The purpose of collection and utilization of personal information

Your personal information processed by Sunjin are not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.

The period of retention and utilization of personal information

Sunjin handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information or the period to which each user consents when we collect the user’s personal information.

Provision of Personal Information to Third Parties

Sunjin does not provide personal information collected and retained thereby, to any third party without the relevant user’s consent, except in the following cases:

• Where a user specifically consents to provision of his/her personal information;
• Where other statute provides expressly;
• Where a user or his/her legal representative is incapable of communicating his/her intention or it is impossible to obtain consent from a user or his/her legal representative because his/her whereabouts are unknown but it is considered clearly necessary to urgently provide his/her personal information to a third party for the safety, health, or economic interests of the user or of a third party;
• Where personal information is provided in a form that makes it impossible to identify a specific person, as necessary for compiling statistics or scientific research;

When we provide your personal information to a third party, we will inform you of the following facts to obtain consent from you:

• The name of the recipient of personal information (or the name of the corporation or organization, if the recipient is a corporation or organization) and the contact information of the recipient;
• The recipient’s purposes of using personal information & The items of personal information to be provided.
• The duration during which the personal information will be retained and used by the recipient.
• The fact that the user has a right to refuse to consent and details of any disadvantages.

Outsourcing of Handling of Personal Information

Sunijn does not export its personal data without the data subject's consent outside the Foundation. If a third party organization is contracted to process personal information on Sunjin’s behalf, Sunjin, as Data Controller, remains responsible for posting the name of company outsourced and outsourced matters on our website.

• Matters regarding prohibiting the processing of personal information for purposes other than the execution of the work entrusted
• Matters regarding technical and administrative security measures for personal information.
• Other matters designated by Presidential Decree for the secure management of personal information as follows:
  • Purpose and scope of the work entrusted
  • Matters regarding restricting re-outsourcing
  • Matters regarding measures to secure safety, such as restricting access to personal information, etc.
  • Matters regarding supervision, such as inspecting the management situation of the personal information retained in relation to the entrusted work
  • Matters regarding responsibility, such as indemnity if the trustee has violated its obligated duty in accordance with Article 26, Paragraph 2 of the Act

Rights and Obligations of Information Subjects and their proxy, and Performance thereof

A user (if the user is under the age of 14, referring to his/her legal representative) may exercise the following rights in relation to protecting personal information:

• The right to request permission to inspect his/her personal information; You may request to view only your personal information of personal information files that Sunjin holds in accordance with the Personal Information Protection Act (other laws, if applicable). But, in the following cases, your viewing may be limited in accordance with Article 35 of the [Personal Information Protection Act].
  • Cases where viewing is prohibited or restricted by law.
  • If there is a risk of harming another person's life or body, or there is a risk of unjustifiable infringement of the property and other interests of another person
  • If it causes a serious disruption in a public agency’s performance of any of the following
    • Duties regarding examination of academic ability, function, and recruitment, or qualification examination
    • Duties regarding assessment or judgment in progress regarding compensation, or benefit calculation
    • Duties regarding audit and investigation in progress under other laws
• The right to request the deletion of his/her personal information; Request for correction·deletion of personal information file: You may request correction or deletion of personal information files to Sunjin in accordance with Article 36 (Correction and Deletion of Personal Information) of 「Personal Information Protection Act」. However, if other personal information is specified to be collected in the other laws and regulations, it cannot be requested to be deleted.
• The right to request Sunjin to suspend handling his/her personal information; Request to stop processing personal information: For the personal information file we hold, you may ask Sunjin to stop processing personal information in accordance with Article 37 (Suspension of Processing Personal Information) of the 「Personal Information Protection Act」.
  • If there is a special provision in the law or it is inevitable to comply with statutory obligations
  • If there is a risk of harming another person's life or body, or there is a risk of unjustifiable infringement of the property and other interests of another person
  • If a public agency cannot perform the duties prescribed to it by other laws if it does not process the personal information.
  • If the information is not processed, it is difficult to fulfill a contract, such as failure to provide the contracted service with the information subject, and the information subject does not clearly state the determination of contract.
• We will notify the action we take within 10 days for a requests to view, correct, delete, or stop processing personal information. The viewing, correcting, deleting, and processing of personal information can be requested through the relevant department.
• The rights according to the above can be exercised through the legal representative of the information subject or the delegated person. In such cases, the user shall submit a power of attorney.

List of Personal Information for Processing

Sunjin, as a general rule, does not entrust user information to others without user consent. However, after obtaining user consent, the following cases are when Sunjin currently consigns personal information.

Destruction of Personal Information

In principle, Sunjin destroys a user’s personal information after the period during which the personal information is retained ends or the purposes of handling the personal information have been attained. If Sunjin needs to retain the provided information in line with the relevant laws.
The procedure, deadlines, and methods for destroying it are as follows:

• Disposal Procedure
  As a general rule, Sunjin immediately discards personal information upon the fulfillment of the processing objective of the personal information or upon the expiry of the retention period.
• Disposal Deadline
  User’s personal information is destroyed within 5 days of retention period expiry, or 5 days from the date of acknowledging that use of relevant personal information is unnecessary.
• Disposal Method
  Technical method that restricts regeneration of records is used to destroy personal information saved in electronic document formats. Personal information on paper documents is either shredded or incinerated.

Procurement Measures for the Safety of Personal Information

Sunjin has taken the following technical and physical measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:

• Internal Management Protocol Establishment and Enforcement:
  Internal Management Protocol Establishment and Enforcement Internal management protocol (’14.1.6) is established and enforced to ensure safe and secure personal information Processing.
• Minimization and Education of Designation of Personal Information Managers:
  Sunjin shall minimize the designation of personal information managers and conduct regular education programs.
• Restricted Personal Information Access
  Measures required for controlled access to personal information are implemented through assignment, modification, and expiry of access permission to personal information processing database system, and Firewall system is used to control and monitor unauthorized access.
• Access Log Archiving and Falsification Prevention
  Personal information processing system access log is archived and managed for a minimum period of 6 months, and security features are applied to prevent falsification, tampering, the, or loss of access logs.
• Personal Information Encryption
  Passwords among users’ personal information are one-way encrypted for storage and management. Password is known only to the user. Additional security features, such as file or transmission data encryption or file lock feature, are applied to important and sensitive data.
• Technical Prevention Measures for Hacking, etc.
  Security Program is installed at Sunjin in order to prevent personal information disclosure or damage due to hacking, computer viruses, etc. Also, the program is updated and inspected on a regular basis, the system is installed in a restricted access area, and it is monitored and controlled technically and physically.
• Unauthorized Entry Control
  A physical location for storing personal information is established, and access and entry control procedures are established and operated.

Personal Information Security Officer

Sunjin appoints one of its personnel as the officer in charge of protecting personal information as follows: For any question or inquiry about personal information retained by Sunjin and the policy on the protection of personal information, please do not hesitate to contact us by any of the following means
Tel: +82-2-6333-3055 Email: ohmare@sunjin.co.kr

• Information Protection Director
• Department: Administration Department
• Name: Byung Min Oh
• Tel: +82-2-6333-3055
• Email: ohmare@sunjin.co.kr

• Information Protection Officer
• Department: Administration Department
• Name: Woosun Jang
• Tel: +82-2-6333-3015
• Email: wsjang@sunjin.co.kr

Amendment of Personal Information Management Policies

The modified personal information collection agreement takes effect on June 1, 2019

Remedy for Infringement

The Information Subjects may apply to the Personal Information Dispute Resolution Committee, Personal Information Infringement Reporting Center of the Korea Internet Security Agency, etc. for the purpose of remedying infringement of personal information.
With regard to other reports on infringement of personal information and counseling, please contact the following organizations:

• Personal Information Dispute Resolution Committee: (without area code) 118;
• Internet Crime Investigation Center of the Supreme Prosecutors’ Office: (http://www.spo.go.kr) +82-2-3480-3573;
• Cyber Terror Response Center of the National Police Agency (http://www.netan.go.kr/): +82-2-1566-0112.

Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36, or 37 of the Personal Information Dispute Mediation Committee, may file a petition for an administrative hearing in accordance with the provisions of the Administrative Appeals Act.

※ For more information on administrative trials, visit the Website of the Administrative Appeals Commission (http://www.simpan.go.kr)