header

contents

Search

Privacy Protection

Left Contents

Right Contents

Privacy Protection

Privacy Policy

 

All personal data handled by the Korea Environment Industry and Technology Institute ("KEITI") is collected, retained and processed pursuant to applicable laws or upon consent of the data subject.

This Policy shall apply from May 30, 2019.

The KEITI shall lawfully and properly handle the personal data collected, retained and processed in accordance with applicable laws in order to adequately perform public duties and protect the rights and interests of the data subject. Further, the KEITI respects the rights and interests of the user including the right of access to and rectification of personal data retained by the KEITI in accordance with applicable laws. You may file an administrative appeal for the infringement upon the legal rights and interests in accordance with the Administrative Appeals Act or request for dispute settlement or consultations from the Personal Information Dispute Mediation Committee, Personal Data Breach Report Center, etc. The KEITI’s Privacy Policy is grounded on the Personal Information Protection Act. The KEITI website that handles personal data has a separate privacy policy.

 

 

1. Purpose of Personal Data Processing

 

The KEITI processes personal data for the following purposes. The processed personal data shall not be used for any other purposes and a prior consent shall be obtained in case of any changes in the purpose.

 

- Website Sign-up and Membership

The personal data shall be processed for confirmation of the intention to sign up for membership, identification and verification for the membership service, maintenance and management of membership, prevention of fraudulent use of service, confirmation of the consent given by a legal representative at the time of processing personal data of children aged 14 or below, notification and notice, retention of records for dispute settlement, etc.

 

 

2. Processing and Retention Period of Personal Data

 

The KEITI shall process and retain personal data during the period of retention and use in accordance with applicable laws or as agreed by the data subject at the time of collecting personal data.

The personal data related to website sign-up and membership shall be retained and used for the purpose as set forth hereinabove from the date of obtaining consent on collection and use to the date of membership withdrawal.

 

- Grounds for Collection

Article 15(1) of the Personal Information Protection Act “Where the consent is obtained from a data subject”

 

- Retention Period

Up to five (5) days from showing the intention of membership withdrawal

 

 

3. Provision of Personal Information to Third Parties

 

The personal data collected and retained by the KEITI shall not be provided to a third party without consent, and this website does not provide personal data to a third party.

 

 

 

4. Entrustment of Personal Data Processing

 

1. The KEITI entrusts the processing of personal data for the seamless process as follows.

 

2. In accordance with Article 26 of the Personal Information Protection Act, the KEITI specifies the prevention of personal data processing for other purposes, technical and managerial safeguards, prohibition of re-entrustment, and responsibilities including management, supervision and indemnity of the entrustee in the entrustment agreement and supervises whether the entrustee handles the personal data safely.

3. In case of any changes to the work subject to entrustment or the entrusted party, we shall disclose such changes in this Privacy Policy without delay.

- The entrusted party (entrustee) : <UBZEN S&E Consortium>

- Work subject to entrustment: <Maintenance and management of the Ecotrade System>

 

 

 

5. Rights and Duties of Data Subject and Legal Representative and Methods to Exercise Rights

 

The user may exercise the rights as the data subject (or a legal representative of the subject) as follows.

1. Request for access to personal data

2. Request for rectification and erasure of personal data

3. Request for suspension of processing personal data

You may exercise the above rights by sending the form of Appendix 8 of the Enforcement Regulations of the Personal Information Protection Act in writing, email and FAX, and the KEITI will promptly take measures upon request. If the data subject requests for rectification or erasure of erroneous personal data, we do not use or provide the personal data until rectification or erasure. The data subject’s right to request for access or suspension of processing personal data may be restricted in accordance with Articles 35(5) and 37(2) of the Personal Information Protection Act. The request for rectification and erasure of personal data may not be made if the personal data is subject to collection under other laws. Upon request for access, rectification and erasure, or suspension of processing personal data, we check whether such request is made by the data subject who holds the rights or a legitimate agent.

 

[Appendix 8 of the Enforcement Regulations of the Personal Information Protection Act] Request for Access, Rectification, Erasure, etc. of Personal Data (Download)

 

You may exercise the rights through a legal representative or entrustee of the data subject. In such case, you shall submit the power of attorney attached in Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act.

 

[Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act] Power of Attorney (Download)

 

6. Contact of Persons Responsible for or in Charge of Protecting Personal Data and Department in Charge of Handling Complaints on Personal Data

 

Person responsible for protecting personal data

Person in charge of protecting personal data

Person in charge of website

Department in charge

National Environment Information Center

National Environment Information Center

National Environment Information Center

Name

Head of Center Yong-Joon Lee

Researcher Gyeong-Ran Kim

Researcher Hae-Jin Park

Phone

02-2284-1160

02-2284-1175

02-2284-1188

 

 

7. Installation and Operation of Automatic Collection System of Personal Data and Refusal

 

The KEITI uses the cookie, which frequently saves and retrieves the user data, in order to provide customized service for each user.

 

 

8. Items of Personal Data Subject to Processing

 

The KEITI processes the following items of personal data to seamlessly handle complaints.

A. Necessary: business license number, ID, P/W, email address, email confirmation code, name, name of company, address, Explanation of the company, main product/service

B. Optional: department, position, company website, fax number, total amount of export

9. Destruction of Personal Data

 

In principle, the KEITI promptly destroys personal data if the retention period of personal data has expired or the purpose of processing personal data has been achieved; provided that, this shall not apply if other laws provide that personal data shall be retained. The procedure, term and method of destruction are as follows.

1. Destruction Procedure and Term
The data entered by the user is destroyed if the retention period of personal data has expired or the purpose of processing personal data has been achieved in accordance with internal rules and applicable laws.

2. Destruction Method
The personal data processed by the KEITI is destroyed in the following method.

In case of electronic file: Permanent deletion in a way that cannot be restored

Records, printouts, written documents or recording media other than the electronic file format: Destruction or incineration

 

 

 

10. Measures to Secure Stability of Personal Data

 

The KEITI is taking technical, managerial and physical measures necessary for securing safety as follows.

1. Establishment and Implementation of Internal Management Plan
We establish and implement the internal management plan pursuant to the Criteria for Measures to Secure Safety of Personal Data.

2. Designation of a Minimal Number of Personal Data Controllers and Training
We designate a minimal number of personal data controllers and provide regular training.

3. Restriction of Access to Personal Data
We control access to personal data by granting, modifying and canceling the authority to access the database system that process personal data, as well as unauthorized external access with the intrusion blocking and prevention systems.

4. Storage of Access Log and Prevention of Forgery and Alteration
We store and manage the records of accessing the personal data system (web log, summarized information, etc.) for at least six (6) months.

5. Encryption of Personal Data
The personal data of the user is stored and managed in an encrypted form. Further, we use the security features such as storing and sending important data in an encrypted form.

6. Technical Measures for Hacking, etc.
We installed the security program to prevent leakage of personal data and damages from hacking or computer virus and regularly update and examine the program. The system is installed in the area where external access is under control, and is subject to technical and physical monitoring and blockade.

7. Controlled Access of Unauthorized Person
We have built and operated the procedures for controlling access to the area where the personal data system, which stores personal data, is physically located.

 

11. Remedy against Infringement upon Rights and Interests of Data Subject

 

The data subject may request for dispute settlement or counseling from the Personal Information Dispute Mediation Committee or the Personal Data Breach Report Center of Korea Internet and Security Agency to seek remedy against personal data breaches. Pleases seek help from the following agencies to report personal data breaches and receive counseling.

1. Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499

2. Cyber Crime Investigation Department of Supreme Prosecutor’s Office: 02-3480-3571 (http://www.spo.go.kr/)

3. Cyber Safety Bureau of Korea National Police Agency: (without a telephone exchange number) 182
(
http://cyberbureau.police.go.kr/)

A person whose rights or interests were infringed upon by the disposition or inaction of the head of a public agency on the requests made in accordance with Article 35 (Access to Personal Data), Article 36 (Rectification or Erasure of Personal Data) and Article 37 (Suspension, etc. of Processing Personal Data) of the Personal Information Protection Act may file an administrative appeal as provided by the Administrative Appeals Act.

Please see the website of the Ministry of Government Legislation (http://www.moleg.go.kr) for details of administrative appeal.

 

12. Department in Charge of Receiving and Handling the Request for Access to Personal Data

 

You may contact the National Environment Information Center (02-2284-1175) and persons in charge of website service in each department to make queries on protecting and processing personal data.

 

Person responsible for protecting personal data

Person in charge of protecting personal data

Person in charge of website

Department in charge

National Environment Information Center

National Environment Information Center

National Environment Information Center

Name

Head of Center Yong-Joon Lee

Researcher Gyeong-Ran Kim

Researcher Hae-Jin Park

Phone

02-2284-1160

02-2284-1175

02-2284-1188

[Appendix 8 of the Enforcement Regulations of the Personal Information Protection Act] Request for Access, Rectification, Erasure, etc. of Personal Data (Download)

 

[Appendix 11 of the Enforcement Regulations of the Personal Information Protection Act] Power of Attorney (Download)

 

13. Changes in Privacy Policy

 

This Privacy Policy shall apply from May 30, 2019.