The Center shall not use the personal information for purposes other than the following purposes. In case any changes are made to the purposes of use, the Center shall proceed after receiving consent in advance.
The Center collects and retains personal information as follows with the consent from the user as well as according to relevant laws and regulations.
|Purpose of Retention||To save record of receipt of ETA application and the results of process|
|Basis of Retention||Immigration Act, Article 7-3 (Advance Travel Authorization)|
Immigration Act, Enforcement Decree Article 101 (Processing of Sensitive Information and Unique Identification Information)
|Method of Collection||Online (upon user consent)||Retention Period||Semi-permanent|
|Recorded Data|| (Required) ID photo (face image), e-mail information, nationality, sex, name in English (Full name), date of birth, passport information, passport expiration date, dual nationality status, mobile phone number, previous visits to Korea, purpose of entry and travel agency related information, address in Korea, employment (occupation), disease related information, criminal record|
Optional) Passport bio page image, period of stay
In the course of using internet services, IP address, cookie(s), MAC address, record of service use and visit, and etc. may be automatically generated and collected.
1. The Center shall only provide personal information to a third party with the consent from the user, or when applicable to Article 17 or 18 of the Personal Information Protection Act, or other special regulations of laws.
2. In any case the personal information collected according to Article 18 of the Personal Information Protection Act is to be provided to a third party other than the stipulated purposes, the legal basis, purpose, and scope of such provision shall be informed on the website of the Ministry of Justice or the relevant bureaus and offices.
|Consignee||Details of Consignment||Office in Charge|
|SysOne Co., Ltd.||Integrated maintenance management and operation of immigration information system (2021~2022)||Seoul Immigration Office (Immigration IT Center)|
2. When establishing a contract for consignment of processing, matters regarding responsibility and law compliance such as prohibition of personal information processing outside the purpose of duties consigned according to Article 26 of the Personal Information Protection Act, technical and managerial protective measures, restriction of reconsignment, compensation for damages shall be stipulated on the and the consignee will be monitored for safe personal information processing.
The user is eligible to exercise the following rights, and the legal representative may exercise the rights regarding personal information for children under the age of 14.
Access to the personal information retained by the Center may be requested in accordance with Article 35 of the Personal Information Protection Act. However, such request of access may be restricted under Paragraph 4, Article 35 of the same Act.
Correction or deletion of the personal information retained by the Center may be requested in accordance with Article 36 of the Personal Information Protection Act. However, in such cases where personal information is stated as to be subject to collection by law, deletion cannot be requested.
Suspension of personal information processing of the retained personal information by the Center may be requested in accordance with Article 37 of the Personal Information Protection Act. However, if applicable to Paragraph 2, Article 37 of the same Act, such request may be denied.
4. The user may request access, correction, deletion, suspension of processing by submitting Form 8 of the Enforcement Regulations of the Personal Information Protection Act to the office or officer in charge of personal information prescribed in Article 2 of this document, by visiting in person, writing, telephone, e-mail, or fax. The Ministry will notify the results within 10 days after receipt of request with Forms 9 and 10 of the Enforcement Regulations of the Personal Information Protection Act.
5. In case the user has any ions to the results of matters regarding access, correction, deletion, suspension of processing of personal information, the user can first reapply as described below. For additional ions, the user can file an administrative appeal.
a. File an ion in writing, or by telephone, e-mail, etc. within 30 days from the notification date by the personal information managing department
b. Re-examination by the personal information managing department
c. Final examination by person in charge of the Center on results of re-examination by the personal information managing department
d. Notification of examination results by the personal information managing department
6. In case the legal representative of the user or a proxy requests access, correction, deletion, suspension of processing, submission of letter of attorney according to Form 11 of Enforcement Regulations of the Personal Information Protection Act shall be required.
7. The Center shall whether the requesting person is the user him/herself or an appropriate proxy when the requesting person requests access, correction, deletion, or suspension of processing according to the user rights.
8. In any case the user requests correction or deletion of personal information due to personal information errors, the personal information of that user will not be used or provided until the request has been settled.
The Center shall, in principle, destroy personal information without delay when period of retention expires or the purpose of processing is achieved. However, in any case where the personal information is to be stored continuously according to law, such personal information (or personal information file) shall be moved to a separate database or stored in a different venue.
Unnecessary personal information and personal information files are processed as below in accordance with internal measures under the responsibility of the personal information security officer.
- Destruction of personal information
Destroy personal information without delay when period of retention expires
- Destruction of personal information file
Destroy personal information without delay when personal information file is recognized as unnecessary, such as purpose of personal information processing is achieved, relevant service is terminated, project is finished, and etc.
- Personal information printed on paper shall be shredded with a paper shredder or destroyed through incineration.
- Personal information stored in the form of an electronic file shall be deleted with technical methods so that the records are irretrievable.
The Center implements necessary technical, managerial, and physical measures as follows to ensure the safety according to Article 29 of the Personal Information Protection Act.
Internal management plan shall be established and implemented in accordance with the Standards for Securing Safety of Personal Information (Personal Information Protection Committee Notice).
Personal information shall be safely stored and managed through encryption. In addition, separate security functions such as encrypting shall be used for important data storage and transmission.
Necessary measures shall be taken to control access to personal information by granting, changing, or canceling access rights to the personal information processing system, and shall control unauthorized access from the outside by using firewall system.
Records of access to the personal information processing system shall be kept and managed for more than 1 year.
Security programs are installed and regularly inspected and updated to prevent any leakage or damage of personal information caused by hacking or computer viruses.
Access control procedures shall be established and operated regarding the separate physical storage place for the personal information processing system that stores personal information.
Personnel who manage personal information shall be designated and managed only to those who are absolutely necessary, and training is provided to relevant personnel for safe management.
1. The Center shall use ‘s’ that store and retrieve use information in order to provide individual customized services to users.
2. s are small amounts of information sent to the user’s computer browser by the server (http) that is used to operate the website, and may be stored on the user’s computer’s hard disk.
○ Purpose of using s : To provide optimized information to users by identifying the types of visits and use, popular search items, security access, etc. of each service and website visited by the user.
○ Installation, operation, and refusal of settings : User can refuse to setting by selecting Tools > Internet Options > Personal Information menu.
○ Refusing to the settings may cause difficulties in using customized services.
To receive remedy for personal information infringement, the user may apply for consultation or dispute resolution to the Personal Information Infringement Report Center of the Korea Internet Agency or the Personal Information Dispute Mediation Committee.
1. Personal Information Infringement Report Center : (without country code) 118 (privacy.kisa.or.kr)
○ Duties: personal information infringement report, apply for consultation
2. Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
○ Duties: personal information dispute mediation application, collective dispute mediation (civil settlement)
3. Prosecution Service Cyber Investigation Division : (without country code) 1301 email@example.com (www.spo.go.kr)
4. National Police Agency Cyber Bureau : (without country code) 182 (cyberbureau.police.go.kr)
In addition, a person may request for administrative appeal according to the Administrative Appeals Act, when his/her rights or interests were infringed on due to the disposition or misconduct of the head of the administrative agency, regarding the request for access, correction, deletion, suspension of processing the personal information.
※ For more information, please visit the Central Administrative Appeals Commission website(www.simpan.go.kr).
1. User may request access to personal information to the relevant office and officer stated in Article 11 below in accordance with Article 35 of the Personal Information Protection Act. The Center shall endeavor to expedite the processing of personal information access request by the user.
2. User may request access to personal information through either the relevant office mentioned above in paragraph 1, or through the personal information protection comprehensive website of the Personal Information Protection Committee (www.privacy.go.kr).
The Center appoints the chief officer and officers as below to protect personal information and handle complaints and questions regarding personal information.
1. Senior Officer : Chief of ETA Center, Gimpo Immigration Office Hyunsook Ahn(firstname.lastname@example.org)
2. Officer in Charge : Gimpo Immigration Office ETA Center Gyuhee Lee(email@example.com)
Enforcement Date : 2021. May. 3.