Privacy Policy

The 5&2 Foundation (“5&2 Foundation”, “we”, “us”, or “our”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Korean Personal Information Protection Act in order to protect the personal information of data subjects and to promptly and effectively handle related inquiries and complaints.


○ This Privacy Policy shall take effect on September 7, 2022.

Article 1 (Purpose of Processing Personal Information)

The 5&2 Foundation ("5&2 Foundation", "we", "us", or "our") processes personal information for the following purposes. Such information will not be used for any purpose other than those stated below. If the purpose of use changes, necessary measures, including obtaining separate consent in accordance with Article 18 of the Korean Personal Information Protection Act, will be taken.

1. Website Membership Registration and Management
Personal information is processed for purposes including confirming intent to register as a member, maintaining and managing membership qualifications, and delivering notices and announcements.

2. Provision of Goods or Services
Personal information is processed for the purpose of providing services and content.

3. Marketing and Advertising
Personal information is processed for purposes such as analyzing access frequency and compiling statistics regarding members’ use of services.

Article 2 (Retention and Processing Period of Personal Information)

① The 5&2 Foundation processes and retains personal information within the retention and usage period prescribed by applicable laws, or the retention and usage period consented to by the data subject at the time of collection.

② The retention and processing periods for each category of personal information are as follows.

1. Website Membership Registration and Management
Personal information related to website membership registration and management is retained and used on a semi-permanent basis from the date consent is obtained.
  Basis for retention: Personal information is retained and used only for the duration of service provision following membership registration.
  Relevant laws and regulations:
  1) Records regarding the collection, processing, and use of credit information: 3 years
  2) Records regarding consumer complaints or dispute resolution: 3 years
  3) Records regarding payment and supply of goods or services: 5 years
  4) Records regarding contracts or withdrawal of subscriptions: 5 years
  5) Records regarding labeling and advertising: 6 months

Article 3 (Items of Personal Information Processed)

① The 5&2 Foundation processes the following items of personal information.

1. Website Membership Registration and Management
  - Required items: Email address, Password hint question and answer, Password, Login ID, Date of birth, Name, Cookies
  - Optional items: None

Article 4 (Provision of Personal Information to Third Parties)

The 5&2 Foundation processes personal information only within the scope specified in Article 1 and provides personal information to third parties only in cases permitted under the Personal Information Protection Act or with the consent of the data subject.

Article 5 (Delegation of Personal Information Processing)

① The 5&2 Foundation delegates certain personal information processing tasks as follows in order to facilitate the efficient handling of personal information operations.

1. Delegated Personal Information Processing
  Service provider (Processor): Anyline Co., Ltd.
  Delegated task: Membership registration
  Delegation period: Until the purpose of processing is achieved or the delegation agreement is terminated

② When entering into delegation agreements, the 5&2 Foundation specifies in written documents matters required under Article 26 of the Korean Personal Information Protection Act, including prohibition of processing personal information for purposes other than delegated tasks, technical and administrative safeguards, restrictions on re-delegation, supervision and management of processors, and liability for damages.

③ If the details of delegated tasks or the processor change, such changes will be disclosed promptly through this Privacy Policy.

Article 6 (Procedures and Methods for Destruction of Personal Information)

① The 5&2 Foundation destroys personal information without delay once the retention period expires or such information becomes unnecessary due to the achievement of the processing purpose.

② The procedures and methods for destruction are as follows.

1. Destruction Procedure
The 5&2 Foundation selects personal information subject to destruction and destroys it with the approval of the Personal Information Protection Officer.

2. Destruction Method
Electronic files are destroyed using technical methods that prevent recovery of records.
Printed documents containing personal information are destroyed by shredding or incineration.

Article 7 (Rights and Obligations of Data Subjects and Legal Representatives)

① Data subjects may exercise rights including requests for access, correction, deletion, or suspension of processing of their personal information at any time with respect to the 5&2 Foundation.

② Such rights may be exercised in writing, by email, facsimile transmission (FAX), or other methods pursuant to Article 41(1) of the Enforcement Decree of the Korean Personal Information Protection Act, and the Foundation will take action without delay.

③ Rights may also be exercised through a legal representative or authorized agent of the data subject. In such cases, a power of attorney in the form prescribed by Notice No. 2020-7 of the “Notice on Personal Information Processing Methods” must be submitted.

④ Requests for access to personal information and suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the Korean Personal Information Protection Act.

⑤ Requests for correction or deletion may not be made where the relevant personal information is specified as a required collection item under other laws.

⑥ The 5&2 Foundation verifies whether the person making a request for access, correction, deletion, or suspension of processing is the data subject or a duly authorized representative.

Article 8 (Measures to Ensure the Security of Personal Information)

The 5&2 Foundation implements the following measures to ensure the security of personal information.

1. Establishment and Implementation of Internal Management Plans
Internal management plans have been established and implemented to ensure the secure processing of personal information.

2. Encryption of Personal Information
Users’ passwords are encrypted and securely stored so that only the users themselves may access them. Important data is additionally protected through encryption of files and transmitted data or through file-locking security functions.

Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① The 5&2 Foundation uses cookies to store and retrieve user information in order to provide personalized services.

② Cookies are small pieces of information sent by the website server (HTTP) to the user’s web browser and may be stored on the user’s device.

A. Purpose of Using Cookies
Cookies are used to provide optimized information to users by analyzing visit patterns, usage behavior for each service and website, popular search terms, and secure access status.

B. Installation, Operation, and Refusal of Cookies
Users may manage or refuse cookies through their web browser settings.

C. Consequences of Refusing Cookies
Refusing cookies may limit access to certain personalized services.

Article 10 (Criteria for Additional Use and Provision)

Pursuant to Article 15(3) and Article 17(4) of the Korean Personal Information Protection Act and Article 14-2 of its Enforcement Decree, the 5&2 Foundation may additionally use or provide personal information without the consent of the data subject after considering the following factors:

• Whether the additional use or provision is related to the original purpose of collection;
• Whether such additional use or provision is reasonably foreseeable in light of the circumstances of collection or processing practices;
• Whether such additional use or provision unfairly infringes upon the interests of the data subject; and
• Whether necessary security measures such as pseudonymization or encryption have been implemented.

Article 11 (Personal Information Protection Officer)

① The 5&2 Foundation designates the following person in charge of overseeing personal information processing and handling complaints and remedies related to personal information protection.

▶ Personal Information Protection Officer
  Name: Han Sang hye
  Contact: +82-2-322-4630
  ※ You will be connected to the department responsible for personal information protection.

▶ Department Responsible for Personal Information Protection
  Department: 행정사역부

② Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection arising from use of the Foundation’s services or business operations. The Foundation will respond and process such requests without delay.

Article 12 (Department Responsible for Access Requests)

Data subjects may submit requests for access to personal information pursuant to Article 35 of the Korean Personal Information Protection Act to the following department. The 5&2 Foundation will endeavor to process such requests promptly.

 

Article 13 (Remedies for Infringement of Rights and Interests)

Data subjects may apply for dispute resolution or consultation regarding personal information infringement through the following organizations:

1. Personal Information Dispute Mediation Committee
Tel: 1833-6972
Website: www.kopico.go.kr

2. Personal Information Infringement Report Center
Tel: 118
Website: privacy.kisa.or.kr

3. Supreme Prosecutors’ Office
Tel: 1301
Website: www.spo.go.kr

4. National Police Agency
Tel: 182
Website: ecrm.cyber.go.kr

Persons whose rights or interests have been infringed by a disposition or omission of a public institution in response to requests under Articles 35, 36, and 37 of the Korean Personal Information Protection Act may file an administrative appeal pursuant to the Administrative Appeals Act.

For more information regarding administrative appeals, please refer to the website of the Central Administrative Appeals Commission:
www.simpan.go.kr

Article 14 (Amendments to this Privacy Policy)

This Privacy Policy shall take effect on September 7, 2022.