The UbuCon Asia Organizing Committee (‘https://2022.ubucon.asia’ hereinafter referred to as ‘The Committee’) establishes and discloses privacy policy as follows to protect personal information of data subject and to handle related grievances quickly and smoothly under Article 30 of the 「Personal Information Protection Act」.

This privacy policy will be applied from November 4, 2022.

Article 1 (Purpose of processing personal information)

The Committee processes personal information for the following purposes. The personal information being processed will not be used for any of the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the 「Personal Information Protection Act」.

1. Attendee registration, Registration fee payment and Attendee Check-in
   • To register attendees, Accept registration fee payments, and to handle attende check-in on event dates.
2. To manage registration fee payment
3. Marketing and advertisement
   • To provide event schedule information, and to send promotional email when sponsor requests.
4. Proposal submission and notification
   • For providing a request for improvement of the proposal and notify proposal acceptance.
5. Travel sponsorship registration
   • To book round trip tickets, accomodation or provide reimbursement for those who applied for travel sponsorship and participate on-site.
6. Visa invitation letter request
   • To provide visa invitation letter, Informations on visa issue procedure and required documents for those who need to issue visa to participate on-site.

Article 2 (Items of personal information to be processed and its holding period)

1. The Committe processes and holds personal information within the period of holding and using personal information or the period of holding and using personal information agreed upon when collecting personal information from the data subject according to the law.
2. Each personal information processing and holding period is as follows.

   Purpose	Items to be collected	Collected from	When and how collected	Holding period
   Attendee registration, and Attendee Check-in	Name, Affiliation, Job or Titlor Nationality, Email address	Festa.io or Tito.io event platform	When registration is complete via event platform	1 years
   Registration fee payment	Payment history	Festa.io or Tito.io event platform	When registration is complete via event platform	5 years
   Marketing and advertisement	Email address	Festa.io or Tito.io event platform	When registration is complete via event platform	1 year
   Proposal submission and notification	(Required) Name, Email address (Optional) Phone number, Affiliation, Job or Title	Event website and Google Form	When submitting the Google Form provided by the The Committee	1 year
   Travel sponsorship registration	(Required) Name, Email address, Nationality, Affiliation (Requested if needed) Payment method information such as bank account	Event website and Google Form	When submitting the Google Form provided by the The Committee	1 year
   Visa invitation letter request	(Required) Name, Email address, Nationality, Affiliation, Date of birth, Passport number, Passport expiry date (Requested if needed) Passport place of issue, Sex	Event website and Google Form	When submitting the Google Form provided by the The Committee	Discard immediately after the event ends

Article 3 (Provision of personal information to third parties)

1. The Committee processes personal information only within the scope specified in Article 1 (Purpose of processing personal information) and provides personal information to third parties only if they fall under Articles 19 and 18 of the 「Personal Information Protection Act」, such as consent of the data subject and special provisions of the law.
2. The Committee provides personal information to following third parties.

Article 4 (Entrustment of personal information process)

1. The Committee entrusts personal information processing as follows for smooth personal information processing.

2. When concluding a entrustment contract, the The Committee shall, in accordance with Article 26 of the 「Personal Information Protection Act」, specify processing of personal information other than for the purpose of performing entrusted tasks is prohibited, technical and administrative protection measures, restrictions on re-entrustment, processing and supervision of the entrustee, and compensation for damages, etc. in documents such as contracts, and supervises whether the entrustee processes personal information safely.
3. If the contents of the entrustment work or the entrustees are changed, we will disclose it through this privacy policy without any delay.

Article 5 (International transfer of personal information)

2. The Committee entrusts followings to overseas corporations.

Article 6 (Personal information destruction procedure and destruction method)

1. The Committee destroys the personal information without delay when the personal information becomes unnecessary, such as the elapse of the personal information retention period or achievement of the Purpose of processing.
2. If the personal information retention period agreed by the data subject has elapsed or the personal information needs to be kept in accordance with other laws despite the achievement of the Purpose of processing, the personal information may be moved to a separate database (DB) or stored in different places to preserve it.
3. The procedure and method of personal information destruction are as follows.
   1. Destruction procedure
      • The Committee selects the personal information for which the reason for destruction has occurred, and destroys personal information with the approval of the personal information protection officer of the The Committee.
   2. Destruction method
      • Information in the form of electronic files uses a technical method that cannot reproduce the record.
      • Personal information printed on paper is shredded with a shredder or destroyed through incineration.

Article 7 (Rights and obligations of subjects of information and legal representatives and methods of exercising them)

1. The data subject can exercise the right to view, correct, delete, and suspend processing of personal information at any time with respect to the The Committee.
2. The exercise of rights pursuant to Paragraph 1 may be made to the The Committee in writing, e-mail, fax, etc. in accordance with Article 41 Paragraph 1 of the 「Enforcement Decree of the Personal Information Protection Act」, and the The Committee will take action without delay.
3. The exercise of rights pursuant to Paragraph 1 may be done through an agent such as the legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the “Personal Information Processing Method Notice (No. 2020-7)”.
   1. The rights of the information subject may be restricted in accordance with Article 35 Paragraph 4 and Article 37 Paragraph 2 of the 「Personal Information Protection Act」.
   2. The request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
   3. The Committee confirms whether the person who made the request, such as a request for reading, correction or deletion, or request for suspension of processing, is the person or a legitimate agent according to the right of the data subject.

Article 8 (Measures to ensure the safety of personal information)

The Committee is taking the following measures to ensure the safety of personal information.

1. Establishment and implementation of internal management plan
   • We have established and implemented an internal management plan for safe handling of personal information.
2. Restricting access to personal information
   • We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from outside.

Article 9 (Installation and operation of devices that automatically collect personal information and denial of that)

1. The Committee uses ‘cookies’ that store and retrieve usage information from time to time to provide users with individually customized services.
2. A cookie is a small amount of information that the server (http) used to operate the website sends to the user’s computer browser and is also stored on the hard disk of the user’s PC computer.
   1. Purpose of use of cookies: It is used to provide optimized information to users by identifying the types of visits and usage, popular search terms, secure access, etc. to each service and website visited by the user.
   2. Denial of installation and operation of cookies: You can refuse to store cookies by setting the web browser settings to deny cookies.
   3. If you refuse to store cookies, you may experience difficulties in using customized services.

Article 10 (Collection, use, provision of behavioral information and its denial)

The Committee does not collect, use, or provide behavioral information for online customized advertisements.

Article 11 (Additional criteria for use and provision)

The Committee takes into account the matters under Article 14 Paragraph 2 of the 「Enforcement Decree of the Personal Information Protection Act」 in accordance with Article 15 Paragraph 3 and Article 19 Paragraph 4 of the 「Personal Information Protection Act」 without the consent of the information subject. may additionally be used and provided. Accordingly, The Committee has considered the following for additional use and provision without the consent of the information subject.

• Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
• Whether there is any predictability of additional use or provision in light of the circumstances in which personal information was collected or processing practices
• Whether the additional use or provision of personal information unreasonably infringes on the interests of the information subject
• Whether measures necessary to secure safety, such as pseudonymization or encryption, have been taken

※ Judgment criteria for considerations for additional use and provision are prepared and disclosed by the business operator/group autonomously.

Article 12 (Privacy officer)

1. The Committee is responsible for overall personal information processing, and has designated a privacy officer as follows to handle complaints and damage relief from information subjects related to personal information processing.
   • Privacy officer: Youngbin Han / Representative / contact@ubucon.asia
2. The data subject may inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the service (or business) of the Committee to the person in charge of personal information protection and the department in charge. The Committee will answer and handle inquiries from the information subject without delay.

Article 13 (Department that receives and processes requests for access to personal information)

The information subject may file a request for access to personal information pursuant to Article 35 of the 「Personal Information Protection Act」 to the following departments. The Committee will make every effort to promptly process the personal information access request of the information subject.

• Receiving and processing department for personal information access request
  • General Team / Youngbin Han / Representative / contact@ubucon.asia

Article 14 (Remedies for infringement of rights and interests of data subjects)

The data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center in order to receive relief from personal information infringement. In addition, for other personal information infringement reports and consultations, please contact the following organizations.

1. Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (Without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors’ Office : (Without area code) 1301 (www.spo.go.kr)
4. National Police Agency : (Without area code) 182 (ecrm.cyber.go.kr)

In response to the requests made by the head of a public institution in response to the requests under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the 「Personal Information Protection Act」 A person whose rights or interests have been infringed due to disposition or omission may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For more information on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).

Article 15 (Changes to the Privacy Policy)

1. This Privacy Policy is effective from November 4, 2022.
2. The previous Privacy Policy can be found below.
   • https://github.com/ubucon-asia/2022/commits/main/content/privacy-policy/index.md