All personal information handled by the Personal Information Protection Commission (hereinafter: "PIPC") for the
purpose of organizing GPA 2025 Seoul is collected, retained, and processed in accordance with relevant laws. The
PIPC has established the following privacy policy to protect the personal information and rights of individuals
and efficiently handles their complaints related to personal information according to Article 30 of the Personal
Information Protection Act (hereinafter: 'Protection Act').
Article 1. Purpose of personal information processing
The PIPC collects and processes the minimum amount of personal information for organizing GPA 2025 Seoul. The
personal information processed by the PIPC will not be used for purposes other than those described below. If
the purpose of use is changed, the PIPC will take necessary measures, such as obtaining separate consent in
accordance with Article 18 of the Protection Act.
Article 2. Personal information processing and retention period
The contents and retention period of the personal information processed by the PIPC are as follows
Items collected |
Purpose |
Retention period |
• Mandatory: Name, Title, Affiliation, Position, Country, Nationality, E-mail, Phone Number,
Payment
Information, Special Dietary, Student Verification Document, Social Media Channel Info
• Optional: Department
|
Event Administration and Participant Management |
1 year after the conclusion of the event |
• Mandatory: Name, E-mail, Inquiry Details
• Optional: Title, Affiliation
|
Inquiry Handling |
1 year after the conclusion of the event |
Article 3. Provision of personal information to third parties
The PIPC does not provide any personal information of individuals to any third party beyond the purposes
specified as the purposes for which personal information is processed. However, the PIPC may provide personal
information to third parties in cases falling under Articles 17 and 18 of the Protection Act.
Article 4. Outsourcing of personal information processing.
The PIPC outsources the processing of personal information to efficiently operate and manage the GPA 2025 Seoul,
as follows:
Outsourcee |
Provided items |
Purpose |
Retention period |
WEtheTEAM Inc.
|
Name, Title, Organization, Department, Position, Country, Nationality, E-mail, Phone Number, Payment
Information, Special Dietary, Student Verification Document, Social Media Channel Info, Inquiry
Details
|
Event Administration and Participant Management,
Inquiry Handling
|
1 year after the conclusion of the event
|
Subcontractor |
Provided items |
Purpose |
Retention period |
SomethingHow
|
Name, Title, Organization, Department, Position, Country, Nationality, E-mail, Phone Number, Payment
Information, Special Dietary, Student Verification Document, Social Media Channel Info
|
Website Administration and Participant Data Management
|
1 year after the conclusion of the event
|
Article 5. Rights of individuals and how to exercise them
① Any individual may exercise the following rights:
1. Request access to personal information
2. Request correction and erasure of personal information
3. Request suspension of personal information processing
② A request to exercise the above rights may be made in writing, by email, or by fax, and the PIPC will take
necessary measures without delay upon receipt of the request.
③ Under certain circumstances, however, the rights of the data subject may be limited according to Paragraph
4 of Article 35 and Paragraph 2 of Article 37 of the Protection Act.
Article 6. Destruction of personal information
① In principle, if the purpose of using personal information had been attained, or the retention period
expired,
the PIPC will destroy the personal information.
② The destruction procedure and method are as follows:
1. Destruction procedure
The PIPC will establish a destruction plan for personal information subject to disposal, and proceed with
its destruction upon approval of the plan by the chief privacy officer.
2. Destruction method
Personal information in electronic form is irreversibly destroyed using technical measures, and paper-based
information is disposed of by shredding.
Article 7. Safeguards to ensure the safety of personal information
The PIPC has established necessary measures for ensuring the safety of personal information as follows:
① Administrative measures: establishment of an internal management plan, and minimization and education of
personal information handlers
② Technical measures: installation of security programs, system access controls, and access rights
management,
etc.
③ Designation of separate physical locations for storing personal information and establishment of access
control procedures to manage entry to such locations
Article 8. Installation and operation of an automatic personal information collection system
and the denial thereof
① To obtain users’ website visit records, the PIPC uses a cookie that stores and retrieves user information,
and
will not use the information for purposes other than the intended one, or provide it to a third party.
② A cookie is a small amount of information that the server (http) of the website sends to the user’s PC via
the
user’s computer browser to be stored on the hard disk.
③ An individual may deny storage of a cookie by setting the option in the web browser (Tools > Internet
options
> Personal information). However, if cookies are denied, some services may not function properly.
Article 9. Chief privacy officer
The PIPC designates the chief privacy officer and working-level staff to protect personal information and handle
complaints related to personal information processing as follows:
Designation |
Department |
Name |
Contact Information |
Chief privacy officer
|
Director-general for coordination and planning
|
Eunyoung Ko
|
Tel. 02-2100-2485
Fax. 02-2100-3003
Email. j0zun4220@korea.kr
|
Privacy protection manager
|
Inspection officer of the International Cooperation Division
|
Yoonjeong Choi
|
Privacy protection working-level staff
|
Inspection officer of the International Cooperation Division
|
Jaeyeong Jeon
|