Privacy Policy
KEPCO Nuclear Fuel (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of data subjects and to handle grievances related to personal information promptly and smoothly.
Purpose of personal information processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
| Personal information processing tasks | Purpose of processing |
|---|---|
| Access control | Prevention of security incidents and terrorism |
| Radiation-controlled area access control | Radiation safety management of entrants to nuclear material processing facilities |
| Sinmungo (e-People) | Civil complaint handling |
| Management of job applications | Talent recruitment |
Processing and retention period of personal information, items of personal information being processed
The Company processes and retains personal information within the retention period prescribed by law or within the period of use consented to by the data subject at the time of collection of personal information.
| Name of personal information file | Items of personal information | Retention period |
|---|---|---|
| Access control |
Korean national: Name, date of birth, affiliated organization, contact information, address Foreign national: Passport number, foreigner registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control for radiation workers | Name, resident registration number, affiliated organization, contact information | Until the termination of the processing business |
| Temporary and occasional access control for radiation-controlled areas | Name, resident registration number, affiliated organization, contact information | 10 years |
| Sinmungo (e-People) | Name, email | 5 years |
| Job applications |
Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements |
1 year |
Provision of personal information to third parties
The Company, in principle, does not provide the collected personal information to any third party. However, personal information may be provided to a third party in any of the following cases, except where it is likely to unduly infringe upon the interests of the user or a third party.
- Where there are special provisions under the law
- Where separate consent is obtained from the data subject
- Where the data subject or legal representative is unable to express intent, or where prior consent cannot be obtained due to reasons such as an unknown address, and it is deemed necessary for the clear protection of the urgent life, body, or property interests of the data subject or a third party
- Where it is necessary for purposes such as compiling statistics or academic research, and the personal information is provided in a form that does not allow the identification of a specific individual
- Where the personal information is used for purposes other than its intended use or provided to a third party, and failure to do so would make it impossible to perform duties prescribed by other laws, and the case has undergone deliberation and resolution by the Personal Information Protection Commission
- Where it is necessary to provide the information to a foreign government or international organization for the implementation of treaties or other international agreements
- Where it is necessary for the investigation of crimes, and for the initiation or maintenance of public prosecution
- Where it is necessary for the performance of judicial duties by the court
- Where it is necessary for the execution of criminal punishment, custody, or protective disposition
Outsourcing of personal information processing
- For the smooth handling of personal information affairs, the Company outsources the following personal information processing tasks.
In the table on the outsourcing of personal information processing, the “Entrusted party (trustee)” and the “Details of the outsourced tasks” are described separately. Entrusted party (trustee) Details of the outsourced tasks KNF Partners Co., Ltd. Special security services and access control RATOZ E&G External exposure inspection Korea Atomic Energy Research Institute Internal exposure inspection NICE Information Service Co., Ltd. Sinmungo (e-People) identity verification CAREERCARE Inc. Talent recruitment - When entering into an outsourcing contract, the Company specifies in the document matters concerning the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises the trustee to ensure that personal information is processed safely.
Destruction of personal information
- The Company shall destroy the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when personal information must be preserved in accordance with other laws.
- If the retention period of personal information has expired or the purpose of processing has been achieved, but the personal information must continue to be retained in accordance with other laws and regulations, it shall be transferred to a separate database or preserved in a different storage location. The personal information will not be used for any other purpose unless required by law.
- Electronic files are permanently deleted in a manner that makes recovery impossible, and printouts are destroyed by shredding or incineration.
Measures to ensure the security of personal information
The Company takes the following measures to ensure the security of personal information.
- Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
- Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
- Physical measures: Access control for computer rooms and data storage rooms
Rights and obligations of data subjects, and methods of exercising them
- The data subject may exercise the rights related to personal information listed in the following items with the Company at any time.
- Request to access personal information
- Request for correction if there is an error, etc.
- Request for deletion
- Request for suspension of processing
- The exercise of rights may be requested by completing the form in Annex Form No. 8 of the Enforcement Rules of the Personal Information Protection Act via written document, email, or other means, and the Company will take action without delay.
In a table on the rights, obligations, and methods of exercising of data subjects, “Personal information processing tasks,” “Responsible department,” “Person in charge,” and “Contact information” are described separately. Personal information processing tasks Responsible department Person in charge Contact information Access control Security and Protection Department Yongju Na (Tel) 042-869-3123
(Email) yjna@knfc.co.krRadiation-controlled area access control Nuclear Safety Department Wongyun Noh (Tel) 042-869-3127
(Email) wongyun@knfc.co.krSinmungo (e-People) Audit Office Jonghee Jo (Tel) 042-868-1199
(Email) jhjo@knfc.co.krManagement of job applications HR Team Dodeun Kim (Tel) 042-868-1394
(Email) ddkim@knfc.co.kr - When the data subject requests the correction or deletion of errors, etc., in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion has been completed.
- The exercise of rights under Paragraph 1 may be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, you must submit a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act.
- When a request for access, correction or deletion, or suspension of processing is received in accordance with the rights of the data subject, it shall be verified that the requester is the data subject or a legitimate representative.
Chief Privacy Officer and person in charge of personal information protection
The Company designates the following Chief Privacy Officer to protect personal information and to handle complaints and remedy damages of data subjects related to personal information processing.
| Category | Chief Privacy Officer | Person in charge of personal information protection |
|---|---|---|
| Name | Jungmin Wang | Jongseong An |
| Department | ICT Security Office | ICT Security Office |
| Position | Director | General Manager |
| Contact information | 042-868-1008 | 042-868-1640 |
| jmwang@knfc.co.kr | jsan@knfc.co.kr |
Methods of remedy for infringement of rights and interests
The data subject may contact the following organizations for remedies and consultation regarding personal information infringement. The following organizations are separate from the Company, and you may contact them if you are not satisfied with the results of their own personal information complaint handling or redress, or if you require more detailed assistance.
- Personal Information Dispute Mediation Committee: 1833-6972 (https://www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (https://privacy.kisa.or.kr)
- Information Security Mark Certification Committee: 02-550-9531~2 (http://eprivacy.or.kr)
- National Police Agency Cyber Safety Bureau: 182 (without area code) (http://cyberbureau.police.go.kr)
Changes to the privacy policy
This privacy policy applies from the effective date, and in the event of any addition, deletion, or correction of its contents due to changes in laws or policies, the changes will be disclosed on the Company's website from 7 days prior to the effective date.
Date of Notice: 05/26/2020
Effective Date: 06/02/2020
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (November 23, 2023 ~ September 26, 2024)
- Privacy Policy (October 10, 2023 ~ November 22, 2023)
- Privacy Policy (October 12, 2022 ~ October 9, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (October 29, 2020 ~ June 13, 2021)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 21, 2017 ~ June 7, 2018)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)