KEPCO Nuclear Fuel (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of data subjects and to handle grievances related to personal information promptly and smoothly.
Privacy Policy Table of Contents
- Purpose of
Personal Information Processing - Processing and Retention Period of Personal Information,
Items of Personal Information Being Processed - Personal Information
File Registration Status - Results of
Personal Information Impact Assessment - Provision of
Personal Information to Third Parties - Outsourcing of
Personal Information Processing Tasks - Destruction of Personal Information
- Rights and Obligations of Legal Representatives
and Data Subjects - Operation of Automatic
Collection Devices - Processing of Pseudonymous Information
- Chief Privacy Officer and
Person in Charge - Department in Charge of Access Requests
- Methods of Remedy
for Infringement of Rights and Interests - Personal Information
Management Level Assessment - Measures to Ensure the Security
- Changes to the Privacy Policy
Purpose of Personal Information Processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
| Personal Information Processing Tasks | Purpose of Processing | Name of Personal Information File |
|---|---|---|
| Management of job applications | Talent recruitment | Job applications |
| Provision of training services to outsiders | Provision of training services | Provision of training services to outsiders |
| Access control | Prevention of security incidents and terrorism | Access control |
| Radiation-controlled area access control (radiation workers) | Radiation safety management of entrants to nuclear material processing facilities | Radiation-controlled area access control for radiation workers |
| Radiation-controlled area access control (temporary and occasional entrants) | Radiation safety management of entrants to nuclear material processing facilities | Access control for temporary and occasional entrants to radiation-controlled areas |
| Management of human rights violation reports | Civil complaint handling | Not registered (Reason: 0 cases) |
| Management of public innovation proposals | Civil complaint handling | Not registered (Reason: 0 cases) |
Processing and Retention Period of Personal Information, Items of Personal Information Being Processed
The Company processes and retains personal information within the retention period prescribed by law or within the period consented to by the data subject at the time of collection. The items of personal information retained by the Company are as follows or can be confirmed through the Personal Information Protection Commission’s Personal Information Protection Portal.
| Personal Information Processing Tasks | Items of Personal Information | Retention Period |
|---|---|---|
| Management of job applications | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Provision of training services to outsiders | Name, affiliation, contact information | Until completion of training |
| Access control | Korean nationals: Name, date of birth, affiliated organization, contact information, address Foreign nationals: Passport number, alien registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control (radiation workers) | Name, resident registration number, affiliated organization, contact information | Until termination of the processing business |
| Radiation-controlled area access control (temporary and occasional entrants) | Name, resident registration number, affiliated organization, contact information | 10 years |
| Management of human rights violation reports | Name, address, contact information, affiliated organization | 5 years |
| Management of public innovation proposals | Name, age group, contact information, email address | 2 years |
Personal Information File Registration Status
Pursuant to Article 32 of the Personal Information Protection Act, the list of personal information files registered and disclosed by the Company is as follows.
| Name of Personal Information File | Items of Personal Information | Retention Period |
|---|---|---|
| Job applications | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Provision of training services to outsiders | Name, affiliation, contact information | Until completion of training |
| Access control | Korean nationals: Name, date of birth, affiliated organization, contact information, address Foreign nationals: Passport number, alien registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control (radiation workers) | Name, resident registration number, affiliated organization, contact information | Until termination of the processing business |
| Radiation-controlled area access control (temporary and occasional entrants) | Name, resident registration number, affiliated organization, contact information | 10 years |
Results of Personal Information Impact Assessment
The Company has no applicable cases subject to a personal information impact assessment.
Provision of Personal Information to Third Parties
In principle, the Company does not provide the collected personal information to third parties. However, personal information may be provided to third parties in the following cases, unless it is deemed likely to unduly infringe upon the interests of the user or third party.
- Where special provisions exist under the law
- Where separate consent is obtained from the data subject
- Where the data subject or legal representative is unable to express intent, or where prior consent cannot be obtained due to reasons such as an unknown address, and it is deemed necessary for the urgent protection of the life, body, or property interests of the data subject or third party
- Where necessary for statistical preparation or academic research, provided that the personal information is provided in a form that does not identify a specific individual
- Where it is impossible to perform duties prescribed by other laws without using personal information for purposes other than its original purpose or providing it to a third party, and the case has undergone deliberation and resolution by the Personal Information Protection Commission
- Where it is necessary to provide to a foreign government or international organization for the implementation of treaties or other international agreements
- Where necessary for the investigation of crimes, or for the initiation and maintenance of public prosecution
- Where necessary for the performance of judicial duties by the court
- Where necessary for the execution of punishment, custody, or protective disposition
- Where urgently required for public health, safety, and welfare
Outsourcing of Personal Information Processing
- The Company outsources the following personal information processing tasks to ensure the smooth handling of personal information operations.
Table describing entrusted parties (trustees) and details of outsourced tasks. Entrusted Party (Trustee) Details of Outsourced Tasks Ratoz ENG External exposure inspection Korea Atomic Energy Research Institute Internal exposure inspection Iljin Rad Co., Ltd. Access training for controlled areas KNF Partners Co., Ltd. Special security services and access control NICE Information Service Co., Ltd. Identity verification for access applications on the website Saramin HR Co., Ltd. Talent recruitment - When entering into an outsourcing contract, the Company specifies in the contract documents matters concerning prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages. The Company also supervises the trustee to ensure that personal information is processed safely.
Destruction Procedure and Method of Personal Information
- The Company shall destroy personal information without delay once the retention period has expired or the purpose of processing has been achieved. However, this shall not apply where preservation is required under other laws.
- If the retention period has expired or the purpose of processing has been achieved, but the personal information must continue to be preserved under other laws, it shall be transferred to a separate database or stored in a different location. Such personal information will not be used for any other purpose unless otherwise required by law.
- Electronic files shall be permanently deleted in a manner that renders recovery impossible, while printouts shall be destroyed by shredding or incineration.
Rights, Obligations, and Methods of Exercising Rights of Data Subjects and Their Legal Representatives
- The data subject may exercise the following rights related to personal information with the Company at any time.
- Request for access to personal information
- Request for correction if there are errors
- Request for deletion
- Request for suspension of processing
- Notification of collection source, etc.
- The legal representative of a child under the age of 14 may exercise the same rights regarding the child’s personal information.
- The exercise of rights may be requested by completing the prescribed form in Annex Form No. 8 of the Enforcement Rules of the Personal Information Protection Act via written document, email, or other means, and the Company will take action without delay.
- If the data subject requests correction or deletion of errors in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion is completed.
- The exercise of rights may also be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
- When a request for access, correction, deletion, or suspension of processing is received, the Company verifies whether the requester is the data subject or a legitimate representative.
Annex Form No. 8 of the Enforcement Rules of the Personal Information Protection Act (Request Form) Annex Form No. 11 of the Enforcement Rules of the Personal Information Protection Act (Power of Attorney)
Installation, Operation, and Refusal of Devices That Automatically Collect Personal Information
The Company does not operate devices that automatically collect personal information.
Processing of Pseudonymized Information
The Company does not process pseudonymized information.
Chief Privacy Officer and Person in Charge of Personal Information Protection
The Company designates the following Chief Privacy Officer to protect personal information and to handle complaints and remedy damages of data subjects related to personal information processing.
| Category | Chief Privacy Officer | Person in Charge of Personal Information Protection |
|---|---|---|
| Name | Sunnam Lee | Minsoo Kim |
| Department | Digital Security Office | Digital Security Office |
| Position | Director | General Manager |
| Contact | 042-868-1008 | 042-868-1418 |
| snlee@knfc.co.kr | mskim@knfc.co.kr |
Department in Charge of Receiving and Processing Requests for Access to Personal Information
The Company provides the following information on the persons in charge of each personal information processing task to protect the personal information of data subjects and to promptly and accurately handle related requests and inquiries.
| Personal Information Processing Tasks | Responsible Department | Person in Charge | Contact Information |
|---|---|---|---|
| Management of job applications | Human Resources Development Department | Songhee Han | Tel) 042-868-1394 Email) shhan925@knfc.co.kr |
| Provision of training services to outsiders | Human Resources Development Department | Danbi Ha | Tel) 042-868-1173 Email) dbha@knfc.co.kr |
| Access control | Security and Protection Department | Soojong Lee | Tel) 042-869-3240 Email) yisj@knfc.co.kr |
| Radiation-controlled area access control (radiation workers) | Radiation Control Department | Gyudong Choi | Tel) 042-868-1619 Email) gdchoi@knfc.co.kr |
| Radiation-controlled area access control (temporary and occasional entrants) | |||
| Management of human rights violation reports | ESG Strategy Team | Dohee Nam | Tel) 042-869-3276 Email) dhnam@knfc.co.kr |
| Management of public innovation proposals | ESG Strategy Team | Dayoung Joo | Tel) 042-869-3019 Email) dyjoo@knfc.co.kr |
Methods of Remedy for Infringement of Rights and Interests
The data subject may contact the following organizations for remedies and consultation regarding personal information infringement. The following organizations are separate from the Company, and you may contact them if you are not satisfied with the results of their own personal information complaint handling or redress, or if you require more detailed assistance.
- Personal Information Dispute Mediation Committee: 1833-6972 (https://www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (https://privacy.kisa.or.kr)
- Information Security Mark Certification Committee: 02-550-9531~2 (http://eprivacy.or.kr)
- National Police Agency Cyber Bureau: 182 (without area code) (http://cyberbureau.police.go.kr)
Results of Personal Information Management Level Assessment
- In order to safely manage the personal information of data subjects, the Company undergoes the “Personal Information Management Level Assessment for Public Institutions” conducted annually by the Personal Information Protection Commission in accordance with Article 11 of the Personal Information Protection Act.
- The Company received an “S” grade in the 2022 Personal Information Management Level Assessment, achieving the highest grade for three consecutive years.
Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information.
- Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
- Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
- Physical measures: Access control for computer rooms and data storage rooms
Changes to the Privacy Policy
- The current Privacy Policy will apply from the effective date, and in the event of any additions, deletions, or revisions due to changes in laws or policies, the changes will be disclosed on the Company’s website at least seven days prior to the effective date.
Comparison Table of New and Old Provisions of the Privacy Policy (as of October 10, 2023) - Date of Notice: October 10, 2023
- Effective Date: October 17, 2023
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (November 23, 2023 ~ September 26, 2024)
- Privacy Policy (October 12, 2022 ~ October 9, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (October 29, 2020 ~ June 13, 2021)
- Privacy Policy (June 2, 2020 ~ October 28, 2020)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 21, 2017 ~ June 7, 2018)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)