"The Banks Foundation for Young Entrepreneurs (hereinafter referred to as " the Foundation"") has the following policies to protect users' personal information, rights, and interests and handle users' grievances related to personal information, in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection and Personal Information Protection Act. When the Foundation amends its personal information processing policy, this shall be communicated through a notification on the website operated by the Foundation (or individual notifications).
Article 1 (Purpose of Collection and Use of Personal Information)
The Foundation collects and uses personal information for the following purposes: The collected personal information shall not be used for any other purpose than the following, and when the purpose of use changes, necessary measures shall be implemented, including obtaining additional consent in accordance with relevant laws and regulations:
(1) Personal information is processed for personal identification for service provision, record preservation for dispute settlement, complaint handling, notification delivery, and marketing and advertising;
(2) Personal information is processed for customer management, including the provision of information on new services and events, newsletters, bulletin boards, and latest information, event prize delivery, use of statistical analysis data by customers, market research, etc.;
(3) Personal information is used to conduct surveys on service satisfaction, guide membership management, and personal identification for membership services.
Article 2 (Personal Information Collection Items and Methods)
The Foundation collects personal information as follows:
(1) Personal Information Collection Methods Member registration on the website, use of services, events application, collection through tool that collects created information, modification of membership information, member registration by writing, fax, telephone, and customer center inquiries
(2) Personal Information Collection Items • Required Items: ID, password, name, date of birth, email, access IP information, cookies, service usage history, access log, etc. • Optional Items: Mobile phone number, service recognition path, social media account information through social media log-in, etc.
※ The above personal information includes the contents of personal information at the time of collection and the contents of personal information that has changed afterward.
Article 3 (Personal Information Retention and Use Period)
The Foundation shall retain and use users' personal information limited to the period starting from the time of collection of the user’s personal information until the purpose of collection and use of personal information is fulfilled and shall destroy the information without delay when such purpose is fulfilled. However, when the preservation of such information is obligated according to relevant laws and regulations, the Foundation shall store the user's personal information.
Article 4 (Provision of Personal Information to Third Parties)
In principle, the Foundation shall not provide users' personal information to third parties. However, exceptions shall be made in the following cases:
(1) Where users have given prior consent (retention period and information: retention shall be limited to items and the period requested or agreed upon by members)
(2) Where laws and regulations require it or where an investigation agency demands it according to the procedures and methods prescribed by laws and regulations for investigation purposes.
Article 5 (Rights of Users and Legal Representatives and Methods to Exercise Rights)
① As the subject of personal information, a user (referring to a legal representative if one is under the age of 14) may exercise the following rights to protect one’s personal information: Accordingly, rights may be exercised to the Foundation in written form, e-mail, fax, etc. in accordance with Form 8 attached to the Enforcement Rules of the Personal Information Protection Act, and the Foundation shall take relevant measures without delay. The exercise of rights for personal information protection may be conducted through an agent, including a legal representative of the user or a delegated person. In this case, a power of attorney in accordance with Form 11 attached to the Enforcement Rules of the Personal Information Protection Act shall be submitted.
(1) Demand access to personal information;
(2) Demand correction in case of errors, etc.;
(3) Demand deletion;
(4) Demand suspension of use.
② The Foundation shall confirm whether the person who made the demand, including the demand for access to personal information, correction or deletion, and suspension of use, is the person oneself or a legitimate agent thereof.
Article 6 (Procedures and Methods for the Destruction of Personal Information)
In principle, the Foundation shall destroy the personal information without delay if the purpose of collecting and using personal information has been fulfilled. However, this shall not apply if the information must be preserved according to other laws. The procedure, time limit, and method of destruction are as follows:
(1) Destruction Procedure
- Unnecessary personal information and personal information files shall be destroyed in accordance with internal policy procedures, under the responsibility of the personal information manager, as follows. - Destruction of Personal Information: When the retention period expires, personal information shall be destroyed from the end date with no delay.
- Destruction of Personal Information Files: When personal information files become unnecessary, for reasons including the fulfillment of the purpose of using the personal information file, service discontinuation, or business termination, the personal information file shall be destroyed without delay from the day it is recognized as unnecessary.
(2) Destruction Method
- Electronic forms of information shall be destroyed through technical methods that disable the reproduction of records.
- Personal information printed on paper shall either be shredded with a shredder or destroyed by incineration.
Article 7 (Matters on the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
(1) Purposes of using cookies, etc.: Cookies are used for analyzing the frequency of access and the visit time of members and non-members and for providing personalized services by identifying the user's service participation, degree of use, and the number of visits. Users have the option of installing cookies. Thus, users may set their options differently on their web browser: accept all cookies, ask every time cookies are stored, or reject the storage of all cookies.
(2) Method to Reject Cookie Settings: Users may choose to accept all cookies, ask each time cookies are stored, or reject the storage of all cookies through the setting options in their web browser.
※ Setup Method
- Internet Explorer: Go to the top of your web browser and select Tools > Internet Options > Privacy. However, if a user rejects the installation of cookies, services may not be fully provided.
- Chrome: Click on the icon " " in the upper right corner of the web browser > Select "Settings" > Select "Show Advanced Settings" at the bottom of the screen > Select the "Contents Settings" button in the Privacy section > Directly setup in the cookies section
Article 8 (Measures to Ensure the Safety of Personal Information)
In accordance with Article 29 of the Personal Information Protection Act, the Foundation takes technical/managerial and physical measures necessary to ensure safety as follows:
(1) Training and Minimization of the number of employees who deal with personal information: The Foundation implements measures for managing personal information by designating employees who handle personal information to minimize the number of people who handle personal information.
(2) Regular self-audit: The Foundation conducts regular self-audits to ensure the stable handling of personal information.
(3) Establishment and implementation of internal management plan: The Foundation has established and continues to implement an internal management plan to handle personal information safely.
(4) Encryption of personal information: The Foundation stores and manages users’ personal information with an encrypted password that is only known to the user. In addition, additional security functions are activated for important data, such as encryption for files and transmitted data or file lock functions.
(5) Technical measures against hacking, etc.: The Foundation installs a security program to prevent leakage and damage of personal information caused by hacking or computer viruses, conducts periodic updates and inspections, and installs the system in an area that restricts external access with technical/physical monitoring and blocking.
(6) Restriction of access to personal information: The Foundation takes necessary measures to control access to personal information through the granting, changing, or canceling of access rights to the database system that handles personal information, and restricts unauthorized access from the outside through the intrusion prevention system.
(7) Storage of access records and prevention of forgery and alteration: The Foundation stores and manages records of access to the personal information processing system for at least six months and uses security functions to prevent forgery, alteration, theft, and loss of access records.
(8) Access control for unauthorized persons: The Foundation has a separate physical storage location for storing personal information and has established and operates an access control procedure.
Article 9 (Designation of a Person in Charge of Personal Information Protection)
① Responsible for handling and processing personal information, the Foundation designates a person in charge of personal information protection as follows to handle complaints and remedy damages related to personal information processing:
▶ Personal Information Protection Officer
• Name: Sang-joon Lee
• Position: Team leader (in charge of the Foundation’s operational planning and online services)
• Contact: email@example.com (02-2030-9324)
② Users may contact the person in charge of personal information protection and the department in charge of all matters, including personal information protection inquiries, complaints, and damage relief, while using the Foundation's services (or businesses). The Foundation shall respond to and process user inquiries without delay. If a report or consultation is required concerning other personal information infringement matters, please get in touch with the institutions below:
• Personal Dispute Mediation Committee www.1336.or.kr (1336)
• Information Protection Mark Certification Committee www.eprivacy.or.kr (02-580-0533)
• Internet Crime Investigation Center of the Supreme Prosecutors' Office icic.sppo.go.kr (02-3480-3600)
• National Police Agency Cyber Terror Response Center www.ctrc.go.kr (02-392-0330)
[Addenda] The Terms and Conditions shall enter into force on December 1, 2020.