The Institute for Policy and Strategy on National Competitiveness (hereinafter referred to as the “IPSNC”) complies with the Personal Information Protection Act and related laws to protect the freedom and rights of data subjects. It legally processes and safely manages personal information. In accordance with Article 30 of the Personal Information Protection Act, IPSNC establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards regarding the processing and protection of personal information. This policy is also intended to ensure the prompt and efficient handling of any related grievances.

 

Article 1 (Purpose of Processing Personal Information, Collected Items, Retention, and Usage Period) ①IPSNC processes personal information for the following purposes. The personal information collected shall not be used for any purpose other than those specified below. If the purpose of use is changed, IPSNC will take the necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.

 

1) Processing of Product Orders and Payments

- Legal Basis: Article 15(1)(4) of the Personal Information Protection Act (“Performance of Contract”)
- Collected and Processed Items: Name, contact information, email, purchase details (products, quantity, amount), payment information
- Retention Period: 5 years (pursuant to Article 6 of the Electronic Commerce Act)

2) Inquiry Handling

- Legal Basis: Article 15(1)(1) of the Personal Information Protection Act (“Consent of the Data Subject”)
- Collected and Processed Items: Name, contact information, email, inquiry details
Retention Period: 1 year (until the purpose of use is achieved)

 

②IPSNC collects and uses personal information to the minimum extent necessary for service provision in accordance with the Personal Information Protection Act.

 

Article 2 (Provision of Personal Information to Third Parties) ①IPSNC processes personal information only within the scope specified for processing purposes. It provides personal information to third parties only in cases where the data subject has given consent, where there are special provisions under the law, or where it falls under Articles 17 and 18 of the Personal Information Protection Act. Except in such cases, IPSNC does not provide personal information to third parties. ②In the event of emergencies such as disasters, infectious diseases, incidents or accidents that pose an imminent threat to life and body, or urgent situations involving significant property loss, IPSNC may provide personal information to relevant authorities without the data subject’s consent, in accordance with applicable laws and regulations.

 

Article 3 (Outsourcing of Personal Information Processing) ①IPSNC outsources personal information processing tasks as follows to ensure the smooth handling of personal information-related operations:

1) Entrusted Party: Wix.com LED

- Entrusted Task: Provision of website services

- Retention and Usage Period of Personal Information: Until the termination of the outsourcing contract (upon service cancellation)

- Contact Information: https://ko.wix.com/about/contact-us

②If there are any changes to the details of the entrusted tasks or the entrusted party, IPSNC will promptly disclose such changes through this Privacy Policy without delay.

 

Article 4 (Rights and Obligations of the Data Subject and Legal Representative and Methods of Exercise) ①The data subject may exercise their rights (hereinafter referred to as “exercise of rights”) at any time with respect to IPSNC, including requests for access, correction, deletion, suspension of processing, withdrawal of consent, objection to automated decision-making, or requests for explanations regarding automated decisions.

※ Requests for access to personal information of children under the age of 14 must be made directly by their legal representative. However, a data subject who is a minor aged 14 or older may exercise their rights either personally or through their legal representative.

②The exercise of rights may be carried out through written documents, email, fax (facsimile transmission), or other methods in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. IPSNC shall take prompt action without delay upon receiving such requests.

③The exercise of rights may also be carried out through a legal representative or an authorized agent. In such cases, a power of attorney must be submitted in accordance with Annex Form No. 11 of the “Notification on Personal Information Processing Methods”.

④The right to request access to or suspension of processing of personal information may be restricted in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.

⑤If the data subject has consented to automated decision-making, has been notified in advance through a contract, or if it is explicitly stipulated by law, the right to object to automated decision-making shall not be recognized. However, the data subject may still request an explanation or review of the automated decision.

- Additionally, if the objection or request for explanation regarding an automated decision poses a risk of unjustly infringing on another person's life, body, property, or other rights and interests, the request may be denied for legitimate reasons.

⑥IPSNC verifies whether the person exercising their rights is the data subject themselves or a duly authorized representative. The exercise of rights may be made to the following department of IPSNC.

⑦IPSNC will make every effort to ensure that the data subject’s exercise of rights is processed promptly.

 

Department for Receiving and Processing Requests for Access to Personal Information

Department Name: Secretariat of the Institute for Policy and Strategy on National Competitiveness

Address: 7th Floor, 203 Sinchon-ro, Seodaemun-gu, Seoul, South Korea

Contact Information: 070-7012-2714, syfang@assist.ac.kr

 

Article 5 (Destruction of Personal Information) ①IPSNC shall promptly destroy personal information without delay when the retention period has expired or when the purpose of processing has been achieved, rendering the personal information no longer necessary.

②If the retention period agreed upon by the data subject has expired, or if the purpose of processing has been achieved but the personal information must be retained in accordance with other legal provisions, IPSNC shall transfer the relevant personal information (or personal information files) to a separate database (DB) or store them in a different location.

③The procedures and methods for the destruction of personal information are as follows.

1. Destruction Procedure

IPSNC shall establish a destruction plan for personal information (or personal information files) that is subject to disposal. IPSNC shall select the personal information (or personal information files) for disposal once the reason for destruction arises and shall obtain approval from IPSNC’s Personal Information Protection Officer before proceeding with the destruction.

2. Destruction Method

Personal information stored in electronic file format shall be permanently deleted using an irreversible method to prevent data recovery. Personal information recorded and stored in paper documents shall be shredded using a paper shredder or incinerated to ensure complete disposal.

 

Article 6 (Measures to Ensure the Security of Personal Information) ①IPSNC implements the following measures to ensure the security of personal information.

1. Administrative Measures: Establishment and implementation of an internal management plan, regular employee training, etc.

2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs.

3. Physical Measures: Access control for computer rooms, data storage rooms, and other restricted areas.

 

Article 7 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices) ①IPSNC uses cookies to store and retrieve user information from time to time in order to provide personalized services to users.

②Cookies are small pieces of data sent by a website’s server to a user’s web browser, which are then stored on the user’s PC or mobile device.

③The data subject may enable or disable cookies through their web browser settings. However, if cookies are disabled, the use of certain personalized services may be restricted.

▶Enabling/Disabling Cookies in Web Browsers

• Chrome: Go to Browser Settings > Privacy and Security > Clear Browsing Data

• Edge: Go to Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data

▶Enabling/Disabling Cookies in Mobile Browsers

• Chrome: Go to Mobile Browser Settings > Privacy and Security > Clear Browsing Data

• Safari: Go to Device Settings > Safari > Advanced > Block All Cookies Samsung Internet: Go to Mobile Browser Settings > Browsing History > Clear Browsing Data

 

Article 8 (Personal Information Protection Officer and Requests for Access to Personal Information) ①IPSNC designates the following Personal Information Protection Officer to take overall responsibility for the processing of personal information, handling complaints from data subjects, and providing remedies for damages related to personal information processing.

 

1. Personal Information Protection Officer

○ Name: Huang DiLong

○ Contact: 02-360-0762, dlhuang@assist.ac.kr

 

2. Personal Information Protection Department

○ Department: Secretariat

○ Contact: 070-7012-2714, syfang@assist.ac.kr

※ Inquiries will be directed to the Personal Information Protection Department.

 

②Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection that arise while using IPSNC’s services (or business activities). IPSNC shall respond and process such inquiries without delay.

 

Article 9 (Remedies for Infringement of Rights and Interests) ①If a data subject seeks a remedy for personal information infringement, they may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA). Additionally, for filing reports or seeking consultation regarding personal information infringement, data subjects may contact the following agencies.

1. Personal Information Dispute Mediation: 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)

②IPSNC endeavors to protect the data subject’s right to informational self-determination and support the resolution of complaints and remedies related to personal information infringement. If a data subject needs to file a report or seek consultation, they may contact the following department.

▶Personal Information Protection Consultation and Reporting

Department: Secretariat

Contact: 070-7012-2714, syfang@assist.ac.kr

③If a data subject's rights or interests are infringed due to a disposition or omission by the head of a public institution in response to a request under the Personal Information Protection Act —including Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing)—they may file an administrative appeal in accordance with the Administrative Appeals Act.

▶Central Administrative Appeals Commission: 110 (www.simpan.go.kr)

 

Article 10 (Additional Efforts for Personal Information Protection) ①IPSNC makes every effort to safely manage users' personal information and implements additional protective measures beyond those required by the Personal Information Protection Act to ensure the security of personal information.

 

Article 11 (Amendments to the Privacy Policy) ①This Privacy Policy shall take effect from February 1, 2024.