All personal information handled by the Personal Information Protection Commission (hereinafter: ‘PIPC’) for the purpose of organizing GPA 2025 Seoul is collected, retained, and processed in accordance with relevant laws. The PIPC has established the following privacy policy to protect the personal information and rights of individuals and efficiently handles their complaints related to personal information according to Article 30 of the Personal Information Protection Act (hereinafter: ‘Protection Act’)
Article 1. Purpose of personal information processing
The PIPC processes personal information for the following purposes. Personal information collected shall not be used for any purposes other than those explicitly stated below. In the event of a change in the intended purpose of use, the PIPC shall take necessary measures, such as obtaining separate consent from the data subject, in accordance with Article 18 of the Protection Act.
1. Verification and management of participants
For the processing of applications and registrations, verification of student status, and provision of relevant notices and announcements.
2. Provision of services
For the identification of participants with special dietary requirements during the operation of the Assembly.
3. Payment and refund processing
For the confirmation of payment details necessary for the processing of registration fee payments and refunds.
4. Handling of inquiries
For the receipt and response to inquiries related to the Assembly.
Article 2. Items of Personal Information Collected, Legal Basis, Purpose, and Retention Period
In accordance with the Protection Act, the PIPC collects, retains, and uses personal information as follows for the purpose of organizing and managing the Assembly. Furthermore, the PIPC processes and retains personal information only within the period prescribed by applicable laws or within the period consented to by the data subject at the time of collection.
1. Personal Information Processed Without Consent of the Data Subject
The PIPC processes the following items of personal information without the consent of the data subject, based on relevant legal grounds.
| Category |
Item Collected |
Legal Basis |
Purpose of Collection and Use |
Retention Period |
|
Participant Registration Management
|
Name, email address, mobile phone number, Courtesy title, affiliation, department, position, country of residence, nationality, inquiry details
|
Article 15(1)(4) of the Protection Act (performance of a contract)
|
Reception of participant registration; provision of notices and information
|
Until three months after the conclusion of the Assembly (Sep. 19)
|
|
Student Status Verification
|
Student verification documents
|
Article 15(1)(1) of the Protection Act (consent of the data subject)
|
Verification of student status
|
Disposed immediately after verification
|
|
Registration Fee Payment
|
[Card and PayPal payment]
Name, email address, card issuer, card number
[Bank transfer]
Refund account number, account holder’s name, bank name, payment amount
|
Article 15(1)(4) of the Protection Act (performance of a contract)
|
Payment of registration fee and refunds in case of cancellation
|
Until six months after the conclusion of the Assembly (Sep. 19)
|
2. Personal Information Processed with the Consent of the Data Subject
The PIPC processes the following items of personal information with the consent of the data subject, based on relevant legal grounds.
| Category |
Item Collected |
Legal Basis |
Purpose of Collection and Use |
Retention Period |
|
Publicity
|
Email address
|
Article 15(1)(1) of the Protection Act (consent of the data subject)
|
Provision of newsletters, promotion of Assembly programs, event participation, etc.
|
Until one year after the conclusion of the Assembly (Sep. 19)
|
|
Meal Provision
|
Special dietary requirements
|
Article 23(1)(1) of the Protection Act (explicit consent of the data subject – sensitive data)
|
Provision of meals for participants
|
Disposed immediately after the conclusion of the Assembly (Sep. 19)
|
Data subjects may voluntarily provide the PIPC with certain information that may be considered sensitive personal information, such as special dietary requirements. Such information may, in some cases, give rise to the inference of the data subject’s health conditions or religious beliefs. The PIPC is committed to processing sensitive personal information only to the minimum extent necessary and in a manner that safeguards the rights and freedoms of the data subject.Where the processing of sensitive personal information is requested by the data subject, the PIPC obtains the data subject’s explicit consent in accordance with the relevant provisions of the Protection Act.
Article 3. Provision of personal information to third parties
The PIPC does not provide any personal information of individuals to any third party beyond the purposes specified as the purposes for which personal information is processed. However, the PIPC may provide personal information to third parties in cases falling under Articles 17 and 18 of the Protection Act.
Article 4. Outsourcing of personal information processing
The PIPC outsources the processing of personal information to efficiently operate and manage the GPA 2025 Seoul, as follows:
| Outsourcee |
Purpose |
|
WEtheTEAM Inc.
|
Event Administration and Participant Management, Inquiry Handling
|
|
SomethingHow
|
Website Administration and Participant Data Management
|
|
Toss Payments
|
Electronic Payment Processing Services
|
Article 5. Rights and Obligations of the Data Subject and Methods of Exercising Such Rights
① The data subject may, at any time, exercise their rights (hereinafter referred to as “exercise of rights”) with respect to the PIPC, including requests to access, transmit, correct, delete, or suspend the processing of their personal information, as well as to withdraw consent.
② The exercise of rights may be made through written documents, telephone, email, fax, or online methods pursuant to Article 41(1) of the Enforcement Decree of the Protection Act. The PIPC shall take prompt action in response to such requests.
③ The right to request access to or suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the Protection Act.
④ The PIPC verifies whether the person making a request is the data subject or a duly authorized representative.
Article 6. Destruction of personal information
① In principle, if the purpose of using personal information had been attained, or the retention period expired, the PIPC will destroy the personal information.
② The destruction procedure and method are as follows:
1. Destruction procedure
The PIPC will establish a destruction plan for personal information subject to disposal, and proceed with its destruction upon approval of the plan by the chief privacy officer.
2. Destruction method
Personal information in electronic form is irreversibly destroyed using technical measures, and paper-based information is disposed of by shredding.
Article 7. Measures to ensure the safety of personal information
The PIPC has established necessary measures for ensuring the safety of personal information as follows:
① Administrative measures: establishment of an internal management plan, and minimization and education of personal information handlers
② Technical measures: installation of security programs, system access controls, and access rights management, etc.
③ Physical measures: Designation of separate physical locations for storing personal information and establishment of access control procedures to manage entry to such locations.
Article 8. Use of Cookies and Options for Refusal
① The PIPC uses cookies to store and retrieve user information from time to time in order to provide personalized services and enhanced convenience to users. The information collected through cookies is not used for any purpose other than those specified, nor is it provided to any third party.
② A cookie is a small piece of data sent from the server (http) used to operate the website to the data subject’s browser, and it is stored on the data subject’s PC or mobile device.
③ The data subject may allow or block the storage of cookies by adjusting the settings of their web browser. Please note that refusing to store cookies may result in limited access to certain services.
⮚ How to Allow or Block Cookies in Web Browsers
・ Google Chrome: Click the “⋮” icon at the top right corner of the browser > Open a new Incognito window (Shortcut: Ctrl + Shift + N)
・ Microsoft Edge: Click the “…” icon at the top right corner of the browser > Open a new InPrivate window (Shortcut: Ctrl + Shift + N)
⮚ How to Allow or Block Cookies in Mobile Browsers
・ Google Chrome: Tap the “⋮” icon at the top right corner > Open a new Incognito tab
・ Apple Safari: Go to device Settings > Safari > Advanced > Block All Cookies
・ Samsung Internet: Tap the Tabs icon at the bottom > Enable Secret Mode > Start
Article 9. Chief privacy officer
The PIPC designates the chief privacy officer and working-level staff to protect personal information and handle complaints related to personal information processing as follows:
| Designation |
Department |
Name |
Contact Information |
|
Chief privacy officer
|
Director-general for coordination and planning
|
Eunyoung Ko
|
Tel. 02-2100-2485
Fax. 02-2100-3003
Email. j0zun4220@korea.kr
|
|
Privacy protection manager
|
Inspection officer of the Internatinal Cooperation Division
|
Yoonjeong Choi
|
|
Privacy protection working-level staff
|
Inspection officer of the Internatinal Cooperation Division
|
Jaeyeong Jeon
|
Article 10. Remedies for Infringement of Rights
Data subjects may file a request for dispute resolution or consultation regarding the infringement of personal information with institutions such as the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency. For other inquiries or reports related to the infringement of personal information, please contact one of the institutions listed below:
1. Personal Information Dispute Mediation Committee: ☎ 1833-6972 (toll-free) |
🌐 www.kopico.go.kr
3. Korean National Police Agency (Cybercrime Investigation Division): ☎ 182 (toll-free) |
🌐 ecrm.police.go.kr
Article 11. Amendments to the Privacy Policy
This Privacy Policy shall take effect as of July 25, 2025.
Previous versions of the Privacy Policy may be accessed below:
- Applicable from July 14, 2025 to July 25, 2025 (Click here)
