Article 1 (Purpose of Using Personal Information)

• ①Tcon uses the personal information of its members only for the purpose of providing services on the platform and takes necessary measures when there are any changes to the scope of purpose, such as collecting consent from the members, following Article 18 of the Personal Information Protection Act.
  • 1.Membership registration and management

    Personal information is used to check users' intent to sign up for membership, identify/verify members before providing them with services, maintain/manage their membership, prevent the unauthorized use of services, check legal representatives’ consent before using the personal information of members under 14, send notices to the members, and resolve issues involving the members.

  • 2.Qualification tests and events
    • A.Manage data relating to applications and qualifications, issue certificates and confirmation letters, etc.
    • B.Manage administrative affairs, payment records, and statistics outlined in the laws
    • C.Provide information on Hanmadang and similar events such as overseas Hanmadang competitions
    • D.Issue newsletters, provide information on new services, etc.
  • 3.Payment service

    Personal information is used for Tcon to let users access their payment records and make payments/settlements, and to issue receipts.

  • 4.Inquiries of members

    Personal information is used to identify members who submit inquiries, check the content of the inquiries, contact/notify members for fact-finding, and notify resolution results.

  • 5.Provision of other services
  • 6.Registration and disclosure of personal information files

    Personal information files which are registered and disclosed in accordance with Article 32 of the「Personal Information Protection Act」are as follows;

  Under Article 32 of the Personal Data Protection Act, the purpose of processing personal data files is as follows List

  File	Legal basis/purpose	Items of information included in the files	Retention period
  Information on Taekwondo members	Consent by service user/ membership sign-up and management	name, ID, password, email, (mobile) phone number (*Contact or email of the legal representative of users under 14)	until withdrawal from membership
  Information on members with Poom·Dan certificates	Article 19, Paragraph 2 of the Act on Promotion of Taekwondo and Construction of the Taekwondo Park/ Poom·Dan promotion tests	[Common] nationality, resident registration number, name, ID, email, address, (mobile) phone number, date of birth, Poom·Dan number, photo, height, weight, certificates (attached files)	semi-permanent
  	Article 6 of the Act on Protection of Consumers in E-commerce/ Poom·Dan promotion test, payment for certificate issuance	[Payment] name, payment record, transaction record	5 years
  Resume of Taekwondo members	Consent by service user/ recruitment for Taekwondo job openings	name, photo, (mobile) phone number, date of birth, gender, address, military service, driver's license, SNS, email, hobbies, skills, marriage, religion, Poom·Dan number, instructor qualification, expected salary, academic background, qualification matters, job careers, etc.	until deletion by members or withdrawal from membership

Article 2 (Period to Use and Retain Personal Information)

• ① Tcon retains and uses personal information for the period outlined in the law or agreed by members when such information was collected from them. In the event that an investigation is conducted on the violation of laws, personal information may be retained and used to comply with statutory duties until the investigation is completed.
• ②Tcon may use the following personal information to provide services through its website.
  • 1.Membership registration and management

    Required information: name (Korean/English), ID, password, email, (mobile) phone number (*For users under 14, the contact number or email of their legal representatives)

  • 2.Poom·Dan tests and management

    Required information: nationality, resident registration number, name (Korean/English), ID, email, address, (mobile) phone number, date of birth, Poom · Dan number, height, weight, photo, certificates (document attached)

  • 3.Payment service

    Required information: name, payment information (e.g., administrative number and amount of payment), transaction information (e.g., transaction number, order number, approval record, etc.)

• ③ Personal information (e.g., IP address, cookie, MAC address, records of service use/visit/faulty use) may be automatically generated and collected in the course of using the online services provided by Tcon.

Article 3 (Collection Method of Personal Information)

• ①T Tcon may collect personal information with the following methods as agreed by members or in accordance with relevant laws.
  • 1.Member registration and management

    When service users sign up for membership on Tcon’s website or other channels, Tcon may collect personal information directly from the users and ID verification agencies.

  • 2.Qualification tests and events
    • A.When Tcon receives applications, manages application/qualification data, and issues certificates/letters of confirmation, personal information may be collected directly from members and ID verification agencies.
    • B.When Tcon undertakes administrative affairs, manages payment records and statistics outlined in relevant laws, personal information may be collected directly from members and ID verification agencies.
    • C.When members apply for participation in Hanmadang and similar events such as overseas Hanmadang competitions, personal information may be collected directly from the members and ID verification agencies.
    • D.When Tcon sends out newsletters and notices of new services, personal information may be collected directly from members.
    • E.Personal information may be collected from all communications between Tcon and its members via emails and the website, and from all other data communicated, including metadata.
  • 3.Payment services

    In the event of account registration and payment, personal information may be collected directly from members and ID verification agencies.

  • 4.Inquiries
    • A.When service users sign up for membership and request services, personal information may be collected directly from them and ID verification agencies.
    • B.When service users submit inquiries through customer centers, etc. personal information is collected directly from them and ID verification agencies.
    • C.All other personal information that service users submit to Tcon is collected.

Article 4 (Provision of Personal Information to a Third Party / Overseas Transfer)

• ①Tcon uses personal information only for the purposes set forth in Article 1 (Purpose of Using Personal Information). Personal information is not used for other purposes without the prior consent of members and is neither disclosed nor provided to a third party (overseas transfer) except for the following cases where;
  • 1.A prior consent is obtained from members or there are provisions in other laws allowing for such use/transfer of personal information
  • 2.A member or his/her legal representative is incapable of expressing intention or it is impossible to obtain a member’s prior consent as his/her address is not known (while it is recognized that the use/transfer of personal information is necessary to protect the life, body or assets of the member or a third party with urgency).
  • 3.The use/transfer of personal information is necessary for generating statistics, etc.
  • 4.Tasks stipulated in other laws cannot be proceeded without using personal information for other purposes than its intended use or its transfer to a third party. In this case, such use/transfer of personal information is deliberated and approved by the Personal Information Protection Committee in advance.
  • 5.Personal information needs to be provided to foreign governments or international organizations for executing treaties and other international agreements.
  • 6.Such use/transfer of personal information is necessary for investigating crimes or filing and maintaining a public prosecution.
  • 7.Such use/transfer of personal information is necessary for holding a court.
  • 8.Such use/transfer of personal information is necessary for executing punishment, probation, and protective disposition.
  • 9.Personal information needs to be transferred to and kept in the countries where Tcon provides services relating to qualification tests and competitions.
  • ※ However, the use/transfer of personal information may not be allowed in the aforementioned item 1 to 9 if it infringes upon the interest of members or third parties unfairly.
• ②Tcon does not provide personal information to a third party except for the cases outlined in the aforementioned item 1 to 9.

Article 5 (Entrusting Personal Information Management)

• ①Tcon may entrust the management of members’ personal information to the following agencies.

  Tcon outsources the processing of personal data to authenticate the user on the website or mobile app (authentication is carried out through the verification of unique data) List

  Agency	Entrusted tasks
  Eximbay	overseas payment service (e.g., Poom⋅Dan promotion test fees)
  Korea Information & Communications (KICC)	domestic payment service (e.g., Poom⋅Dan promotion test fees)
  Korea Credit Bureau	real name verification (domestic)
  Operator of Hanmadang	operation of Hanmadang
  Neighbor System	system repair and maintenance

• ②According to Article 26 of the「Personal Information Protection Act」, the entrustment contracts between Tcon and the agencies stipulate the purpose of entrustment, prohibition of the unauthorized use of personal information, protection measures, ban on subcontracting, supervision of the agencies, reimbursement for losses, etc. Tcon supervises the agencies to make sure personal information is strictly protected.
• ③Any changes to the scope of entrusted tasks and the agencies will be disclosed without delay according to these guidelines.

Article 6 (Measures to Protect Personal Information)

• ①Tcon takes technical, managerial, and physical measures to protect personal information in accordance with Article 29 of the Personal Information Protection Act.
  • 1.Establish and implement an internal management plan
    • A.An internal management plan is established and implemented involving all employees and the workers handling personal information, to ensure the safe use and management of personal information.
  • 2.Restrict access to personal information
    • A.Access to personal information is controlled by managing the authority (grant, change, terminate) to access the database of personal information. Unauthorized attempts to access personal information are blocked by an intrusion cut-off system and an intrusion detection system. Anyone outside the company can access personal information only through a virtual private network(VPN) to ensure information safety.
  • 3.Encrypt personal information
    • A.All personal information is encrypted for storage and management. Tcon takes extra security measures such as encrypting critical data for storage and transmission.
  • 4.Keep access logs and prevent data forgery/alteration
    • A.Access logs to systems handling personal information are kept for at least two years and Tcon takes thorough measures to prevent the forgery, alteration, theft, and loss of personal information.
  • 5.Take technical measures to fend off hacking, etc.
    • A.Tcon has installed and is regularly updating/checking security programs to prevent the leakage and damage of personal information caused by hacking or malicious computer viruses. The systems handling personal information are set up in secure places and technical/physical measures are put in place to monitor and block access to them.
  • 6.Control access by unauthorized persons
    • A.The systems handling personal information are set up in secure places and can be accessed only through Tcon’s access control procedures.
  • 7.Designate a minimum number of managers handling personal information and educate
    • A.The number of employees in charge of managing personal information is kept to a minimum, and education is provided on a regular/ad-hoc basis to enhance their awareness of personal information protection.

Article 7 (Destruction or deletion of personal data)

• ①Tcon destroys personal information without delay in the event that such information is no longer needed by reason of the expiration of a retention period, the achievement of the purpose of use, and requests for withdrawal from/cancellation of membership.
• ②Personal information whose retention period agreed upon by a member expires or whose purpose of use is achieved but should be retained under other laws is separated from other personal information and stored and managed strictly.
• ③Tcon destroys personal information in the following procedures and methods.
  • 1.Destruction procedure

    Select personal information subject to destruction, obtain approval of the personal information officer, and destroy personal information as follows;

    • A.Personal information is automatically destroyed upon withdrawal from website membership.
    • B.Personal information subject to destruction, such as one whose retention period expires, is automatically destroyed or destroyed after approval of the personal information officer.
  • 2.Destruction method

    Completely delete personal information as follows to prevent its recovery or reproduction.

    • A.Electronic files: Part of personal information subject to destruction is deleted and strictly managed to prevent its recovery or reproduction, and the one subject to full destruction is deleted using initialization, overwriting, or using an exclusive device.
    • B.Non-electronic files such as printed materials and written documents: Part of personal information subject to destruction is deleted by masking, punching, etc., and the one subject to full destruction is destroyed by shredding or incineration.
• ④Members (legal representatives) may withdraw consent to the collection, use, and provision of personal information at any time. However, it may cause limitations to the use of services provided by Tcon.
  • ○How to withdraw consent

    Login > My Page > Select“Withdraw Membership”

Article 8 (Rights/duties of Members and Legal Representatives and How to Exercise Rights)

• ①Members and their legal representatives (attorney) have the right to demand access, correction, deletion and suspended use of their personal information retained by Tcon but the exercise of the right may be limited in the following cases where;
  • 1.Special provisions are set forth in laws or the waiver of the right is inevitable to comply with legal obligations.
  • 2.A member may inflict harm to others’lives or bodies or infringe upon others’ properties and interests.
• ②The right set forth in Paragraph 1 may be exercised by submitting appendix #8 of the Notice on the Use of Personal Information in a printed copy, telephone, email, fax, and online. As for information administered on Tcon’s website, requests for access, correction, etc. may be made through the membership administration menu on the website.
• ③Tcon checks the ID (member/legal representative) of the person who demands access, correction, deletion, or suspended use of personal information.
• ④A member may exercise the right through a legal representative or other agents by submitting a letter of attorney (appendix #11 of the Notice on the Use of Personal Information_.
• ⑤In case a member or his/her legal representative demands the correction or deletion of errors in personal information, Tcon will not use or provide his/her personal information until the errors are corrected or deleted.
• ⑥A member’s demand for access, correction, deletion or suspended use proceeds in the following procedures.
  • 1.Access to personal information

    Request for access (view personal information) → Check the ID of the person who made the request and the scope of allowable access → Check restrictions on access → Notify accessibility (or rejection) → Access personal information

  • 2.Correction, deletion, and suspended use

    Request for correction/deletion/suspension → Check the ID of the person who made the request and the scope of allowable correction/deletion/suspension → Check restrictions on the allowable scope → Notify the result (correction/deletion/suspended use)

Article 9 (Notice of Collection of Personal Information from Other Sources)

• ②In the event that Tcon uses personal information collected from other sources than members, it informs them of the following matters via email within three months after the collection of such information. However, it may not do so for the members whose email address is not available in the information collected.
  • 1.Sources of personal information
  • 2.Purpose of using personal information
  • 3.The fact that members have the right to demand the use of their personal information be suspended in accordance with Article 37 of the Personal Information Protection Act.

Article 10 (Personal Information Protection Officer)

• ①Tcon takes responsibility for overseeing the protection of personal information associated with the use of online services it provides and designates the personal information protection officer as follows to handle complaints and provide remedies.

  Tcon outsources the processing of personal data to authenticate the user on the website or mobile app (authentication is carried out through the verification of unique data) List

  Personal information protection officer		Personal information protection manager
  Office	Acting director of Promotion Support Department	Team	Leader of IT Management Team
  Name	Lee Kyung-suk	Name	Cho Min-ho
  Phone	02-3469-0140	Phone	02-3469-0141
  Email	kslee@kukkiwon.or.kr	Email	numberone@kukkiwon.or.kr
  Address	(06130) Kukkiwon, 32 Teheran-ro 7-gil, Gangnam-gu, Seoul

Article 11 (Access to Personal Information)

• ①Members have the right to view (access) their personal information according to relevant laws. Tcon will make efforts to promptly respond to its members’ requests for access.

  Tcon outsources the processing of personal data to authenticate the user on the website or mobile app (authentication is carried out through the verification of unique data) List

  Team	Name	Contact
  IT Management Team	Song Jin-su	(Phone) 02-3469-0143 (Email) ssong@kukkiwon.or.kr (Fax) 02-3469-0199

• ② Members may also demand access to their personal information through the“Comprehensive Personal Information Protection Portal (www.privacy.go.kr)”, in addition to contacting the responsible team stated in Paragraph 1.

Article 12 (Installation/operation of Automatic Personal Information Collection Devices and Refusal)

• ①Tcon may install and operate devices that automatically collect personal information, such as cookies, to save information on members’ basic settings to provide them with online services. Cookies are small text files that a server operating a website sends to members' browser and contain the identifiers of members (in a combination of letters and numbers) that are saved in the browser.
• ②There are two types of cookies: "persistent” and "session”cookies. Persistent cookies are saved and remain in members’ devices until the expiration date unless they are deleted by members. Session cookies are deleted when the session expires or is terminated when the browser window is closed. Cookies do not usually contain the identifiers of members, but the personal information saved by members may be stored in the cookies and linked to information obtained from the cookies.
• ③Members have the right to agree/disagree with the use of cookies by adjusting their web browser settings. The members who disagree with saving cookies may experience limitations in using the services provided by Tcon, depending on the version of browsers.

   

  ○ How to block cookies on your device   - (Internet Explorer)  In the Menu bar at the top of the screen [Tools > Internet Options > Personal Information > Advanced] → Choose either “Allow”, “Block”or “User’s choice”.  - (Chrome)  In the Menu bar at the top right of the screen [Settings > Personal Information > Content Settings > Cookies] → Choose either“Allow”, “Keep cookies until the browser window is closed”, or “Block”.   - (Firefox)  In the Menu bar at the top of the screen [Tools > Options > Personal Information > Drop-down menu]   → Choose either “Custom”, “Allow for session”, or“Select/Delete”

• ④The members who block cookies entirely may experience limitations in using the services provided by Tcon. Cookies saved in members’ devices can be erased, depending on the version of browsers.

  ○ How to delete cookies  - (Internet Explorer)  Manually erase cookies (Refer to: http://support.microsoft.com/kb/278835)  - (Chrome)  [Customized Settings and Administration > Settings > Advanced settings > Delete browsing data] →“Delete cookies and other sites”  - (Firefox)  [Tools > Options > Privacy] → "Custom settings for logging" → "Show cookies" →   "Remove all cookies"

Article 13 (Remedies)

• ①The members who need remedies for personal information violation may seek medication and counseling from the Personal Information Dispute Mediation Committee and the personal information infringement reporting center of Korea Internet & Security Agency (KISA).
• ②The users who need to report the infringement of their personal information and get consultation may contact the following organizations.
  • 1.The personal information infringement reporting center of KISA: 118 (privacy.kisa.or.kr)
  • 2.The Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • 3.Cyber Investigation Department of Supreme Prosecutor's Office:　1301, cid@spo.go.kr (www.spo.go.kr)
  • 4.Cyber Investigation Bureau of National Police Agency: 182 (ecrm.cyber.go.kr)
• ③The users who demanded access, revision, deletion, or suspended use of their personal information but whose right or interest was infringed upon by a disposition/omission of the head of a relevant public institution may request an administrative appeal in accordance with the Administrative Appeals Act. - Central Administrative Appeals Commission: 110 (www.simpan.go.kr)

Article 14　(Amendment to the Guidelines on the Use of Personal Information)

• ①These guidelines on the use of personal information will take effect on December 30, 2022.
• ②Previous guidelines on the use of personal information are available in the following link.- Guidelines before December 30, 2022 (Below)


• ※Any future amendment to the guidelines will be disclosed on the bulletin board of Tcon’s website.

(Appendix 1)

(Appendix 2)