Privacy Policy
KEPCO Nuclear Fuel (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of data subjects and to handle grievances related to personal information promptly and smoothly.
Purpose of personal information processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
| Personal information processing tasks | Purpose of processing |
|---|---|
| Access control | Prevention of security incidents and terrorism |
| Radiation-controlled area access control | Access control for nuclear public institutions |
| Sinmungo (e-People) | Civil complaint handling |
| Management of job applications | Talent recruitment |
Processing and retention period of personal information
The Company processes and retains personal information within the retention period prescribed by law or the period of use consented to by the data subject at the time of personal information collection.
| Personal information processing tasks | Basis for determining the retention period | Retention period |
|---|---|---|
| Access control | Act on Physical Protection and Radiological Emergency Preparedness for Nuclear Facilities, etc. | 10 years |
| Radiation-controlled area access control | Nuclear Safety Act, Act on Physical Protection and Radiological Emergency Preparedness for Nuclear Facilities, etc. | Until the termination of the processing business (radiation workers) 10 years (temporary and occasional entrants) |
| Sinmungo (e-People) | Document regulations of KEPCO Nuclear Fuel | 5 years |
| Management of job applications | Consent of data subject | 1 year |
Items of personal information processed
| Personal information processing tasks | Items of personal information processed | Method of collection |
|---|---|---|
| Access control | Name, date of birth, affiliated organization, contact information, address, vehicle registration number, passport number (for foreign nationals), foreign registration number (for foreign nationals) | Offline |
| Radiation-controlled area access control | Name, resident registration number, affiliated organization, contact information | Offline |
| Sinmungo (e-People) | Name, email | Online (website) |
| Management of job applications | Name, date of birth, email, address, phone number, gender, school attended, major, academic record, veterans and disability status, low-income status, specialized research personnel assignment, military service status, vocational training, foreign language skills, work experience, qualifications, awards, personal statement | Online |
Provision of personal information to third parties
The Company, in principle, does not provide the collected personal information to any third party. However, personal information may be provided to a third party in any of the following cases, except where it is likely to unduly infringe upon the interests of the user or a third party.
- Where there are special provisions under the law
- Where separate consent is obtained from the data subject
- Where the data subject or legal representative is unable to express intent, or where prior consent cannot be obtained due to reasons such as an unknown address, and it is deemed necessary for the clear protection of the urgent life, body, or property interests of the data subject or a third party
- Where it is necessary for purposes such as compiling statistics or academic research, and the personal information is provided in a form that does not allow the identification of a specific individual
- Where the personal information is used for purposes other than its intended use or provided to a third party, and failure to do so would make it impossible to perform duties prescribed by other laws, and the case has undergone deliberation and resolution by the Personal Information Protection Commission
- Where it is necessary to provide the information to a foreign government or international organization for the implementation of treaties or other international agreements
- Where it is necessary for the investigation of crimes, and for the initiation or maintenance of public prosecution
- Where it is necessary for the performance of judicial duties by the court
- Where it is necessary for the execution of criminal punishment, custody, or protective disposition
Outsourcing of personal information processing
- The Company, for the smooth handling of personal information affairs, outsources the following personal information processing tasks.
In the table on the outsourcing of personal information processing, the “Entrusted party (trustee)” and the “Details of the outsourced tasks” are described separately. Entrusted party (trustee) Details of the outsourced tasks Joeun Systems Corp. Special security services and access control RATOZ E&G External exposure inspection Korea Atomic Energy Research Institute Internal exposure inspection NICE Information Service Co., Ltd. Sinmungo (e-People) identity verification Saramin HR Co., Ltd. Talent recruitment - When entering into an outsourcing contract, the Company specifies in the document matters concerning the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises the trustee to ensure that personal information is processed safely.
Destruction of personal information
- The Company shall destroy the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when personal information must be preserved in accordance with other laws.
- If the retention period for personal information has expired or the purpose of processing has been achieved, but the personal information must be continuously retained in accordance with other laws, it will be stored in a separate database or preserved in a different location. The personal information will not be used for any other purpose unless required by law.
- Electronic files are permanently deleted in a manner that makes recovery impossible, and printouts are destroyed by shredding or incineration.
Measures to ensure the safety of personal information
The Company takes the following measures to ensure the security of personal information.
- Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
- Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
- Physical measures: Access control for computer rooms and data storage rooms
Rights and obligations of data subjects, and methods of exercising them
- The data subject may exercise the rights related to personal information listed in the following items with the Company at any time.
- Request to access personal information
- Request for correction if there is an error, etc.
- Request for deletion
- Request for suspension of processing
- The rights under Paragraph 1 may be exercised with the department below via written document, email, or other means, and the Company will take action without delay.
In the table on the rights and obligations of the data subject and how to exercise them, the “Personal information processing tasks,” “Responsible department,” “Person in charge,” and “Contact information” are described separately. Personal information processing tasks Responsible department Person in charge Contact information Access control Security and Protection Department Minhyeok Myeong (Tel) 042-868-1242
(Email) mhmyeong@knfc.co.krRadiation-controlled area access control Nuclear Safety Team Mikyung Park (Tel) 042-868-1613
(Email) mkpark@knfc.co.krSinmungo (e-People) Audit Office Jeonghee Jo (Tel) 042-868-1199
(Email) jhjo@knfc.co.krManagement of job applications Talent Planning Team Sungdoo Kim (Tel) 042-868-1331
(Email) sungdoo@knfc.co.kr - When the data subject requests the correction or deletion of errors, etc., in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion has been completed.
- The exercise of rights under Paragraph 1 may be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, you must submit a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act.
Chief Privacy Officer and person in charge of personal information protection
The Company designates the following Chief Privacy Officer to protect personal information and to handle complaints and remedy damages of data subjects related to personal information processing.
| Category | Chief Privacy Officer | Person in charge of personal information protection |
|---|---|---|
| Name | Chungyeon Hwang | Chawon Joo |
| Department | Information Security Office | Information Security Office |
| Position | Director | General Manager |
| Contact information | 042-868-1702 | 042-868-1417 |
| cyhwang@knfc.co.kr | cwjoo@knfc.co.kr |
Methods of remedy for infringement of rights and interests
The data subject may contact the following organizations for remedies and consultation regarding personal information infringement. The following organizations are separate from the Company, and you may contact them if you are not satisfied with the results of their own personal information complaint handling or redress, or if you require more detailed assistance.
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (http://privacy.kisa.or.kr)
- Information Security Mark Certification Committee: 02-580-0533~4 (http://eprivacy.or.kr)
- Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3571 (http://spo.go.kr)
- National Police Agency Cyber Terror Response Center: 1566-0112 (http://netan.go.kr)
Changes to the privacy policy
This privacy policy applies from the effective date, and in the event of any addition, deletion, or correction of its contents due to changes in laws or policies, the changes will be disclosed on the Company's website from 7 days prior to the effective date.
Date of Notice: 06/21/2017
Effective Date: 06/28/2017
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (November 23, 2023 ~ September 26, 2024)
- Privacy Policy (October 10, 2023 ~ November 22, 2023)
- Privacy Policy (October 12, 2022 ~ October 9, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (October 29, 2020 ~ June 13, 2021)
- Privacy Policy (June 2, 2020 ~ October 28, 2020)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)