KEPCO Nuclear Fuel (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of data subjects and to handle grievances related to personal information promptly and smoothly.
Privacy Policy Table of Contents
- Purpose of
Personal Information Processing - Processing and Retention Period of Personal Information,
Items of Personal Information Being Processed - Personal Information
File Registration Status - Results of
Personal Information Impact Assessment - Provision of
Personal Information to Third Parties - Outsourcing of
Personal Information Processing Tasks - Destruction of Personal Information
- Rights and Obligations of Legal Representatives
and Data Subjects - Operation of Automatic
Collection Devices - Processing of Pseudonymous Information
- Chief Privacy Officer and
Person in Charge - Department in Charge of Access Requests
- Methods of Remedy
for Infringement of Rights and Interests - Personal Information
Management Level Assessment - Measures to Ensure the Security
- Changes to the Privacy Policy
Purpose of Personal Information Processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
| Personal Information Processing Tasks | Purpose of Processing | Name of Personal Information File |
|---|---|---|
| Management of job applications | Talent recruitment | Job applications |
| Provision of training services to outsiders | Provision of training services | Provision of training services to outsiders |
| Access control | Prevention of security incidents and terrorism | Access control |
| Radiation-controlled area access control (radiation workers) | Radiation safety management of entrants to nuclear material processing facilities | Radiation-controlled area access control for radiation workers |
| Radiation-controlled area access control (temporary and occasional entrants) | Radiation safety management of entrants to nuclear material processing facilities | Access control for radiation-controlled areas |
| Management of human rights violation reports | Civil complaint handling | Not registered (Reason: 0 cases) |
| Management of public innovation proposals | Civil complaint handling | Not registered (Reason: 0 cases) |
| Employee personnel management | Processing of employee personnel tasks | Employee personnel management |
| Employee training management | Processing of employee training tasks | Employee training management |
Processing and Retention Period of Personal Information, Items of Personal Information Being Processed
The Company processes and retains personal information within the retention period prescribed by law or within the period of use consented to by the data subject at the time of collection of personal information. The items of personal information processed by the Company are as follows.
| Personal Information Processing Tasks | Items of Personal Information | Retention Period |
|---|---|---|
| Management of job applications | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Provision of training services to outsiders | Name, affiliation, contact information | Until completion of training |
| Access control | Korean nationals: Name, date of birth, affiliated organization, contact information, address Foreign nationals: Passport number, foreigner registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control (radiation workers) | Name, resident registration number, affiliated organization, contact information | Until the termination of the processing business |
| Radiation-controlled area access control (temporary and occasional entrants) | Name, resident registration number, affiliated organization, contact information | 10 years |
| Management of human rights violation reports | Name, address, contact information, affiliated organization | 5 years |
| Management of public innovation proposals | Name, age group, contact information, email address | 2 years |
| Employee personnel management | Name, resident registration number, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | Permanent |
| Employee training management | Name, date of birth, phone number, mobile phone number, email address | Permanent |
Personal Information File Registration Status
Pursuant to Article 32 of the Personal Information Protection Act, the detailed registration status of the personal information files registered and disclosed by the Company can be checked through the comprehensive portal for personal information protection of the Personal Information Protection Commission.
| Name of Personal Information File | Items of Personal Information | Retention Period |
|---|---|---|
| Job applications | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Provision of training services to outsiders | Name, affiliation, contact information | Until completion of training |
| Access control | Korean nationals: Name, date of birth, affiliated organization, contact information, address Foreign nationals: Passport number, foreigner registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control (radiation workers) | Name, resident registration number, affiliated organization, contact information | Until the termination of the processing business |
| Radiation-controlled area access control (temporary and occasional entrants) | Name, resident registration number, affiliated organization, contact information | 10 years |
| Employee personnel management | Name, resident registration number, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | Permanent |
| Employee training management | Name, date of birth, phone number, mobile phone number, email address | Permanent |
| ERP | Payment and tax reporting | 10 years |
Results of Personal Information Impact Assessment
The Company has no personal information impact assessments to conduct.
Provision of Personal Information to Third Parties
The Company, in principle, does not provide the collected personal information to any third party. However, personal information may be provided to a third party in any of the following cases, except where it is likely to unduly infringe upon the interests of the user or a third party.
- Where there are special provisions under the law
- Where separate consent is obtained from the data subject
- Where the data subject or legal representative is unable to express intent, or where prior consent cannot be obtained due to reasons such as an unknown address, and it is deemed necessary for the clear protection of the urgent life, body, or property interests of the data subject or a third party
- Where it is necessary for purposes such as compiling statistics or academic research, and the personal information is provided in a form that does not allow the identification of a specific individual
- Where the personal information is used for purposes other than its intended use or provided to a third party, and failure to do so would make it impossible to perform duties prescribed by other laws, and the case has undergone deliberation and resolution by the Personal Information Protection Commission
- Where it is necessary to provide the information to a foreign government or international organization for the implementation of treaties or other international agreements
- Where it is necessary for the investigation of crimes, and for the initiation or maintenance of public prosecution
- Where it is necessary for the performance of judicial duties by the court
- Where it is necessary for the execution of criminal punishment, custody, or protective disposition
- Where urgently necessary for public health, safety, and welfare
Outsourcing of Personal Information Processing
- For the smooth handling of personal information affairs, the Company outsources the following personal information processing tasks.
Table describing entrusted parties and the details of outsourced tasks. Entrusted Party (Trustee) Details of the Outsourced Tasks RATOZ E&G External exposure inspection Korea Atomic Energy Research Institute Internal exposure inspection Iljin Rad Co., Ltd. Access training for controlled areas KNF Partners Co., Ltd. Special security services and access control NICE Information Service Co., Ltd. Identity verification when applying for access on the website Saramin HR Co., Ltd. Talent recruitment - When entering into an outsourcing contract, the Company specifies in the document matters concerning the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises the trustee to ensure that personal information is processed safely.
Procedure and Method of Destruction of Personal Information
- The Company shall destroy the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when personal information must be preserved in accordance with other laws.
- If the retention period of personal information has expired or the purpose of processing has been achieved, but the personal information must continue to be retained in accordance with other laws and regulations, it shall be transferred to a separate database or preserved in a different storage location. The personal information will not be used for any other purpose unless required by law.
- Electronic files are permanently deleted in a manner that makes recovery impossible, and printouts are destroyed by shredding or incineration.
Rights, Obligations, and Exercise Methods of Data Subjects and Their Legal Representatives
- The data subject may exercise the rights related to personal information listed in the following items with the Company at any time.
- Request to access personal information
- Request for correction if there is an error, etc.
- Request for deletion
- Request for suspension of processing
- Notification of collection source, etc.
- The legal representative of a child under the age of 14 may exercise the same rights regarding the child's personal information as described above.
- The exercise of rights may be requested by completing the form in Annex Form No. 8 of the Enforcement Rules of the Personal Information Protection Act via written document, email, or other means, and the Company will take action without delay.
- When the data subject requests the correction or deletion of errors, etc., in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion has been completed.
- The exercise of rights may be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.
- When a request for access, correction or deletion, or suspension of processing is received in accordance with the rights of the data subject, it shall be verified that the requester is the data subject or a legitimate representative.
Annex Form No. 8 (Request Form) Annex Form No. 11 (Power of Attorney)
Matters Concerning Devices that Automatically Collect Personal Information
The Company does not operate devices that automatically collect personal information.
Matters Concerning the Processing of Pseudonymized Information
The Company does not process pseudonymized information.
Chief Privacy Officer and Person in Charge of Personal Information Protection
The Company designates the following Chief Privacy Officer to protect personal information and to handle complaints and remedy damages of data subjects related to personal information processing.
| Category | Chief Privacy Officer | Person in Charge of Personal Information Protection |
|---|---|---|
| Name | Sunnam Lee | Minsoo Kim |
| Department | Digital Security Office | Digital Security Office |
| Position | Director | General Manager |
| Contact Information | 042-868-1008 | 042-868-1418 |
| snlee@knfc.co.kr | mskim@knfc.co.kr |
Department in Charge of Receiving and Processing Requests for Access to Personal Information
The Company provides the following information on the persons in charge of each personal information processing task to protect the personal information of data subjects and to promptly and accurately handle related requests and inquiries.
| Personal Information Processing Tasks | Responsible Department | Person in Charge | Contact Information |
|---|---|---|---|
| Management of job applications | Human Resources Development Department | Songhee Han | Tel) 042-868-1394 Email) shhan925@knfc.co.kr |
| Provision of training services to outsiders | Human Resources Development Department | Danbi Ha | Tel) 042-868-1173 Email) dbha@knfc.co.kr |
| Access control | Security and Protection Department | Soojong Lee | Tel) 042-869-3240 Email) yisj@knfc.co.kr |
| Radiation-controlled area access control (radiation workers) | Radiation Control Department | Gyudong Choi | Tel) 042-868-1619 Email) gdchoi@knfc.co.kr |
| Radiation-controlled area access control (temporary and occasional entrants) | |||
| Management of human rights violation reports | ESG Strategy Team | Dohee Nam | Tel) 042-869-3276 Email) dhnam@knfc.co.kr |
| Management of public innovation proposals | ESG Strategy Team | Dayoung Joo | Tel) 042-869-3019 Email) dyjoo@knfc.co.kr |
| Employee personnel management | HR Team | Dongmok Yang | Tel) 042-868-1227 Email) dmyang@knfc.co.kr |
| Employee training management | Human Resources Development Department | Hyunsook Kim | Tel) 042-868-1295 Email) hsookkim@knfc.co.kr |
| Client information management | Finance and Cost Department | Semin Kim | Tel) 042-868-1233 Email) smkim@knfc.co.kr |
Methods of Remedy for Infringement of Rights and Interests
The data subject may contact the following organizations for remedies and consultation regarding personal information infringement. The following organizations are separate from the Company, and you may contact them if you are not satisfied with the results of their own personal information complaint handling or redress, or if you require more detailed assistance.
- Personal Information Dispute Mediation Committee: 1833-6972 (https://www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (https://privacy.kisa.or.kr)
- Information Security Mark Certification Committee: 02-550-9531~2 (http://eprivacy.or.kr)
- National Police Agency Cyber Bureau: 182 (without area code) (http://cyberbureau.police.go.kr)
Results of Personal Information Management Level Assessment
- In order to safely manage the personal information of data subjects, the Company undergoes the “Personal Information Management Level Assessment for Public Institutions” conducted annually by the Personal Information Protection Commission in accordance with Article 11 of the Personal Information Protection Act.
- The Company received an “S” grade in the 2022 Personal Information Management Level Assessment, achieving the highest grade for two consecutive years.
Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information.
- Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
- Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
- Physical measures: Access control for computer rooms and data storage rooms
Changes to the Privacy Policy
Comparison Table of New and Old Provisions of the Privacy Policy (as of November 23, 2023)
- The current privacy policy is applied from the effective date, and in the event of any additions, deletions, or revisions due to changes in laws or policies, the changes will be disclosed on our website at least seven days prior to the effective date.
- Date of Notice: 2023. 11. 23.
- Effective Date: 2023. 11. 30.
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (October 10, 2023 ~ November 22, 2023)
- Privacy Policy (October 12, 2022 ~ October 9, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (October 29, 2020 ~ June 13, 2021)
- Privacy Policy (June 2, 2020 ~ October 28, 2020)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 21, 2017 ~ June 7, 2018)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)