Ulsan Arts & Culture Foundation (hereinafter “the Foundation”) establishes and discloses privacy policies as follows, in order to protect personal information of data subjects and redress relevant grievances in a prompt and smooth manner pursuant to article 30 of the Personal Information Protection Act, during the operation of the Asia Pacific Music Meeting (hereinafter “UlsanAPaMM”) organized by the Foundation.
Moreover, the Foundation respects the rights and interests of users, which include the rights to request for access to and correction of personal information held by the Foundation as stipulated by applicable laws and regulations. Data subjects may apply for dispute resolution or consultations, etc. to Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center and the like with regard to violation of their rights and interests pursuant to applicable laws and regulations.
The Foundation shall process personal information for following purposes. The personal information processed by the Foundation shall not be used for purposes other than the following. Any change in the purpose of using personal information shall require necessary measures, including the consent of data subjects under article 18 of the Personal Information Protection Act:
1) Signing up for the official UlsanAPaMM website & management of membership
Confirm the person’s intention to sign up for the website; identify and authenticate the user for provision of membership-only services; maintain and manage the membership status; ensure user authentication following the implementation of limited self-authentication system; prevent improper use of the service; and provide various notices and information.
2) Redressing grievances & complaints
Validate the identity of the complainant; check details of the grievances/complaints; communicate and inform the complainant to investigate factual information; and notify the complainant of the results of redressing his/her grievances/complaints.
3) Development of new services and marketing campaigns
Develop new services and provide customized services; offer services and display advertisements according to statistical characteristics; check the validity of services; provide advertisement information (e.g. events) and opportunities to take part in such events; identify frequency of access; and create statistics on the member’s use of services
4) Mutual exchange between the UlsanAPaMM Committee and its members
5) Inclusion in the official UlsanAPaMM website and program book
① The Foundation shall process and retain personal information within the period for retaining and using such personal information set by laws and regulations, or within the period consented to by data subjects in the course of collecting personal information.
② The period for processing and retaining personal information is as follows. The Foundation shall retain personal information for each of the following period until the period prescribed by applicable laws and regulations or until the reason for retaining and using such information ceases to exist.
1) Information collected for signing up for the website and management of membership: until the user withdraws membership from the website of public institutions
2) If investigations or inspections on breach of applicable laws and regulations are in process: until the end of such investigations or inspections
3) If bonds or debts remain outstanding from the use of the website: until the bonds or debts are settled and repaid
4) The data subject’s log records (i.e. communication via computers, Internet) and access track records (pursuant to Protection of Communications Secrets Act): three months
5) Records on personal information, etc. stated on the Membership Application Form (Act on Promotion of Information & Communications Network Utilization and Information Protection, etc.”): 12 months
① The Foundation shall provide personal information to a third party in cases specified in article 17 and 18 of the Personal Information Protection Act (i.e. consent of the data subject, special provisions in the law), and only for the following purposes, which include operation of the UlsanAPaMM projects:
1) If the data subject has given his/her consent
2) If such information is required by applicable laws and regulations, or if an investigative agency demands such information pursuant to prescribed procedures and methods for investigative purposes
3) If the UlsanAPaMM Committee or members of the Committee requests personal information of other members of the UlsanAPaMM Forum for mutual exchange. Provided however, the information shall be provided up to a limited extent after reviewing the adequacy of such information requests
4) If it is necessary to provide the information to foreign governments or international organizations to perform international treaties or other international conventions
5) If personal information is provided in a manner keeping a specific individual unidentifiable necessarily for such purposes as compiling statistics or academic research
6) If a superior institution requests such information to supervise and manage its projects
② It is possible to check the recipient of personal information who is provided with the information through the data subject’s consent, and the purpose of using such information, through “Details of Provision of Personal Information File to a Third Party,” and particulars of information provided to a third party are as follows:
- The recipient of personal information
- The purpose for which the recipient of personal information uses such information
- Particulars of personal information to be provided
- The period for which the recipient retains and uses personal information
① The Foundation shall outsource the processing of personal information to facilitate the processing of personal information as follows.
② The Foundation shall, pursuant to article 25 of the Personal Information Protection Act, specify: that the personal information shall not be processed for purposes other than the intended purposes of the outsourcing; information protection measures at the technical and managerial level; limitations on subcontracting; management and supervision of the outsourcee; compensation liabilities, etc. on documents such as agreements, and supervise the outsourcee’s safekeeping of personal information.
④ The processing of personal information outsourced by the Foundation and processed by the outsourcee can be checked on the “Details of Outsourced Work.” Particulars of the outsourced work are as follows:
- Name of the personal information file
- Particulars of the outsourced work
- Name of the outsourcee
- Telephone number of the outsourcee
- Address of the outsourcee
- Opening hours of the outsourcee
① The data subject may, in accordance with article 35 (Access to Personal Information) of the Personal Information Protection Act, exercise his/her rights, which include the rights to demand access to, correction & erasure of, and suspension of processing, his/her personal information at any time.
② The rights under paragraph 1 above can be exercised to the Foundation via written documents, email or fax pursuant to paragraph 1, article 41 of the Enforcement Decree of the Personal Information Act, and the Foundation shall respond accordingly without delay.
③ The rights under paragraph 1 above can be exercised through the authorized representative or agent of the data subject. In this case, the power of attorney pursuant to Schedule 11 of the Enforcement Rule of the Personal Information Protection Act shall be submitted.
④ Rights of data subjects to demand access to personal information or suspension of processing the information can be limited in following circumstances pursuant to paragraph 5 of article 35 and paragraph 2 of article 37 of the Personal Information Protection Act.
1) If accessing the information is prohibited or restricted by laws
2) If accessing the information is likely to cause harm to the life or body of any other person, or unfairly damages the property and other profits of any other person.
3) If it causes serious hindrances for public institutions as they carry out any one of the following duties
⑤ Correction or erasure of personal information in personal information files held by the Foundation cannot be demanded if such personal information is expressly stated in other laws and regulations as the information that needs to be collected, pursuant to article 36 (Correction and erasure of personal information) of Personal Information Protection Act.
⑥ It is possible to demand the suspension of processing personal information files held by the Foundation pursuant to article 37 of the Personal Information Protection Act (Suspension, etc. of processing of personal information). The Foundation must check whether the person demanding access to the information; correction and erasure of personal information; and suspension of processing such information pursuant to rights of the data subject, is the data subject him/herself or a duly authorized representative of the data subject. Provided however, in following cases, demand for suspending the processing of personal information may be rejected pursuant to paragraph 2, article 37 of the Act.
1) If special provisions exist in laws or it is inevitable to observe legal obligations
2) If it is likely to cause harm to the life or body of any other person, or unfairly damages the property and other profits of any other person.
3) If it is inevitable so that a public institution may perform the duties under its jurisdiction as prescribed by statutes, etc.;
4) If failure to process personal information results in difficulties in fulfilling contractual obligations, (i.e. failure to provide services stipulated in the agreement signed with the data subject), and that the data subject has not clearly expressed his/her intention to terminate the agreement
⑦ Demand for access to, correction or erasure of, and suspension of processing, personal information files held by the Foundation shall be met in following procedures, and the Foundation shall notify the results of the following within 7 days. Demand for access to, correction or erasure of, and suspension of processing, personal information, can be filed to the staff in charge of the official UlsanAPaMM website, by downloading the form in Schedule
The Foundation shall process the particulars of personal information as follows:
1) Signing up for the website & management of membership
- Compulsory: country of origin, name, name of artist, name of the agency/institution, title, job, ID, password, smartphone number, telephone number, telephone number of the agency/institution, email address, i-PIN number, purpose of participation, attendance in the 2021 UlsanAPaMM (yes/no), genre of music, the channel through which the person got to know how to apply for UlsanAPaMM membership, files certifying the institution/agency, and other information that was filled in when signing up for and applying for UlsanAPaMM on its official website
- Optional: application for accommodation during the UlsanAPaMM period (yes/no), application for meals during the UlsanAPaMM period (yes/no), any particulars, application for Ideal Matching (yes/no), music link, website address of the institution, and other information that was filled in when signing up for and applying for UlsanAPaMM on its official website
2) Handling of grievances/complaints
- Compulsory: information that was filled in when signing up for and applying for UlsanAPaMM on its official website, including the name, telephone number, address and email address
3) Following items may be automatically generated and collected in the course of using Internet services:
- Automatically generated items: IP address, cookies, MAC address, service log, visit log, records of improper use, etc.
① The Foundation, according to provisions of article 2, shall destroy all personal information immediately when personal information becomes no longer necessary, for example, due to elapse of the period for retaining personal information, achievement of the purpose of processing such information, etc.
② If it is necessary to continue retaining personal information under other laws and regulations, although the period for retaining personal information that had been consented to by the data subject has elapsed, or the purpose of processing such information has been achieved, then the personal information (or personal information file) shall be moved to and kept in a different database or in a different data repository.
③ The procedure for and method of destroying personal information are as follows:
The Foundation shall establish a plan on destruction of personal information for personal information (or personal information file) subject to destruction, and destroy such information accordingly. The Foundation shall select the personal information (or personal information file) for which a reason for destruction arose, and destroy the personal information (or personal information file) through approval of the Privacy Officer of the Foundation.
The Foundation shall destroy personal information recorded and saved in the form of electronic files in an irreversible manner, have personal information that had been recorded and saved on a written document either burnt or shredded by a shredding machine.
① The Foundation shall designate a Privacy Officer to oversee all tasks related to processing of personal information, handle grievances raised by data subjects and remedial compensations with regard to processing of personal information:
▶ Privacy Officer
Team: Festival Promotion Team
Title: Team head
Telephone number: +82)52-259-7930
▶ Privacy Manager
Team: Culture Project Support Team
Staff in charge: Gina.Jo
Telephone number: +82)52-259-7931
Email address: email@example.com
② The data subject may inquire the personal information protection manager and relevant teams of matters related to personal information protection, handling of grievances and remedies, etc. that arose in the course of using the Foundation’s service (or projects). The Foundation shall answer the inquiries without delay.
The Foundation shall take following measures to ensure security of personal information.
1) Managerial measures: establish and implement internal control plans, provide periodic training sessions to staff members, etc.