The International Women’s Peace Group is committed to protecting the security of your personal information
▉ Personal Information Policy of the International Women’s Peace Group
The International Women’s Peace Group (hereinafter referred to as “IWPG”) complies with the Personal Information Protection Act and any subordinate statutes for the freedom and protection of the principals of information. According to Article 30 of the Personal Information Protection Act, IWPG informs members (hereinafter also referred to as “users”) of the purpose and method of collecting and using personal information (hereinafter also referred to as “information”) provided by members and announces the following policies to respond and deal with various related issues. This policy applies to all websites owned and run by IWPG.
1. Personal information items to be collected, the purpose and method of collection, and its retention, storage, and duration of use
IWPG collects the following personal information.
1) The purpose of personal information collection, the items to be collected, and its retention and usage
< Membership application through the website >
– Purpose: member identification, notification of services, and CS
– Mandatory personal information collection items: ID, password, name, date of birth, gender, phone number, email
– Optional personal information collection items: country of residence, district of residence, occupation, title, branch, reason for application
– Duration of retention and usage: (mandatory items) until member withdrawal, (optional) until consent withdrawal
< Donation application >
– Purpose: confirmation of donation consent, management of member information
– Individual: name, phone number, email, address, member classification (region data)
– Corporate: name, phone number, email, address, member classification (region data)
– Duration of retention and usage: 5 years after termination of donation
< Donation payment >
– Purpose: automatic electronic transfer(Cash Management Service; CMS) or credit card payment
• Automatic electronic transfer (CMS): bank, name of account holder, bank account number, date of birth, amount of donation
• Credit card: credit card company, name of cardholder, expiration date, date of birth/corporate registration number, amount of donation
– Duration of retention and usage: 5 years after termination of donation
– Social security number: issuance of receipts for contribution and registration in the year-end tax adjustment service
「Income Tax Act」 Article 21 Other Income, Article 127 Liability for Withholding Taxes, Article 164 Submission of Statement of Payment 5 years from the issuance of the receipt for contribution
< DPCW support signature >
– Purpose: gathering support for the DPCW to be legislated into an international law
– Personal information collection items: name, country, email
– Duration of retention and usage: until the achievement of the goal or 5 years after the bill proposal
< Signup for newsletters or peacemails >
– Purpose: distribution of IWPG news through email
– Optional personal information collection items: name, email
– Duration of retention and usage: until withdrawal of consent
2) Method of information collection
– Website, paper form, donation application, event application, collection through expanded platforms such as social media or campaigns, fax, phone
2. Procedure and method of information destruction
IWPG immediately destroys personal information when the information is no longer needed, such as when the information retention period has passed and when the purpose of the informational collection has been accomplished
1) Destruction procedure
– After the purpose is achieved, the member’s information is transferred to a separate DB (separate filing cabinet in the case of paper), stored for a certain period, and then destroyed according to the reasons for information protection according to internal policies and other related laws (refer to the retention and use period). Personal information transferred to a separate DB is not used for purposes other than simple preservation unless required by law.
< Stored information: history of issuance of receipt for contribution >
– Evidence of storage: Income Tax Act, Corporate Tax Act
– Storage duration: 5 years
< Stored information: information related to business transactions >
– Evidence of storage: Commercial Act, Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.
– Duration of storage
• Records on contracts or withdrawal of subscriptions: 5 years
• Records on payment or provision of goods: 5 years
• Records on customer complaints and conflict settlement: 3 years
< Log-in history >
– Evidence of storage: Protection of Communications Secrets Act
– Duration of storage: 3 months
2) Method of destruction
– Personal information stored in file format is deleted using a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.
3. Provision of personal information
1) IWPG only collects and uses members’ personal information within the range of consent and in principle does not use the information beyond this range or provide members’ personal information to outside sources without members’ consent
2) However, the following cases are exceptions:
– When members consent in advance
– For information essential to the enforcement of the service contract: when it is almost impossible to receive members’ consent due to economic or technical circumstances
– When an investigative agency makes a request in accordance with the provisions of the law or according to the procedure and method specified in the law investigation purposes
– When it is considered necessary to disclose the information in order to take legal action against any person or actor that violates the IWPG’s agreement of utilization, exploits IWPG’s services to inflict harm on another, or harms traditional customs
4. Consignment of collected personal information
IWPG entrusts and operates an external professional company for the membership fee payment deposit and withdrawal service, fulfillment of rights as a member, and service stabilization
1) Entity who receives personal information: [NICE Payments Co., Ltd.] THE BILL cash management service
– Recipient’s purpose of personal information usage: approval and settlement of membership fee payment by CMS method
– Personal information items to be provided: bank name, account number, name, account holder’s date of birth, membership fee payment amount
2) Entity who receives personal information: [NICE Payments Co., Ltd.] THE BILL cash management service
– Recipient’s purpose of personal information usage: credit card/mobile phone membership fee payment approval and settlement
– Personal information collection items: refers to all information for each payment method presented through the Account/Credit Card Automatic Withdrawal Application Form provided by the corporation, and the applicant’s name, email address, contact information, mobile phone number, and payment method selection information, bank name (card company), business number, account holder name (cardholder name), account (credit card) number, date of birth, card expiration date, etc.)card name, card number, mobile phone number
5. Rights of users and legal representatives and how to exercise them
Members and legal representatives may view or modify their registered personal information or the personal information of children under the age of 14 at any time and may request termination of membership.
Members can click “Change personal information” (or “Edit member information”) to view and modify their personal information or the information of children under the age of 14. To withdraw membership (or withdraw consent) members can click “Withdraw membership” and withdraw directly after going through the identification process. Members can also contact the person in charge of personal information management in writing, by phone, or by email, and IWPG will take action without delay.
If a member requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made.
IWPG processes personal information that is canceled or deleted at the request of a member or legal representative as specified in the duration of retention and usage of personal information collected by IWPG, and the information processed so that it cannot be viewed or used for any other purpose.
6. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, IWPG takes technical/administrative and physical measures necessary to ensure safety as follows:
– Minimization and training of personnel handling personal information
IWPG is implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.
– Establishment and implementation of an internal management plan
IWPG has established and implemented an internal management plan for the safe processing of personal information.
– Encryption of personal information
The user’s password is stored and managed in an encrypted form, so only the person can know it, and for important data, separate security functions such as encrypting files and transmission data or using the file lock function are used.
– Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information by hacking or computer viruses, IWPG has installed a security program, which is periodically updated and inspected and installed in an area where access is controlled from outside to monitor and block any risks technically/physically.
– Restriction of access to personal information
Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information and blocking any external unauthorized access from outside using an intrusion prevention system.
– Other
All information related to login regarding the membership application and personal information change web page is encrypted and cannot be decrypted. In addition, IWPG does not provide an administrator function that handles large amounts of personal information on the website.
7. Personal information management
IWPG appoints the relevant department and personal information manager as follows in order to protect members’ personal information and to handle complaints related to personal information.
■ Personal Information Manager
– Title: Director-General of Information Communications
– Phone number: +8225777440
– Email: mail.iwpg.org
8. Rectification of Violation of the Personal Information Rights
If members wish to request rectification for infringement of their personal information, they can reach out to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency for conflict settlement or consultation.
– Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
– Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
– Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
– Police Cyber Investigation Bureau: 182 (ecrm.police.go.kr)
9. Changes to the IWPG Personal Information Policy
This Personal Information Policy goes into effect starting from 20 August 2024. The details of the policy and past versions are disclosed and can be tracked on the IWPG website, per Article 30 of the Personal Information Act
Present Personal Information Policy
Previous Personal Information Policy (2023.08.23 ~ 2024.08.19)