RIGHT Foundation Privacy Guideline
Author
국제보건기술연구기금
Date
2023-09-07 11:07
Views
497
RIGHT Foundation Privacy Guideline
The RIGHT Foundation (hereinafter referred to as "the Foundation") establishes and presents this Privacy Guideline to ensure the privacy of data subjects pursuant to Article 30 of the Personal Information Protection Act of Korea and to effectively address any privacy-related concerns.
○ This Privacy Guideline will be effective from 08 25 2023.
Article 1 (Purpose of Processing Personal Information)
The Foundation processes personal information for the following purposes: If the purpose of personal information processing change, the Foundation will implement necessary actions, including obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
① The Foundation will retain and use the personal information in accordance with either the time frame stipulated by relevant laws or the duration agreed upon by data subjects at the time of collection.
② The corresponding use and retention periods of processed personal information items are as follows:
The Foundation processes the following personal data items:
The Foundation provides personal information to third parties only when there is consent from the individual or when it is required by applicable laws as stipulated in Articles 17 and 18 of the Personal Information Protection Act.
Article 5 (Outsourcing Personal Information Processing)
① The Foundation has outsourced its personal information processing tasks for efficiency as follows:
③ In the event of a change in the content of the outsourced processing or the Outsourcer, the Foundation will promptly disclose such changes through this Privacy Guideline.
Article 6 (Cross-border Transfer of Personal Information)
The Foundation delegates the responsibilities of collection, management, evaluation and notification of research grant applications to Fluxx Labs Inc., a corporation based overseas, according to the specifics outlined below.
Article 7 (Personal Data Destruction Procedure and Method)
① When personal information becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Foundation disposes of the personal information promptly.
② In cases where personal information needs to be retained continuously pursuant to other laws despite the expiration of the agreed-upon retention period or the achievement of the processing purpose, it will be transferred to a separate database (DB) or stored in a different location.
③ The following outlines the procedure and method for the destruction of personal information:
① Data subjects possess the right to request access, correction, deletion, and suspension of their personal information from the Foundation at any time.
② The exercise of rights pursuant to Paragraph 1 can be made in writing, through email, or other means pursuant to Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Foundation will promptly implement necessary actions upon receipt of valid requests.
③ The data subject may exercise their rights in accordance with Paragraph 1, either directly or indirectly through their legal representative or an authorized agent.
④ The rights of data subjects to access personal information and request the suspension of its processing may be subject to limitations as stipulated by Article 35 Paragraph 4 and Article 37 Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information in question is explicitly required to be collected under other legal provisions, requests for correction and deletion of such information may be declined.
⑥ The Foundation verifies the identity of the requester, whether an individual or their legitimate representative, who has submitted requests such as access, correction, deletion, or processing suspension in accordance with the data subject's rights.
Article 9 (Measures to Safeguard Personal Information)
The Foundation takes the following measures to safeguard personal information.
① The Foundation utilizes cookies to collect and retrieve users' browsing histories, allowing for the delivery of personalized services tailored to each user.
② Cookies are small data fragments that are transmitted from a website's server (HTTP) to users' computer browsers and may be subsequently stored on the hard disks of their PCs.
The foundation appoints a Privacy Officer to oversee tasks concerning the processing of personal information, including addressing complaints and grievances and providing remedies for data subjects in relation to personal information processing, as outlined below:
-> Privacy Officer
Name: Hanee Kim
Title: CEO
Contact information: +82-2-6337-9400; hani.kim@rightfoundation.kr
-> Privacy Department
Department name: Finance and Operation
Contact person: Jiyoung Moon
Contact information: +82-2-6337-9412; jiyoung.moon@rightfoundation.kr
② Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal information that arise while using the Foundation's services or business. The Foundation will promptly respond and handle inquiries from data subjects.
Article 12 (Responsible Department for Receiving and Addressing Requests for Personal Information Access)
Pursuant to Article 35 of the Personal Information Protection Act, data subjects have the right to request access to their personal information from the Privacy Department (refer to Article 11). The Foundation will strive to expedite the processing of these access requests upon receiving them from the data subjects.
Article 13 (Remedy for Infringement of Rights and Interests of Data Subjects)
Data subjects seeking remedies for personal information infringements can submit requests for dispute resolution or consultation to authorities such as the Personal Information Dispute Mediation Committee and the Privacy Breach Report of Korea Internet & Security Agency. Additionally, the authorities listed below can offer support for reporting or seeking advice on issues related to other instances of personal information breaches.
This Privacy Guideline will be effective from 08 25 2023.
The RIGHT Foundation (hereinafter referred to as "the Foundation") establishes and presents this Privacy Guideline to ensure the privacy of data subjects pursuant to Article 30 of the Personal Information Protection Act of Korea and to effectively address any privacy-related concerns.
○ This Privacy Guideline will be effective from 08 25 2023.
Article 1 (Purpose of Processing Personal Information)
The Foundation processes personal information for the following purposes: If the purpose of personal information processing change, the Foundation will implement necessary actions, including obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
- Applicants’ personal information: The Foundation processes personal information to decide and execute the provision of research funds and grants.
- Reviewers’ personal information: The Foundation processes personal information for payment and tax filing purposes.
- Newsletter recipients’ personal information: The Foundation processes personal information to manage subscriptions and send newsletters.
① The Foundation will retain and use the personal information in accordance with either the time frame stipulated by relevant laws or the duration agreed upon by data subjects at the time of collection.
② The corresponding use and retention periods of processed personal information items are as follows:
- Applicants’ personal information For those who are awarded a project by the Foundation, their personal information will be retained and used for 5 years after the end of the project for the purposes stated above. For those who are not awarded a project, their personal information will only be retained for 1 year from the date of the decision. Basis for the retention: Consent from the data subject
- Reviewers’ personal information Reviewers' personal information will be retained and used until 5 years after the end of the final report period, starting from the date they provide consent for the collection and usage of their information. Basis for the retention: Consent from the data subject, as required by Article 160-2 of the Income Tax Act
- Newsletter recipients’ personal information Newsletter recipients' personal information will be retained and used until the data subject opts out, beginning from the date of consent for data collection and usage.
The Foundation processes the following personal data items:
- Applicants’ personal information Required items: Name, company name, phone number, email, and title
- Reviewers’ personal information Required items: Name, resident registration number (Korean citizens), passport number (non-Korean citizens), phone number, email, company name, title, bank account information, and nationality
- Newsletter recipients’ personal information Required items: Name, affiliation (department and position), email Optional items: Phone number (mobile)
The Foundation provides personal information to third parties only when there is consent from the individual or when it is required by applicable laws as stipulated in Articles 17 and 18 of the Personal Information Protection Act.
Article 5 (Outsourcing Personal Information Processing)
① The Foundation has outsourced its personal information processing tasks for efficiency as follows:
- Outsourced tasks: Research grant management
- Outsourcing provider (Outsourcer): Fluxx Labs Inc.
- Outsourcing period: Till the withdrawal of the membership
- Responsibilities in outsourced tasks: Recruiting research grant applicants, grant management, evaluation, and notifications
③ In the event of a change in the content of the outsourced processing or the Outsourcer, the Foundation will promptly disclose such changes through this Privacy Guideline.
Article 6 (Cross-border Transfer of Personal Information)
The Foundation delegates the responsibilities of collection, management, evaluation and notification of research grant applications to Fluxx Labs Inc., a corporation based overseas, according to the specifics outlined below.
Article 7 (Personal Data Destruction Procedure and Method)
① When personal information becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Foundation disposes of the personal information promptly.
② In cases where personal information needs to be retained continuously pursuant to other laws despite the expiration of the agreed-upon retention period or the achievement of the processing purpose, it will be transferred to a separate database (DB) or stored in a different location.
③ The following outlines the procedure and method for the destruction of personal information:
- Destruction process The Foundation identifies personal information that is eligible for or requires destruction and initiates the destruction process upon receiving approval from the Privacy Officer.
- Destruction method As for personal information printed on paper, it undergoes proper disposal through shredding or incineration. Personal information stored in electronic formats is subjected to secure deletion using unrecoverable and irreversible techniques.
① Data subjects possess the right to request access, correction, deletion, and suspension of their personal information from the Foundation at any time.
② The exercise of rights pursuant to Paragraph 1 can be made in writing, through email, or other means pursuant to Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Foundation will promptly implement necessary actions upon receipt of valid requests.
③ The data subject may exercise their rights in accordance with Paragraph 1, either directly or indirectly through their legal representative or an authorized agent.
④ The rights of data subjects to access personal information and request the suspension of its processing may be subject to limitations as stipulated by Article 35 Paragraph 4 and Article 37 Paragraph 2 of the Personal Information Protection Act.
⑤ If the personal information in question is explicitly required to be collected under other legal provisions, requests for correction and deletion of such information may be declined.
⑥ The Foundation verifies the identity of the requester, whether an individual or their legitimate representative, who has submitted requests such as access, correction, deletion, or processing suspension in accordance with the data subject's rights.
Article 9 (Measures to Safeguard Personal Information)
The Foundation takes the following measures to safeguard personal information.
- Establishment and execution of internal control plan The Foundation has established and implemented internal control plan to ensure the secure processing of personal information.
- Minimization and training of personal information handling staff The Foundation has restricted the handling of personal information to a designated group of employees and has implemented measures to control the handling of personal information.
- Regular internal audits To ensure security and proper handling of personal information, the Foundation conducts internal audits on a regular (quarterly) basis.
- Controlling personal information access The Foundation employs essential measures to manage access to personal information by managing permissions for accessing personal information databases, encompassing actions such as granting, updating, and revoking access permissions, while implementing an intrusion prevention system to prevent any unauthorized external access attempts.
- Maintenance and security of access records The Foundation ensures the retention and management of access records for the personal information processing system for a minimum period of one year. Moreover, a comprehensive security mechanism is in place to prevent forgery, alteration, theft, and the unintentional loss of these records.
- Encryption of personal information Personally identifiable information, such as passport details, undergoes encryption upon reception, transmission, or transfer to ensure security.
- Technical measures against hacking and similar threats In order to prevent the potential leakage and damage of personal information due to hacking or computer viruses, the Foundation employs a variety of technical and physical measures, encompassing the installation of security programs that are regularly updated and assessed, as well as the establishment of systems in zones where external access is strictly controlled.
- Controlling unauthorized access The Foundation stores and maintains personal information in physically segregated locations, implementing rigorous access control procedures and protocols.
- Locking devices for document security Physical documents and auxiliary storage media containing personal information are securely stored and maintained in designated locations equipped with locking mechanism.
① The Foundation utilizes cookies to collect and retrieve users' browsing histories, allowing for the delivery of personalized services tailored to each user.
② Cookies are small data fragments that are transmitted from a website's server (HTTP) to users' computer browsers and may be subsequently stored on the hard disks of their PCs.
- Purpose of cookies: Cookies are utilized to enhance services by analyzing factors such as users' access frequency, visit duration, preferences, and interests and to track information about viewed web pages, enabling the provision of new offers.
- How to install, enable, or reject cookies: Users have the option to configure their web browsers to allow all cookies, request permission before saving cookies, or refuse all cookies.
- Please note that rejecting cookies may result in limited access to some services.
The foundation appoints a Privacy Officer to oversee tasks concerning the processing of personal information, including addressing complaints and grievances and providing remedies for data subjects in relation to personal information processing, as outlined below:
-> Privacy Officer
Name: Hanee Kim
Title: CEO
Contact information: +82-2-6337-9400; hani.kim@rightfoundation.kr
-> Privacy Department
Department name: Finance and Operation
Contact person: Jiyoung Moon
Contact information: +82-2-6337-9412; jiyoung.moon@rightfoundation.kr
② Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal information that arise while using the Foundation's services or business. The Foundation will promptly respond and handle inquiries from data subjects.
Article 12 (Responsible Department for Receiving and Addressing Requests for Personal Information Access)
Pursuant to Article 35 of the Personal Information Protection Act, data subjects have the right to request access to their personal information from the Privacy Department (refer to Article 11). The Foundation will strive to expedite the processing of these access requests upon receiving them from the data subjects.
Article 13 (Remedy for Infringement of Rights and Interests of Data Subjects)
Data subjects seeking remedies for personal information infringements can submit requests for dispute resolution or consultation to authorities such as the Personal Information Dispute Mediation Committee and the Privacy Breach Report of Korea Internet & Security Agency. Additionally, the authorities listed below can offer support for reporting or seeking advice on issues related to other instances of personal information breaches.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Privacy Breach Report: 118 (privacy.kisa.or.kr)
- Prosecution Service: 1301 (privacy.kisa.or.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
This Privacy Guideline will be effective from 08 25 2023.