March 15, 2013 Korea Employment Information Service
Personal Information Processing Policy
All personal information handled by the internet services of the Korea Employment Information Service’s (KEIS) Employment Permit System (EPS) is collected, retained, and handled according to relevant laws or with the consent of the data subjects.
In accordance with the Personal Information Protection Act, the EPS service unveils its Personal Information Processing Policy as follows in order to protect the personal information of its data subjects and handle any related issues swiftly and seamlessly. However, in the case that you are redirected to another website or webpage after clicking on a link or banner listed on the EPS service website, please make sure to check the Personal Information Processing Policy of that website or webpage as well.
Article 1 (Purpose of Processing Personal Information)
Personal information will not be used for any purpose other than the ones listed below, and prior consent will be obtained when making changes to the purpose of use.
- EPS services (management of foreign worker selection, manpower supply for business owners, etc.)
- Handling civil complaints for the EPS services
Article 2 (Processing, Retention Period, and Processed Items of Personal Information)
The EPS service will only use its collected personal information for its intended purpose of use, and the handled personal information particulars are as follows.
※ In order to provide services, the EPS website may collect and handle resident registration numbers (alien registration numbers) after user registration according to Article 31-2 (Handling of Personally Identifiable Information) of the Enforcement Decree on the Act on the Employment, etc. of Foreign Workers.
Purpose of Handling
Handled Item
Retention Period
Membership Registration for the EPS Website
Corporate Business Owner / Individual Member
(Required) 1. Name 2. E-mail 3. Member Category 4. Password 5. Password Security Question and Answer
※ Personal Information of Children Under 14: The EPS service does not collect or handle the personal information of children under 14 years of age.
Foreign Worker Member
Required) 1. Name 2. E-mail 3. Password 4. Password Security Question and Answer
2 years / until membership cancellation (agreement reobtained periodically every 2 years)
Article 3 (Items on Installation and Operation of Automatic Personal Information Collection Tools and Denial Thereof)
Collected Particulars
Purpose of Use
Requested Website URL When Visiting Website
Statistical analysis, seamless communication between users and website
User’s IP Address, Browser Request Type and Protocol Version
Date of Visit
Cookie Information
Cookies are small amounts of data sent to a user’s computer by the server used by an organization to run its website, and when the user accesses the website, the organization’s computer will read the user’s cookies to provide seamless services
※ Users can choose to disable cookies by going to Tools > Internet Options > Privacy, and adjusting the options on the Settings section. If cookies are disabled, certain services of the EPS website may be unavailable to users.
Article 4 (State of Personal Information Files)
In order to provide EPS services, the names for the personal information files processed by the EPS website and handled during tasks are as follows.
Personal Information File Name
Employment Permission for Foreign Workers
Job Search Request Information of Foreign Workers
Basic Information of Foreign Workers
Regular Member Information of Foreign Workers
File on Employment Training for Foreign Workers
Employment Educator Information for Foreign Workers with Special Cases for Employment (H-2 Compatriots)
TOPIK Application Information
※ For further details on registration of personal information files, go to the Ministry of the Interior and Safety’s personal information protection support portal (www.privacy.go.kr) → Personal Information Civil Complaints → Requests to Reach Personal Information, etc. → Personal Information File List search menu.
Article 5 (Provision of Personal Information to a Third Party)
The <Employment Permit System Internet Service> handles the personal information of users under the scope provided by Article 1 (Purpose) of the Personal Information Protection Act on principle, and does not handle the personal information beyond the provided scope or provide the personal information to third parties without obtaining prior consent from the users. However, it may handle the personal information in the following cases.
- Where prior consent has been separately obtained from the data subject (in the case that users have agreed to the provision and disclosure of their personal information to third parties in advance)
- Where special provisions exist in other laws
- Where deemed necessary for the life, body, or economic profits of the data subject or third party in the cases that the prior consent cannot be obtained due to reasons such as data subject or their legal representative being unable to express intent or unknown addresses
- Where personal information is provided in the form that keeps specific individuals unidentifiable in cases where necessary for the purpose of producing statistics, academic research, etc.
- Where it is impossible to perform duties under the jurisdiction provided by other laws without using the personal information for a purpose other than its intended one or providing the personal information to a third party, provided that it is subject to the deliberation and resolution of the Personal Information Protection Commission
- Where it is necessary to provide the personal information to a foreign government or international organization in order to perform a treaty or some other international convention
- Where it is necessary for the investigation of a crime, indictment, and sustainment of a public prosecution
- Where it is necessary for the court to proceed a case
- Where it is necessary for punishment and the enforcement of care and custody
※The Korea Employment Information Service (KEIS) will abide by laws related to the use and provision of personal information and work to ensure that its retained personal information will not be unjustly used.
When dealing with organization seeking to use or obtain personal information, the <Employment Permit System Internet Service> places restrictions on the organization’s purpose of use, method of use, retention period, form of use, etc. or requests documents from the organization for the preparation of necessary detailed measures to ensure the safety of the personal information, and provides only the bare minimum required depending on the organization’s purpose of use and provision.
Those who receive the personal information materials, purpose of use of personal information and provided items, legal basis, etc. are as follows.
Download
Article 6 (Outsourcing of Personal Information)
The <Employment Permit System Internet Service> outsources personal information as follows to enhance its level of service, and regulates items to ensure the safe management of personal information upon outsourcing contracts in accordance with related laws.
Outsourcee
Purpose of Outsourcing
Contact Information
GEISTKOREA CO., LTD
Development and Maintenance of EPS
02-833-1650
SNP Soft
Development and Maintenance of Foreign Worker Employment Statistics
02-3432-0992
UNIES
Customer Service, Prevention of Unauthorized Use,, and Remote Support Service
1566-9797
Article 7 (Rights and Duties of Data Subjects and Methods for Exercising Them)
A. Data subjects (in the case of children under 14 years of age, refers to their legal representatives) may exercise their rights in relation to the protection of their personal information for each of the following subparagraph.
1) Request for access
2) Request for correction in the case of errors, etc.
3) Request for erasure
4) Request for suspension of processing
B. To exercise rights in accordance with Paragraph A, fill out Form 8 of the Enforcement Rules of the Personal Information Protection Act and convey it through post, E-mail, FAX, etc., and the Korea Employment Information Service (KEIS) will take action in response without delay.
C. If a data subject makes a request for correction due to errors or for erasure, their personal information will not be used or provided until the correction or erasure is completed.
D. Data subjects may exercise their rights under Paragraph A through their legal representatives or other representatives who have been delegated with the authority. In this case, the representatives must fill in and submit Form 11 of the Enforcement Rules of the Personal Information Protection Act.
E. For requests to access personal information or suspend the processing of personal information, data subjects may have limitations on their rights in accordance with Article 35 Paragraph 5 and Article 37 Paragraph 2 of the Personal Information Protection Act.
F. For requests to correct or erase personal information, if said personal information is stipulated as a target for collection in another law, then data subjects may not request the erasure of the personal information.
G. When a data subject’s right is exercised to request access, correction or erasure, or suspension of processing, the Korea Employment Information Service (KEIS) will confirm whether the request was made personally by the data subject or by a proper representative.
* [Enforcement Rules of the Personal Information Protection Act Form 8] Application for (Access, Correction or Deletion, and Suspension of Processing) of Personal Information
* [Enforcement Rules of the Personal Information Protection Act Form 11] Power of Attorney
H. The department and officer in charge of accepting and handling requests for access, correction or erasure, or suspension of processing of personal information are as follows.
- Department: IT Security Division
- Officer: Team Leader Yang Hui-jeong
Article 8 (Destruction of Personal Information)
Once the personal information has achieved its purpose of handling, the <Employment Permit System Internet Service> destroys said personal information without delay on principle. However, if the personal information must be preserved in accordance with other laws, then it will not be destroyed. The procedure, deadline, and method for destruction are as follows.
A. Destruction Procedure: Once the information entered by a user has accomplished its intended purpose, the information will be destroyed immediately or after being stored for a certain period of time in accordance with internal policies and related laws.
B. Destruction Deadline: If the user’s personal information has been kept past its retention period, it will be destroyed within 5 days of the closing date of retention, and if the personal information has achieved its purpose of processing or become unnecessary for some other reason, then it will be destroyed within 5 days of the date in which the personal information is deemed unnecessary.
C. Destruction Method
- Electronic Files: Permanently deleted in a manner that makes their restoration impossible
- Other (Records, Prints, Written Documents, and Other Forms of Recorded Medium): Shredded or incinerated
Article 9 (Measures to Ensure Safety of Personal Information)
The <Employment Permit System Internet Service> will take the following technical, managerial, and physical measures to ensure safety in accordance with Article 29 or the Personal Information Protection Act.
A. Establishment and Enforcement of Internal Management Plan: In order to prevent personal information from being lost, stolen, divulged, forged, altered, or damaged, an internal management plan has been established and enforced in accordance with the Guidelines on Measure for Ensuring the Safety of Personal Information (Ministry of Interior and Safety Notice No. 2016-35).
B. Management of Access Rights: Access rights to the personal information processing system are granted incrementally to business managers to meet the minimum level required to carry out their tasks, and in the case of changes to personal information handlers, these access rights to the personal information processing system are altered or erased without delay. Additionally, rules on setting secure passwords have been established and are being enforced, and necessary technical measures are also in place. For instance, if a handler enters their account information or password incorrectly a set number of times, limitations will be placed on their access to the personal information processing system.
C. Access Control: In order to prevent illegal access and breach incidents through information and communications networks, control of access to the personal information processing system is being implemented through measures such as IP blocking, restrictions on internet use, and vulnerability diagnosis and measures at least once a year.
D. Encryption of Personal Information: In cases where personally identifiable information, passwords, and bioinformation are transmitted through information and communications networks or delivered through the likes of auxiliary storage mediums, stable algorithms are applied to encrypt them.
E. Storage and Inspection of Access Records: The EPS service stores and manages records of a personal information handler’s access to the personal information processing system for at least 6 months, and inspects the access records at least once every half year in order to respond to personal information being lost, stolen, divulged, forged, altered, or damaged.
F. Prevention of Malicious Programs, etc.: The EPS service installs and runs security programs such as vaccines in order to prevent and fix the likes of malicious programs.
G. Safety Measure of Devices for Management: In order to prevent personal information breach incidents such as the leaking of personal information, the EPS service is carrying out security measures on devices for management, such as by blocking the use of unauthorized devices, forbidding the use of devices except for their intended purpose, and installing security programs such as vaccines.
H. Physical Safety Measures: The EPS service manages the personal information processing system in a computer center that is physically protected, and documents, auxiliary storage mediums, etc. containing personal information are stored and managed in a secure location with a locking device.
I. Security Measures in Preparation of Disasters: The EPS service has established and is operating a disaster recovery center to backup and recover the personal information processing system in case of disasters, and has prepared and is periodically inspecting response procedures, such as a crisis response manual, to protect the personal information processing system in cases of disasters such as fires, floods, and power failures.
J. Destruction of Personal Information: The EPS service will take one of the measures in the following subparagraphs when destroying personal information.
2) Erasure through the use of exclusive degaussers
3) In the cases where it is difficult to destroy according to Paragraph 1, such as resetting or overwriting data to ensure that it is not restored, or destroying only a portion of the personal information, the following measures are taken.
(1) Electronic Files: After erasing personal information, manage and supervise to ensure that it is not restored or played back
(2) Other (Records, Prints, Written Documents, Other Forms of Recorded Medium): Erase the information by masking or boring the relevant portions
Article 10 (Privacy Officer)
The <Employment Permit System Internet Service> designates privacy officers and handlers as follows in order to protect personal information and handle any complaints related to personal information. (Privacy officers in accordance with Article 31 Paragraph 1 of the Personal Information Protection Act)
Category
Department
Name
Contact Information
E-mail
Privacy Officer
Office of Employment Information Platform
Director Im Jong-hun
1577-7114
ijhun9719@keis.or.kr
Privacy Officer for Fields of Personal Information Protection
Employment Permit System (EPS) Division
Team Leader Lee Jong-seon
1577-7114
sun777@keis.or.kr
General Manager for Personal Information Protection
IT Security Division
Team Leader Yang Hui-jeong
1577-7114
ehdnal@keis.or.kr
The Korea Employment Information Service (KEIS) will always instruct and oversee that all personal information collected according to the regulations of laws will be used in accordance with the purpose of their collection and handling.
Article 11 (Remedial Methods against Infringement on Rights and Interests)
To receive relief from the infringement on their personal information, data subjects can apply for dispute resolutions and consultations to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency (KISA) Privacy Center, etc. For other venues to report and receive consultations on personal information breaches, please contact the following organizations.
- Personal Information Dispute Mediation Committee : 1833-6972 (https://www.kopico.go.kr)
- Privacy Center: 118 (without a telephone exchange number) (http://privacy.kisa.or.kr)
- Cyber Bureau, Korean National Police Agency : 182 (without a telephone exchange number) (http://cyberbureau.police.go.kr)
Article 12 (Changes in Personal Information Processing Policy)
This Personal Information Processing Policy will come into effect starting the day of its enforcement date, and in the case of additions, deletions, and corrections to the law and the policy, these changes will be notified through an announcement 7 days before the enforcement of the changes when possible.
Personal Information Processing Policy Version No.:
