Privacy Policy
Privacy Policy Table of Contents
Purpose of personal information processing
Items of personal information
Provision of personal information to third parties
Outsourcing of personal information processing tasks
Destruction of personal information
Measures to ensure the security
Rights and obligations of data subject
Chief Privacy Officer and person in charge of personal information protection
Methods of remedy for infringement of rights and interests
Changes to the privacy policy
Purpose of personal information processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than those specified below, and if the purpose of use changes, the Company will take necessary measures such as obtaining separate consent.
In the table on personal information processing tasks, the "Personal information processing tasks" and their "Purpose of processing" are described separately.
| Personal information processing tasks | Purpose of processing |
|---|---|
| Immediate notification of the formal audit | Civil complaint handling |
| Management of job applications | Talent recruitment |
| Public innovation proposals | Civil complaint handling |
| Access control | Prevention of security incidents and terrorism |
| Radiation-controlled area access control | Radiation safety management of entrants to nuclear material processing facilities |
| Human rights violation reports | Civil complaint handling |
Processing and retention period of personal information, items of personal information being processed
The Company processes and retains personal information within the retention period prescribed by law or within the period of use consented to by the data subject at the time of collection of personal information. The items of personal information retained by the Company can be checked through the status of retained personal information files below or via the Personal Information Protection Commission’s Personal Information Protection Portal.
It is described in a table on the processing and retention period of personal information and the items of personal information processed, “Name of personal information file,” “Items of personal information,” and “Retention period” are described separately.
| Name of personal information file | Items of personal information | Retention period |
|---|---|---|
| Immediate notification of the formal audit | Name, mobile phone number, email | 1 year |
| Management of job applications (employees) | Name, date of birth, phone number, mobile phone number, email address, veteran status, disability status, low-income status, overseas university graduate status, local talent status, youth status, high school graduate talent status, personal statement, education details, qualification details, foreign language proficiency, foreign language details, career and experience details, research achievements | 1 year |
| Public innovation suggestion box | Name, age group, contact information, email address | 2 years |
| Access control | Korean national: Name, date of birth, affiliated organization, contact information, address Foreign national: Passport number, foreigner registration number, name, contact information, affiliated organization, address |
10 years |
| Radiation-controlled area access control for radiation workers | Name, resident registration number, affiliated organization, contact information | Until the termination of the processing business |
| Temporary and occasional access control for radiation-controlled areas | Name, resident registration number, affiliated organization, contact information | 10 years |
| Human rights violation reports | Name, address, contact information, affiliated organization | 5 years |
Provision of personal information to third parties
The Company, in principle, does not provide the collected personal information to any third party. However, personal information may be provided to a third party in any of the following cases, except where it is likely to unduly infringe upon the interests of the user or a third party.
- 1. Where there are special provisions under the law
- 2. Where separate consent is obtained from the data subject
- 3. Where the data subject or legal representative is unable to express intent, or where prior consent cannot be obtained due to reasons such as an unknown address, and it is deemed necessary for the clear protection of the urgent life, body, or property interests of the data subject or a third party
- 4. Where it is necessary for purposes such as compiling statistics or academic research, and the personal information is provided in a form that does not allow the identification of a specific individual
- 5. Where the personal information is used for purposes other than its intended use or provided to a third party, and failure to do so would make it impossible to perform duties prescribed by other laws, and the case has undergone deliberation and resolution by the Personal Information Protection Commission
- 6. Where it is necessary to provide the information to a foreign government or international organization for the implementation of treaties or other international agreements
- 7. Where it is necessary for the investigation of crimes, and for the initiation or maintenance of public prosecution
- 8. Where it is necessary for the performance of judicial duties by the court
- 9. Where it is necessary for the execution of criminal punishment, custody, or protective disposition
Outsourcing of personal information processing
For the smooth handling of personal information affairs, the Company outsources the following personal information processing tasks.
In the table on the outsourcing of personal information processing, the “Entrusted party (trustee)” and the “Details of the outsourced tasks” are described separately.
| Entrusted party (trustee) | Details of the outsourced tasks |
|---|---|
| KNF Partners Co., Ltd. | Special security services and access control |
| RATOZ E&G | External exposure inspection |
| Korea Atomic Energy Research Institute | Internal exposure inspection |
| NICE Information Service Co., Ltd. | Identity verification for Immediate notification of the formal audit |
| Scout Corp. | Talent recruitment |
When entering into an outsourcing contract, the Company specifies in the document matters concerning the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and administrative protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages, and supervises the trustee to ensure that personal information is processed safely.
Destruction of personal information
The Company shall destroy the relevant personal information without delay when the retention period has expired or the purpose of processing has been achieved. However, this shall not apply when personal information must be preserved in accordance with other laws.
If the retention period of personal information has expired or the purpose of processing has been achieved, but the personal information must continue to be retained in accordance with other laws and regulations, it shall be transferred to a separate database or preserved in a different storage location. The personal information will not be used for any other purpose unless required by law.
Electronic files are permanently deleted in a manner that makes recovery impossible, and printouts are destroyed by shredding or incineration.
Measures to ensure the security of personal information
The Company takes the following measures to ensure the security of personal information.
Administrative measures: Establishment and implementation of an internal management plan for personal information, and regular personal information protection training
Technical measures: Installation of access control systems for personal information processing systems, management of access rights, encryption of unique identification information, and installation of security programs
Physical measures: Access control for computer rooms and data storage rooms
Rights and obligations of data subjects, and methods of exercising them
The data subject may exercise the rights related to personal information listed in the following items with the Company at any time.
Request to access personal information
Request for correction if there is an error, etc.
Request for deletion
Request for suspension of processing
The exercise of rights may be requested by completing the form in Annex Form No. 8 of the Enforcement Rules of the Personal Information Protection Act via written document, email, or other means, and the Company will take action without delay.
In a table on the rights, obligations, and methods of exercising of data subjects, “Personal information processing tasks,” “Responsible department,” “Person in charge,” and “Contact information” are described separately.
| Personal information processing tasks | Responsible department | Person in charge | Contact information |
|---|---|---|---|
| Immediate notification of the formal audit | Audit Office | Hyukjun Kwon | Tel) 042-868-1067 email) hjkwon@knfc.co.kr |
| Management of job applications | Human Resources Development Department | Songhee Han | Tel) 042-868-1394 email) shhan925@knfc.co.kr |
| Public innovation proposals | ESG Strategy Team | Janghwan Joo | Tel) 042-868-1124 Email) jhjoo@knfc.co.kr |
| Access control | Security and Protection | Gyumin Sim | Tel) 042-869-3123 email) gmsim@knfc.co.kr |
| Radiation-controlled area access control | Radiation Control Department | Sangwon Kim | Tel) 042-869-3127 email) wongyun@knfc.co.kr |
| Human rights violation reports | Performance Management Team | Dohee Nam | Tel) 042-869-3276 email) dhnam@knfc.co.kr |
The exercise of rights under Paragraph 1 may be carried out through the data subject’s legal representative or an agent with delegated authority. In this case, you must submit a power of attorney in accordance with Annex Form No. 11 of the Enforcement Rule of the Personal Information Protection Act.
When a request for access, correction or deletion, or suspension of processing is received in accordance with the rights of the data subject, it shall be verified that the requester is the data subject or a legitimate representative.
Appendix Form No. 8 (Request Form) of the Enforcement Rules of the Personal Information Protection Act Appendix Form No. 11 (Power of Attorney) of the Enforcement Rules of the Personal Information Protection Act
Chief Privacy Officer and person in charge of personal information protection
The Company, in accordance with the Standard Personal Information Protection Guidelines, designates the Chief Privacy Officer as follows to protect personal information and to handle grievances and damage relief of information subjects related to personal information processing.
| Category | Chief Privacy Officer | Person in charge of personal information protection |
|---|---|---|
| Name | Sunnam Lee | Minsoo Kim |
| Department | Digital Security Office | Digital Security Office |
| Position | Director | General Manager |
| Contact information | 042-868-1008 | 042-868-1418 |
| snlee@knfc.co.kr | mskim@knfc.co.kr |
Methods of remedy for infringement of rights and interests
The data subject may contact the following organizations for remedies and consultation regarding personal information infringement. The following organizations are separate from the Company, and you may contact them if you are not satisfied with the results of their own personal information complaint handling or redress, or if you require more detailed assistance.
Personal Information Dispute Mediation Committee: 1833-6972 (https://www.kopico.go.kr)
Personal Information Infringement Report Center: (without area code) 118 (https://privacy.kisa.or.kr)
Information Security Mark Certification Committee: 02-550-9531~2 (http://eprivacy.or.kr)
National Police Agency Cyber Bureau: 182 (without area code) (http://cyberbureau.police.go.kr)
Changes to the privacy policy
This privacy policy applies from the effective date, and in the event of any addition, deletion, or correction of its contents due to changes in laws or policies, the changes will be disclosed on the Company's website from 7 days prior to the effective date.
Date of Notice: 10/14/2022
Effective Date: 10/19/2022
Previous versions of the privacy policy can be found below.
- Privacy Policy
- Privacy Policy (November 23, 2023 ~ September 26, 2024)
- Privacy Policy (October 10, 2023 ~ November 22, 2023)
- Privacy Policy (June 14, 2021 ~ October 11, 2022)
- Privacy Policy (October 29, 2020 ~ June 13, 2021)
- Privacy Policy (June 2, 2020 ~ October 28, 2020)
- Privacy Policy (June 21, 2019 ~ June 1, 2020)
- Privacy Policy (June 12, 2019 ~ June 20, 2019
- Privacy Policy (June 8, 2018 ~ June 11, 2019)
- Privacy Policy (June 21, 2017 ~ June 7, 2018)
- Privacy Policy (June 29, 2016 ~ June 19, 2017)