Personal information processing policy
All personal information handled by Junggomall of Korea SMEs and
Startups Agency is handled based on applicable laws or consent from information subject.
Junggomall of Korea SMEs and Startups (hereinafter referred to as KOSME) complies with Personal Information Protection Act and applicable laws to handle and manage personal information
legally and safely. KOSME established and disclosed the policy as follows to protect the personal information and rights of information subjects and handle grievances smoothly and di
| Major personal information processing labeling | ||
|---|---|---|
General personal information |
Purpose of personal information processing |
Personal information retention period |
Provision of personal information |
Consignment of processing |
Grievances handling department |
Article 1. Purpose of Handling Personal Information, Processing and Retention Period and Items, etc.
① The purpose of processing personal information files, retention period and items processed and held by Junggomall of KOSME are as follows.
| No. | Personal information file | Operating standards | Purpose of processing | Processing and retention period | Kinds of personal information to be processed |
|---|---|---|---|---|---|
| 1 | Management of Junggomall individual members | Article 74 (Consent of Information Subject) of Small and Medium Enterprises Promotion Act | Provision of Junggomall service and membership management | 5 years | Name, e-mail, mobile phone, address, tel, fax, company name, business registration number, department name, position/title, corporate telephone number |
| 2 | Management of Junggomall corporate members | Article 74 (Consent of Information Subject) of Small and Medium Enterprises Promotion Act | Provision of Junggomall service and membership management | 5 years | Company name, CEO name, CEO e-mail, business registration number, CEO mobile phone number, company address, fac, company type, name of responsible person, e-mail of responsible person, mobile phone of responsible person |
Article 2 Registration Status of Personal Information Files
- ① Junggomall of KOSME handles the personal information within the scope of work specified in the personal information processing policy such as execution of relevant work and complaints handling and manages personal information files according to Article 32 of the Personal Information Protection Act.
- ② ② You can check details of personal information file by clicking “View personal information file management log” and the same information is also available on portal for personal information protection.
※ Personal information protection support portal of the personal Information Protection Commission(www.privacy.go.kr) => Personal information claims=> Request for reading personal information
View personal information file
Article 3. Matters Related to Provision of Personal Information to the Third Party
- ① Junggomall of KOSME provides the personal information to the third party as follows.
※ Companies have the right to refuse consent, and if consent is refused, we inform you that some services may not be provided due to non-provision of information from public institutions (recipients) affiliated with the government and the Ministry of SMEs and Startups.개인정보를 제3자에게 제공 안내표 No. Receiving party Purpose of using personal information of receiving party Personal information to be provided Personal information retention and use period of receiving party 1 Ministry of the Interior and Safety Public I-PIN authentication
I-PIN(personal identification number)No separate specification as the personal information is already held by the Ministry of the Interior and Safety 2 NICE credit rating information Mobile phone authentication
Mobile phone number, communications service provider information, date of birth, nameNo separate specification as the information is already held by the receiving party 3 Government (central government, local government) - Laying the foundation for data, administration vitalization and joint utilization for SMEs
- Data utilization for expanding unique business of each organization and identifying new business
- Analyzing policy research outcome of SMEs and supporting statistics management
Mobile phone number, communications service provider information, date of birth, name, gender, foreigner or notDestruction as soon as the purpose is achieved from 2 years after the filling out of consent form 4 KG Inicis - Basic corporate information such as business registration number, corporate number, company name, address, contact (telephone, e-mail), CEO name Basic financial information such as corporate management, technology guarantee, re-assurance, financial information
- Evaluation information such as corporate evaluation and corporate certification
- Other export support, project management, technology transfer, intellectual property rights, corporate history - ② Junggomall of KOSME does not process or provide the information to the third party for purposes other than original purpose of personal information processing in principle.
However, personal information may be provided to the third party for the following cases.- 1. In case of obtaining separate consent from the information subject
- 2. When there are special provisions in the law
- 3. In cases where the data subject or legal representative is unable to express his/her intention or obtain prior consent due to unknown address, etc., it is clearly recognized as necessary for the immediate interests of the life, body, and property of the information subject or a third party if it becomes
- 4. When personal information is provided in a form (pseudonymized information) in which a specific individual cannot be identified as necessary for the purpose of statistical writing, scientific research, or preservation of public interest records
- 5. If personal information is used for purposes other than the intended purpose or if it is not provided to a third party, it is impossible to carry out the duties prescribed by other laws, and the protection committee has deliberated and decided.
- 6. Where it is necessary to provide information to foreign countries or international organizations for the implementation of treaties and other international agreements
- 7. Where it is necessary for the investigation of a crime and the filing and maintenance of a public prosecution
- 8. When it is necessary for the court's trial work
- 9. When it is necessary for the execution of punishment, probation, and protective disposition
Article 4 Matters Related to Consignment of Personal Information Processing
- ① Junggomall of KOSME consigns the personal information processing as follows.
개인정보 처리업무를 위탁 안내표 No. Consignment business name Consigned job Agency Department in charge 1 Junggomall of KOSME System development and maintenance SISYSTEMS Structural Innovation Department - ② Upon signing consignment agreement, we specify the compliance with personal information protection laws, ban on the provision of personal information to the third part and responsibilities clearly and keep the agreement. In addition, if there is change in processing agency, notification will be made via personal information processing policy.
Article 5 Rights and Obligations of Information Subjects and Their Legal Representatives and Method of Exercising the Rights
- ① Information subject or legal representative may inquire or modify personal information of him or her or children under age of 14 or may request cancellation of sign-up.
- ② In order to inquire or modify personal information of information subject or children under the age of 15., use the menu “member information management (or member information revision)”For cancellation of membership (withdrawal from consent)”, go through authentication procedure after clocking “withdrawal from membership”. Then one my request reading of personal information, suspension of personal information processing or correction or deletion (destruction) if there is error in the information.
- ③ If an information subject requests correction of errors in personal information, the personal information will not be used until the correction is made. If the incorrect personal information is provided already to the third party, correction results should be notified to the third party without delay so that correction can be made.
- ④ Junggomall of KOSME processes the personal information cancelled or deleted at the request of information subjects or legal representatives (in this case, power of attorney in the form of Appendix 1-1 of the Enforcement Rule of the Personal Information Act shall be submitted) based on the rules specified in the “Period of Personal Information Retention and Use” and the personal information shall not be read or used for other purposes.
Article 6 Department Registering and Handling Claims for Reading Personal Information
The information subject can request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. If you contact us in writing, by phone or e-mail after filling out the form in Annex 8 of the Rules of Conduct under the Personal Information Protection Act, we will take action without delay.
| Department Registering and Handling Claims for Reading Personal Information | Person in charge | Contact |
|---|---|---|
| Structural Innovation Department | Administrator Kwon Hye-ran | 055-751-9705 khr@kosmes.or.kr |
* [Appendix 8 of the Enforcement Regulations of the Personal Information Protection Act] Request for personal information (view, correction/deletion, suspension of processing)
* [Appendix No. 11 of the Enforcement Regulations of the Personal Information Protection Act] Power of Attorney
Article 7 Measures to Secure Safety of Personal Information
Junggomall of KOSME takes following safety measures in order to secure safety of handling personal information of information subjects to make sure that the personal information is not lost, stolen, leaked, forged or damaged.
- ① Establishment and implementation of internal control plan
The internal control plan is established and implemented according to the standards for ensuring safety of personal information protection. - ② Minimization of the number of people handling personal information and training
Employees handling personal information are limited to the person in charge, and a separate password is given for this purpose, which is regularly updated, and compliance with the personal information protection policy is always emphasized through regular training for the person in charge. - ③ Restriction on the access to personal information
We take necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that handles personal information, and we control unauthorized access from outside using an intrusion prevention system. - ④ Encryption of personal information
The password of the member ID (ID) is encrypted and stored and managed so that only the member knows it, and checking and changing personal information can only be done by the person who knows the password. In addition, separate security features such as encrypting important data during storage and transmission are utilized. - ⑤ Storage and inspection of access log
Records of access to the personal information processing system (web log, summary information, etc.) are kept and managed for at least one year to prevent forgery, alteration, theft, and loss, and access records are recorded once a month to respond to leakage, alteration, and damage. - ⑥ Prevention of malicious programs
We are doing our best to prevent leakage or damage of members' personal information due to hacking or computer viruses.
In addition, we use an intrusion prevention system to control unauthorized access from outside, and we strive to equip all possible technical devices to ensure systemic security. - ⑦ Prevention of physical access
The physical storage location of the personal information system that stores personal information is set aside, and access control procedures are established and operated. - ⑧ Other management
Article 8 Procedures and Methods of Destroying Personal Information
In principle, the personal information of the information subject is destroyed without delay when the purpose of collection and use of personal information is achieved. Personal information destruction procedures and methods are as follows.
- ① Procedure of destruction
The information entered by the information subject for membership registration, etc., is transferred to a separate DB after the purpose is achieved (separate filing cabinet in the case of paper) in accordance with internal policies and reasons for information protection pursuant to other relevant laws (see retention and use period) It is stored for a certain period of time and then destroyed. This personal information will not be used for any purpose other than being retained unless otherwise required by law. - ② Method of destruction
Personal information printed on paper is shredded with a shredder or destroyed by incineration. Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.
Article 9 Installation and Operation of Devices that Collect Personal Information Automatically and Rejection of Such Devices
- ① Our website uses 'cookies' that store and retrieve usage information from time to time to provide personalized services to users.
- ② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser, and is also stored on the hard disk of the user's PC computer.
- 1. Purpose of using cookies: It is used to provide optimized information to users by enabling them to set up frequently visited services.
- 2. Installation, Operation, and Rejection of Cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Personal Information menu at the top of the web browser.
- 3. If you refuse to save cookies, you may experience difficulties in using personalized services.
Article 10. Remedy for Infringement of Rights of Information Subjects
- ① For general inquiries related to personal information, legal inquiries, reports of personal information infringement, etc., via online or phone, etc., please contact us at the following contact information
Structural Innovation Department, KOSME
- E-mail : khr@kosmes.or.kr
- Tel : 055-751-9705
- ② In addition, information subjects can inquire about damage relief and consultation for personal information infringement at the following organizations.
< The organizations below are independent from KOSME. If you are not satisfied with the results of personal information complaint handling and damage relief by KOSME, or if you need more detailed help, please contact us.>
Personal Information Infringement Report Center (run by Korea Internet & Security Agency)
- Responsibilities : Reporting personal information infringement cases, application for counseling
- Website : privacy.kisa.or.kr
- Tel : (Without area code)118
- Address : 9 Jinheung-gil, Naju-si, Jeollanam-doKorea Internet & Security Agency
Personal Information Dispute Mediation Committee
- Responsibilities : Personal information dispute mediation application, collective dispute mediation (civil settlement)
- Website : www.kopico.go.kr
- Tel : 1833-6972
- Address : 4th floor, Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul
Cyber Crime Investigation Group, Supreme Prosecutors’ Office
- (Without area code) 1301, privacy@spo.go.kr(www.spo.go.kr)
Cyber Safety Bureau of National Police Agency
- (Without area code) 182, (ecrm.cyber.go.kr/minwon/main)
Cyber Safety Bureau of Central National Police Agency
- (Without area code) 110, (www.simpan.go.kr)
☞ Refer to telephone number guide of Administrative Appeals (www.simpan.go.kr)
Article 11 Chief Privacy Officer, Department in Charge of Handling Grievances and Contact
Junggomall of KOSME appoints chief privacy officer in order to protect public rights and execute public work properly by securing the legality and legitimacy of personal information and procedures. If you find any concerns that can infringe the rights of information subjects such as possibility of leaking personal information held by Junggomall of KOSME, please contact the person or department below.
- 1. Chief Privacy Officer (CPO)
- Name : Kim Byeong-soo
- Title/Position: Head of Administrative Support Division
- E-mail: : mj1210@kosmes.or.kr
- Tel: 055-751-9201
- 2. Department handling grievances
- Department: Structural Innovation Division
- Person in charge: Kwon Hye-ran
- Title/position: Administrator
- E-mail: khr@kosmes.or.kr
- Tel : 055-751-9705
※ We will always guide and supervise the use of personal information collected in accordance with the provisions of laws and regulations for the purpose of collection and processing.
Article 12 Matters Related to Operation and Management of Image Information Processing Device
If you have any questions related to the operation/management of video data processing devices, such as general inquiries or legal inquiries, regarding video data processing devices online or by phone, etc., please contact us at the following address.
Emergency Safety Office, KOSME Choi Joon-yeol
- E-mail: : cjy324@kosmes.or.kr
- Tel : 055-751-9456
Upon receiving complaints, counselors review them first, classify them according to the content and provide an answer. In principle, we will respond online within 7 days (14 days for statutory inquiries) for matters that can be concluded with a brief consultation response. However, we will make every effort to ensure that consultations are handled as quickly as possible.
Article 13 Matters Related to Processing of Pseudonymous Information
- ① Junggomall of KOSME may pseudonymize the personal information to make sure that certain individuals cannot be identified using its own solution for statistics, scientific research and record retention for public interest.
- ② In the event of pseudonymization and provision of pseudonymous information to a third party, the details will be disclosed in the personal information processing policy.
Article 14 Results of Evaluation on Personal Information Impact
- ① KOSME receives “personal information impact evaluation” according to Article 33 of the Personal Information Protection Act in order to investigate, analyze and evaluate the impact of the personal information processing system run by KOSME on personal information file of information subject and Junggomall is not subject to personal information impact evaluation.
Article 15 Results on the Level of Personal Information Management
- ① KOSME receives “inspection on the level of personal information management at public institutions” conducted by the Personal Information Protection Committee according to Article 11 of the Personal Information Protection Act in order to manage personal information of information subject safety.
- ② Evaluation results are as follows.
개인정보 관리수준평가 결과 안내표 Year 2017 2018 2019 2020 2021 Evaluation results Fair Good Good Good Good
Article 16 Judgement Criteria on Additional Use and Provision
Junggomall of KOSME considers following matters if it intends to use or provide personal information without consent from information subjects according to Article 15(3) or Article 17(4) of the Act.
- 1. Whether or not it is related to the original purpose of collection
- 2. In light of the circumstances in which personal information was collected or processing practices, there is no predictability of further use or provision of personal information.
- whether there is
- 3. Whether the interest of the information subject is unfairly infringed
- 4. Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption
Article 17 Matters Related to the Changes in Personal Information Processing Policy
Notification is omitted in case of changes for reasons of changes in quantity of personal information files.
This personal information processing policy shall be effective from March 1, 2023.
