All private information handled by 2021 ASEAN-Korea Startup Week: Online Challenge is collected, retained and managed in accordance with the relevant Acts. The Personal Information Protection Act suggests general norms for the processing of the personal information. 2021 ASEAN-Korea Startup Week: Online Challenge shall treat the collected and retained information in compliance with the Act in a legal and appropriate manner in order to conduct public affairs properly and to protect the rights and interests of the users. 2021 ASEAN-Korea Startup Week: Online Challenge respects the rights and interests of the users including the request for inspecting, correcting, deleting and suspending the personal information processing regulated by the relevant Act. The users shall file for an administrative appeal in accordance with the Administrative Appeals Act for the infringements on their rights and interests. 2021 ASEAN-Korea Startup Week: Online Challenge established the following regulations for the processing of the personal information and shall disclose them to protect the personal information and rights and interests in accordance with Article 30 of the Personal Information Protection Act and smoothly handle the grievances of the users related to their personal information. ■ Article 1 (Purpose of the personal information processing) ①2021 ASEAN-Korea Startup Week: Online Challenge collects a minimum amount of personal information to provide services to attendees and resolve their complaints. ② The purpose of the processing of the personal information files that are registered and disclosed by 2021 ASEAN-Korea Startup Week: Online Challenge in accordance with Article 32 of the Personal Information Protection Act shall be as follows: - Name of personal information file: 2021 ASEAN-Korea Startup Week: Online Challenge, Attendees Information - Ground for operation: Consent from the information provider - Personal information items registered in a personal information file · Name(KOR/ENG) · Country of Residence · Company Name · E-mail Address · Contact Information - Retention period: 1 year ■ Article 2 (Period of Managing and Retaining Personal Information) (1) 2021 ASEAN-Korea Startup Week: Online Challenge Homepage shall manage and retain personal information during the period for managing and retaining the personal information as specified by laws and regulations or as agreed upon during collection from an owner of information. (2)The period of managing and retaining respective personal information shall be as follows. 1. Signing for membership and its management: Within 1 year or until withdrawal from membership Until pertinent reasons cease to exist if pertaining to the following reasons a) Until pertinent investigations and inquiries are concluded if ongoing due to violation of related laws and regulations 2. Handling civil petition: 3 years following conclusion of managing civil complaints ■ Article 3 (Provision of Personal Information to a Third Party) (1) 2021 ASEAN-Korea Startup Week: Online Challenge Homepage shall manage the personal information of an owner of information within a scope as specified in Article 1 (Purpose of Managing Personal Information) and provide personal information to a third party only if it pertains to Article 17 of the Personal Information Protection Act stipulating the consent by an owner of information and special legal provisions. (2)2021 ASEAN-Korea Startup Week: Online Challenge Homepage shall provide the following personal information to a third party. - A recipient of personal information: Partnering(Matching) Partners - Purposes for which a recipient of personal information uses such information: Partnering/Matching(for Video Conference) - Items of personal information to provide: Name, Contact Information, E-mail - Period for which a recipient of personal information holds and uses such information: 1 year ■ Article 4 (Entrustment of the personal information processing) ① 2021 ASEAN-Korea Startup Week: Online Challenge entrusts the following affairs related to the processing of the personal information to smoothly process the personal information: - Entrusted affairs · Partnering/Matching Operation (for Video Conference) · 2021 ASEAN-Korea Startup Week: Online Challenge Operating Agency - Company Name: powerPT co., ltd. - Contact Info.: +82-2-6464-7222 - Hours: 09:00-18:00 · Operation and maintenance of the site - Company Name: O2VATION - Contact Info.: +82-2-2038-3604 - Hours: 09:30-18:30 ■ Article 5 (Rights and duties of the information players and how to exercise them) ① An information player shall exercise the following rights in regards to the protection of the personal information at any time: 1. Request for inspection of the personal information 2. Request for correction where there is an error 3. Request for deletion 4. Request for suspension of the processing. ② The information player shall exercise his rights in accordance with Section 1 by submitting the document as provided by Annex 8. Enforcement Ordinance of the Personal Information Protection Act via mail, e-mail or fax and 2021 ASEAN-Korea Startup Week: Online Challenge shall respond to the request without delay. ③ If the information player of the personal information requests for correction or deletion of his personal information, 2021 ASEAN-Korea Startup Week: Online Challenge shall not use or provide the personal information of the player until such modification or deletion is completed. ④ The information player shall present his legal representative or agent to exercise his rights as provided by Section 1. In such case, the information player is required to submit the power of attorney in accordance with Annex 11. Enforcement Ordinance of the Personal Information Protection Act. ⑤ The request for suspending the process and inspection of the personal information could be limited in accordance with Article 35.5 and Article 37.2 of the Personal Information Protection Act. ⑥ For correction and deletion of personal information, if other Acts stipulate the particular personal information be collected, the information player shall not request for deletion thereof. ⑦ When a user rightfully requests to access, correct, delete his/her personal information, or suspend its processing, 2021 ASEAN-Korea Startup Week: Online Challenge will first make sure the individual making the request is the user or his/her legal representative. * Provide any identification cards (certificate of resident registration, driver’s license, passport, etc.) to identify himself. * If the requested person is the legal representative, any identification cards and power of attorney to identify that he is the legal representative of the information player. * [Annex 8. Enforcement Ordinance of the Personal Information Protection Act] Request for inspecting, modifying, deleting and suspending the process of the personal information * [Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Power of Attorney ⑧ Procedures for inspecting, correcting, deleting and suspending the personal information are as follows: ■ Article 6 (Items for processing the personal information) 2021 ASEAN-Korea Startup Week: Online Challenge processes the following items for the personal information: - Name of the personal information file: 2021 ASEAN-Korea Startup Week: Online Challenge Attendees Information - Items for the personal information · Name(KOR/ENG) · Country of Residence · Company Name · E-mail Address · Contact Information Please note that the site might automatically recognize and collect your personal information stated below. 2021 ASEAN-Korea Startup Week: Online Challenge website: IP address, browser cookies, log data and traffic ■ Article 7 (Procedures and methods of destructing the personal information) ① 2021 ASEAN-Korea Startup Week: Online Challenge, in principle, shall delete the personal information without delay if its purpose to process the personal information is achieved. However, it shall not be applied for the personal information that needs to be preserved in accordance with other Acts. The procedures, terms and methods of destructing the personal information are as follows: A. Procedures Any unnecessary personal information and personal information file shall be destroyed in accordance with the below procedure of the inside policy under the responsibility of the person in charge of the personal information. Destruction of the personal information. The personal information shall be destroyed without delay from the end date of its holding period. Destruction of the personal information file If the personal information file becomes unnecessary due to the achievement of the processing of the personal information file, abolition of the relevant service and the end of the business, the personal information file shall be destroyed without delay from the day that recognizes the processing of the personal information is no longer needed. B. Methods Electronic data shall be destroyed by using technical methods to make it impossible to restore such data. Paper documents that contain the personal information shall be shredded or incinerated. ■ Article 8 (Measures to secure the safety of the personal information) 2021 ASEAN-Korea Startup Week: Online Challenge shall implement the following technical, managerial and physical measures to secure the safety of the personal information in accordance with Article 29 of the Personal Information Protection Act. 1. Minimum number of staff in charge of the personal information processing and training 2021 ASEAN-Korea Startup Week: Online Challenge shall designate the minimum number of staff to handle the personal information. 2. Restricted access to the personal information 2021 ASEAN-Korea Startup Week: Online Challenge shall carry out necessary measures to restrict access to the personal information through empowerment, change and cancellation of access authorities for the database system that processes the personal information. It shall also operate intrusion prevention systems to deny any unauthorized external access. 3. Preservation of the access records 2021 ASEAN-Korea Startup Week: Online Challenge shall store access records (weblog data, summarized information, etc.) to the personal information data system for at least six months. 4. Encryption of the personal information The personal information of the users are stored and managed in an encrypted manner. 2021 ASEAN-Korea Startup Week: Online Challenge also implements special security measures including encrypting important data when storing or transferring. 5. Installation and periodic updates of computer security programs 2021 ASEAN-Korea Startup Week: Online Challenge shall install and periodically update the computer security programs to prevent the personal information from leakage and damage due to hacking or computer viruses. 6. Access control of the unauthorized personnel 2021 ASEAN-Korea Startup Week: Online Challenge shall operate a separate physical storage facility for its personal information data systems and establish and operate relevant access control procedures. ■ Article 9 (Persons in charge of personal information protection) 2021 ASEAN-Korea Startup Week: Online Challenge has designated the folowing persons to be in charge of protecting personal information and settleing related complaints (in accordance with Article 31 (1) of the Personal Information Protection Act): -Director Head of 2021 ASEAN-Korea Startup Week: Online Challenge Suk Young Kim E : sy.brentkim@ccei.kr -Manager Powerpt Start-up Support Team Minjee Kim E : mj0126@powerpt.co.kr ■ Article 10 (Request for inspection of the personal information) ① An information player shall request for the inspection of the personal information in accordance with Article 35 of the Personal Information Protection Act via the following team. Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) shall strive to swiftly handle the request of the information player for the inspection of the personal information. ▶ Department in charge Team/Officer : Start-up Support Team / Seunghee Lee Contact : Tel. +82-2-3460-7371 / E-mail iamsh@Gyeonggi Center for Creative Economy & Innovation(“GCCEI”).or.kr / Fax +82-2-3460-7371 ② Apart from the Team mentioned in Section 1, the information player shall be able to request for the inspection of the personal information via the website (www.privacy.go.kr) of the Privacy Information Protection Portal run by the Ministry of Government Administration and Home Affairs. ▶ Privacy Information Protection Portal → Civil affairs on the personal information → Request for the inspection of the personal information (real name authentication via public I-pin service is required.) ■ Article 11 (Remedies for infringement on rights and interests) An information player shall consult the following organizations for remedies regarding the infringement on the personal information. ▶ Personal Information Infringement Report Center (Run by the Korea Internet & Security Agency) - Description: Report infringement on the personal information, request for consultation - Website : http://privacy.kisa.or.kr - Tel: 118 (without area code) - Address: (58324) 9 Jinheung-gil, Naju, Jeollanam-do, 3F Personal Information Infringement Notification Center ▶ Personal Information Dispute Mediation Committee - Duties: personal information dispute mediation, collective dispute mediation (civil resolution) - Website : www.kopico.go.kr - Tel: 1833-6972 - Address: (03171) Level 4, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul ▶ SPO Cybercrime Investigation Department: 1301 (www.spo.go.kr, cid@spo.go.kr) ▶ National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr) Also, the information player reserves the right to demand administrative appeals in accordance with the Administrative Appeals Act for any infringement on rights and interests occurred due to the nonfeasance or measures taken by the head of a public institution for the request of the information player for inspection, modification, deletion or suspension of the personal information processing. ☞ Please refer to the telephone numbers via the website (www.simpan.go.kr)of the Central Administrative Appeals Commission ■ Article 12 (Installing, operating, and refusing installation of automatic data collection tools) 2021 ASEAN-Korea Startup Week: Online Challenge (GOGOIK 2021 2021) may use HTTP cookies, a tool that automatically collects and stores data about its users. A cookie is a small piece of data sent from an organization's web server to a user's web browser, and can be stored on the user's computer hard drive. When a user logs into GOIK 2021's website, GOIK 2021's web server can read the cookies on the user's web browser, collect new information about the user, and provide services without requiring any additional data input (e.g., name) by the user. Cookies only identify individual computers, not the persons using the computer. Also, users can choose whether or not to install cookies. Therefore, by changing the setting, users can select whether to allow cookies to be stored on their web browsers at all times, to be asked for permission every time before GOIK 2021's web server sends cookies, or refuse to receive cookies entirely. However, should you refuse to install cookies, you may experience difficulty in using the GOIK 2021 website, especially in accessing certain services that require user login. [How to install cookies] 1. Internet Explorer: click the 'Tools' menu at the top of your browser window → click 'Internet options' → select the 'Privacy' tab → set cookie handling level by adjusting the slider 2. Chrome: click the 'Settings' menu in the top-right corner of your browser window → click 'Show advanced settings' → click 'Content settings' in the 'Privacy' section → set cookie handling level GDPR Privacy Policy “Gyeonggi Center for Creative Economy & Innovation(“GCCEI”)”, “We”, “Our”, “Us” is committed to respecting the privacy of users and providing safe and secure user experience. This GDPR Privacy Policy (“Policy”) informs you about the personal data we collect when you use our website and services (collectively the “Services”) and only applies to individuals residing in the European Union (EU), or to individuals who use services carried out by Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) within the EU. Below, you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have. ■ 1. Controller A controller is responsible for the collection and processing of your personal data in accordance with the General Data Protection Regulation (GDPR) as well as further applicable data protection laws. Please find your controller and its contact information here, depending on where you are. ■ 2. Data protection officer We have appointed a Data Protection Officer in accordance with Art. 37 of the GDPR. If there is anything you are unsure about regarding this Policy or our data protection of your personal data, feel free to contact our Data Protection Officer by emailing at any time. Privacy administrator: Brent Kim Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) sy.brentkim@ccei.kr Personnel in charge of privacy: Minji Kim powerPT co., ltd. mj0126@powerpt.co.kr ■ 3. How we collect your personal data We generally collect your personal data directly from you, when, for example, you submit an inquiry, attend events or seminars, use or engage in our services or provide us with your contacts. From time to time, we may gain access to your business contact details via recognized business data providers or an official website of your organization. We may also receive your contact details through our primary contacts at your organization if they think you may benefit from our services. As we work closely with other organizations, public agencies or governments of South Korea, we may also receive information about you from them. When you visit our website, computer and technology information (e.g. browser type, IP address, unique device ID, etc.) is automatically collected via your browsers. ■ 4. What type of personal data we have We do not collect more information than we need to fulfil our purposes mentioned in this Policy and will not retain it for longer than is necessary. The types of personal data we collect and share depend on the nature of your relationship with us and the requirements of applicable laws. Contact information: We may collect contact information including the name of your organization, job title, and nationality to communicate with you in accordance with the contract, services or any business opportunities. Requests/Claim data: We may gather your contact information and details of your comments, requests or any other issues you’ve raised regarding our services. Registration data: Based on the record of your visits to events such as business meetings and exhibitions, we may collect your contact information that includes the name of your organization, your job title and nationality for our reference to host upcoming events. The personal data that we process may include any other personal data that is provided to us during the course of our services. When you visit our website, we collect and store information that your browser automatically transmits to us such as IP address, date and time of your access, your browser type, operating system type, and cookie-related data. For more information about our use of Cookies, please see 9. Cookies. To provide you with an acceptable service, we may collect your information about dietary which is classed as special category data with your explicit consent. ■ 5. How we process your personal data As Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) is a public agency of South Korea, we process personal data for a number of different purposes that arise from our missions to contribute to the development of the national economy through global business support activities. We may process your personal data for the following purposes: To contact you or communicate with you concerning our services or business administration To respond to your requests, inquiries or concerns regarding our services To provide international business matchmaking services which may include supporting the business trip and setting up meetings for foreign and Korean companies To facilitate the exhibitions, conventions or events and to provide you with information and services associated with the events To contact you with regard to business opportunities which we believe might interest you To send you our newsletter or information at irregular intervals to inform you about news on our services as well as on the services of our affiliated companies To send you surveys with the purpose of requesting your feedback about our events (We send surveys to all event participants instead of specific persons. Participation in surveys is voluntary, not mandatory.) To pay a bill or compensation to you For visitors to our website The information collected automatically when you visit our website will be processed for the following purposes: To ensure our website stays securely by preventing, detecting, mitigating and investigating fraud and security breaches To ensure the performance of our website To ensure that the content of our website is presented in the most effective manner for you and your computer The provision of your personal data will generally be voluntary and there is no statutory nor contractual obligation to provide your personal data. We generally do not contractually require the provision of your personal data but note that in any event, non-provision of personal data might exclude you from using some of our services or parts thereof. Our services are not intended for use by children. Under applicable national laws, we do not knowingly collect personal data from users who are considered children. According to our User Agreement, children are not permitted to use our services. ■ 6. Legal basis for the processing of personal data Where Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) is processing personal data for the performance of its functions, the primary legal bases under the GDPR are as follows: Where the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art. 6 (1) (b) of the GDPR. (i.e. when you register for our services, responding to your request about our services); Where the processing is necessary for the legitimate interests pursued by Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with Art. 6 (1) (f) of the GDPR. (i.e. sending thank you letters or surveys after the event, preventing or detecting security issues); Where we have obtained a data subject’s consent to the processing in accordance with Art. 6 (1) (a) of the GDPR. (i.e. sending the newsletters); Where the processing is necessary to comply with legal obligations in accordance with Art. 6 (1) (c) of the GDPR. ■ 7. How we share your personal data with others We do not sell or disclose your personal data to third parties for their marketing or advertising purposes without your consent. We only disclose your personal data when it is necessary for the purposes mentioned in this Policy or when we have obtained your consent. Third party service providers may access to your personal data on a need to know basis for the purpose of providing services on behalf of us. They cannot do anything with your personal data without our permission. They will not share your personal data with any organisation apart from us, nor will they keep your personal data for longer than the period we instruct. When necessary, we share your personal data with the following data processors and recipients as far as necessary for the purposes described in this Policy: Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) headquarters in Korea Other business partners and Korean companies Sponsors, co-organisers and attendees of our events External service providers who facilitate or support our events External operators of our websites and applications Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us. ■ 8. International transfers of personal data As Gyeonggi Center for Creative Economy & Innovation(“GCCEI”) is a public agency of South Korea, your personal data may be transferred to South Korea for the purposes mentioned in this Policy. As South Korea has not sought nor received “adequacy decision” from the European Commission, we use Standard Contractual Clauses adopted by the European Commission to provide appropriate safeguards for the transfer of your personal data. Given the nature of Gyeonggi Center for Creative Economy & Innovation(“GCCEI”)’s missions and functions, we may also disclose your personal data to recipients overseas. To ensure an adequate level of data protection when transferring your personal data from the European Economic Area (EEA) to third countries (outside the EEA), we will only transfer your personal data on the basis of an adequacy decision or appropriate safeguards such as Standard Contractual Clauses adopted by the European Commission. Upon request, we will provide you with a copy of the relevant information. ■ 9. Cookies Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work or work more efficiently. We use cookies that are necessary for the operation of this website to enhance your experience when you use our website. You can control your cookies through the browser settings. Please visit the browser developer’s website if you want to find out how to manage your cookies on your browser. If you want to know more about cookies, please visit www.aboutcookies.org or www.allaboutcookies.org. ■ 10. Security We have implemented technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized access or disclosure of personal data. We restrict access to your personal data to those who need to know that information to provide benefits or services to you. In addition, we train our employees to help them be well aware of risks associated with data security and confidentiality. ■ 11. Data retention We strive to keep our processing activities with respect to your personal data as limited as possible. Your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements. In case of consent, your personal data will be at the latest deleted without undue delay after the withdrawal of such consent. ■ 12. Your rights You have the rights, at any time: - without giving reasons according to Art. 15 of the GDPR to obtain information about your data stored with us. With the exception of any connection fees charged by your provider, you will not incur any costs as a result of the inquiry; - to have the data rectified in accordance with Art. 16 of the GDPR; - to have the data erased in accordance with Art. 17 of the GDPR; - to obtain from the controller restriction of processing in accordance with Art. 18 of the GDPR; - to object to the processing for sending newsletters according to Art. 21 (2) of the GDPR; - to object to other forms of processing of your personal data in accordance with Art. 21 (1) of the GDPR; - to withdraw any consent to the collection and use of data given to us at any time, without affecting the lawfulness of processing based on consent before its withdrawal in accordance with Art. 7 (3) of the GDPR; - to receive your personal data in a machine-readable format and to transmit them to another person responsible in accordance with Art. 20 of the GDPR; If you would like to exercise any of these rights, you can contact the Data Protection Officer or Data Protection Manager responsible for your region. You can find the contact information of our Data Protection Managers and Data Protection Officer here. No cost will be charged for any response to acceptable requests. If for some reasons the request is denied, we will provide an explanation as to why the request has been denied. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes for the period we hold your data. We take any complaints we receive from you very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We also welcome any suggestions for improving our procedures. We ask that you first submit any such complaints directly to the Data Protection Officer or Data Protection Manager in your country. If you aren't satisfied with our response or have concerns about how we process your personal data, you have the right to lodge a complaint with the appropriate data protection authority in your region.