본문 바로가기

Legal Notice

Disclaimer

The materials and information on the Bae, Kim & Lee LLC website are for news and general reference purposes only, and are not prepared or intended as legal advice or other professional advice. No content of this website should be regarded as opining on legal issues, nor otherwise relied on as professional advice, and no person should take any action, or refrain from action, based on any statement in this website. For professional advice, viewers should seek specialized consultation with Bae, Kim & Lee LLC or with other qualified advisors. Bae, Kim & Lee LLC disclaims any liability based on or in connection with any content of this website, including any reliance on such content.

Limited Liability

Bae, Kim & Lee LLC is a limited liability law firm incorporated under the Attorney-at-law Act, and if an attorney assigned by bkl to a case has intentionally or negligently caused damage to its client in disposing of the case, the assigned attorney, the partner that directly directs and supervises the assigned attorney, and bkl will be jointly and severally liable for the damage in accordance with the Attorney-at-law Act.

Privacy Policy

Bae, Kim & Lee LLC’s Policies on Personal Information Management and on Operation and Management of Image Data Processing Equipment

Bae, Kim & Lee LLC ("BKL") implements and complies with the policies on personal information management and on operation and management of image data processing equipment as follows pursuant to Article 25 and Article 30 of the Personal Information Protection Act.

CHAPTER I. Policies on Personal Information Management

CHAPTER II. Policies on Operation and Management of Image Data Processing Equipment

CHAPTER I. Policies on Personal Information Management

Article 1 (Items of Personal Information Managed, Purpose of Management and Period of Management and Holding)

The items of the personal information managed by BKL, the purpose of management of personal information and the period of management and holding thereof shall be as follows.

  1. Personal Information of Clients
    • Items of Personal Information Managed: Name, contact number, address, name of company, position and title within the company
    • Purpose of Management of Personal Information: To make contacts while BKL provides service for a case commissioned by its client or for other case relating to its client, to send newsletters or other publication produced and published by BKL, to send invitations to any event held by BKL, and to provide other information
    • Period of Management and Holding of Personal Information: Until the purposes above are accomplished or until the consent of clients is withdrawn
  2. Personal Information of Employee
    • Items of Personal Information Managed

      A. mandatory information: name, resident registration number, contact number, address, record of military service, academic background, email, account number

      B. selective information: place of family register, family relations, names of family members, addresses of family members, contact numbers of family members

    • Purpose of Management of Personal Information: To manage personnel matters of the employees of BKL such as execution and maintenance of employment agreements for the purpose of recruiting of employees of BKL, managing personnel matters thereof, payment of salary, education, issuance of certificates, providing welfare benefits for the employees of BKL and their families, unemployment insurance, national pension, etc
    • Period of Management and Holding of Personal Information: For three years after the retirement of relevant employees

Article 2 (Providing Personal Information for Third Party)

(1) BKL shall manage the personal information of the subject of personal information within the scope of the purposes set forth in Article 1. BKL shall neither manage personal information beyond the original scope of purposes without the prior consent of subject of personal information nor provide any personal information to any third party. Provided, however, that in any of the following cases, BKL may use personal information for purposes other than those set forth herein or provide such to any third party, unless the interest of subject of personal information or any third party is likely to be unreasonably infringed upon.

  1. If any separate consent is obtained from any subject of personal information
  2. If there are any special provisions under other laws
  3. If any subject of personal information or its legal representative is not in a position to express its intention or a prior notice cannot be obtained due to an unknown address, etc and it is explicitly acknowledged that such use or provision of personal information is urgently necessary for the benefit of the life, body, or property of any subject of personal information or any third party
  4. If any personal information is necessary for the purpose of gathering statistics, academic research, etc and such personal information is provided in a manner that individuals cannot be identified.

(2) BKL shall inform subjects of personal information of the following when obtaining consent under subparagraph 1 of Paragraph (1). If there is any change in any of the following, BKL shall inform subjects of personal information of such change and obtain consent therefrom.

  1. The person who are provided with personal information
  2. The purposes of using personal information (when personal information is provided, the purposes of using by the person to whom personal information is provided)
  3. Items of personal information that is used or provided
  4. Period of holding and using personal information (when personal information is provided, it refers to the period of holding and using by the person to whom such personal information is provided)
  5. The fact that relevant subject of personal information is entitled to refuse to grant consent and the details of disadvantage (if any) arising from a refusal to grant consent.

Article 3 (Entrustment of Management of Personal Information)

BKL, in principle, shall not entrust the management of personal information to any third party. If it is necessary to entrust the management of personal information hereafter, BKL shall notify of the persons subject to the entrustment, content of the entrusted work, period of entrustment and the terms and conditions of the entrustment contract (which sets forth compliance with laws and regulations relating to the protection of personal information, the prohibition of providing personal information to any third party and responsibilities, etc.) through its personal information protection policy. If necessary, BKL shall receive a prior consent thereto.

Article 4 (Rights and Obligations of Subjects of Personal Information and Method of Exercising Rights and Obligations)

(1) Subjects of personal information and the legal representatives of children under age 14 (hereinafter collectively referred to as "subject of personal information" for the purpose of this Article) may file an application for inspection of personal information to BKL by submitting to BKL a written request for inspection of personal information of relevant subjects of personal information and children under age 14 (only in the case of legal representatives) managed by BKL. In such case, except upon special circumstances, BKL shall reply to such request whether such inspection is possible or not within ten days after the submission of a request for inspection. If BKL refuses or delays a request for inspection, BKL shall notify relevant subject of personal information of its reasons for refusal or delay. In any of the following cases, BKL may restrict or refuse an inspection of personal information after notifying a subject of personal information of the reasons therefor.

  1. If any inspection is prohibited or restricted under laws
  2. If any inspection of personal information is likely to cause harm to the life or body of other person or likely to infringe unrea-sonably on the property or other interest of other person

(2) Any subject of personal information who has inspected its own personal information may request BKL to correct or delete its personal information which is untrue or impossible to confirm. Provided, however, that a subject of personal information may not make a request for deletion of personal information if such personal information is explicitly classified as personal information subject to collection under other laws.

(3) In case BKL corrects, deletes, etc relevant personal information within ten days after the receipt from a subject of personal information of a request for correction or deletion of personal information pursuant to Paragraph (2), BKL shall inform relevant subject of personal information of the measures taken, and if BKL does not act on such request, BKL shall notify relevant subject of personal information of the fact that BKL refused to act on such request, the reasons therefor and the ways to raise an objection thereto, with a notice on the result of correction or deletion of personal information.

(4) Any subject of personal information may request BKL to suspend managing its personal information. Provided, however, in any of the following cases or if there is any justifiable reason, BKL may turn down such request for the suspension of management of personal information by notifying relevant subject of personal information of the reasons therefor.

  1. If there are special provisions under laws or if it is inevitable in order to perform obligations under laws
  2. If it is likely to do harm to the life or body of other person or it is likely to infringe unreasonably on the property or other interest of other person
  3. If it is difficult to perform an agreement such as the case in which the service agreed with any subject of personal information is not provided if personal information is not managed, and if the subject of personal information has failed make its intention to terminate relevant agreement clearly known

(5) Within ten days after the receipt of a request for suspension of management of personal information from any subject of personal information under Paragraph (4), if any measures were taken to suspend the management of relevant personal information, BKL shall notify relevant subject of personal information of the details of the measures taken with a notice on the result of suspension of management of personal information. If BKL does not act on such request, BKL shall notify relevant subject of personal information of the reasons therefor and the ways to raise an objection with the notice above.

Article 5 (Destruction of Personal Information)

(1) If the period of holding personal information under Article 1 ends, BKL shall destroy relevant personal information within five days after the last day of such period of holding, unless there is a justifiable reason. If personal information is deemed to be unnecessary because the purpose of management of personal information is achieved, BKL shall, unless there is a justifiable reason, destroy relevant personal information within five days after it is deemed that management of personal information is unnecessary.

(2) The printouts, documents, etc on which personal information is written shall be destroyed through crushing or incineration, and any personal information in an electronic file shall be destroyed by deleting such information permanently in a way that is impossible to restore such personal information.

Article 6 (Measures to Secure Safety of Personal Information)

BKL shall take technical, administrative and physical measures necessary to secure safety as follows under Article 29 of the Personal Information Protection Act.

  1. Establishment and implementation of internal administration plan BKL established and is implementing an internal administration plan to safely manage personal information.
  2. Access control and restriction on access right BKL takes measures necessary to control access to personal information by granting, changing or cancelling accessing right to database system that manages personal information and controls unauthorized access from outsiders by using firewall system. Also, BKL designates an employee who manages personal information and allows only such employee to manage personal information.
  3. Encryption of personal information BKL encrypts [name, telephone number, resident registration number, passport number, driver’s license number, account number] out of the personal information of subjects of personal information to store and manage such information and perform additional security functions by encrypting files and transmission data of impor tant data.
  4. Keeping of access record and prevention of forgery or alteration BKL keeps and manages the record of access to per sonal information management system for at least six months and uses security features to prevent forgery, alteration, theft or loss of access record.
  5. Installation and operation of security program BKL installed security program to prevent leakage and damage of personal information due to hacking, computer virus, etc and regularly updates and inspects such program. BKL installs the security program within the area where external access is limited and monitors the security program technically and physi- cally and blocks external access.
  6. Prevention of physical access BKL keeps the documents, auxiliary storage device, etc containing personal information in a safe place with locking system.

Article 7 (Changes in Personal Information Management Policies)

BKL shall continue to disclose any change in personal information management policies, time of implementation thereof and the details of such change.

Article 8 (Management of Employees’ Personal Information)

These policies on management of personal information shall apply mutatis mutandis to the management of the personal information of the employees of BKL.

Article 9 (Measures for Remedy for Infringement on Rights and Interests)

Any subject of personal information may file an application for resolution of disputes, consultation, etc to Personal Information Dispute Mediation Committee, KISA Private Information Infringement Reporting Center, etc in order to pursue a remedy in relation to the infringement on personal information. If any other report or consultation is required due to infringement on personal information, any subject of personal information may consult with the following agencies.

  1. Personal Information Dispute Mediation Committee (just call 118 without any telephone exchange number)
  2. KISA Private Information Infringement Reporting Center (privacy.kisa.or.kr/kor/main.jsp)
  3. Information Protection Marks Certification Committee (www.eprivacy.or.kr, 82.2.580.0533~4)
  4. The High-Tech Crime Investigation Division of Supreme Prosecutor’s Office (www.spo.go.kr/eng/index.jsp, 82.2.3480.2000)
  5. National Police Agency Cyber Bureau(cyber.go.kr/eng/index.do, 82.2.3150.2659)

Article 10 (Personal Information Protection Managers, etc)

(1) The personal information protection manager and the person in charge of personal information management of BKL under Article 31(1) of the Personal Information Protection Act are as follows.

[Personal Information Protection Manager]

  • Team/Position: Executive Director of Office Administration Department
  • Name: Hong, Seong Chel
  • Contact No.: 82.2.3404.0713

[Person in Charge of Personal Information Protection]

  • Team/Position: IT Team/Team Leader
  • Name: Jung, Se Yong
  • Contact No.: 82.2.3404.0720

(2) The department and the person of BKL in charge of receiving and dealing with requests for inspection of personal information are as follows.

[IT Team]

  • Position: Team leader
  • Name: Jung, Se Yong
  • Contact No.: 82.2.3404.0720
  • Working Hours: 09:00~18:00

[Planning Department]

  • Position: Head of department
  • Name: Jaeyeon Shin
  • Contact No.: 82.2.3404.0895
  • Working Hours: 09:00~18:00

(3) If BKL replaces the personal information protection manager, the person in charge of personal information protection or the person in charge of dealing with requests for inspection of personal information, BKL shall post such fact of replacement and contact information such as the fact of replacement, name, name of department, telephone number, etc on its internet homepage or notify such with a notice on changes in personal information management policies, etc.

CHAPTER II. Policies on Operation and Management of Image Data Processing Equipment

Article 11 (Grounds for Installation and Purpose of Installation)

BKL shall operate and manage image data processing equipment for safety management, facility protection, crime prevention, etc.

Article 12 (Number of Units of Installed Equipment, Installation Site and Scope of Photographing)

[Lobby at 10th fl., of the main building]

  • Number of Units Installed: 2 units
  • Scope of Photographing: Lobby, entrance

[Lobby at the first annex]

  • Number of Units Installed: 2 units
  • Scope of Photographing: Lobby, hallway

[Elevator hall at each floor of the second annex]

  • Number of Units Installed: 8 units
  • Scope of Photographing: entrance

Article 13 (Person in Charge of Management, Department in Charge, etc)

(1) bkl’s person and department in charge of image data processing equipment and their contact number are as follows.

  • Department in Charge: Office Administration Team
  • Position: Team leader
  • Name: Kim, Seoung Kyun
  • Contact No: 82.2.3404.0706

(2) The person who is authorized to access the image data processing equipment of BKL is as follows.

  • Department in Charge: Office Administration Team
  • Position: Vice team leader
  • Name: Lee, Kyungchul
  • Contact No: 82.2.3404.0714

Article 14 (Recording Time, etc)

(1) The image data processing equipment of BKL shall record videos from 00:00 to 24:00 throughout the year.

(2) BKL and the head office of BKL shall keep the recorded image information for 30 days after recording.

(3) BKL shall keep the recorded image information at the disaster control center of BKL in avi type file.

Article 15 (Management of Personal Image Data Files Generated from Image Data Processing Equipment, etc)

(1) BKL shall not use the personal image data generated from image data processing equipment for any purposes other than safety management, facility protection and crime prevention.

(2) BKL shall check personal image data from time to time by playing a record file at the office of Office Administration Team, etc where relevant personal image data are kept in order to investigate into a crime that took place within BKL.

(3) In case the period of holding and management under Article 14(2) hereof ends, BKL, unless there is a special provision under other laws, shall delete relevant file permanently in a technical method. If there is any printouts, etc containing personal image data, BKL shall destroy or incinerate such printouts, etc.

(4) Any recorded image data shall not be used for any purposes other than installation of image data processing equipment and shall not be inspected by, or provided to, any person other than those who are authorized to access.

Article 16 (Management of Personal Image Data Files Generated from Image Data Processing Equipment, etc)

(1) The subject of personal information may request the manager of the relevant image data processing equipment or the responsible officer of BKL to allow access to or confirmation of the existence of personal image information handled by BKL ("Access, Etc."), in which case, the subject of personal information shall explain the reasons he/she needs such personal image information.

(2) When BKL is in receipt of the request from the subject of personal information under paragraph (1), the operator of the image data processing equipment shall confirm that the person requesting Access, Etc. is the subject person or his/her legal representative referring to his/her resident identification card, driver’s license card or passport, etc. certifying his/her identity.

(3) BKL permits Access, Etc, when the request for Access, Etc. under paragraph (1) satisfies either one of the following conditions.

  1. If the subject of personal information consents
  2. If access to or provision of information is made to the subject of personal information
  3. If other laws have any special provisions for such access or provision
  4. If personal information is provided in a form which a person is not identifiable, for media coverage by newspapers/broadcasts
  5. If the personal information is provided in a form by which a person is not identifiable when necessary for investigation of crimes and indictment and maintenance of public prosecution
  6. If the personal information is necessary for conduct of court proceedings.

(4) Notwithstanding the provisions of paragraph (3), in each of the following cases, the operator of image data processing equipment may reject the request for Access, Etc. of the personal image information by the subject of personal information, in which case the operator of image data processing equipment shall within 10 days notify the subject of personal information of the reasons of rejection in writing, etc.

  1. If Access, Etc. results in significant hindrance in investigation of crime, maintenance of public prosecution and conduct of court proceedings
  2. If personal image information has been destroyed since the keeping period expired
  3. If it has considerable technical difficulties to delete only the image information of the subject of personal information, and Access, Etc. is highly likely to cause infringement of other persons’ right to privacy
  4. If Access, Etc. causes significant hindrance in conduct of business of BKL
  5. If there are reasons to the interest of the public as reasonable to reject the request for Access, Etc.

(5) In the event BKL allows Access, Etc. in accordance with paragraph (3), and such Access, Etc. is likely to allow clear identification or infringe privacy of a person other than the subject of personal information, BKL shall take protection measures to prevent identification of personal image information of a person other than the subject of personal information in advance of Access, Etc.

(6) BKL shall record and monitor each of the following items when taking measures under paragraph (3) or (4):

  1. Name and contact point of the subject of personal information requesting Access, Etc. of personal image information
  2. Name and content of personal image information file of which Access, Etc. is requested by the subject of personal information
  3. Purpose of Access, Etc. of personal image information
  4. Specific reasons of rejecting Access, Etc. of personal image information and
  5. When a copy of personal image information is provided to the subject of personal information, the content of the relevant image information and the reasons of such provision.

(7) If Access, Etc. is permitted, BKL shall allow the subject of personal information to access to the information at the protection room which actually controls the relevant image data processing equipment during the permitted time period.

(8) If BKL delegates duties of establishment and operation of image data processing equipment to a third party, the name of the entrusted third party shall be entered in the guide and the policy of operation and management of the image data processing equipment to allow the subject of personal information to easily confirm the details of such delegation at any time.

(9) If BKL delegates duties in respect of establishment and operation of image data processing equipment to a third party, BKL shall monitor and supervise the third party to check if the third party safely handles with the personal image information.

Article 17 (Technical, Managerial and Physical Actions to Protect Image Information)

BKL takes each of the following security actions in order to ensure that personal image information is not lost, stolen, disclosed, fabricated or damaged.

  1. The storage place of personal image information is designated as a restricted area where those who have been given no right of access are strictly restricted.
  2. The date of creation of personal image information, and the purpose of access to, the persons to whom the information is made available and date and time of such access, etc. are recorded and maintained for safe keeping and prevention of fabri-cation and alteration of personal image information.
  3. Technology to safely store and transmit personal image information is applied (in case of network camera, information is encrypted for safe transmission and passwords are created to save personal image information file).
  4. Storage facility is prepared or locks are installed for safe and physical storage of personal image information.
  5. Internal maintenance policy is made and implemented for the safe handling of personal image information.

Article 18 (Applicable Provisions)

In addition to the provisions on personal image information set forth in this chapter, the provisions of chapter 1 shall be applied unless being contrary to the effect of this chapter.

[Supplementary Provisions]

The personal information handling policy and the operation and maintenance policy of image data processing equipment shall be applied retroactively from September 30, 2011.

top