With regard to the fact that KOREA + SWEDEN YOUNG DESIGN AWARD ORGANIZATION (The Embassy of Sweden in Seoul, KIDP, and IKEA Korea/ hereinafter referred to as "ORGANIZATION") is hosting the「2019 SWEDEN KOREA YOUNG DESIGN AWARD」(hereinafter referred to as the “Award”), ORGANIZATION will protect the personal information of all Subjects in accordance with the Personal Information Protection Act, and has established and disclosed the following personal information processing policy in order to protect the personal information of all Subjects whose information has been collected (hereinafter referred to as “Subject”) and handle any related complaints promptly and smoothly.
If ORGANIZATION revises the personal information processing policy, it will make a notification through a website announcement (or individual announcement).
This policy was implemented on 02 12, 2019.

Article 1 (Purposes of Processing Personal Information)

ORGANIZATION processes personal information for the following purposes. Personal information which is processed is not used for purposes other than the following purposes, and if the purpose of use changes, ORGANIZATION will implement necessary measures such as obtaining separate consent, etc. in accordance with Article 18 of the Personal Information Protection Act.

• - Identification, screening and notification of judgement results to provide applicants with the Award support services.
• - Conveying of announcements/notifications, securing smooth communication channels.

Article 2 (Processing and Retention Period for Personal Information)

• ① ORGANIZATION processes and possesses personal information within the retention and use period for personal information in accordance with laws and regulations or within the retention and use period for personal information that is agreed to when collecting personal information from Subjects.
  1. 1. Providing the Award support service: 6 months after the final judgement of the Award and the completion of awards

Article 3 (Providing Personal Information to a Third Party)

ORGANIZATION shall process the personal information of Subjects only within the scope specified in Article 1 (Purposes of Processing Personal Information), and ORGANIZATION shall only provide personal information to a third party with the consent of the Subject, in accordance with special regulations of the law, etc., in compliance with Article 17 and 18 of the Personal Information Protection Act.

Article 4 (Assignment of Personal Information Processing)

• ① ORGANIZATION assigns the following personal information processing tasks for the purpose of smooth operations in relation to personal information processing.
  1. 1. Participant Management
     - Entity undertaking the work (Assignee) : Leo Burnett, Inc.
     - Area of assignment: Management of participants at AWARD
     - Period of assignment: 02 12 2019 ~ 08 11 2019
• ② When ORGANIZATION concludes an assignment agreement, ORGANIZATION stipulates items such as the prohibition on the usage of personal information other than for the purposes of the entrusted work, technical and managerial protection measures, restrictions on re-assignment, the management and supervision of the Winner, and the responsibilities of compensation for damages, explicitly in the agreement, etc., in accordance with Article 25 of the Personal Information Protection Act, and ORGANIZATION oversees whether the Assignee handles personal information securely.
• ③ If the details of the entrusted work or the Assignee change, ORGANIZATION shall disclose said changes according to the personal information processing policy without delay.

Article 5 (Rights & Duties of Subjects and Methods of Exercising)

• ① The Subject can exercise the rights of personal information protection at any time toward ORGANIZATION.
  1. 1. Request to browse personal information
  2. 2. Correction request in case of error, etc.
  3. 3. Deletion request
  4. 4. Processing suspension request
• ② Any exercise of the rights under Paragraph 1 above may be made in writing, by telephone, e-mail, facsimile, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and ORGANIZATION shall take action without delay.
• ③ When the Subject requests a correction or deletion of personal information, ORGANIZATION shall not use or provide the personal information until the correction or deletion is completed.
• ④ Any exercise of the rights under Paragraph 1 may be done through an agent such as a legal representative of the Subject or an assignee, etc. In this case, a power of attorney shall be submitted according to Form 11 of the Enforcement Regulations of the Personal Information Protection Act.
• ⑤ Any request to browse personal information and any processing suspension request may restrict the rights of the Subject pursuant to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
• ⑥ Regarding a request for correction or deletion of personal information, deletion cannot be requested if the personal information is specified as an object of collection under other laws and regulations.
• ⑦ In the case of a request to browse, a correction/deletion request, or a processing suspension request, in accordance with the rights of the Subject, ORGANIZATION shall be entitled to confirm the person making such request is the principal or a truthful legal representative.
• ⑧ No Subject shall misuse the personal information handled by ORGANIZATION, nor infringe on the privacy of Subject or any other person, by the violation of related laws such as the Personal Information Protection Act.

Article 6 (Personal Information Items to be Processed)

ORGANIZATION handles the following personal information items.

• 1. Providing the Award support service
  Required items: name, password, date of birth, contact (phone), e-mail
• 2. While the usage of Internet service, the following personal information items may be automatically generated and collected: IP address, cookies, MAC address, service usage history, visit history, history of improper usage, etc.

Article 7 (Destruction of Personal Information)

• ① ORGANIZATION shall destroy personal information without delay when it is no longer required due to the expiry of the personal information retention period or the achievement of the processing purpose, etc.
• ② Notwithstanding the expiry of the personal information retention period agreed upon by the Subject or the achievement of the processing purpose, if it is necessary to keep personal information in accordance with other laws and regulations, ORGANIZATION shall transfer the personal information to a separate database or stores it in a different storage location.
• ③ Procedures and methods for the destruction of personal information are as follows.
  1. 1. Destruction procedure
     ORGANIZATION selects the personal information designated for destruction and ORGANIZATION destroys the personal information with the approval of ORGANIZATION's Privacy Officer.
  2. 2. Destruction method
     ORGANIZATION destroys personal information recorded and stored in the form of an electronic file by using such a method as low-level formatting so that the record cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding with a paper shredder or incinerating.

Article 8 (Measures to Ensure the Safety of Personal Information)

ORGANIZATION takes the following measures to ensure the security of personal information.

• 1. Administrative measures: Establishing and implementing internal management plans, training of regular staff, etc.
• 2. Technical measures: Management of access rights for personal information processing systems, installation of access control system, encoding of unique identification information, etc., and installation of security programs
• 3. Physical measures: controlling access to computer rooms, data storage rooms, etc.

Article 9 (Installation, Operation and Rejection of Automatic Collection Equipment for Personal Information)

• ① ORGANIZATION uses "cookies" to store usage information and to recall it from time to time in order to provide personalized services to users.
• ② Cookies are small amounts of information which are used to run the website and are sent to a user's computer browser by the server and may be stored on the hard disk of the user's computer.
  1. a. Purpose of Cookie use: Cookies identify the types of visit and usage on each service and web site that a user visits, popular search words, and whether or not there is security access, etc., and they are used to provide optimized information to users.
  2. b. Installation, Operation and Rejection of Cookies : You can reject the storage of cookies via the Options setting on the Tools> Internet Options> Privacy menu at the top of your web browser.
  3. c. If you reject the storage of cookies, you may have difficulty using customized services.
     ORGANIZATION does not use 'cookies' that store information about a Subject and recall it from time to time.

Article 10 (Person in Charge of Personal Information Protection)

• ① ORGANIZATION shall take overall responsibilities for the processing of personal information, and appoint a person in charge of personal information protection as follows to deal with any complaints from or compensation for Subjects relating to the processing of personal information.

  ▶ Person in charge of personal information protection

  • Name: Keith Koo

  • Tel No.: 02-310-8700

  • E-mail: keith.koo@ikea.com

  • Fax Number: 02-310-8799

  ▶ Department in charge of personal information protection

  • Name: Keith Koo

  • Tel No.: 02-310-8700

  • E-mail: keith.koo@ikea.com

  • Fax Number: 02-310-8799

• ② Any Subject can contact the person in charge of privacy or the department in charge of all personal information protection inquiries, complaints, and damages which occur while using ORGANIZATION’s service (or business). ORGANIZATION shall respond to all inquiries from Subjects without delay.

Article 11 (Request to Browse Personal Information)

Any Subject can request to browse personal information to the following department in accordance with the Personal Information Protection Act. ORGANIZATION shall endeavor to promptly process any request to browse personal information by a Subject.

▶ Receipt and processing department for requests to browse personal information

• Name: Keith Koo

• Tel No.: 02-310-8700

• E-mail: keith.koo@ikea.com

• Fax Number: 02-310-8799

Article 12 (Remedy Method for Infringement on Rights and Interests)

Any Subject can inquire about compensation for damages, consultation, etc., regarding the misuse of personal information to the following organizations.

The organizations below are the separate institutions from ORGANIZATION. If you are dissatisfied with the results of a personal privacy complaint against ORGANIZATION, or compensation for damages, or if you need more help, please contact them.

▶ Privacy Infringement Report Center (operated by the Korea Internet & Security Agency)

- Works in charge: Reports of complaints about the misuse of personal information, applications for consultation

- home page: privacy.kisa.or.kr

- Telephone: 118

- Address: Privacy Infringement Report Center, 3rd Floor, 9 Jinheung-gil, Naju-si, Jeollanam-do

▶ Personal Information Dispute Mediation Committee

- Works in charge: Applications for personal information dispute mediation, collective dispute mediation (civil settlement)

- home page: www.kopico.go.kr

- Telephone: 1833-6972

- Address: 4th floor, Government Complex-Seoul, 209 Sejongdae-ro, Jongno-gu, Seoul

Cyber Crime Commission , Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)

Cyber Security Bureau, National Police Agency: 182 (http://cyberbureau.police.go.kr)

Article 13 (Changes to the Personal Information Processing Policy)

This personal information processing policy is implemented on 02 12, 2019.