#

EcoBank establishes the privacy policy as follows in order to protect the personal information of the information subject under section 30 of the Personal Information Protection Act and to handle the difficulties swiftly and smoothly;

  1. Article 1 (For personal information processing purposes)
  2. EcoBank processes the minimum amount of personal information required for the following purposes:

    1. Homepage member management

    Personal information is processed for the purpose of using the homepage bulletin board, using the membership service and limited user identification system, personal identification, complaints handling, and forwarding notices.

    2. Civil treatment

    Personal information is processed for the purpose of the public service handling related to personal information such as personal information reading, personal information correction & Middot; deletion, request for suspension of personal information handling, and report of personal information leakage incidents.

    The personal information being processed is not used for any other purpose, and if the purpose of use is changed, it will be notified to the users in advance and agreed upon.

  3. Article 2 (items of personal information being processed)
  4. Personal information items that are processed for member management and civil service handling are as follows:

    Items of Personal Information Retention Period Base of Operation Purpose of Operation Items of personal information recorded in the personal information file
    Membership Information By the time of one's membership Consent of Infomation Subjects Register and manage membership of homepage
    Handling Civil Affairs of Homepage
    name, ID, nickname, password, password verification, E-Mail, email receiving status, I-PIN or Authentication information of the identity verification agency
  5. Article 3 (During and retaining personal information)
  6. The users' personal information processed by Eco Bank processes and retains personal information within the period of personal information retention pursuant to the Act or the period in which personal information is collected from the information subject.

    Homepage member management and civil complaints

    - Collection base: Article 15 of the Privacy Act, Article 1,
    - Retention period: Until member withdrawal

  7. Article 4 (provided by a third party of personal information)
  8. EcoBank processes the users' personal information within the scope specified in Article 1 (for personal information processing purposes) and Personal information will be provided to third parties only in accordance with Article 17 of the Personal Information Protection Act, such as the consent of the information subjects and special regulations of the lawExceptions are made when there are special provisions in other laws or when they fall under Article 18.2 of the Privacy Act, such as criminal investigations.

  9. Article 5 (Consignment of personal information processing)
  10. The National Institute of Ecology outsources the processing of personal information as follows for smooth processing of personal information.

    Trustee Company Fiduciary Work Item of Fiduciary The period of personal information held and used for deposit
    WAVUS Building and maintaining the EcoBank Member Information By the end of the consignment contract

    EcoBank prohibits the processing of personal information that is not for the purpose of outsourcing under the provisions of Article 25 of the Personal Information Protection Act at the time of concluding the outsourcing agreement. Matters concerning administrative responsibilities, restrictions on subcontracting, management and supervision of the trustee, and responsibilities such as damages are clearly stated in documents such as contracts, and we supervise whether the trustee processes personal information safely.

    If the content of the commissioned business or the trustee is changed, it will be disclosed without delay through the processing policy of this personal information.

  11. Article 6 (rights, duties and methods of use of the information body)
  12. Information subject (for legal representatives) may at any time exercise the right to personal information protection under any of the following:

    1. Personal information access demand

    2. Correct errors, etc.

    3. Deletion Request

    4. Request processing stop

    The rights can be prepared in accordance with the form No. 8 of the Enforcement Regulations of the Personal Information Protection Act through written form, e-mail, and transmission (FAX), and the agency will take proper action without delay.

    If the main body of the information requests correction or deletion of personal information errors, it shall not use or provide the personal information until the correction or deletion is completed.

    The rights may be exercised through an agent, such as a legal representative of the information body or a person who has been entrusted with it. In this case, you must submit a letter of attorney according to the form No. 11 of the Enforcement Rules of the Privacy Act.

    The right of the information subject may be restricted under Article 35 paragraph 5 of the Privacy Act or Article 37 paragraph 2 of Article 37.

    The request for the correction and deletion of personal information shall not be required if the personal information is specified as the object of collection under another Act.

    The person who makes the request for access according to the right of the subject of information, request for correction or deletion, and request for suspension of processing shall confirm whether he or she is a legitimate agent.

    ※ [Annex 8 to the Enforcement Rules of the Privacy Act] Request for personal information (examination, correction, deletion, disposition)

    ※ [Annex 11, Enforcement Regulations of the Privacy Act] Delegation

  13. Article 7 (Decision of personal information)
  14. EcoBank destroys the personal information without delay when it becomes unnecessary for the period of personal information retention and the purpose of processing.

    If the institution for which the personal information has been agreed by the information subject or the processing purpose has been achieved, the personal information must be kept in a separate database (DB) or a different storage location.

    Procedure and procedure for personal information destruction are as follows.

    1. Disposal Procedure

    EcoBank establishes a plan for destruction of personal information (or personal information files) that should be destroyed, and destroys it with the approval of the personal information protection manager.
    A. Disposal of Personal Information: Personal information whose retention period has expired without delay from the end date.
    Revocation of personal information files: When the personal information file becomes unnecessary, such as the goal of processing personal information files, the abolition of the service concerned, and the termination of the business, the personal information file is destroyed without delay from the date.

    2. Destruction Method

    When destroying personal information handled by EcoBank, destroy it using the following methods.
    A. In case of electronic file format: use technical method for not playing records
    B. In case of records, printed materials, written documents or other recording media other than electronic file types: crushed or incinerated;

  15. Article 8 (Decision of personal information)
  16. Items on the operation and denial of installation of an automatic personal information collection device

  17. Article 9 (Safety measures for personal information)
  18. According to Article 29 of the "Personal Information Protection Act," EcoBank performs the technical, administrative and physical actions necessary to secure safety as follows:

    1. Minimize the designation of personal information providers and trainings

    We minimize the designation of personal information providers and provide regular education.

    2. Restrict access to personal information

    We control access to personal information by granting, changing, and terminating access to the database system that handles personal information.

    3. Storage of access records and prevention of tampering

    Records of access to the personal information processing system are kept for at least six months, and records of access are managed to prevent forgery, theft, or loss.

    4. Encryption of personal information

    The users' personal information is encrypted, stored and managed. In addition, sensitive data uses separate security functions, such as cryptographically used for storage and transmission.

    5. Technical measures for hacking, etc.

    EcoBank installs security programs, periodically updates and checks, and installs systems in an externally controlled area to prevent leakage and damage of personal information caused by hacking or computer viruses.

    6. The control of unauthorized personnel

    Access control procedures are established and operated separately for the physical storage of personal information systems.

  19. Article 10 (Personal Information Protection Officer)
  20. EcoBank has overall responsibility for the processing of personal information, and has designated a personal information protection officer as follows for processing complaints and remedies for information subjects related to the processing of personal information.


    Personal Information Protection Officer

    Name : Heenam Yoon

    Position: Head of EcoBank Team

    Contact : 041-950-5621

    Fax : 041-950-6143


    Personal information protection department

    Department : EcoBank Team

    Manager : Manseok Shin

    Contact : 041-950-5624

    Fax : 041-950-6143


    If the information subject uses the EcoBank homepage service for any inquiries regarding the protection of personal information, he or she can contact the personal information protection manager and the department in charge regarding matters relating to complaint handling and damage relief. EcoBank will continue to respond to inquiries from the information subject without delay.

  21. Article 10 (Request to view personal information)
  22. The information subject can request the reading of personal information in accordance with the provisions of Article 35 of the Personal Information Protection Law to the following departments. EcoBank strives to expedite the processing of requests to view personal information of information sources.


    Receiving and processing department for personal information access

    Department : EcoBank Team

    Manager : Manseok Shin

    Contact : 041-950-5624, manhae@nie.re.kr


    Information subject can request viewing of personal information through Receiving and processing department for personal information access or the "Personal Information Protection Comprehensive Support Portal" website(www.privacy.go.kr) of the Ministry of Public Safety.

    www.privacy.go.kr → Personal information complaint → Request for access to personal information

  23. Article 12 (Relative Bill of Rights)
  24. The information subject can ask the following institution for damages or advice on personal information infringement.

    [The institution below is a separate entity from the National Institute of Ecology, please contact us if you are not satisfied with the results of the National Institute of Ecology's own processing of personal complaints and remedies or if you need further help.]

    1. Personal Information Dispute Adjustment Committee(Operate the Korea Internet Promotion Agency) : (Without national interest) 118 (http://privacy.kisa.or.kr)

    2. Privacy violation reporting center(Operate the Korea Internet Promotion Agency) : (Without national interest) 118 (http://privacy.kisa.or.kr)

    3. Supreme Prosecutors' Office Cyber Crime Investigation Team : 02-3480-3582 (http://www.spo.go.kr)

    4. Cyber Terror Response Center : 1566-0112 (http://www.netan.go.kr)

    As required by Article 35 of the Privacy Act (reviewing personal information), Article 36 (correction or deletion of personal information), Article 37 (restriction of personal information, etc.) is made by the Head of the public institution.

    ※ See the Central Administrative Tribunal (http://www.simpan.go.kr) for phone numbers.

  25. Article 13 (Change of Privacy Policy)
  26. This privacy policy applies from February 7, 2020.

    You can check the previous privacy policy below.

    2019.2.28 ~ 2020.2.6 Show privacy policy

    2020.2.6 ~ 2020.11.25 Show privacy policy