• ① The Agency handles personal information for the following purposes. The personal information being processed is not used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent from the data subject.
  • 1. Integrated membership registration and management of the Korean Food Promotion Agency
  • - Personal information is processed for the purpose of confirming membership intention, identifying and certifying oneself according to the provision of membership services, maintaining and managing membership status, preventing fraudulent use of services, confirming the consent of legal representatives when collecting personal information for children under the age of 14, various notices and notices, grievance settlement, dispute settlement, etc.
  • 2. Handling of civil complaints
  • - Process personal information for the purpose of identifying the complainant, verifying the complaint, contacting and notifying the facts, and notifying the processing results.
• ② The Agency shall process and retain personal information within the period of holding and using personal information under the Act or the period of holding and using personal information agreed upon when collecting personal information from the data subject.
• ③ The processing and retention periods of each personal information are as follows.

• ① The Agency shall process and retain personal information within the period of holding and using personal information according to laws and regulations or the period of holding and using personal information agreed upon when collecting personal information from the data subject.
• ② The processing and retention periods of each personal information are as follows.

• ① In principle, the agency shall process the personal information of the data subject within the scope specified for the purpose of collection and use, and shall not process or provide it to any third party in excess of the original purpose without the prior consent of the data subject, except in the following cases. However, subparagraphs 5 through 9 are limited to cases of public institutions.
  • 1. In the case of obtaining separate consent from the data subject
  • 2. Where there are special provisions in other laws
  • 3. Where the data subject or his/her legal representative is unable to express his/her intention or cannot obtain prior consent due to an unknown address, etc., and is clearly deemed necessary for the interests of the data subject or a third party's urgent life, body, or property.
  • 4. When personal information is provided in a form that cannot be identified as necessary for the purpose of statistics preparation and academic research.
  • 5. Personal information other than its purpose Where it is impossible to perform the duties under the jurisdiction of other laws unless it is used for a purpose or provided to a third party, and has been deliberated and resolved by the Protection Committee.
  • 6. If necessary to provide foreign governments or international organizations for the implementation of treaties and other international agreements,
  • 7. Cases necessary for the investigation of crimes and the filing and maintenance of prosecution
  • 8. If necessary for the court's performance of judicial affairs
  • 9. If necessary for the execution of sentence, custody, and protective disposition
• ② If personal information is used for any purpose other than its purpose or provided to a third party pursuant to subparagraphs 1 through 9 above, the agency will disclose it on its official gazette or website as prescribed by the Personal Information Protection Committee Ordinance.
• ③ The Agency provides personal information to third parties as follows.

Shortcut to the notice board provided by a third party of personal information

• ① In order to facilitate the processing of personal information, the Agency is entrusted with the processing of personal information as follows.

  • Personal information processing task consignor information

    No	a contracting company	Representative	Purpose of consignment	Consignment Contents	Consignment period
    1	corporation Timonet Korea	Kwon Hoichan (070-8268-0549)	Korean food portal system Operation support and maintenance	Information on integrated members	2023.1.1.~ 12.31.

• ② When signing a consignment contract, the agency stipulates in documents such as contracts regarding responsibilities such as prohibition of personal information processing, safety measures, re-consignment restrictions, management and supervision of the trustee, and compensation for damages other than the purpose of consignment work, and supervises whether the trustee handles personal information safely.
• ③ If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay.

• ① The information subject may exercise his/her rights, such as requesting the Promotion Agency to view, correct, delete, or suspend processing of personal information, at any time.
• ② Rights under Paragraph 1 can be exercised through Article 10 (Request to view personal information) in writing, e-mail, facsimile (FAX), etc., and the Promotion Agency will take action without delay.
• ③ The exercise of rights under paragraph 1 may be done through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney according to the format.
• ④ Requests to view and suspend personal information processing may limit the information subject's rights under the Personal Information Protection Act.
• 1. In any of the following cases, the reason may be notified to the information subject and viewing may be restricted or refused.
  - When viewing is prohibited or restricted by law
  • - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
  • - If it causes significant disruption to the Promotion Agency in carrying out any of the following tasks:
• 2. In any of the following cases, the request for suspension of processing may be rejected by the information subject.
  - When there are special provisions in the law or when it is unavoidable to comply with statutory obligations.
  • - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
  • - In cases where the Promotion Agency cannot perform its duties prescribed by other laws if it does not process personal information
  • - In cases where it is difficult to fulfill the contract, such as not being able to provide the service agreed upon with the information subject if personal information is not processed, and the information subject does not clearly indicate his/her intention to terminate the contract
• ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
• ⑥ The Agency verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.

• ① When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the Agency shall destroy the personal information without delay.
• ② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information (or personal information file) should be transferred to a separate database (DB) or stored at different storage locations.
• ③ The procedure and method for destroying personal information are as follows.
  • 1. Procedure of Destruction
    The Agency establishes and destroys personal information (or personal information file) that needs to be destroyed. The agency selects personal information (or personal information file) that has been destroyed, and the agency destroys personal information (or personal information file) with the approval of the person in charge of personal information protection. In addition, personal information that has passed the retention period or whose purpose has been achieved is destroyed in accordance with internal policies and other relevant laws.
  • 2. How to Destroy
    The Agency permanently deletes personal information recorded and stored in electronic file format using a method that cannot be technically restored so that the record cannot be reproduced, and the personal information recorded and stored in paper documents is shredded or incinerated.

• ① The Agency is taking technical, administrative, and physical measures necessary to secure the safety of personal information as follows.
  • 1. Establishing and implementing an internal management plan: Establishing and implementing an internal management plan for the safe processing of personal information.
  • 2. Minimization and education of personal information handlers: The person in charge of handling personal information is designated and managed only for the necessary personnel, and education for safe management is provided for handlers.
  • 3. Restrictions on Access to Personal Information: We take necessary measures to control access to personal information by granting, changing, and canceling access to database systems that process personal information, and use intrusion prevention systems to control unauthorized access from outside.
  • 4. Keeping and preventing forgery of access records: We keep and manage records (logs) accessed to the personal information processing system for at least a year, and use security functions to prevent forgery, theft, and loss of access records.
  • 5. Encrypting personal information: The data subject's unique identification information and password are encrypted and managed. It also has separate security features, such as encrypting and using sensitive data when stored and transferred.
  • 6. Technical countermeasures against hacking: In order to prevent leakage and damage of personal information by hacking or computer viruses, security programs are installed, periodic updates/inspection is conducted, systems are installed in areas where access is controlled from the outside, and technical/physical monitoring and blocking are provided.
  • 7. Access control for unauthorized persons: A separate physical storage place for the personal information system that stores personal information is established and operated with access control procedures for access control are established and operated.
  • 8. Conducting regular self-inspection: In order to secure stability related to the handling of personal information, we conduct regular inspections to protect personal information.

• ① The Agency does not install and operate a device that automatically collects personal information such as Internet access information files.

• ① The Agency is responsible for the processing of personal information, and designates a person in charge of personal information protection as follows to handle complaints from data subjects and remedy damages related to the processing of personal information.

  • Personal Information Protection Officer Guide

    Sortation	name	one's position	Phone number	email
    Director of Personal Information Protection	Park Seungkyu	Team leader of the Information Technology Team	02-6320-8480	parksk@hansik.or.kr

• ② The data subject may contact the person in charge of personal information protection and the department in charge of personal information protection for all inquiries, complaints, and damage relief arising from using the service of the Agency. The agency will respond and process the information subject's inquiries without delay.

• ① The data subject may request the following departments to view individual information. The Agency will make efforts to expedite the request for personal information access by the data subject.
  • ▶ Receiver/processor of request for access to personal information
    • Department name: Information Technology Team
    • Manager: Lee So-yoon
    • Contact information : 02-6320-8485, ava0310@hansik.or.kr, Fax) 02-6320-8499
• ② In addition to the department of receiving and processing requests for access under paragraph 1, the data subject can request access to personal information through the Personal Information Protection Comprehensive Support Portal website of the Personal Information Protection Committee (www.privacy.go.kr .
  • Personal Information Protection Committee Comprehensive Personal Information Protection Portal → Complaints about personal information → Request for reading personal information (Real name authentication through public iPin is required)

• ① The data subject may ask the following institutions for damage relief and counseling for personal information infringement.
• The following institutions are separate from the agency, and if you are not satisfied with the results of the agency's handling of personal information complaints and damage relief, or if you need more detailed help, please contact us.
  • Personal Information Infringement Reporting Center (operation of Korea Internet & Security Agency)
    • - Tasks in charge: Report personal information infringement, request for counseling
    • - Homepage : privacy.kisa.or.kr
    • - Phone call : 118
    • - Address: (58324) 9, Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong 30)1-2) Personal Information Infringement Reporting Center on 3F
  • Personal Information Dispute Mediation Committee
    • - Duties in charge: Application for dispute mediation of personal information, collective dispute mediation (civil resolution)
    • - Homepage : www.kopico.go.kr
    • - Phone call : 1833-6972
    • - Address: (03171) 4th floor of Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
  • Supreme Prosecutor's Office Cybercrime Investigation Team: 02-3480-3571 (www.spo.go.kr)
  • Police Agency Cyber Security Bureau: 182 (cyberbureau.police.go.kr)

• ① This personal information processing policy is 2023. It has been revised and applied since March 13, 2023.
• ② The previous privacy policy can be found below.

Shortcut to previous content