1. Purpose of Collection and Use of Personal Information

2. Third Party Provision of Personal Information

K-Startup Grand Challenge Program will only provide the personal information to the other third parties if they comply with Articles 17 and 18 of the Personal Information Act, including the consent of the subject and special exceptions of the law.

① When consented by the information subject
② When the law has specific provisions
③ A case where the information subject or legal representative is not able to give his / her consent or can not get prior consent due to unknown address, and is clearly deemed necessary for the interests of the information subject or the third person's life, body and property
④ When necessary for statistical writing and academic research purposes in a form that a specific individual cannot be recognized
⑤ In cases that the personal information is used for other purposes than the original purpose or it is not possible to perform the duties prescribed by laws when it is not provided to a third party, and has been deliberated and voted by the Protection Committee
⑥ When necessary for the provision to foreign information or international organizations for the implementation of treaties or other international agreements
⑦ When necessary for investigating and prosecuting criminal offenses
⑧ Where necessary for the court to perform judicial functions
⑨ When necessary for the execution of the death penalty, protection and disposition

3. Personal information processing consignment

4. Rights and duties of information subjects

ㅇ Request to view personal information

① The information subject can apply to the following department to request view personal information persuant to Article 35 of the personal information Protection Act.

Phone: +82-31-8016-1771
Email : k-startupgc@nipa.kr
Fax : +82-70-7786-1771

② In addition to the inquiries and processing as above, the information subject can also request to view personal information through the website of the Ministry of Public Administration and Security’s “Personal Information Protection Support Portal” (www.privacy.go.kr).
▶ Ministry of Public Administration and Security Comprehensive Support Portal for Personal Information Protection → Personal Information Civilization → Request for Personal Information Request (i-Pin is required)
③ The exercise of rights in accordance with the above can be done through legal representatives of the information entity or agents such as those who have been delegated.
In this case, you must submit a certificate of identification, such as a power of attorney and a resident registration card for you agent.

ㅇ Personal information correction / deletion request

One can request to correct or delete the personal information file held on the K-Startup Grand Challenge web page in accordance with Article 36 (Correction and deletion of personal information) of the “Personal Information Protection Act”. However, one cannot require to delete the personal information if other law specifies a particular personal information to be collected and retained.

ㅇ Request to stop processing personal information

One can request to stop processing the personal information file held on the K-Startup Grand Challenge web page in accordance with Article 37. However, the request can be rejected pursuant to Article (2) of the Act.

① When there is a specific provision in the law or it is inevitable to comply with statutory obligations.
② When there is a risk of harming another person’s life or body, or there is a risk of unjustly infringing the property or other interests of another person.
③ When prescribed by other laws cannot be performed if public institutions do not process personal information.
④ When the information subject does not clearly indicate the intention to terminate the contract or it is difficult to fulfill the contract unless the personal information is processed, such as failure to provide the information subject and the agreed service.

5. Destruction of Personal Information

K-Startup Grand Challenge will, in principle, destroy personal information without delay for which the purpose of processing personal information has been achieved. The procedures, deadlines, and methods or destruction are as follows:
① Destruction procedure
Personal information will be destructed immediately or will be moved and stored for a certain period after the achievement of the purpose. The personal information transferred to DB will not be used for other purposes unless it is under the law.
② Personal information will be destructed after the retention period, achievement, and end of the retention period. When destructing digital files, a technical method that prevents the reproduction of records will be used, and paper files are either shredded or incinerated.

6. Measures to ensure the safety of personal information

① Number of staffs were minimized and trained to handel the personal information
Number of staffs who can handle the personal information is limited and trained for better management.
② Restrict access to personal information
Necessary measures to control access to personal information is taken through the granting, modification and deletion of access rights to the database system that processes personal information. Unauthorized access from outside is also controled by using an intrusion prevention system.
③ Storage for access records
The access information (web logs, summary information, etc) connected to personal information processing is stored and managed at least for 6 months.
④ Encrypted Personal Information
Personal information is securely stored and managed through encryption. In addition, important data is encrypted and used for storage and transmission.
⑤ Security program installation and periodic check / update
K-Startup Grand Challenge installs security programs to prebent leakage and damage of personal information caused by hacking or computer viruses. Also, K-Startup Grand Challenge periodically update and check the system, install the system in a restricted area, and technically and physically monitor and block them.

7. Infringement remedies

In order to relieve the damage caused by personal information infringement, the personal information subject may appeal for dispute settlement for consultation with the Personal Information Dispute Resolution Committee or the Korea Information Security Agency.

Personal Information Dispute Resolution Committee : 1833-6972(www.kopico.go.kr)
Privacy Infringement Report Center : 118(privacy.kisa.or.kr)
Cyber Crime Division, Supreme Prosecutors’ Office: 02-3480-3571(cybercid@spo.go.kr)
Cyber Terror Response Center, Supreme Prosecutors’ Office : 1566-0112(www.netan.go.kr)
Any person whose rights or interests was infringed may file an administrative judgment in accordance with the Administrative law.
Please refer to the phone number guide of the Central Administrative Advisory Comission (www.simpan.go.kr)

8. Information Security Manager Contact

① Personal Information Security Manager : National IT Industry Promotion Agency(NIPA), Executive Vice President, Seung Jung
② Personal Information Security Staff :National IT Industry Promotion Agency(NIPA), Cyber Security Team, Oh-Bin Kwon(+82-43-931-5298/kob@nipa.kr)
② Personal Information Security Staff :National IT Industry Promotion Agency(NIPA), Cyber Security Team, Oh-Bin Kwon(+82-43-931-5298/kob@nipa.kr)
③ Responsible for each area of personal information security: person in charge of each part

9. Changing the privacy policy

If there is an addition, deletion, or correction of personal information managed by each sector, a separate notification is skipped. This privacy policy is in effect as of April 21, 2023