NTREE Certification Board Personal Information Processing Policy
The NTREE Certification Institute establishes and discloses guidelines for handling personal information as follows in order to protect the personal information of the information subjects and to promptly and smoothly deal with the grievances under Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Personal Information) The NTREE Certification Institute shall process personal information for the following purposes: Personal information being processed is not used for any purpose other than the following, and if the purpose of use is changed, necessary measures such as obtaining separate consent under Article 18 of the Privacy Act will be implemented.
1. Register and manage homepage membership
Personal information is processed for the purpose of identifying and verifying membership, maintaining membership, managing membership, preventing fraud of service, checking consent of legal representatives, notice, and complaint handling for children under 14 years of age.
2. Delivering goods or services
Personal information is processed for the purpose of delivering goods, providing services, sending contracts and invoices, providing contents, providing customized services, personalization, age certification, payment and settlement of charges, collecting bonds, etc.
3. Handling grievances
Personal information is processed for the purpose of verifying the identity of the civil petitioner, verifying the civil petitioner, contacting and notifying the fact, and notifying the result of the processing.
Article 2 (Personal Information Processing and Retention Period) £ The NTREE Certification Institute processes and retains personal information within the period of personal information possession and use under the Act or the period of personal information collection by the information entity.
£ Each personal information processing and retention period is as follows:
1. Registering and managing website members: Until business operators/organizations withdraw from the website
Provided, That in cases falling under the following grounds, until the termination of the relevant grounds:
1) If an investigation, investigation, etc. is in progress due to violation of the relevant statutes, the investigation shall be conducted until the end of the investigation and investigation.
2) If the bond/debt relationship remains due to the use of the website, the relevant bond/debt relationship shall be settled until the settlement.
3) In the case of "Exception Reason", "3 years after expiration and cancellation of certification" is required.
2. Provision of goods or services: Until completion of supply of goods and services and completion of payment and settlement of charges
Provided, That in cases falling under the following grounds, by the end of the relevant period:
1) Records of transactions, such as marking, advertising, contract details, and implementation under the "Act on Consumer Protection in Electronic Commerce, etc."
- Records on marking and advertising: June
- Supply records such as contract or subscription withdrawal, payment, goods, etc.: 5 years
- Records on consumer complaints or dispute handling: 3 years
Article 3 (Rights, obligations, and methods of exercise by information subjects and legal representatives) (1) Information subjects may exercise their right to peruse, correct, delete, or suspend the processing of personal information to the NTREE Certification, and suspension of processing of personal information.
£ The rights under paragraph (1) may be exercised by the NTREE Certification Institute in writing, e-mail, or FAX pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the NTREE Certification Institute will take action without delay.
£ The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the information subject or a person entrusted with the authority. In such cases, a power of attorney in attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
£ The right of the information subject may be restricted pursuant to Articles 35 (5) and 37 (2) of the Personal Information Protection Act.
£ A request for correction or deletion of personal information shall not be requested if the personal information is specified as a collection target under other statutes.
£ The (Master) NTREE Certification Board verifies whether the person who made the request is himself or his legitimate representative, such as a request for perusal, correction or deletion, or a request for suspension of processing.
Article 4 (Personal Information Items Processing) The NTREE Certification Board handles the following personal information items:
1. Management of website certification consultation inquiries
£Required items: company name, business address, name of person in charge, contact information of person in charge, personnel status,
Standard and field of certification (range), E-MAIL in charge, name of representative
2. Delivering goods or services
£Required items: Company name, business address, name of person in charge, contact number of person in charge, status of person in charge, standard and field of certification (range), E-mail of person in charge, name of representative
3.
£Company name, business address, name of person in charge, contact information of person in charge, status of personnel, standards for certification and fields (range), E-mail of person in charge, name of person in charge
Article 5 (Destruction of Personal Information) (1) If personal information becomes unnecessary, such as the lapse of the period of personal information retention or the achievement of the purpose of processing, the relevant personal information shall be destroyed without delay.
£ If the personal information is preserved in accordance with other laws and regulations even though the personal information retention period has expired or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored in a different place.
£ The procedure and method of personal information destruction are as follows.
1. Destruction procedure
The NTREE Certification Institute selects personal information where the reason for destruction occurs, and destroys the personal information with the approval of the Personal Information Protection Officer of the NTREE Certification Institute.
2. Destruction method
The NTREE Certification Institute destroys personal information recorded and stored in electronic files so that the records cannot be replayed, and the personal information recorded and stored in paper documents is destroyed by grinding or incinerating them with a shredder.
Article 6 (Safety Measures for Personal Information) The NTREE Certification Board takes the following measures to ensure the safety of personal information:
1. Management measures: establishing and implementing internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights for personal information processing systems, etc.
3. Physical measures: Access control for data storage rooms, etc.
Article 7 (Master) NTREE Certification Center does not use "cookies" that store information on the use of information subjects and frequently bring in.
Article 8 (Personal Information Protection Officer) (1) The NTREE Certification Board is responsible for the processing of personal information and designates a person in charge of personal information protection as follows to handle complaints and remedy damages.
▶ Person in charge of personal information protection
Name: Jeon Seung-ho
Position: Head of the NTREE Certification Board
Contact: TEL)031-308-9034, E-MAIL)ntreecert@daum.net, FAX)031-308-9054
※ Connects to the department in charge of personal information protection.
▶ Department in charge of personal information protection
Name of department: Examination headquarters
Person in charge: Manager Ko Woo-ree
Contact: TEL)031-308-9034, E-MAIL)ntreecert@daum.net, FAX)031-308-9054
£ The information authority may contact the person in charge of personal information protection and the department in charge of all personal information protection inquiries, complaints, and damage relief caused by using the service (or business) of the NTREE Certification Institute. The NTREE Certification Institute will respond and process inquiries from the information subject without delay.
Article 9 (Personal Information Access Request) The information subject may request the following departments to read personal information under Article 35 of the Personal Information Protection Act. The NTREE Certification Institute will make efforts to expedite the information subject's request for perusal of personal information.
▶ Department of receiving and processing requests for reading personal information
Name of department: Examination headquarters
Person in charge: Manager Ko Woo-ree
Contact: TEL)031-308-9034, E-MAIL)ntreecert@daum.net, FAX)031-308-9054
Article 10 (How to relieve infringement of rights) Information subjects may inquire about the following institutions for damage relief and counseling on personal information infringement.
The institution below is separate from the NTREE Certification Institute, and if you are not satisfied with the results of its own personal information complaint and damage relief, or if you need further assistance, please contact us.>
▶ Personal Information Infringement Report Center (Operated by the Korea Internet Promotion Agency)
- Business under his/her jurisdiction: Reporting personal information infringement facts and applying for counseling
- Homepage: privacy.kisa.or.kr
- TELEPHONE: 118 (without station code)
- Address: (58324) Personal Information Violation Report Center on the 3rd floor of 9 Jinheung-gil (301-2 Bitgaram-dong), Naju-si, Jeollanam-do
▶ Personal Information Dispute Mediation Committee
- Business under his/her jurisdiction: application for personal information dispute settlement, group dispute settlement (civil resolution)
- Homepage: www.kopico.go.kr
- Telephone: (without station code) 1833-6972
- Address: (03171) Sejong-daero, Jongno-gu, Seoul, 4th floor of the Seoul Government Complex
▶ Supreme Prosecutors' Office Cybercrime Investigation Team: 02-3480-3573 (www.spo.go.kr)
▶ Cyber Security Bureau of the National Police Agency: 182 (http://cyberbureau.police.go.kr) 
