What We Do
What We DoNews & Media
News & MediaAbout KOFIH
About KOFIHThe Korea Foundation for International Healthcare (hereinafter referred to as “KOFIH”) establishes and discloses the Personal Information Protection Policy in order to protect the personal information of information subjects under Article 30 of the Personal Information Protection Act and to handle related complaints promptly and smoothly as follows:
KOFIH collects and processes personal information to the minimum extent necessary for the following purposes. The personal information processed by KOFIH shall not be used for purposes other than those specified in the following. If the purposes of use change, KOFIH will take the necessary measures (e.g., obtaining additional consent) pursuant to Article 18 of the Personal Information Protection Act.
(a) WebsiteM
KOFIH website collects IP addresses to prevent unusual access by users. It dose not use cookies which frequently store and retrieve information on the use of the information subject.
(b) Handling civil petitions
KOFIH processes personal information for the purpose of verifying the identification of civil petitioners, checking the content of civil petitions, contacting and/or giving notice for investigation of facts, and notifying the results of civil petition processing, etc.
(c) Providing KOFIH services
KOFIH collects and processes personal information minimally for the purposes of training and operating healthcare workforce pool engaged in overseas emergency disaster relief, invitational training for Dr LEE Jong-wook Fellowship Program, application for donating medical supplies, and recruitment.
The personal information processed by KOFIH can be found in the following way: ☞ Go to Personal Data Portal (www.privacy.go.kr) ▷ Personal Service ▷ Exercise of Data Subject Rights ▷ Requesting Access to Personal Information ▷ Searching for Personal Information Files ▷ Enter “Korea Foundation for International Healthcare” on the Name of Institution
While data subjects have the right to refuse to consent to the collection of personal information, refusal to consent to the collection of personal information may limit the use of some available services.
① In principle, KOFIH shall process personal information of data subjects within the scope stipulated for the purposes of collecting and using personal information. KOFIH shall not process personal information beyond the original purposes or disclose personal information to third parties without the prior consent of the data subjects, except for the following conditions:
(a) Where additional consent is obtained from the data subject;
(b) Where special provisions exist in other laws;
(c) Where it is explicitly deemed necessary to protect against impending danger to life, body or economic interests of the data subject or of third parties, where the data subject or his/her legal representative is not in a position to express his/her intention, or when prior consent cannot be obtained due to unknown addresses;
(d) Where personal information is provided in a form that does not allow a specific individual to be identified for purposes such as compiling statistics or academic research;
(e) Where it is impossible to perform the duties under its jurisdiction as provided for in any law, unless the chief privacy officer uses personal information for a purpose other than that intended or disclose it to a third party, and it is subject to the deliberation and resolution of the Commission;
(f) Where it is necessary to disclose personal information to a foreign government or international organization to perform a treaty or other international convention;
(g) Where it is necessary for the investigation, prosecution and punishment of a crime;
(h) Where it is necessary for the court to proceed the case;
(i) Where it is necessary for the purposes of punishment, probation and custody.
① A data subject may exercise the following rights in relation to the protection of his/her own personal information :
(a) The right to request access to personal information;
(b) The right to request correction of personal information in case of inaccuracy, etc;
(c) The right to request deletion of personal information;
(d) The right to request the suspension of processing personal information.
② A data subject may exercise the rights prescribed in paragraph 1 by completing the form specified in Appendix 8 of Enforcement Rule of Personal Information Protection Act and submitting it to KOFIH by mail, e-mail or fax. KOFIH will take necessary measures promptly.
③ Where a data subject requests the correction or deletion of an error in his/her personal information, KOFIH shall not use or provide the relevant information until the relevant information is corrected or deleted.
④ A data subject may exercise the rights specified in paragraph 1 through an agent such as a legal representative or delegate. In such cases, the data subject shall submit a power of attorney as specified in Appendix 11 of the Enforcement Rule of Personal Information Protection Act.
⑤ The team responsible for handling requests for access, claims, and reception is as follows :
Authorized Department | Officer | Contact Number | FAX | |
---|---|---|---|---|
Communication and Public Relations Team | Hue Woonjeong | 02-3396-9744 | woonjeong@kofih.org | 02-356-3104 |
Yoo Eunjun | 02-3396-9754 | eju@kofih.org | 02-356-3104 |
① In principle, KOFIH shall destroy personal information without delay when the purpose of processing the personal information is attained: Provided, that this shall not apply if the retention of such personal information is required by other laws.
② The methods of destroying personal information and its destruction process are as follows :
(a) Destruction process
Personal information and personal information files whose purposes have been attained shall be destroyed without delay under the responsibility of the chief privacy officer in accordance with the internal policies.
(b) Destruction methods
KOFIH shall destroy personal information recorded and stored in electronic files to prevent revival while personal information recorded and stored in paper documents shall be shredded or burned.
KOFIH shall take technical, administrative, and physical measures that are necessary to ensure security in accordance with Article 29 of the Personal Information Protection Act.
(a) Establishment and implementation of internal management plan
KOFIH shall establish and implement internal management plans in accordance with Article 29 of the Personal Information Protection Act;
(b) Training of personnel authorized to handle personal information
KOFIH conducts training on personal information protection for personnel authorized to handle personal information;
(c) Restricting access to personal information
KOFIH controls access to personal information by granting, modifying or revoking the authority to access the database system that processes personal information, and controls unauthorized external access by operating firewalls to prevent invasion and intrusion;
(d) Maintaining access records and preventing falsification and alteration of access records
Log data about access to the personal information processing system is kept and maintained for at least six months, and access records are kept securely to prevent loss;
(e) Encryption of personal information
User's personal information is encrypted for storage and management;
(f) Technical measures against hacking
KOFIH has installed security programs and updates and inspects the programs on a regular basis to protect personal information from being leaked externally or destroyed by hackers or computer viruses, and has installed its systems in a restricted access area to technically and physically monitor and block external access;
(g) Restricting access by unauthorized persons
The the physical storage space for the personal information system that stores personal information is separated from other areas, and access to the space is restricted.
A data subject may file a petition for dispute settlement or receive counselling on the breach of privacy through the following agencies :
(a) Personal Information Infringement Report Center
1. Authorized duties: Reporting privacy infringement, requesting conseling
2. Website: privacy.kisa.or.kr
3. Telephone: (without area code) 118
(b) Personal Information Dispute Mediation Committee
1. Authorized duties: Requesting mediation of privacy disputes, collective dispute mediation (for civil resolution)
2. Website: kopico.go.kr
3. Telephone: 1833-6972
(c) Cyber Investigation Division of Supreme Prosecutors' Office
1. Website: cybercid.spo.go.kr
2. Telephone: (without area code) 1301
(d) Cyber Security Bureau of National Police Agency
1. Authorized duties: Making inquiries and reporting of criminal cases related to privacy infringement
2. Website: ecrm.police.go.kr
3. Telephone: (without area code) 182
① In order to protect personal information and handle complaints related to personal information, KOFIH designates the chief privacy officer and staff responsible for personal information protection (chief privacy officer in accordance with Paragraph 1, Article 31 of the Personal Information Protection Act) as follows :
② Data subjects may contact the chief privacy officer and the responsible team for all personal information inquiries, complaints, corrective measures, and others when using services (or projects) of KOFIH. The responsible teams and persons are stipulated below. KOFIH will promptly respond to and handle data subjects’ inquiries without delay.
This Privacy Policy shall come into effect on June 1st, 2024. The former Privacy Policies can be found as follows :