Privacy policy

Privacy policy

All personal information handled by CONIS is collected, retained and processed in compliance with the personal information protection regulations in the relevant laws, such as the Personal Information Protection Act and CONIS Personal Information Protection Guide-lines.

In accordance with the Personal Information Protection Act, CONIS has the following handling policies to protect users' personal information and rights and to handle users' complaints related to personal information smoothly. When changing the personal information processing policy, CONIS plans to compare and disclose before and after the change so that the information subject can easily check the time of implementation and the changed content.

Purpose of processing personal information, processing and retention period of personal information, items of personal information to be processed

The CONIS representative website (conisit.com) does not directly collect personal information, and you can check the personal information files registered and disclosed in accordance with Article 32 of the Personal Information Protection Act below.

Personal Information Protection Comprehensive Support Portal (www.privacy.go.kr)
Personal information complaint
Request for viewing of personal information, etc.
Search personal information file list
Enter “CONIS” in the name of the institution and search

Provision of personal information to third parties

CONIS, in principle, processes the personal information of the information subject within the range specified for the purpose of collection and use, and, except in the following cases, does not process beyond the scope of the original purpose or provide it to a third party without the prior consent of the information subject. not.

In case of obtaining separate consent from the information subject
When there are special provisions in the law
In case the information subject or legal representative is unable to express his/her intention or if prior consent cannot be obtained due to unknown address, etc.
When providing personal information in a form that cannot identify a specific individual as it is necessary for the purpose of statistical preparation and academic research
If personal information is not used for purposes other than the intended purpose or if it is not provided to a third party, it is impossible to perform the duties prescribed by other laws and has been deliberated and resolved by the Protection Committee
When it is necessary to provide foreign information or international organizations for the implementation of treaties and other international agreements
When it is necessary for the investigation of a crime and the initiation and maintenance of public prosecution
In case it is necessary to carry out the judicial affairs of the court
When it is necessary for the execution of punishment, probation, and protective measures

Consignment of personal information processing

In case the processing of personal information managed by CONIS is entrusted to another public institution or other specialized institution, personal information acquired in the course of work about a person who was engaged in or engaged in the business is processed without leakage or authority, or provided for use by others. The entrusted department sets the necessary restrictions or procedures for the following so that the entrusted department does not use it for above commented unfair purposes

Matters concerning the prohibition of re-entrustment
Matters concerning the copying of personal information files
Matters related to inspection of management status of personal information and training of affiliated employees
Matters concerning compensation for damages in case of violation of obligations to be complied with by the entrusted institution

Rights and obligations of information subjects and how to exercise them

The information subject can exercise the following rights, and the legal representative of a child under the age of 14 may request to view, correct, delete, or suspend the processing of the child's personal information.

Request to view personal information

Personal information files held by CONIS may request access to their personal information in accordance with Article 35 (Access to Personal Information) of the 「Personal Information Protection Act」.

However, requests for access to personalinformation may be limited as follows in accordance with Article 35 (5) of the Act.
When access is prohibited or restricted by law
If there is a risk of harming the life or body of another person or unfairly infringing on the property and other interests of another person
In the event that a public institution causes asignificant impediment in performing any of the following tasks.

A. Business related to the imposition, collection or refund of tax
B. Tasks related to examinations and qualifications related to academic background, skills, and recruitment
C. Tasks related to the evaluation or judgment in progress regarding the calculation of compensation and benefits, etc.
D. Tasks related to ongoing audits and investigations under other laws

Request for correction/deletion of personal information

Personal information files held by CONIS may be requested for correction or deletion in accordance with Article 36 (Correction and deletion of personal information) of the 「Personal Information Protection Act.
However, if the personal information is specified as a collection target in other laws, the deletion cannot be requested.

Request to suspend processing of personal information

Personal information files held by CONIS may request suspension of processing in accordance with Article 37 of the 「Personal InformationProtection Act」 (Stop processing of personal information, etc.).
However, the request to suspend processing of personal information may be rejected in accordance with Article 37 Paragraph 2 of the Act.

When there are special provisions in the law or it is unavoidable to comply with statutory obligations
If there is a risk of harming the life or body of another person or unfairly infringing on the property and other interests of another person
If a public institution is unable to perform its duties as stipulated in other laws unless it processes personal information
If it is difficult to fulfill the contract, such as not being able to provide the service agreed with the information subject if personal information is not processed, and the data subject does not clearly indicate its intention to terminate the contract

Destruction of personal information

In principle, CONIS destroys personal information without delay when the retention period for personal information has elapsed or the purpose of processing personal information has been achieved.
The procedures, deadlines and methods of destruction are as follows.

Destruction procedure

Personal information is destroyed immediately after the purpose is achieved or after being stored for a certain period in accordance with internal policies and other relevant laws.
Personal information moved to a separate space will not be used for any other purpose, except as required by law.

Destruction period and method of destruction

When the retention period has expired or the personal information becomes unnecessary, such as the achievement of the purpose of processing the personal information or the abolition of the relevant business, it is destroyed without delay. Information in the form of electronic files uses a technical method that cannot reproduce records. Personal information printed on paper is shredded with a shredder or destroyed through incineration.

Measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, CONIS is taking the following technical, managerial and physical measures necessary to ensure safety.

Minimization and training of personnel handling personal information

Employees handling personal information are designated and managed only by the necessary number of people, and training is provided for safe management to employees handling personal information.

Restricting access to personal information

Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and an intrusion prevention system is used to control unauthorized access from outside.

Retention of access records
The records of access to the personal information processing system (web logs, summary information, etc.) are stored and managed for at least 6 months.

Encryption of personal information

Personal information is safely stored and managed through encryption, etc. In addition, we use separate security functions such as encrypting important data when storing and transmitting.

Security program installation and periodic inspection and update

In order to prevent leakage and damage of personal information caused by hacking or computer viruses, security programs are installed and periodically updated and inspected.

Access control for unauthorized persons

The physical storage place of the personalinformation system that stores personal information is separate, and access control procedures are established and operated.

Conduct regular self-inspection

In order to secure the stability of personal information handling, we regularly conduct personal information protection management inspections including affiliated and affiliated organizations.

Establishment and implementation of internal management plan

We have established and implemented an internalmanagement plan for safe handling of personal information.

Personal information protection officer and person in charge

In order to protect personal information and handle complaints related to personal information, CONIS has designated the person in charge of personal information protection and the person in charge as follows ;

Contact: 82-1533-4649

Remedies for Infringement of Rights

Personal Information Dispute Mediation Committee: (without area code) 82-118 (privacy.kisa.or.kr)
Personal Information Infringement Report Center: (without area code) 82-118 (privacy.kisa.or.kr)
Supreme Prosecutor's Office Cyber ​​Crime
Investigation Team:
82-2-3480-3571 (cybercid@spo.go.kr)
National Police Agency Cyber ​​Terror Response Center: 82-1566-0112 (www.netan.go.kr)
In addition, A person whose rights or interests havebeen infringed due to a disposition or omission taken by the head of a public institution in response to the request of the information subject for access, correction, deletion, suspension of processing, etc.
Further more information on administrative adjudication, please refer to the website of the Anti-Corruption and Civil Rights Commission (www.acrc.go.kr).