Privacy Policy
KEPCO Nuclear Fuel (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of data subjects and to handle grievances related to personal information promptly and smoothly.
Purpose of personal information processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent.
| Personal information processing task | Purpose of processing |
|---|---|
| Access control | Prevention of security incidents and terrorism |
| Access control for radiation controlled areas | Radiation safety management for entrants to nuclear material processing facilities |
| Sinmungo (e-People) | Civil complaint handling |
| Job applications management | Talent recruitment |
| Public innovation suggestion box | Civil complaint handling |
Processing and retention period of personal information, and items of personal information processed
The Company processes and retains personal information within the retention period prescribed by law or within the period of use consented to by the data subject at the time of collection of personal information.
| Name of personal information file | Items of personal information | Retention period |
|---|---|---|
| Access control | Domestic nationals: name, date of birth, affiliated organization, contact information, address Foreign nationals: passport number, alien registration number, name, contact information, affiliated organization, address |
10 years |
| Access control for workers in radiation controlled areas | Name, resident registration number, affiliated organization, contact information | Until the processing business is abolished |
| Access control for temporary and occasional entrants to radiation controlled areas | Name, resident registration number, affiliated organization, contact information | 10 years |
| Sinmungo (e-People) | Name, email | 5 years |
| Job applications | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Public innovation suggestion box | Gender, age group, contact information, email address | 2 years |
Provision of personal information to third parties
In principle, the Company does not provide the collected personal information to third parties. However, in the following cases, personal information may be provided to third parties except where it is feared that it may unjustly infringe upon the interests of the user or a third party.
- Where there are special provisions in the law
- Where separate consent is obtained from the data subject
- Where it is necessary to protect the vital interests, body, or property of the data subject or a third party, and the data subject or legal representative is unable to express his or her intention, or it is impossible to obtain prior consent due to unknown address, etc.
- Where personal information is provided in a form in which a specific individual cannot be identified for the purpose of compiling statistics or academic research
- Where it is impossible to perform the duties prescribed by other laws unless personal information is used for purposes other than its intended purpose or provided to a third party, and the matter has been reviewed and resolved by the Protection Committee
- Where it is necessary to provide information to a foreign government or international organization for the implementation of treaties or other international agreements
- Where it is necessary for investigation into a crime and for the filing and maintenance of a prosecution
- Where it is necessary for the performance of the court’s judicial affairs
- Where it is necessary for the execution of sentences, protective dispositions, and protective measures
Entrustment of personal information processing
- The Company entrusts the following personal information processing tasks for smooth business operation.
This table describes the “Entrusted party (trustee)” and the “Details of the outsourced tasks”. Entrusted party (trustee) Details of the outsourced tasks KNF Partners Co., Ltd. Special security services and access control RATOZ E&G External exposure inspection Korea Atomic Energy Research Institute Internal exposure inspection NICE Information Service Co., Ltd. Sinmungo (e-People) identity verification CAREERCARE.Inc Talent recruitment - When entering into an entrustment contract, the Company specifies in documents the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of trustees, and matters concerning liability such as compensation for damages, and supervises the trustee to ensure that personal information is processed safely.
Destruction of personal information
- The Company shall destroy the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when personal information must be preserved in accordance with other laws.
- If the retention period of personal information has expired or the purpose of processing has been achieved, but the personal information must continue to be retained in accordance with other laws and regulations, it shall be transferred to a separate database or preserved in a different storage location. The personal information will not be used for any other purpose unless required by law.
- Electronic files are permanently deleted in a manner that makes recovery impossible, and printouts are destroyed by shredding or incineration.
Measures to ensure the safety of personal information
The Company takes the following measures to ensure the safety of personal information.
- Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
- Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
- Physical measures: Access control to computer rooms and data storage rooms
Rights and obligations of data subjects and method of exercising them
- Data subjects may exercise the following rights related to personal information at any time with respect to the Company.
- Request to access personal information
- Request for correction if there are errors, etc.
- Request for deletion
- Request to suspend processing
- Requests shall be made by completing the prescribed form under the Enforcement Rule of the Personal Information Protection Act and submitting it in writing or by email. The Company will take action without delay.
In a table on the rights, obligations, and methods of exercising of data subjects, “Personal information processing tasks,” “Responsible department,” “Person in charge,” and “Contact information” are described separately. Personal information processing tasks Responsible department Person in charge Contact information Access control Security & Protection Dept. Nah, Yongjoo (Tel) 042-869-3123
(Email) yjna@knfc.co.krAccess control for radiation controlled areas Nuclear Safety Dept. Noh, Wongyun (Tel) 042-869-3127
(Email) wongyun@knfc.co.krSinmungo (e-People) Audit Office Cho, Junghui (Tel) 042-868-1199
(Email) jhjo@knfc.co.krJob applications management HR Team Han, Songhee (Tel) 042-868-1394
(Email) shhan925@knfc.co.krPublic innovation suggestion box Social Value Dept. Moon, Seungju (Tel) 042-869-3019
(Email) sjmoon@knfc.co.kr
- When the data subject requests the correction or deletion of errors, etc., in personal information, the Company shall not use or provide the relevant personal information until the correction or deletion has been completed.
- The exercise of rights under Paragraph 1 may be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, you must submit a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act.
- When a request for access, correction or deletion, or suspension of processing is received in accordance with the rights of the data subject, it shall be verified that the requester is the data subject or a legitimate representative.
Appendix Form No. 8 (Request Form) of the Enforcement Rules of the Personal Information Protection Act Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act (Power of Attorney)
Chief Privacy Officer and persons in charge
To protect personal information and to handle complaints and redress related to personal information processing, the Company designates the following Chief Privacy Officer and persons in charge.
| Category | Chief Privacy Officer | Person in charge of personal information protection |
|---|---|---|
| Name | Wang, Jungmin | An, Jongsung |
| Department | ICT Security Office | ICT Security Office |
| Position | Director | General Manager |
| Contact | 042-868-1008 | 042-868-1640 |
| jmwang@knfc.co.kr | jsan@knfc.co.kr |
Remedies for infringement of rights
Data subjects may contact the institutions below regarding remedies for damage due to personal information infringement and consultation, etc. The institutions below are separate from the Company. If you are not satisfied with the results of your personal information complaint handling or redress, or if you require more detailed assistance, please contact them.
- Personal Information Dispute Mediation Committee: 1833-6972 (https://www.kopico.go.kr)
- Personal Information Infringement Report Center: (without area code) 118 (https://privacy.kisa.or.kr)
- Information Security Mark Certification Committee: 02-550-9531~2 (http://eprivacy.or.kr)
- National Police Agency Cyber Safety Bureau: 182 (without area code) (http://cyberbureau.police.go.kr)
Changes to the privacy policy
This privacy policy applies from the effective date, and in the event of any addition, deletion, or correction of its contents due to changes in laws or policies, the changes will be disclosed on the Company's website from 7 days prior to the effective date.
Date of Notice: 10/22/2020
Effective Date: 10/29/2020
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (November 23, 2023 ~ September 26, 2024)
- Privacy Policy (October 10, 2023 ~ November 22, 2023)
- Privacy Policy (October 12, 2022 ~ October 9, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (June 2, 2020 ~ October 28, 2020)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 21, 2017 ~ June 7, 2018)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)