Privacy

NOTICE

Privacy Policy

Complying with relevant laws such as the Personal Information Protection Act, the personal information processed for website operation and immigration administrative duties are managed in accordance with the privacy policy as prescribed below.

Article 1 Purpose of Personal Information Processing

The Center shall not use the personal information for purposes other than the following purposes. In case any changes are made to the purposes of use, the Center shall proceed after receiving consent in advance.

1. To process ETA services through the website (application and notification of results, etc.)

Article 2 Personal Information Processing Details and Retention Period

The Center collects and retains personal information as follows with the consent from the user as well as according to relevant laws and regulations.

1. Processing Information for ETA
List
Purpose of Retention To save record of receipt of ETA application and the results of process
Basis of Retention Immigration Act, Article 7-3 (Advance Travel Authorization)
Immigration Act, Enforcement Decree Article 101 (Processing of Sensitive Information and Unique Identification Information)
Method of Collection Online (upon user consent) Retention Period Semi-permanent
Recorded Data (Required) ID photo (face image), e-mail information, nationality, sex, name in English (Full name), date of birth, passport information, passport expiration date, dual nationality status, mobile phone number, previous visits to Korea, purpose of entry and travel agency related information, address in Korea, employment (occupation), disease related information, criminal record
Optional) Passport bio page image, period of stay

In the course of using internet services, IP address, cookie(s), MAC address, record of service use and visit, and etc. may be automatically generated and collected.

Article 3 Provision of Personal Information to a Third Party

  • 1. The Center shall only provide personal information to a third party with the consent from the user, or when applicable to Article 17 or 18 of the Personal Information Protection Act, or other special regulations of laws.

  • 2. In any case the personal information collected according to Article 18 of the Personal Information Protection Act is to be provided to a third party other than the stipulated purposes, the legal basis, purpose, and scope of such provision shall be informed on the website of the Ministry of Justice or the relevant bureaus and offices.

Article 4 Consignment of Personal Information Processing

1. The Center consigns personal information processing as follows for efficient personal information processing service.
위탁운영 상세 목록
Consignee Details of Consignment Office in Charge
SysOne Co., Ltd. Integrated maintenance management and operation of immigration information system (2021~2022) Seoul Immigration Office (Immigration IT Center)

2. When establishing a contract for consignment of processing, matters regarding responsibility and law compliance such as prohibition of personal information processing outside the purpose of duties consigned according to Article 26 of the Personal Information Protection Act, technical and managerial protective measures, restriction of reconsignment, compensation for damages shall be stipulated on the and the consignee will be monitored for safe personal information processing.

3. In any case of amendments to the privacy policy such as changes to the consignee or consignment duties, details will be notified on the website.

Article 5 Rights and Obligations, and Exercising Methods of the User and Legal Representative

The user is eligible to exercise the following rights, and the legal representative may exercise the rights regarding personal information for children under the age of 14.

  • 1. Request Access to Personal Information
  • Access to the personal information retained by the Center may be requested in accordance with Article 35 of the Personal Information Protection Act. However, such request of access may be restricted under Paragraph 4, Article 35 of the same Act.

  • 2. Request Correction or Deletion of Personal Information
  • Correction or deletion of the personal information retained by the Center may be requested in accordance with Article 36 of the Personal Information Protection Act. However, in such cases where personal information is stated as to be subject to collection by law, deletion cannot be requested.

  • 3. Request Suspension of Personal Information Processing
  • Suspension of personal information processing of the retained personal information by the Center may be requested in accordance with Article 37 of the Personal Information Protection Act. However, if applicable to Paragraph 2, Article 37 of the same Act, such request may be denied.

  • 4. The user may request access, correction, deletion, suspension of processing by submitting Form 8 of the Enforcement Regulations of the Personal Information Protection Act to the office or officer in charge of personal information prescribed in Article 2 of this document, by visiting in person, writing, telephone, e-mail, or fax. The Ministry will notify the results within 10 days after receipt of request with Forms 9 and 10 of the Enforcement Regulations of the Personal Information Protection Act.

  • 5. In case the user has any ions to the results of matters regarding access, correction, deletion, suspension of processing of personal information, the user can first reapply as described below. For additional ions, the user can file an administrative appeal.

    • a. File an ion in writing, or by telephone, e-mail, etc. within 30 days from the notification date by the personal information managing department

    • b. Re-examination by the personal information managing department

    • c. Final examination by person in charge of the Center on results of re-examination by the personal information managing department

    • d. Notification of examination results by the personal information managing department

  • 6. In case the legal representative of the user or a proxy requests access, correction, deletion, suspension of processing, submission of letter of attorney according to Form 11 of Enforcement Regulations of the Personal Information Protection Act shall be required.

  • 7. The Center shall whether the requesting person is the user him/herself or an appropriate proxy when the requesting person requests access, correction, deletion, or suspension of processing according to the user rights.

  • 8. In any case the user requests correction or deletion of personal information due to personal information errors, the personal information of that user will not be used or provided until the request has been settled.

Article 6 Process and Method of Personal Information Destruction

The Center shall, in principle, destroy personal information without delay when period of retention expires or the purpose of processing is achieved. However, in any case where the personal information is to be stored continuously according to law, such personal information (or personal information file) shall be moved to a separate database or stored in a different venue.

  • 1. Destruction Procedure
  • Unnecessary personal information and personal information files are processed as below in accordance with internal measures under the responsibility of the personal information security officer.

    • - Destruction of personal information

    • Destroy personal information without delay when period of retention expires

    • - Destruction of personal information file

    • Destroy personal information without delay when personal information file is recognized as unnecessary, such as purpose of personal information processing is achieved, relevant service is terminated, project is finished, and etc.

  • 2. Destruction Method
    • - Personal information printed on paper shall be shredded with a paper shredder or destroyed through incineration.

    • - Personal information stored in the form of an electronic file shall be deleted with technical methods so that the records are irretrievable.

Article 7 Measures to Ensure the Safety of Personal Information

The Center implements necessary technical, managerial, and physical measures as follows to ensure the safety according to Article 29 of the Personal Information Protection Act.

  • 1. Establishment and implementation of internal management plan
  • Internal management plan shall be established and implemented in accordance with the Standards for Securing Safety of Personal Information (Personal Information Protection Committee Notice).

  • 2. Encryption of personal information
  • Personal information shall be safely stored and managed through encryption. In addition, separate security functions such as encrypting shall be used for important data storage and transmission.

  • 3. Restrict access to personal information
  • Necessary measures shall be taken to control access to personal information by granting, changing, or canceling access rights to the personal information processing system, and shall control unauthorized access from the outside by using firewall system.

  • 4. Record keeping for access history
  • Records of access to the personal information processing system shall be kept and managed for more than 1 year.

  • 5. Installation of security program and regular inspection and update
  • Security programs are installed and regularly inspected and updated to prevent any leakage or damage of personal information caused by hacking or computer viruses.

  • 6. Control access of unauthorized person
  • Access control procedures shall be established and operated regarding the separate physical storage place for the personal information processing system that stores personal information.

  • 7. Minimization and training of staff that manage personal information
  • Personnel who manage personal information shall be designated and managed only to those who are absolutely necessary, and training is provided to relevant personnel for safe management.

Article 8 Installation, Operation, and Refusal of Automated Personal Information Collection Devices

  • 1. The Center shall use ‘s’ that store and retrieve use information in order to provide individual customized services to users.

  • 2. s are small amounts of information sent to the user’s computer browser by the server (http) that is used to operate the website, and may be stored on the user’s computer’s hard disk.

    • ○ Purpose of using s : To provide optimized information to users by identifying the types of visits and use, popular search items, security access, etc. of each service and website visited by the user.

    • ○ Installation, operation, and refusal of settings : User can refuse to setting by selecting Tools > Internet Options > Personal Information menu.

    • ○ Refusing to the settings may cause difficulties in using customized services.

Article 9 Remedy for Infringement of Rights and Interests

To receive remedy for personal information infringement, the user may apply for consultation or dispute resolution to the Personal Information Infringement Report Center of the Korea Internet Agency or the Personal Information Dispute Mediation Committee.

  • 1. Personal Information Infringement Report Center : (without country code) 118 (privacy.kisa.or.kr)

  • ○ Duties: personal information infringement report, apply for consultation

  • 2. Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)

  • ○ Duties: personal information dispute mediation application, collective dispute mediation (civil settlement)

  • 3. Prosecution Service Cyber Investigation Division : (without country code) 1301 cid@spo.go.kr (www.spo.go.kr)

  • 4. National Police Agency Cyber Bureau : (without country code) 182 (cyberbureau.police.go.kr)

In addition, a person may request for administrative appeal according to the Administrative Appeals Act, when his/her rights or interests were infringed on due to the disposition or misconduct of the head of the administrative agency, regarding the request for access, correction, deletion, suspension of processing the personal information.
※ For more information, please visit the Central Administrative Appeals Commission website(www.simpan.go.kr).

Article 10 Request for Access to Personal Information

1. User may request access to personal information to the relevant office and officer stated in Article 11 below in accordance with Article 35 of the Personal Information Protection Act. The Center shall endeavor to expedite the processing of personal information access request by the user.

2. User may request access to personal information through either the relevant office mentioned above in paragraph 1, or through the personal information protection comprehensive website of the Personal Information Protection Committee (www.privacy.go.kr).

Article 11 Officers in Charge of Personal Information Protection and Contact Information

The Center appoints the chief officer and officers as below to protect personal information and handle complaints and questions regarding personal information.

1. Senior Officer : Chief of ETA Center, Hyunsook Ahn(keta@korea.kr)

2. Officer in Charge : ETA Center Seong il Lee(keta@korea.kr)

Article 12 Changes to Privacy Policy

This Privacy Policy shall be effective from the date of enforcement. Any additions, deletions, or corrections to the Privacy Policy shall be notified at least 7 days prior to its enforcement.

Enforcement Date : 2021. May. 3.