Seoul Family Center Privacy Policy
All personal data handled by the Seoul Family Center shall be collected, retained, and processed in compliance with the personal data protection regulations under relevant laws including Article 3 of the Personal Information Protection Act. The Seoul Family Center (hereinafter referred to as the "Seoul Center") operates the following policy to protect users' personal data and rights and interests in accordance with the Personal Information Protection Act and to efficiently handle users' complaints related to personal data. This Privacy Policy shall apply from the effective date, and any additions, deletions, or changes to the terms due to amendments of relevant laws and policies shall be announced through the notice on the website.
Article 1 (Purpose of Processing Personal Data, Retention Period, and Security Measures)
I. Purpose of Processing Personal Data
The Seoul Center collects a minimum amount of personal data for the purpose of performing its duties and handling civil complaints, and posts the data on the relevant website operated by each department to enable the data subject to check the content.
1. User registration and management, service requests: Personal data is processed for the purpose of confirming the user’s intention to use the service, identifying and verifying the user for service provision, confirming the user according to the implementation of the identity verification system, maintaining and managing membership, preventing illegal use of services, confirming the consent of a legal representative when processing personal data of children under the age of 14, handling various notices and notifications, addressing user grievances, managing service use history, responding to emergencies, notifying important matters, and conducting needs and satisfaction surveys.
2. Volunteer management: Personal data is processed as necessary for the Volunteer Management Center's tasks, such as volunteer recruitment, training, placement, and VMS-registered information management (e.g. volunteering activities and performance, certificate issuance).
3. Operation of the Steering Committee and the Advisory Committee: Personal data is processed as necessary for the composition and operation of the Operating Committee and the Advisory Committee for the purpose of improving the quality of family services in metropolitan institutions in accordance with the operating regulations of the Seoul Center.
4. Lecturer management: Personal data is processed as necessary for the recruitment, selection, payment of honorarium, background checks, etc., of lecturers required for the operation of education, counseling, and other programs.
5. Employee management: Personal data is processed for the recruitment of new employees. Personal data included in the employment contract is used for wage payment, welfare benefits, training requests, etc. The employee access system records the employee’s entry and exit history, and employee names, departments, positions, phone numbers, fax numbers, e-mail addresses, and other data are disclosed for business purpose and internal contact.
6. Handling complaints and grievances: Personal data is processed for the purpose of confirming civil complaints, contacting and notifying users for fact investigations, and informing users of the results.
7. Website management: Personal data is processed for the purpose of confirming the user’s membership intention, identifing and verifying the user for service provision, maintaining and managing membership, confirming the through the identity verification system, preventing illegal use of services, confirming the consent of legal representative when processing personal data of children under the age of 14, and handling various notices notifications, and user grievances.
8. Sponsorship management: Personal data is as processed necessary for tasks such as managing donations and sponsored items, and issuing receipts.
9. Program Applications: Personal data is processed for the purpose of selecting and administering program participants, verifying eligibility, identifying and authenticating applicants for service provision, confirming identity in accordance with the limited identity verification system, maintaining and managing eligibility for service use, reviewing submitted documents, and providing various notifications and other communications. Depending on the characteristics of each program, supporting documents for eligibility verification—such as a copy of the resident registration certificate, certificate of family relations, certificate of alien registration, recipient certificate, and health insurance payment confirmation—may be required. Any personally identifiable information or sensitive information contained in such documents will be processed only upon obtaining separate consent from the data subject. In addition, when processing personal data of children under the age of 14, consent from a legal guardian will be verified.
II. Processing Personal Data and Retention Period
1. Personal data processed by the Seoul Center shall be handled within the scope specified for the purpose of collection and use and shall be implemented in compliance with the retention period set forth in the Personal Information Protection Act and related laws.
2. The Seoul Center processes and retains personal data for the period prescribed by law; or within the duration agreed upon at the time of collection from the data subject.
| No. | Classification | Applicable Laws for Operation/Purpose of Processing | Personal Data File Name | Retention Period |
|---|---|---|---|---|
| 1 | User management, service requests | User registration and management, and service requests according to the following provisions of the Personal Information Protection Act: Article 15 (1)(2) (Collection and Use of Personal Information); subparagraph 2, Article 23 (Limitation to Processing of Sensitive Information); and Article 24 (1)(2) (Limitation to Processing of Personally Identifiable Information) | ∙ Required: Name, gender, date of birth, marital status, address, phone number, e-mail address, job, family relations, service usage info, country of origin ∙ Optional: ① Family counseling service ② Job posting: Company information, job information ③ Job seeker: Residency status, highest level of education, key career, self-introduction, job interest information |
Up to 5 years after termination of the service |
| 2 | Volunteer management | Issuance of Certificate of Volunteer Service | ∙ Name, address, contact no., e-mail address | Until there is a request for refusal to retain and use personal data from the data subject |
| 3 | Operation of Steering Committee and Advisory Committee | Issuance of Committee Activity Certificate and payment of meeting allowances according to Article 8 of the Enforcement Decree of the Civil Petitions Treatment Act | ∙ Resume, copy of ID, copy of bankbook | |
| 4 | Lecturer management | Issuance of lecturer's career certificate, payment on lecturer's fees, and background check according to Article 8 of the Enforcement Decree of the Civil Petitions Treatment Act | ∙ Resume, copy of bankbook, career certificate, copy of qualifications, copy of ID, criminal background check report | |
| 5 | Employee management | Employee management, insurance enrollment, and issuance of career certificates according to Article 8 of the Enforcement Decree of the Civil Petitions Treatment Act and Article 143 of the Income Tax Act | ∙ Personal data required for hiring new employees: resume, self-introduction, academic transcript, copy of qualifications ∙ Personal data included in the employment contract ∙ Employee name, department, position, phone number, fax number, and e-mail address for employee access history, business network access record, public relations, and business contact |
|
| 6 | Handling complaints and grievances | Receiving and managing civil services according to Article 8 of the Enforcement Decree of the Civil Petitions Treatment Act and Article 2 of the Enforcement Rules of the Civil Petitions Treatment Act | Name, address, phone number, e-mail address | 3 years |
| 7 | Website management | Development of new services, provision of customized services, and statistical services in accordance with the Protection of Communications Secrets Act | IP address, cookies, service usage records, visit records, misuse history, etc. | Until account deletion |
| 8 | Website member management | Article 15 (Collection and Use of Personal Information) of the Personal Information Protection Act | ∙ Required: ID, password, name, country of origin, e-mail address | Disposal upon account deletion |
| 9 | CCTV footage processing management | Facility safety and fire prevention | CCTV footage | 30 days after the time of recording |
| 10 | Sponsorship management | Management of sponsorships according to Paragraph 2, Chapter 4 of the Financial and Accounting Rules for Social Welfare Corporations and Social Welfare Facilities | Personal data necessary for handling sponsorship-related tasks, such as name, phone number, bank account no., type/amount/method of sponsorship, and date of birth | Until withdrawal of sponsorship |
| 11 | Program Applications | Personal Information Protection Act: Article 15(1)1 (Collection and Use of Personal Information), Article 22 (Method of Obtaining Consent), Article 23 (Restriction on Processing of Sensitive Information), Article 24 (Restriction on Processing of Personally Identifiable Information) Selection of program participants, verification of eligibility, review of submitted documents, notification of selection results, and program operation and administration |
∙ Required: Name, gender, date of birth, contact number, residency status ∙ Optional: ① Address ② Supporting documents for eligibility verification: resident registration certificate, certificate of family relations, certificate of alien registration, recipient certificate, health insurance payment confirmation, etc. (may vary by program) ③ Personally identifiable information (processed with separate consent): resident registration number, etc. ④ Sensitive information (processed with separate consent): recipient status, health information, etc. ⑤ For children under the age of 14: name and contact number of the legal guardian and verification of consent information |
Within 3 days after the end of the recruitment period |
III. Security Measures Operated on the Website
1. For the security and uninterrupted operation of the website, the Seoul Center operates various security programs to monitor network traffic and detect attempts of data tampering.
2. When you click the link or banner on the website operated by the Seoul Center to access other institutions, the privacy policy posted on the destination website shall apply from that point forward. Therefore, users should review and understand the privacy policy of the destination website..
Article 2 (Provision of Personal Data to Third Parties)
(1) No personal data collected and retained by the Seoul Center is provided to any third party without the consent of the user except in the following case
1. When separate consent is obtained from the data subject;
2. When there are special provisions in the law or it is unavoidably necessary to comply with legal obligations.
3. When the data subject or their legal representative is unable to express their intent, or when it is impossible to obtain their prior consent due to reasons such as unknown address, and it is clearly necessary for the urgent protection of the life, physical well-being, or financial interests of the data subject or the third party;
4. When personal data is provided in which a specific individual cannot be identified for purposes such as statistical compilation and academic research;
5. When it is impossible to perform the Seoul Center’s statutory duties without using the personal data for purposes not stated Privacy Policy or without providing it to a third party, and such use or provision has undergone deliberation and resolution by the Protection Committee;
6. When it is necessary to provide personal data to a foreign government or an international organization for the implementation of treaties or other international agreements;
7. When it is necessary for criminal investigations and for filing or maintaining public prosecution;
8. When it is necessary for a court's proceedings;
9. When it is necessary for the execution of punishment, probation, and protective measures.
10. When it is urgently necessary for public safety and well-being, such as public health.
(2) In the event the Seoul Center provides personal data to a third party, it shall notify the data subject of the following items and obtains their consent:
1. The recipient of the personal data;
2. The purpose for which the recipient will use the personal data;
3. The personal data items provided;
4. The period of personal data retention and usage by the recipient.
Article 3 (Consignment of Personal Information Processing)
(1) In principle, the Seoul Center does not entrust the processing of personal data to others without the user's consent. However, within the scope of the purpose of processing personal data or with the user's consent, it is necessary to clearly stipulate in the consignment contract the following: compliance with laws and regulations related to personal data protection; prohibition of providing personal data to any third party; and responsibilities of the consigned party.
(2) In principle, the Seoul Center processes users' personal data within the scope specified in Article 1 (Purpose of Processing Personal Data), and does not process beyond the original scope or provide it to a third party without the user's prior consent.
(3) The Seoul Center entrusts the following personal data processing tasks to facilitate smooth operations.
| No. | System Name | Consigned Company | Person in Charge | Responsibilities | Consignment Period |
|---|---|---|---|---|---|
| 1 | Family Seoul Website | SKUNKWORKS STUDIO | Myeongjik Kim +82-70-4189-9144 |
System maintenance and operation | Maintenance period |
| 2 | Hanultari for Multicultural Families Website | ||||
| 3 | Employment Management System | Jang Dae-hwan +82-10-6416-3836 |
System maintenance and operation | Maintenance period |
Article 4 (Rights and Obligations of the Data Subject and Legal Representative)
(1) The data subject may exercise the following rights related to personal data protection at any time:
1. Request to access personal data;
2. Request for correction of errors;
3. Request to delete personal data;
4. Request for suspension of processing personal data;
5. Withdrawal of consent;
6. Right to refuse automated decision-making / Right to request an explanation
(2) The exercise of rights under paragraph 1 may be made in writing, e-mail, facsimile (fax), etc. in accordance with Attached Form 8 of the Enforcement Rules of the Personal Information Protection Act. Actions shall be taken without delay regarding the user's personal data processed by the Seoul Center.
(3) If the data subject requests correction or deletion of errors in personal data, the relevant personal data cannot be used or provided until the correction or deletion is completed.
(4) The exercise of rights pursuant to paragraph 1 may be submitted through an agent authorized by the data subject. In such cases, a power of attorney must be submitted in accordance with Attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
(5) Requests for access and suspension of the processing of personal data may be restricted according to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
(6) Requests for correction or deletion of personal data may not be accepted if the personal data designated for collection under other laws and regulations.
(7) In the event of request for a access, correction, deletion, or suspension of processing of personal data according to the rights of the data subject, it must be confirmed whether the person making the request is the data subject or a legitimate agent. The exercise of these rights may be carried out by an agent, such as the data subject's legal representative or a person authorized by the data subject.
* [Attached Form 8 of the Enforcement Rules of the Personal Information Protection Act] Request for Access, Correction, Deletion, or Suspension of Personal Data Processing
* [Attached Form 11 of the Enforcement Rules of the Personal Information Protection Act] Power of Attorney
Article 5 (Use of Automatic Personal Data Collection Tools)
(1) In operating the Seoul Center website, the server may store a small amount of “cookies” on the user's computer. The user can exercise the right to refuse the use of the automatic personal data collection tool.
※ Microsoft Edge: Click the “...” icon at the top of the web browser → More tools → Internet options → Under “Privacy,” select “Advanced” → Block cookies
Chrome: Click the “⋮” icon at the top of the web browser → New incognito window (Shortcut: Ctrl+Shift+N) → Block cookies
Article 6 (Personal Data Disposal Procedures and Methods)
(1) In principle, the Seoul Center disposes of personal data without any delay once the purpose of personal data processing has been achieved. However, personal data shall not be disposed of when it must be retained in accordance with other laws and regulations. In such cases, the legal basis, the specific items to be retained as prescribed by law, and the retention period must be specified.
A. When personal data is to be retained instead of disposed of, the relevant data or personal data files shall be stored and managed separately from other personal data.
(2) Disposal procedure
- When the retention period of personal data has elapsed, the Seoul Center formulates a personal data disposal plan and proceed with the disposal. When personal data becomes unnecessary due to reasons such as achievement of the processing purpose, abolition of the relevant service, or termination of a project, it shall be disposed of in accordance with internal policies and related laws after the retention period has elapsed or the purpose of processing has been achieved. However, these provisions do not apply when personal data must be retained in accordance with other laws and regulations.
(3) Timing and method of disposal
1. Electronic files: Delete personal data and dispose of it using methods such as low-level formatting to prevent recovery or reproduction
2. Records, printed materials, written documents, or other recording media: Destroy the relevant parts completely (e.g., through incineration, shredding, etc.)
3. Personal data collected for program applications shall be disposed of within 3 days after the end of recruitment period, and in the case of electronic files, such data shall be deleted using methods that prevent recovery or restoration.
Article 7 (Security Measures or Personal Data)
(1) The Seoul Center must take the following technical, managerial, and physical measures to ensure the security of personal data:
1. Establish and implement an internal management plan in accordance with the Standards for Measures to Ensure Personal Data Security (Notice of the Ministry of the Interior and Safety);
2. Minimize, designate, and manage the necessary personal data handlers, and provide them with regular training;
3. Control access to personal data by granting, changing, and canceling access rights to the database system that processes personal data, manage the export and import of portable storage media; and control unauthorized access from outside using intrusion blocking and prevention systems;
4. Keep and manage the access records (e.g., weblogs, information summaries) to the personal data processing system for a minimum of one (1) year;
5. Encrypt, store, and manage users' personal data, apply additional security functions, such as encrypting important data during storage and transmission;
6. Install and regularly update and inspect security programs to prevent the leakage or damage of personal data caused by hacking or computer viruses, install security systems in areas with physical access restrictions, and monitor and block these systems technically and physically.
Article 8 (Remedies for Infringement of Rights and Interests)
(1) The data subject may inquire about damage relief and seek consultation regarding personal data infringement from the following institutions. For further assistance regarding the Seoul Center’s personal data complaint handling and damage relief procedures, contact the institutions below:
1. Personal Information Infringement Report Center (http://www.privacy.kisa.or.kr/): 118 (no area code)
2. Personal Information Dispute Mediation Committee (http://www.kopico.go.kr/): 1833-6972
3. Cybercrime Investigation Division of the Supreme Prosecutors' Office (http://www.spo.go.kr/): 1301
4. Korean National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr/): 182 (no area code)
(2) A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution, in response to a request made under Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing Personal Information) of the Personal Information Protection Act, may request an administrative trial under the provisions of the Administrative Appeals Act.
* For more information on administrative appeals, refer to the Central Administrative Appeals Commission (http://www.simpan.go.kr/)
(3) For inquiries regarding personal data protection and processing, call 118 to reach the Customer Center operated by the Korea Internet & Security Agency.
* Telephone inquiries: 118 (no area code) (ARS extension 2), e-mail inquiries: [email protected]
Article 9 (Request to Access Personal Data)
(1) A data subject may request access to personal data under Article 35 of the Personal Information Protection Act by contacting the following department. The Seoul Center shall promptly process the request of the data subject:
* Department in charge of receiving and processing requests for access to personal data: General Planning Team [Tel: +82-2-318-8160, Fax: +82-70-7469-0228]
(2) The data subject may request access to personal data through the Personal Information Portal operated by the Ministry of the Interior and Safety, in addition to the Seoul Center’s designated department under paragraph 1 above.
* Personal Information Portal (www.privacy.go.kr) → Personal Information Complaint → Request to access personal data (requires real-name authentication through the internet personal identification number)
Article 10 (Contact Information)
| Classification | Department | Name | Position | Contact Number | |
|---|---|---|---|---|---|
| Chief Privacy Officer | - | Woojung Hong | Director of the Center | Tel: 02-70-7467-8180 E-mail: [email protected] Fax: 02-70-7469-0228 |
|
| Privacy officers by field | Steering/Advisory Committee Employee management Handling complaints and grievances Video information processing device management |
Secretariat | Yookyung Shin |
Secretary General | Tel: 02-318-8160 E-mail: [email protected] Fax: 070-7469-0228 |
| Family Seoul website management (user management, service requests) Lecturer management Counselor management Handling complaints and grievances |
Family Service Team 1·2 | Inyoung Myung | Team Leader | Tel: 02-318-8168 E-mail: [email protected] Fax: 070-7469-0228 |
|
| Hanultari for Multicultural Families website management (user management, service requests) Employment management system (job posting, job seeker management) Handling complaints and grievances |
Center Support Team | Sehyun Kim | Team Leader | Tel: 02-318-8167 E-mail: [email protected] Fax: 070-7469-0228 |
|
| Privacy protection staff / Volunteer management |
Planning and General Affairs Team | Eunhye Ju | Team Leader | Tel: 02-318-8160 E-mail: [email protected] Fax: 070-7469-0228 |
|
* In the case of changes in personnel handling personal data due to reasons such
as transfer or reassignment, a thorough transfer of responsibilities shall be carried out, and access rights to
personal data shall be updated or revoked accordingly.
Article 11 (Installation and Operation of Video Information Processing Devices)
(1) The Seoul Center installs and operates video information processing devices as follows:
1. Basis and purpose of installation of video information processing devices: For the safety of Seoul Center’s facilities and fire prevention
2. The number, location, and recording range of installed devices: Two devices installed in main facilities (e.g., first and second-floor lobbies), with coverage of those areas
3. Manager, responsible department, and access rights: General Planning Team Leader
4. Recording time, storage period, storage location, and processing method:
(a) Recording time: 24 hours
(b) Storage period: Thirty (30) days from the time of recording
(c) Storage location and processing method: Stored and managed by the General Planning Team
5. How and where to view video information: Submit a request to the designated manager (General Planning Team: Tel +82-2-318-8160, Fax +82-70-7469-0228)
6. Procedures for data subject to request access video information: The data subject must submit a request form to view and confirm the existence of personal video information. Access is granted only when the requester is recorded in the footage or when it is necessary to protect their life, physical well-being, or financial interests.
7. Technical, administrative, and physical safeguards to protect video information: Implementation of an internal management plan, access control and permission restrictions, secure storage and transmission technologies, maintenance of processing records, prevention of forgery or alteration, and physical security measures such as storage facility controls and lock installations.
Article 12 (Changes to the Privacy Policy)
(1) This Privacy Policy shall take effect on April 10, 2026.
Attachments
- Seoul Family Center Internal Management Plan for Personal Data Protection Measures Download
Revision History
- 2022.05.09. ~ 2022.10.24. Privacy Policy Change History
- 2022.10.25. ~ 2023.05.30. Privacy Policy Change History
- 2023.05.31. ~ 2023.11.15. Privacy Policy Change History
- 2023.11.16. ~ 2024.03.17. Privacy Policy Change History
- 2024.03.18. ~ 2025.06.01. Privacy Policy Change History
- 2025.06.02. ~ 2025.12.31. Privacy Policy Change History
- 2025.12.31. ~ 2026.02.27. Privacy Policy Change History
- 2026.02.27. ~ 2026.04.10. Privacy Policy Change History