• ① The agency handles personal information for the following purposes. The personal information being processed is not used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent from the data subject.
  • 1. Korean Food Promotion Agency Integrated Membership Registration and Management
  • - We process personal information for the purpose of confirming membership intention, identifying and certifying oneself according to the provision of membership services, maintaining and managing membership status, preventing fraudulent use of services, confirming the consent of legal representatives when collecting personal information for children under the age of 14, various notices and notices, handling grievances, and mediation of disputes.
  • 2. Complaint handling
  • - Personal information is processed for the purpose of confirming the identity of the complainant, confirming civil complaints, contacting and notifying the results of the processing.
• ② The Agency shall process and retain personal information within the period of retention and use of personal information pursuant to Acts and subordinate statutes or the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
• ③ The processing and retention period of each personal information is as follows.

• ① The Agency shall process and retain personal information within the period of retention and use of personal information pursuant to Acts and subordinate statutes or the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
• ② The processing and retention period of each personal information is as follows.

• ① In principle, the agency shall process the personal information of the data subject within the scope specified for the purpose of collection and use, and shall not process or provide it to any third party in excess of the original purpose without the prior consent of the data subject, except in the following cases. However, subparagraphs 4 through 8 are limited to cases of public institutions.
  • 1. In the case of obtaining separate consent from the data subject
  • 2. Where there are special provisions in other laws
  • 3. Where the data subject or his/her legal representative is unable to express his/her intention or cannot obtain prior consent due to an unknown address, etc., and is clearly deemed necessary for the interests of the data subject or a third party's urgent life, body, or property.
  • 4. If personal information cannot be used for purposes other than its purpose or provided to a third party, it has been deliberated and resolved by the Protection Committee If
  • 5. If necessary to provide foreign governments or international organizations for the implementation of treaties and other international agreements,
  • 6. Cases necessary for the investigation of crimes and the filing and maintenance of prosecution
  • 7. If necessary for the court's performance of court affairs
  • 8. When necessary for the execution of sentence, custody, and protective disposition
• ② If personal information is used for any purpose other than its purpose or provided to a third party pursuant to subparagraphs 1 through 8 above, the agency will disclose it on its official gazette or website as prescribed by the Personal Information Protection Committee Ordinance.
• ③ The Agency provides personal information to third parties as follows.

Shortcut to third party notice bulletin board of personal information

• ① In order to facilitate the processing of personal information, the Agency has entrusted the processing of personal information as follows.

  • Personal information processing service consignor information table

    No	a contracting company	Representative	Purpose of consignment	Consignment Contents	Consignment period
    1	corporation Timonet Korea	Kwon Hoe Chan (070-8268-0549)	Korean food portal system operation support and maintenance	Integrated Membership Informations	2023.1.1.~ 12.31.

• ② When signing a consignment contract, the agency specifies in the contract documents the responsibility for personal information processing, safety measures, re-consignment restrictions, management and supervision of the trustee, and compensation for damages other than the purpose of the consignment work, and supervises whether the trustee handles personal information safely.
• ③ If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delays.

• ① When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the Agency shall destroy the personal information without delay.
• ② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information (or personal information file) should be transferred to a separate database (DB) or stored at different storage locations.
• ③ The procedure and method for destroying personal information are as follows.
  • 1. Procedure of Destruction
    The Agency establishes and destroys personal information (or personal information file) that needs to be destroyed. The agency selects personal information (or personal information file) that has been destroyed, and the agency destroys personal information (or personal information file) with the approval of the person in charge of personal information protection. In addition, personal information that has passed the retention period or whose purpose has been achieved is destroyed in accordance with internal policies and other relevant laws.
  • 2. How to Destroy
    The Agency permanently deletes personal information recorded and stored in electronic file format using a method that cannot be technically restored so that the record cannot be reproduced, and the personal information recorded and stored in paper documents is shredded or incinerated.

• ① The information subject may exercise his/her rights, such as requesting the Promotion Agency to view, correct, delete, or suspend processing of personal information, at any time.
• ② Rights under Paragraph 1 can be exercised through Article 10 (Request to view personal information) in writing, e-mail, facsimile (FAX), etc., and the Promotion Agency will take action without delay.
• ③ The exercise of rights under paragraph 1 may be done through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney according to the format.
• ④ Requests to view and suspend personal information processing may limit the information subject's rights under the Personal Information Protection Act.
• 1. In any of the following cases, the reason may be notified to the information subject and viewing may be restricted or refused.
  - When viewing is prohibited or restricted by law
  • - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
  • - If it causes significant disruption to the Promotion Agency in carrying out any of the following tasks:
• 2. In any of the following cases, the request for suspension of processing may be rejected by the information subject.
  - When there are special provisions in the law or when it is unavoidable to comply with statutory obligations.
  • - If there is a risk of harming another person's life or body, or if there is a risk of unfairly infringing on another person's property or other interests.
  • - In cases where the Promotion Agency cannot perform its duties prescribed by other laws if it does not process personal information
  - In cases where it is difficult to fulfill the contract, such as not being able to provide the service agreed upon with the information subject if personal information is not processed, and the information subject does not clearly indicate his/her intention to terminate the contract
• ⑤ Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
• ⑥ The Agency verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.

• ① The Agency is taking technical, administrative, and physical measures necessary to secure the safety of personal information as follows.
  • 1. Establishing and implementing an internal management plan: Establishing and implementing an internal management plan for the safe processing of personal information.
  • 2. Minimization and education of personal information handlers: The person in charge of handling personal information is designated and managed only for the necessary personnel, and education for safe management is provided for handlers.
  • 3. Restrictions on Access to Personal Information: We take necessary measures to control access to personal information by granting, changing, and canceling access to database systems that process personal information, and use intrusion prevention systems to control unauthorized access from outside.
  • 4. Keeping and preventing forgery of access records: We keep and manage records (logs) accessed to the personal information processing system for at least a year, and use security functions to prevent forgery, theft, and loss of access records.
  • 5. Encrypting personal information: The data subject's unique identification information and password are encrypted and managed. It also has separate security features, such as encrypting and using sensitive data when stored and transferred.
  • 6. Technical countermeasures against hacking: In order to prevent leakage and damage of personal information by hacking or computer viruses, security programs are installed, periodic updates/inspection is conducted, systems are installed in areas where access is controlled from the outside, and technical/physical monitoring and blocking are provided.
  • 7. Access control for unauthorized persons: A separate physical storage place for the personal information system that stores personal information is established and operated with access control procedures for access control are established and operated.
  • 8. Conducting regular self-inspection: In order to secure stability related to the handling of personal information, we conduct regular inspections to protect personal information.

• ① The Agency does not install and operate a device that automatically collects personal information such as Internet access information files.

• ① The Agency is responsible for the processing of personal information, and designates a person in charge of personal information protection as follows to handle complaints from data subjects and remedy damage related to the processing of personal information.

  • Personal Information Protection Officer

    Sortation	name	one's position	Phone number	e-mail
    a person in charge of personal information protection	Park Seung Kyu	Team leader of the information technology team	02-6320-8480	parksk@hansik.or.kr

• ② The data subject may contact the person in charge of personal information protection and the department in charge of personal information protection for all inquiries related to personal information protection, complaints, and damage relief that occurred while using the service of the Agency. The agency will respond and process the information subject's inquiries without delay.

• ① The data subject may request the following departments to view individual information. The Agency will make efforts to expedite the request for personal information access by the data subject.
  • ▶ Receiver/processor of request for access to personal information
    • Department name: Information Technology Team
    • Manager: Kim Hee Soo
    • Contact information : 02-6320-8481, hsoo1208@hansik.or.kr, Fax) 02-6320-8499
• ② In addition to the department receiving and processing the request for access under paragraph 1, the data subject can request access to personal information through the Personal Information Protection Comprehensive Support Portal website of the Personal Information Protection Committee (www.privacy.go.kr.
  • The Personal Information Protection Committee's Comprehensive Support Portal for Personal Information Protection → Complaints on Personal Information → Requests for reading personal information (real name authentication through public iPin is required)

• ① The data subject may ask the following institutions for damage relief and counseling for personal information infringement.
• The following institutions are separate from the agency, and if you are not satisfied with the results of the agency's handling of personal information complaints and damage relief, or if you need more detailed help, please contact us.
  • Personal Information Infringement Reporting Center (operation of Korea Internet & Security Agency)
    • - Tasks in charge: Report personal information infringement, request for counseling
    • - Homepage : privacy.kisa.or.kr
    • - Tel : 118
    • - Address: (58324) Personal Information Infringement Reporting Center, 3rd floor, Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
  • Personal Information Dispute Mediation Committee
    • - Tasks in charge: Application for dispute mediation of personal information, collective dispute mediation (civil resolution)
    • - Homepage : www.kopico.go.kr
    • - Tel: 1833-6972
    • - Address: (03171) 4th floor of Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
  • Cybercrime Investigation Team of the Supreme Prosecutors's Office : 02-3480-3571 (www.spo.go.kr)
  • National Police Agency Cyber Security Department : 182 (cyberbureau.police.go.kr)

• ① In order to safely manage the personal information of the data subject, the Korean Food Promotion Agency is undergoing an annual Personal Information Management Level Diagnosis conducted by the Personal Information Protection Committee under Article 11 of the Personal Information Protection Act.
• ② The Korean Food Promotion Agency has obtained an 'S' rating as a result of the 2022 Personal Information Management Level Assessment.

• ① We have established and are operating a separate management policy for image information processing devices.

Shortcut to the bulletin board for the operation and management policy of video information processing devices

• ① This personal information processing policy will be revised and applied from July 28, 2023.
• ② The previous Personal Information Processing Policy can be found below.

Shortcut to previous content