My Genomestory :: Privacy policy

「마이지놈스토리 웹사이트」 개인정보 처리방침

적용시기 : 2018-08-01 ~ 2018-10-18

All the personal information handled on [My Genomestory Website] is based on the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act or is collected, retained and processed with the information subject’s consent.

1. Personal Information Collection/Use Purpose, Personal Information Items Collected and Collection Method
A. [My Genomestory Website] processes personal information for the following reasons. The personal information will not be used for any purposes other than those stated below, and if the purpose is changed, the Company shall ask for the information subject’s consent beforehand.
1) Event promotion: event submission, personal identification, prize giveaway, survey
2) Q&A
3) Service statistics
4) Notification for further event and informative annoucement
B. The [My Genomestory Website] processes the following personal information items:
No. Types of information Personal information Collection method
1 Event submission and survey information Company, email address, tel., gender, age The personal information is collected if s/he agrees to its collection and inputs the information herself/himself
2 Questions Email address Collected when the personal information is automatically generated in the service process
3 Service information Date of event submission and questions Collected when the personal information is automatically generated in the service process

2. Provision of Personal Information to Third Parties
The [My Genomestory Website] shall process the information subject’s personal information within the scope specified in “1. Personal Information Collection/Use Purpose, Personal Information Items Collected and Collection Method” only, and shall not process the information outside the original scope or provide it to third parties without the information subject’s consent except the following:

A. When the information subject has given separate consent
B. When there is a special regulation in the legislation
C. When it is deemed to be clearly required for the benefit of the life, body, and property of the information subject or a third party, but the information subject or the legal representative is not in a position to express their intention or it is not possible to receive consent beforehand due to unknown address, etc.
D. When it is necessary for the production of statistics, academic research purposes, etc. and the personal information is provided in a format that does not allow specific individuals to be identified
E. When it is not possible to execute judicial work designated by other legislation, if the personal information is not used for purposes other than the intended purpose or if it is not provided to a third party
F. When it is necessary to provide it to a foreign government or international organization to honor a treaty or other international agreements
G. When it is necessary for a criminal investigation and prosecution and maintaining a prosecution
H. When it is necessary for a court trial proceeding
I. When it is necessary for sentencing and enforcement of preventive custody and protective disposition"

3. Personal Information Processing and Retention Period
A. The [My Genomestory Website] shall process and retain personal information on the basis of the legislation or within the scope of the consent received.
B. The personal information processing and retention period are as follows:"
순번 Personal Information Retained Operation Basis Processing Purpose Retention Period
1 Info. of survey and events submitted Consent from subject Event submission and prize giveaway 5 years
2 Questions Consent from subject Service process and answering questions 5 years
3 Service info. Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce Service process and answering questions 5 years

4. Destroying Personal Information
A. The [My Genomestory Website] shall destroy personal information without delay in cases where it has become unnecessary, such as retention period has expired, the processing purpose has been achieved, etc. However, that is not the case when it has to be retained in accordance with other legislation.
B. The personal information destruction procedure and method are as follows:
① Destruction Procedure
In cases where the personal information has become unnecessary, such as the personal information purpose has been achieved, retention period has expired, the relevant service has been discontinued, business has been terminated, etc. the personal information shall be destroyed without delay on the date that it is deemed unnecessary.
② Destruction Method
Personal information recorded and stored in an electronic file form shall be destroyed so that the record cannot be retrieved, and personal information recorded and stored on paper documents shall be shredded with a paper shredder or incinerated."

5. Consignment of handling collected personal information
A. [My Genomestory Website] consigns personal information processing as follows for the sake of efficiency."""
Consignee / Details of Consignment / Consignment Period
B. In case of consigning personal information processing [My Genomestory Website] processes with document including the following contents according to the Article 26 of Personal Information Protection Act (Limitation to Processing Personal Information Subsequent to Consignment of Work).
① Prevention of processing personal information for other purposes than the consigned purpose;
② Technical and managerial safeguards of personal information; and
③ Other things for the safe management of personal information as stated by the Presidential Decree.
- The purpose and scope of consigned work
- Matters related to restrictions to re-consignment
- Matters concerning safety measures such as restriction of access to personal information
- Matters related to supervision, such as inspection on the status of management of personal information held in connection with the consignment service
- Matters relating to liability such as compensation for damages in case of violation of obligations by the consignee pursuant to Article 26 (2) of the Act
C. In case of consignee change, it will be noticed according to Personal Information Processing Policy."""

6. User and Legal Representative’s Rights and Exercise Method
A. The information subject can exercise the following rights related to personal information protection at any time:
① Demand to view personal information
② Demand to rectify any errors, etc.
③ Demand deletion
④ Demand to stop processing
B. The exercising of rights according to “A” must be done by phone or e-mail, and the [My Genomestory Website] shall respond to it without delay.
C. If the information subject has demanded the rectification or deletion of a personal information error, etc., the [My Genomestory Website] shall not use or provide the relevant personal information until it is rectified or deleted.
D. The exercising of rights according to “A” may be done through an agent, such as the information subject’s legal representative or an entrusted person, etc. In this case, a power of attorney for the personal information processing must be submitted.
E. When there is a demand to view, rectify, delete, or stop processing pursuant to the information subject’s rights, it shall be checked if the person who made the demand is the information subject himself/herself or his/her legitimate agent.

7. Personal Information Security Officer
A. Inquiries about personal information security, complaint handling, damage relief, etc. can be directed to the personal information security officer and the department in charge. They will reply and respond to information subjects’ inquiries without delay.
Category Affiliation Name / Title Contact Number E-mail
Personal Information Security Officer Technology Innovation Division Lee Soo-Gang / Division Head (Managing Director) +82-2-2180-7048
Personal Information Security Staff Technology Innovation Division’s Information Security Team Bae Soo-Young / Personal Information Security Staff

Also, if there is a personal information infringement and there is a need to report or consult about it, the following agencies can offer assistance:

Personal Information Dispute Mediation Committee
(No area code) 1833-6972
Personal Data Infringement Call Center
(No area code) 118
Supreme Prosecutors’ Office Cyber Crime Investigation Division
National Police Agency Cyber Bureau
(No area code) 182

8. Personal Information Safety Security Measures
A. The following measures shall be taken to secure personal information safety:
① Establish and implement internal management plan
An internal management plan shall be established and implemented in accordance with the “Personal Information Technical & Administrative Security Measures Standard” and the “Personal Information Safety Security Measures Standard.”
② Restrict access to personal information
Necessary measures shall be taken to control access to personal information by granting, changing and canceling the authority to access the personal information processing system. A firewall shall be used to restrict unauthorized access from the outside.
③ Retain access records and tampering
Personal information processing system access records shall be retained and managed for at least six months. Access records shall be properly managed to make sure they are not forged, falsified, stolen or lost.
④ Encrypt personal information
Personal information shall be safely stored and managed through encryption, etc. Also, separate security functions shall be used for encrypting important data when storing and transmitting, etc.
⑤ Install security program and inspect and update it regularly
To prevent personal information leaks and damage due to hacking, computer viruses, etc. security programs shall be installed and regularly inspected and updated.
⑥ Restrict access of unauthorized personnel
The personal information processing system, which stores the personal information, shall be kept in a physically separate location, and an access control procedure shall be established and operated.

9. Changes in the Privacy Policy
가. 이 개인정보 처리방침은 2018-08-01 부터 2018-10-18 까지 적용되었습니다.
나. 이전의 개인정보 처리방침은 아래에서 확인하실 수 있습니다.
- 2021-11-01 ~ 현재 적용
- 2020-12-22 ~ 2021-10-31 적용
- 2020-11-16 ~ 2020-12-21 적용
- 2020-03-31 ~ 2020-11-15 적용
- 2019-11-04 ~ 2020-03-30 적용
- 2019-10-22 ~ 2019-11-03 적용
- 2018-10-19 ~ 2019-10-22 적용
- 2018-05-21 ~ 2018-10-18 적용
- 2018-02-12 ~ 2018-05-20 적용
- 2018-01-23 ~ 2018-02-11 적용
- 2017-07-05 ~ 2018-01-22 적용
- 2017-04-01 ~ 2017-07-04 적용
- 2016-12-01 ~ 2017-03-31 적용