Applied since November 4, 2022
Article 1 (Purpose of processing personal information)
The Committee processes personal information for the following purposes. The personal information being processed will not be used for any of the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the 「Personal Information Protection Act」.
- Attendee registration, Registration fee payment and Attendee Check-in
- To register attendees, Accept registration fee payments, and to handle attende check-in on event dates.
- To manage registration fee payment
- Marketing and advertisement
- To provide event schedule information, and to send promotional email when sponsor requests.
- Proposal submission and notification
- For providing a request for improvement of the proposal and notify proposal acceptance.
- Travel sponsorship registration
- To book round trip tickets, accomodation or provide reimbursement for those who applied for travel sponsorship and participate on-site.
- Visa invitation letter request
- To provide visa invitation letter, Informations on visa issue procedure and required documents for those who need to issue visa to participate on-site.
Article 2 (Items of personal information to be processed and its holding period)
- The Committe processes and holds personal information within the period of holding and using personal information or the period of holding and using personal information agreed upon when collecting personal information from the data subject according to the law.
- Each personal information processing and holding period is as follows.
Purpose Items to be collected Collected from When and how collected Holding period Attendee registration, and Attendee Check-in Name, Affiliation, Job or Titlor Nationality, Email address Festa.io or Tito.io event platform When registration is complete via event platform 1 years Registration fee payment Payment history Festa.io or Tito.io event platform When registration is complete via event platform 5 years Marketing and advertisement Email address Festa.io or Tito.io event platform When registration is complete via event platform 1 year Proposal submission and notification (Required) Name, Email address (Optional) Phone number, Affiliation, Job or Title Event website and Google Form When submitting the Google Form provided by the The Committee 1 year Travel sponsorship registration (Required) Name, Email address, Nationality, Affiliation (Requested if needed) Payment method information such as bank account Event website and Google Form When submitting the Google Form provided by the The Committee 1 year Visa invitation letter request (Required) Name, Email address, Nationality, Affiliation, Date of birth, Passport number, Passport expiry date (Requested if needed) Passport place of issue, Sex Event website and Google Form When submitting the Google Form provided by the The Committee Discard immediately after the event ends
Article 3 (Provision of personal information to third parties)
- The Committee processes personal information only within the scope specified in Article 1 (Purpose of processing personal information) and provides personal information to third parties only if they fall under Articles 19 and 18 of the 「Personal Information Protection Act」, such as consent of the data subject and special provisions of the law.
- The Committee provides personal information to following third parties.
|The subject who receives personal information||Location||Contact||Items to be provided||Purpose of use||Period of holding and use||Destruction method|
|NHN Cloud Corp.||7F, 4, 16, Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Koreafirstname.lastname@example.org||Name, Affiliation, Job or title, Nationality, Email||To provide event, promotions and latest information for marketing purpose||2 years||Data on papers will be burned or shredded. Digital data will be deleted using technologies that makes data not readable or recoverable.|
|NAVER Cloud Corp.||13F-15F, 131, Bundangnaegok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea||Sangin Kim (email@example.com)||Name, Affiliation, Job or title, Nationality, Email, Whether checked-in (In-person), Types of tickets purchased, Whether participated last time, How participant get to know about the event||To provide NAVER Cloud Platform (ncloud.com) Monthly newsletter, Education/Webinars/Event informations||2 years||Will be deleted automatically once period expires|
Article 4 (Entrustment of personal information process)
- The Committee entrusts personal information processing as follows for smooth personal information processing.
|Entrustee||Location||When and how entrueted||Contact||Entrusted items||Entrusted works||Period of holding and use|
|Festa Inc.||19F, 8, 331beon-gil, Seongnam-daero, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea||When the participant registers at firstname.lastname@example.org||Name, Affiliation, Job or Titlor Nationality, Email address||Participant registration management||1 years|
|Festa Inc.||19F, 8, 331beon-gil, Seongnam-daero, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea||When the participant registers at email@example.com||Payment history||Participant payment management||5 years|
- When concluding a entrustment contract, the The Committee shall, in accordance with Article 26 of the 「Personal Information Protection Act」, specify processing of personal information other than for the purpose of performing entrusted tasks is prohibited, technical and administrative protection measures, restrictions on re-entrustment, processing and supervision of the entrustee, and compensation for damages, etc. in documents such as contracts, and supervises whether the entrustee processes personal information safely.
Article 5 (International transfer of personal information)
- The Committee entrusts followings to overseas corporations.
|Entrustee||Location||When and how entrueted||Contact||Entrusted items||Entrusted works||Period of holding and use|
|Google LLC||United States of America||When submitting the Google Form provided by the The Committeefirstname.lastname@example.org||Name, Email address, Phone number, Affiliation, Job or Title, Payment method information such as bank account, Date of birth, Passport number, Passport expiry date, Passport place of issue, Sex||Proposal submission, Visa invitation letter request, Travel sponsorship request and more||1 year|
|Team Tito Limited||64 Dame Street, Dublin, Ireland D02 RT72||When the participant registers at Titoemail@example.com||Name, Affiliation, Job or Titlor Nationality, Email address||Participant registration management||1 years|
|Team Tito Limited||64 Dame Street, Dublin, Ireland D02 RT72||When the participant registers at Titofirstname.lastname@example.org||Payment history||Participant payment management||5 years|
Article 6 (Personal information destruction procedure and destruction method)
- The Committee destroys the personal information without delay when the personal information becomes unnecessary, such as the elapse of the personal information retention period or achievement of the Purpose of processing.
- If the personal information retention period agreed by the data subject has elapsed or the personal information needs to be kept in accordance with other laws despite the achievement of the Purpose of processing, the personal information may be moved to a separate database (DB) or stored in different places to preserve it.
- The procedure and method of personal information destruction are as follows.
- Destruction procedure
- The Committee selects the personal information for which the reason for destruction has occurred, and destroys personal information with the approval of the personal information protection officer of the The Committee.
- Destruction method
- Information in the form of electronic files uses a technical method that cannot reproduce the record.
- Personal information printed on paper is shredded with a shredder or destroyed through incineration.
- Destruction procedure
Article 7 (Rights and obligations of subjects of information and legal representatives and methods of exercising them)
- The data subject can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the The Committee.
- The exercise of rights pursuant to Paragraph 1 may be made to the The Committee in writing, e-mail, fax, etc. in accordance with Article 41 Paragraph 1 of the 「Enforcement Decree of the Personal Information Protection Act」, and the The Committee will take action without delay.
- The exercise of rights pursuant to Paragraph 1 may be done through an agent such as the legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the “Personal Information Processing Method Notice (No. 2020-7)”.
- The rights of the information subject may be restricted in accordance with Article 35 Paragraph 4 and Article 37 Paragraph 2 of the 「Personal Information Protection Act」.
- The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
- The Committee confirms whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the right of the data subject.
Article 8 (Measures to ensure the safety of personal information)
The Committee is taking the following measures to ensure the safety of personal information.
- Establishment and implementation of internal management plan
- We have established and implemented an internal management plan for safe handling of personal information.
- Restricting access to personal information
- We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from outside.
Article 9 (Installation and operation of devices that automatically collect personal information and denial of that)
- The Committee uses ‘cookies’ that store and retrieve usage information from time to time to provide users with individually customized services.
- A cookie is a small amount of information that the server (http) used to operate the website sends to the user’s computer browser and is also stored on the hard disk of the user’s PC computer.
- Denial of installation and operation of cookies: You can refuse to store cookies by setting the web browser settings to deny cookies.
- If you refuse to store cookies, you may experience difficulties in using customized services.
Article 10 (Collection, use, provision of behavioral information and its denial)
The Committee does not collect, use, or provide behavioral information for online customized advertisements.
Article 11 (Additional criteria for use and provision)
The Committee takes into account the matters under Article 14 Paragraph 2 of the 「Enforcement Decree of the Personal Information Protection Act」 in accordance with Article 15 Paragraph 3 and Article 19 Paragraph 4 of the 「Personal Information Protection Act」 without the consent of the information subject. may additionally be used and provided. Accordingly, The Committee has considered the following for additional use and provision without the consent of the information subject.
- Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
- Whether there is any predictability of additional use or provision in light of the circumstances in which personal information was collected or processing practices
- Whether the additional use or provision of personal information unreasonably infringes on the interests of the information subject
- Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken
※ Judgment criteria for considerations for additional use and provision are prepared and disclosed by the business operator/group autonomously.
Article 12 (Privacy officer)
- The Committee is responsible for overall personal information processing, and has designated a privacy officer as follows to handle complaints and damage relief from information subjects related to personal information processing.
- Privacy officer: Youngbin Han / Representative / email@example.com
- The data subject may inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the service (or business) of the Committee to the person in charge of personal information protection and the department in charge. The Committee will answer and handle inquiries from the information subject without delay.
Article 13 (Department that receives and processes requests for access to personal information)
The information subject may file a request for access to personal information pursuant to Article 35 of the 「Personal Information Protection Act」 to the following departments. The Committee will make every effort to promptly process the personal information access request of the information subject.
- Receiving and processing department for personal information access request
- General Team / Youngbin Han / Representative / firstname.lastname@example.org
Article 14 (Remedies for infringement of rights and interests of data subjects)
The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center in order to receive relief from personal information infringement. In addition, for other personal information infringement reports and consultations, please contact the following organizations.
- Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: (Without area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors’ Office : (Without area code) 1301 (www.spo.go.kr)
- National Police Agency : (Without area code) 182 (ecrm.cyber.go.kr)
In response to the requests made by the head of a public institution in response to the requests under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the 「Personal Information Protection Act」 A person whose rights or interests have been infringed due to disposition or omission may file an administrative appeal in accordance with the Administrative Appeals Act.
※ For more information on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).