All personal information handled by the Ministry of Health and Welfare (hereinafter referred to as the ‘Company’) website is collected, held and processed in accordance with the “Personal Information Protection Act” or with the consent of the information subject.
In addition, in order to ensure the protection of personal information and rights and interests of information subjects and to handle related grievances promptly and smoothly, we have the following handling policy.
If there is an inquiry regarding personal information while using the company's services, it is posted on the website to inform the information subject to check.
Purpose of collection and use of personal information, items of personal information to be collected and method of collection
The company processes personal information for the following purposes. Personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, it will be processed with the consent of the information subject.
Purpose
Personal information is processed for the purpose of consulting inquiries.
The company handles the following personal information items
Items with personal information
Required items: name/position, company name, email, contact information
Collection method
If you directly input through the information input form configured on the inquiry-related page and agree to the collection of personal information, the relevant personal information is collected.
Provision of personal information to third parties
The company processes the personal information of the information subject only within the scope specified in “Purpose of collection and use of personal information, items of personal information to be collected and method of collection” and the original scope without prior consent of the information subject, except for the following cases. It is not processed in excess of or provided to a third party.
- In case of obtaining separate consent from the information subject
- When there are special provisions in the law
- In the case where the information subject or legal representative is unable to express his/her intention or prior consent cannot be obtained due to unknown address, etc.
- When providing personal information in a form that cannot identify a specific individual as it is necessary for the purpose of statistical preparation and academic research
- If personal information is not used for purposes other than the intended purpose or if it is not provided to a third party, it is impossible to carry out the business under the jurisdiction of other laws
- In case it is necessary to provide foreign information or international organizations for the implementation of treaties and other international agreements
- In case it is necessary for the investigation of criminal offenses and the establishment and maintenance of public prosecution
- In case it is necessary for the execution of the judicial affairs of the court
- When it is necessary for the execution of punishment, probation, and protective measures
Personal information processing and retention period, consignment of personal information processing
After the purpose of collecting and using personal information is achieved, the company destroys the information without delay without exception. The company does not entrust customer information to external companies without the customer's consent. If such a need arises in the future, we will notify the customer of the consignee and the details of the consigned work, and obtain prior consent if necessary.
Destruction of personal information
The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing. However, this is not the case when preservation is required according to the law.
The procedure and method of personal information destruction are as follows.
Destruction procedure
When the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the expiration of the retention period, the abolition of the service, or the termination of the business, the personal information is destroyed without delay from the date on which the processing of the personal information is recognized as unnecessary.
Destruction method
Records in the form of electronic files are destroyed using a technical method that cannot be reproduced, and personal information printed on paper is shredded with a shredder or destroyed through incineration.
Rights of users and their legal representatives and how to exercise them
The information subject can exercise the following rights related to personal information protection against the company at any time.
Request to read personal information
- Request for correction in case of errors, etc.
- Request for deletion
- Request to stop processing
The exercise of rights pursuant to “A” can be done in writing, by phone, e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
If the information subject requests correction or deletion of personal information errors, the company does not use or provide personal information until the correction or deletion is completed. However, if incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the correction can be made.
The rights of the information subject may be restricted in accordance with Article 35 (4) and Article 37 (2) of the Personal Information Protection Act to request to view and suspend processing of personal information. Information subjects are requested to prevent unexpected accidents by entering their personal information accurately and up-to-date.
The information subject is responsible for any accidents caused by inaccurate information entered by the information subject himself, and if false information is entered, such as stealing other people's information, a problem of violating the law may occur.
In addition to the right to be protected, the data subject also has an obligation to protect himself/herself and not to infringe on the information of others.
Be careful not to leak the personal information of the information subject, and be careful not to damage the personal information of others, including postings.
If you fail to fulfill this responsibility and damage the personal information and dignity of others, you may be subject to punishment according to the relevant laws.
The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
Protection of minor personal information
In principle, the company does not collect personal information if the information subject is a minor. When collecting personal information of minors for unavoidable reasons, we will seek the consent of a legal representative in advance and destroy the information without delay when the purpose of collection and use is achieved or the retention period for which consent was obtained at the time of collection expires.
Power of attorney for personal information processing
The company confirms whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the rights of the information subject.
If there is any dissatisfaction with the refusal of a request for viewing, etc., the information subject may raise an objection to the following organizations.
Personal Information Dispute Mediation Committee (without area code) 1833-6972 http://www.kopico.go.kr
Personal Information Infringement Report Center (without area code) 118 http://privacy.kisa.or.kr
Cyber Investigation Division, Supreme Prosecutors' Office (without area code) 1301 http://spo.go.kr
National Police Agency Cyber Terror Response Center 1566-0112 https://cyberbureau.police.go.kr
National Police Agency Cyber Security Bureau (without area code) 182 https://www.police.go.kr/www/security/cyber.jsp
Matters concerning the installation, operation and rejection of the automatic personal information collection device
Users may collect personal information through “collective items of automatically generated information (cookies, IP, etc.)” in the process of using the company's website. Cookies are temporary files that are automatically created when accessing a website and are stored on the user's computer hard disk. The company uses cookies for the following purposes, and users have the option to save cookies, and by setting options in their web browser, they can accept all cookies or refuse to store cookies.
Purpose of using cookies
Supports a faster web environment by storing user's preferred settings, and uses them to improve services for convenient use. Also, when using services that require login, cookies are used for smooth use without having to re-enter ID and password each time. In addition, cookies are used for customized marketing services such as service usage patterns and event participation identification.
How to refuse cookie settings
Users can accept all cookies or refuse to store cookies in the options of their web browser. If you refuse to store cookies, you may experience difficulties in using customized services.
Example of setting method (for Chrome web browser): You can refuse whether to save cookies through ⁝ > Privacy and Security > Cookies and other site data in the upper right corner.
Personal Information Protection Officer
You can inquire about personal information protection, complaint handling, damage relief, etc. to the person in charge of personal information protection and the department in charge. We will respond and handle inquiries from the information subject without delay.
Privacy Officer
Affiliation : Hung San Hwa Sung
Department : Technology
Name : Ki Hoon, Kim
Email : khkim@hungsan.com
Processing method
Requests such as use for purposes other than personal information use, provision to a third party, destruction, and viewing are recorded and managed, and when the storage period expires, it is permanently deleted (shredded or incinerated in the case of printed materials) in a way that cannot be restored.
Measures to ensure the safety of personal information
The following measures are being taken to ensure the safety of personal information.
Establishment and implementation of internal management plan: 'Standards for technical and managerial protection measures for personal information' (Personal Information Protection Commission Notice No. 2020-5) and 'Standards for measures to ensure safety of personal information' (Personal Information Protection Commission Notice No. 2020-2 ), establish and implement an internal management plan.
Restriction on access to personal information
Restriction on access to personal information: We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the personal information processing system that processes personal information.
Storage of access records
The records of access to the personal information processing system are stored and managed for at least 6 months.
Encryption of personal information
Personal information is safely stored and managed through encryption, etc. In addition, we use a separate security function such as encrypting important data for storage and transmission.
Security Program Installation and Periodic Inspection and Update: To prevent personal information leakage and damage caused by hacking or computer viruses, the security program is installed and periodically inspected and updated.
Access Control for Unauthorized Persons: We establish and operate access control procedures in a separate physical storage location for the personal information processing system that stores personal information.
Notice and change of privacy policy
The personal information processing policy is effective from the effective date, and if there are additions, deletions, or corrections of changes according to laws and regulations, we will notify you through a notice 7 days before the implementation of possible changes. In addition, if it is unavoidable to change the personal information processing policy due to changes in related laws or company policies, we will notify you through a notice on the website.
