Plain of personal information processing policy 2019-08-30t 14:44:30 + 09:00

According to Article 30 of the personal information protection law, the Korean medical education evaluation Institute (hereinafter) protects the personal information and rights and interests of users, so that users can smoothly handle the concerns of relevant employers.

Article 1 (purpose of personal information processing)

Yiping plain processes personal information for the purpose of major business guidance and other plain related businesses. If the purpose of use is changed, additional measures will be taken according to Article 18 of the personal information protection law.

Article 2 (personal information processing and retention period)

① The "plain" refers to the personal information retention according to the relationship law, the personal information agreed during the use period or the collection of personal information by the information subject, and the processing and retention of personal information during the use period.

② The processing and retention time of personal information are as follows.

One Website member joining and management: exit website 2. Automatically collect information:

• The address of the website when the user's Internet server visits our home page
• User's browser type and OS
• Date of visit

Article 3 (the third word of providing personal information)

Yipingyuan only provides personal information when the personal information of the information subject is processed within the clear scope of Article 1 (purpose of personal information processing), and only provides the consent of the information subject, special provisions of the law and other articles 17 and 18 of the personal information protection law.

Article 4 (entrustment of personal information processing)

① Pingyuan is entrusting personal information processing business for smooth personal information business processing.

• Trustee (trustee):
• Entrusted business content: mainte. Of の Pingyuan Homepage
• Entrustment period: at the end of entrustment

② When signing the entrustment contract, according to Article 26 of the personal information protection law, in addition to the purpose of the entrustment business, it is prohibited to handle personal information, technical and management protection measures, in place restrictions, supervision, supervision, damages and other liability matters, which are clearly defined in the contract. Monitoring the safe handling of personal information at the desk.

③ When the entrusted business content or the entrusted table changes, I will disclose it through my own personal information processing policy.

Article 5 (rights, obligations and methods of activities of information subject)

① The information subject or the agent appointed by the information subject can exercise the rights related to personal information protection of the next account at any time.

• Personal information requirements
• If there is any mistake, ask for correction
• Delete request
• Stop processing requirements

② According to the first paragraph, the right activities can be carried out by means of written, e-mail, fax, etc. in the form of No. 8 (request for reading, deleting and processing of personal information) of the implementation rules of the personal information protection law, and the parliament will take measures to this.

③ When the information subject requests the error or deletion of personal information, the plain does not use or provide personal information before correction or deletion.

④ Through the rights activities of the information subject or agent, the exceptions provided by the law may be rejected.

Article 6 (personal information items to be processed)

Yipingyuan is working on the next personal information project.

• Add and manage the password, name, e-mail address, mobile number, address, occupation, affiliation and news information receiving phone number of [necessary items] for web members
• Automatic collection of information: Home login, IP address, cookie, session

Article 7 (installation, operation and rejection of personal information automatic collection equipment)

② To allow cookies for all logged in plain sites or information principals of configured sites.

③ The information subject has the option to install cookies. Therefore, set options in the browser, or allow all cookies to be stored, or deny all cookies to be saved. However, if the information subject rejects the cookie setting, some services will be limited.

④ Details of cookie operations are as follows.

• Each browser connected to the plain can be given an inherent cookie, which can determine the frequency of use or the limit of repeated use of registered and unregistered users.

• Cookies are also used to measure the access patterns of information subjects in the field of plain websites and the overall access patterns of information subjects. This information is used to understand the user's habits, or how to understand different issues of research, and use this information to read the content, arrangement and various activities on the information subject's plain website will be used for the direction of the information subject. Tolerable.

Article 8 (cancellation of personal information)

① Plain means that personal information will be discarded without hesitation when it is unnecessary, such as the process of personal information retention and the purpose of processing.

② Although the retention period of personal information agreed by the information subject has passed or the purpose of processing has been achieved, the personal information shall be kept in accordance with other laws and regulations, separated from other personal information, stored and managed.

③ The procedures and methods for tearing up personal information are as follows.

• Abandonment procedure: the personal information with abandonment cause is destroyed according to the responsibility of the person in charge of personal information protection and the internal policy procedure.
• Abandonment method: personal information in the form of electronic documents is irrecoverable, and personal information output from paper is smashed or destroyed.

Article 9 (measures to ensure the security of personal information)

In order to ensure the security of personal information, yipingyuan is taking the next step.

• Establishment and implementation of internal management plan: the plain system manages personal information, and carries out internal management plan to prevent leakage, damage, etc.
• Education for personal information management staff: security management for staff who manage personal information.
• Access control of personal information and restriction measures of access rights: the database system for processing personal information, the restriction measures for controlling personal information and access rights through access rights, borders and speaking offices, and the use of intrusion system to the external gratuitous gratuitous system Controlling access.
• Storage of connection records: the records connected to the personal information processing system (network login and other relevant information) shall be kept and managed for at least 6 months.
• Encryption of personal information: personal information is stored and managed through encryption and other security. In addition, important data use the security function of encryption when saving and transmitting.
• Security program installation, periodic inspection and update: personal information leakage and damage of hackers or computer viruses, and periodic update inspection.
• For the access control of non household: the physical storage office of the personal information system that keeps personal information shall establish a separate access control procedure for operation.

Article 10 (person in charge of personal information protection)

① The plain covers the business of personal information processing, and the dissatisfaction processing and relief of the information subjects related to personal information processing. The person in charge of personal information protection is designated as follows.

• Person in charge of personal information protection: Yin Zhu
• Office: Korea Medical Education Evaluation Institute Office
• Contact: 02-795-1591

② The information subject uses the plain website to inquire about all matters related to personal information protection such as consultation, dissatisfaction handling, disaster and so on.

Article 11 (method of remedy rights and interests)

A person who infringes upon the rights or interests of personal information may report the infringement facts to the center for declaration of infringement of personal information.

• Personal information dispute adjustment Committee: (no times) 118 (privacy. Kisa. Or. KR)
• Personal information infringement declaration Center: (radio) 118 (privacy. Kisa. Or. KR)
• Virtual crime investigation mission of the General Prosecutor's office: 02-3480-3571 (cybercid. Spo. Go. KR)
• Police department virtual Security Bureau: (radio) 182 (cyberbureau. Police. Go. KR)

Article 12 (change of personal information processing policy)

This personal information processing policy is 2017 One 1. Applicable from the beginning.