Committee.
- 1. Request viewing his/her personal information
- 2. Request correction of mistaken information
- 3. Request deletion of information
- 4. Request suspension of processing
- 5. Request notification if his/her personal information has been collected from sources other than the subject him/herself.
Upon request from the data subject, the Organizing Committee immediately notifies the following items to the data subject if personal information of the subject is collected from sources other than the subject him/herself.
- 1) Source of personal information
- 2) Purpose of processing of personal information
- ② The rights under paragraph 1 above can be exercised via written notice, telephone calls, emails, facsimile, etc. to the Organizing Committee. The Organizing Committee shall take immediate measures upon request.
- ③ If the data subject demands correction or removal of any mistaken personal information, the Organizing Committee shall not use or provide the personal information until such correction or removal is completed.
- ④ The rights under paragraph 1 above can be exercised by a legal representative of the data subject or a duly authorized representative of the data subject, upon which the power of attorney in accordance with Form No. 11 of the Enforcement Rule of the Personal Information Protection Act shall be submitted.
- ⑤ The data subject shall not infringe upon the privacy or personal information of him/herself or others being handled by the Organizing Committee in violation of relevant laws and regulations such as the Personal Information Protection Act.
Article 9 (Matters related to establishment, operation and rejection of automatic collection methods of personal information)
- ① Cookies
- To provide personalized and customized services, the Organizing Committee may use 'cookies' to store and load user's personal information from time to time.
- Cookies refer to very small text files sent to the browser of the user by the server being used to operate the website, which are saved on the hard disk of the user’s PC. If the user visits the website again, the server of the website reads the cookies saved on the hard disk of the user to maintain the settings of the user and provide customized services.
- Cookies do not automatically or actively collect personal identification information, and users can always reject or delete the cookies.
- The cookies are used to identify the patterns of user's visits and usage of each service and the website of the Organizing Committee, popular search terms, secured connection, number of users, etc. to provide optimized and customized information to users, including promotional information.
- ③ Rejecting installation and operation of cookies
- The user has rights to choose cookie installation. Therefore, the user may set options in browsers to allow all cookies, to check each time cookies are saved, or reject save of all cookies.
- However, if the user rejects saving of cookies, he or she may experience limits while using some services by the Organizing Committee that require log-ins.
Article 10 (Matters related to the personal information protection officer)
Article 11 (Request viewing of personal information)
- ① The data subject may ask viewing his/her personal information under article 35 of the Personal Information Protection Act to the department responsible for personal information protection. The Organizing Committee shall take reasonable measures for prompt handling of the information subject’s request to access personal information.
- ② The data subject may request viwing personal information via the website of the personal information protection portal of the Ministry of the Interior and Safety (www.privacy.go.kr), in addition to filing the request to the responsible department, etc. as stated in paragraph 1 above.
▶ Personal information protection portal, Ministry of the Interior and Safety → Personal information petitions → Request personal information viewing, etc. (personal identification required through public I-pin)