• ① The Agency handles personal information for the following purposes. The personal information being processed is not used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent from the data subject.
  • 1. Integrated membership registration and management of the Korean Food Promotion Agency
  • - Personal information is processed for the purpose of confirming membership intention, identifying and certifying oneself according to the provision of membership service, maintaining and managing membership status, preventing fraudulent use of service, confirming the consent of legal representatives when collecting personal information for children under the age of 14, various notices and notices, grievance handling, and preserving records for dispute mediation.
  • 2. Handling of civil complaints
  • - Process personal information for the purpose of identifying the complainant, checking the complaint, contacting and notifying the results of the processing, etc.
• ② The Agency shall process and retain personal information within the period of holding and using personal information under the Act or the period of holding and using personal information received from the data subject.
• ③ The processing and retention periods of each personal information are as follows.

• ① The Agency shall process and retain personal information within the period of holding and using personal information according to laws and regulations or the period of holding and using personal information agreed upon when collecting personal information from the data subject.
• ② The processing and retention periods of each personal information are as follows.

• ① In principle, the agency shall process the personal information of the data subject within the scope specified for the purpose of collection and use, and shall not process or provide it to any third party in excess of the original purpose without the prior consent of the data subject, except in the following cases. However, subparagraphs 5 through 9 are limited to cases of public institutions.
  • 1. In the case of obtaining separate consent from the data subject
  • 2. Where there are special provisions in other laws
  • 3. Where the data subject or his/her legal representative is unable to express his/her intention or cannot obtain prior consent due to an unknown address, etc., and is clearly deemed necessary for the interests of the data subject or a third party's urgent life, body, or property.
  • 4. When personal information is provided in a form that cannot be identified as necessary for the purpose of statistics preparation and academic research.
  • 5. Personal information other than its purpose Where it is impossible to perform the duties under the jurisdiction of other laws unless it is used for a purpose or provided to a third party, and has been deliberated and resolved by the Protection Committee.
  • 6. If necessary to provide foreign governments or international organizations for the implementation of treaties and other international agreements,
  • 7. Cases necessary for the investigation of crimes and the filing and maintenance of prosecution
  • 8. If necessary for the court's performance of judicial affairs
  • 9. Brother and guardian, If necessary for the execution of protective disposition
• ② If personal information is used for any purpose other than its purpose or provided to a third party pursuant to subparagraphs 1 through 9 above, the agency will disclose it on its official gazette or website, as prescribed by Ordinance of the Ministry of Public Administration and Security.
• ③ The Agency provides personal information to third parties as follows.

Shortcut to the notice board provided by a third party of personal information

• ① In order to facilitate the processing of personal information, the Agency is entrusted with the processing of personal information as follows.

  • Personal information processing task consignor information

    No	a contracting company	Representative	Purpose of consignment	Consignment Contents	Consignment period
    1	㈜중외정보기술	Lee Jungha (02-801-1000)	Korean food portal system Operation support and maintenance	Information on integrated members	2021.1.1.~ 12.31.
    2	㈜오파스넷	Jang Soohyun (02-2193-8600)	Korean food portal system Operation support and maintenance	Information on integrated members	2021.1.1.~ 12.31.
    3	㈜티모넷코리아	Kwon Hoichan (070-8268-0549)	Improvement of Korean food portal system	Information on integrated members	2020.12.23.~ 2021.3.22.
    4	㈜중외정보기술	Lee Jungha (02-801-1000)	Improvement of Korean food portal system	Information on integrated members	2020.12.23.~ 2021.3.22.
    5	KCA	Moon Daewon (02-532-0532)	Korean food portal Check secure coding	Information on integrated members	2020.12.23.~ 2021.3.22.
    6	㈜글로벌리서치	Kim Bumju (02-3456-1700)	Dining Culture Performance Survey	Business establishment information	2020.8.13.~ 2021.1.14.
    7	㈜투와이드컴퍼니	Kim Yoonmin (02-593-8451)	Online Korean Food Contents Video Production	Video cast information	2020.10.29.~ 2021.1.14.
    8	㈜대신운송	Kim Jongin (051-645-5822)	Delivery service	Information about the recipient	2020.12.11.~ 2021.2.8.
    9	㈜한림출판사	Im Sangbaek (02-735-7551)	Delivery service	Information about the recipient	2020.12.31.~ 2021.2.5.

• ② When signing a consignment contract, the agency stipulates in documents such as prohibition of personal information processing, technical and administrative protection measures, re-consignment restrictions, management and supervision of the trustee, and compensation for damages other than the purpose of the consignment.
• ③ The Agency conducts training on the trustee at least once a year to prevent the trustee's personal information from being lost, stolen, leaked, altered, or damaged due to the entrustment of work, and oversees whether personal information is handled safely through a status check once a month.
• ④ If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay.

• ① The information subject may exercise his/her rights, such as requesting the Promotion Agency to view, correct, delete, or suspend processing of personal information, at any time.
• ② Rights under Paragraph 1 can be exercised through Article 10 (Request to view personal information) in writing, e-mail, facsimile (FAX), etc., and the Promotion Agency will take action without delay.
• ③ The exercise of rights under paragraph 1 may be done through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney according to the format.
• ④ Requests to view and suspend personal information processing may limit the information subject's rights under the Personal Information Protection Act.
• 1. In any of the following cases, the reason may be notified to the information subject and viewing may be restricted or refused.
• - When viewing is prohibited or restricted by law
• - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
• - If it causes significant disruption to the Promotion Agency in carrying out any of the following tasks:
• 2. In any of the following cases, the request for suspension of processing may be rejected by the information subject.
• - hen there are special provisions in the law or when it is unavoidable to comply with statutory obligations.
• - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
• - In cases where the Promotion Agency cannot perform its duties prescribed by other laws if it does not process personal information
• - In cases where it is difficult to fulfill the contract, such as not being able to provide the service agreed upon with the information subject if personal information is not processed, and the information subject does not clearly indicate his/her intention to terminate the contract
• ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
• ⑥ The Agency verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.

• ① When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the Agency shall destroy the personal information without delay.
• ② If the period of retention of personal information agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information (or personal information file) should be transferred to a separate database (DB) or stored at different storage locations.
• ③ The procedure and method for destroying personal information are as follows.
  • 1. Procedure of Destruction
    The Agency establishes and destroys personal information (or personal information file) that needs to be destroyed. The agency selects personal information (or personal information file) that has been destroyed, and the agency destroys personal information (or personal information file) with the approval of the person in charge of personal information protection. In addition, personal information that has passed the retention period or whose purpose has been achieved is destroyed in accordance with internal policies and other related laws.
  • 2. How to Destroy
    The Agency permanently deletes personal information recorded and stored in electronic file format using a method that cannot be technically restored so that the record cannot be reproduced, and the personal information recorded and stored in paper documents is shredded or incinerated.

• ① The Agency is taking technical, administrative, and physical measures necessary to secure the safety of personal information as follows.
  • 1. Establishing and implementing an internal management plan: Establishing and implementing an internal management plan for the safe processing of personal information.
  • 2. Minimization and education of personal information handlers: The person in charge of handling personal information is designated and managed only for the necessary personnel, and education for safe management is provided for handlers.
  • 3. Restrictions on Access to Personal Information: We take necessary measures to control access to personal information by granting, changing, and canceling access to database systems that process personal information, and use intrusion prevention systems to control unauthorized access from outside.
  • 4. Keeping and preventing forgery of access records: We keep and manage records (logs) accessed to the personal information processing system for at least 6 months, and use security functions to prevent forgery, theft, and loss of access records.
  • 5. Encrypting personal information: The data subject's unique identification information and password are encrypted and managed. It also has separate security features, such as encrypting and using sensitive data when stored and transferred.
  • 6. Technical countermeasures against hacking: In order to prevent leakage and damage of personal information by hacking or computer viruses, security programs are installed, periodic updates/inspection is performed, systems are installed in areas with controlled access from the outside, and technical/physical monitoring and blocking are performed.
  • 7. Access control for unauthorized persons: A separate physical storage place for the personal information system that stores personal information is established and operated with access control procedures for access control are established and operated.
  • 8. Conducting regular self-inspection: In order to secure stability related to the handling of personal information, we conduct regular inspections to protect personal information.

• ① The Agency does not install and operate a device that automatically collects personal information such as Internet access information files.

• ① The Agency is responsible for the processing of personal information, and designates a person in charge of personal information protection as follows to handle complaints from the data subject and remedy damage related to the processing of personal information.

  • Personal Information Protection Officer Guide

    Sortation	name	one's position	Phone number	email
    Director of Personal Information Protection	Woo Seungwan	Management Support Team Leader	02-6300-2080	woosw@hansik.or.kr

• ② The data subject may contact the person in charge of personal information protection and the department in charge of personal information protection for all inquiries, complaints, and damage relief that occurred while using the service of the Agency. The agency will respond and process the information subject's inquiries without delay.

• ① The data subject may request the following departments to view individual information. The Agency will make efforts to expedite the request for personal information access by the data subject.
  • ▶ Receiver/processor of request for access to personal information
    • Department name: Management support team
    • Manager: Cho Moo-sung
    • Contact information : 02-6300-2083, lexcho@hansik.or.kr, Fax) 02-6300-2085
• ② In addition to the department for receiving and processing requests under paragraph 1, the data subject can request access to personal information through the "Comprehensive Personal Information Protection Portal" website (www.privacy.go.kr ) of the Ministry of Public Administration and Security.
  • Ministry of Public Administration and Security Comprehensive Support Portal for Personal Information Protection → Complaints on Personal Information → Request for Access to Personal Information (Real Name Authentication through Public iPin is required)

• ① The data subject may ask the following institutions for damage relief and counseling for personal information infringement.
• • Personal Information Infringement Reporting Center (operation of Korea Internet & Security Agency)
    • - Tasks in charge: Report personal information infringement, request for counseling
    • - Homepage : privacy.kisa.or.kr
    • - Phone call : 118
    • - Address: (58324) 9, Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong 3)01-2) 3rd Floor Personal Information Infringement Report Center
  • Personal Information Dispute Mediation Committee
    • - Duties in charge: Application for dispute mediation of personal information, collective dispute mediation (civil resolution)
    • - Homepage : www.kopico.go.kr
    • - Phone call : 1833-6972
    • - Address: (03171) 4th floor of Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
  • Supreme Prosecutor's Office Cybercrime Investigation Team: 02-3480-3571 (www.spo.go.kr)
  • Police Agency Cyber Security Bureau: 182 (cyberbureau.police.go.kr)

• ① This personal information processing policy has been revised and applied since February 17, 2021.
• ②The previous privacy policy can be found below.

Shortcut to previous content