Personal Information Policy
The International Women’s Peace Group is committed to protecting the security of your personal information
▉ Personal Information Policy of the International Women’s Peace Group
The International Women’s Peace Group (hereinafter referred to as “IWPG”) complies with the Personal Information Protection Act and any subordinate statutes for the freedom and protection of the principals of information. According to Article 30 of the Personal Information Protection Act, IWPG informs the information principals (hereinafter also referred to as “users” or “members” or “principals”) of the purpose and method of collecting and using personal information (hereinafter also referred to as “information”) provided by members and announces the following policies to respond and deal with various related issues. This policy applies to all websites owned and run by IWPG.
IWPG collects the following personal information.
1) The purpose of personal information collection, the items to be collected, and its retention and usage
< Membership application through the website >
■ Purpose: member identification, notification of membership and CS services
■ Mandatory personal information items to be collected: ID, password, name, date of birth, gender, phone number, email
■ Optional personal information items to be collected: country of residence, district of residence, occupation, title, branch, reason for application
■ Duration of retention and usage: 3 months after membership withdrawal
< Donation application >
■ Purpose: confirmation of donation consent, data management
■ Individual: name, phone number, email, address, member classification (region data)
■ Corporate: name, phone number, email, address, member classification (region data)
■ Duration of retention and usage: 5 years after termination of donation
< Donation payment >
■ Purpose: automatic electronic transfer(Cash Management Service; CMS) or credit card payment
– Automatic electronic transfer (CMS): bank, name of account holder, bank account number, date of birth, amount of donation
– Credit card: credit card company, name of cardholder, expiration date, date of birth/corporate registration number, amount of donation
■ Duration of retention and usage: 5 years after termination of donation
■ Social security number: issuance of receipts for contribution and registration in the year-end tax adjustment service
「Income Tax Act」 Article 21 Other Income, Article 127 Liability for Withholding Taxes, Article 164 Submission of Statement of Payment
5 years from the issuance of the receipt for contribution
< DPCW support signature >
■ Purpose: gathering support for the DPCW to be legislated as an international law
■ Personal information items to be collected: name, country, email
■ Duration of retention and usage: until the achievement of the goal or 5 years after the bill proposal
< Signup for newsletters or peacemails >
■ Purpose: distribution of IWPG news through email
■ Optional personal information items to be collected: name, email
■ Duration of retention and usage: until withdrawal of consent
< Event invitations and notification services >
■ Purpose: providing news and details on and invitations to events that IWPG is hosting, organizing or involved with
■ Mandatory personal information items to be collected: country/region, name, gender, affiliation, contact etc.
■ Optional personal information items to be collected: email etc.
■ Duration of retention and usage: 3 months after the event
< Education services >
■ Purpose: providing education services distributed by and involved with IWPG, i.e. Peace Education, and management of service beneficiaries
■ Mandatory personal information items to be collected: country/region, name, date of birth, gender, affiliation, occupation, contact(phone number), address
■ Optional personal information items to be collected: 5 years after the purpose has been accomplished
2) Method of information collection
Website, paper form, donation application, event application, collection through expanded platforms such as social media, campaigns, fax, phone etc.
1) IWPG processes personal information only within the range stipulated in Article 1 Purpose of Personal Information Collection, and will provide personal information to a 3rd party only under the following situations:
1. When the principal information has consented
2. Under specific requests pertaining to legal restrictions such as Article 17 and 18 of the Personal Information Protection Act.
3. When there has been a legitimate request from a government agency according to the law, such as a warrant
4. When there are specific needs according to the operations and service provisions of IWPG
2) The IWPG HQ, branches, and all relevant and/or affiliation organizations/institutions are all equal personal information managers, not a 3rd party and defined in this article. As a result, personal information transfer between these entities does not require any separate consent from the personal information owner.
IWPG immediately destroys personal information when the information is no longer needed, such as when the information retention period has passed or when the purpose of the informational collection has been accomplished
1) Destruction procedure
After the purpose is achieved, the member’s information is transferred to a separate DB (separate filing cabinet in the case of paper), stored for a certain period, and then destroyed for information protection according to internal policies and other related laws (refer to the retention and use period). Personal information transferred to a separate DB is not used for purposes other than simple preservation unless required by law.
< Stored information: history of issuance of receipt for contribution >
■ Evidence of storage: Income Tax Act, Corporate Tax Act
■ Storage duration: 5 years
< Stored information: information related to business transactions >
■ Evidence of storage: Commercial Act, Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, etc.
■ Duration of storage
– Records on contracts or withdrawal of subscriptions: 5 years
– Records on payment or provision of goods: 5 years
– Records on customer complaints and conflict settlement: 3 years
< Log-in history >
■ Evidence of storage: Protection of Communications Secrets Act
■ Duration of storage: 3 months
2) Method of destruction
Personal information stored in file format is deleted using a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.
1) IWPG only collects and uses users’ personal information within the range of consent and in principle does not use the information beyond this range and does not provide users’ personal information to outside sources without the users’ consent
2) However, the following cases are exceptions:
■ When the information principal has consented
■ For information essential to the enforcement of the service contract: when it is almost impossible to receive members’ consent due to economic or technical circumstances
■ Under specific requests pertaining to legal restrictions such as Article 17 and 18 of Personal Information Protection Act.
■ When a government agency makes a request in accordance with the provisions of the law or according to the procedure and method specified in the law for investigation purposes, such as a warrant
■ When it is considered necessary to disclose the information in order to take legal action against any person or actor that violates the IWPG’s agreement of utilization, exploits IWPG’s services to inflict harm on another, or harms traditional customs
■ When there are specific needs according to the operations and service provisions of IWPG
3) The IWPG HQ, branches, and all relevant and/or affiliation organizations/institutions are all equal personal information managers, not a 3rd party and defined in this article. As a result, personal information transfer between these entities does not require any separate consent from the personal information owner.
IWPG entrusts and outsources its operations to an external professional company for membership fee payment deposit and withdrawal service, fulfillment of members’ rights, and service stabilization
1) Entity who receives personal information: [NICE Payments Co., Ltd.] THE BILL cash management service
■ Recipient’s purpose of personal information usage: approval and settlement of membership fee payment by CMS method
■ Personal information items to be provided: bank name, account number, name, account holder’s date of birth, membership fee payment amount
2) Entity who receives personal information: [NICE Payments Co., Ltd.] THE BILL cash management service
■ Recipient’s purpose of personal information usage: credit card/mobile phone membership fee payment approval and settlement
■ Personal information collection items: refers to all information for each payment method presented through the Account/Credit Card Automatic Withdrawal Application Form provided by the corporation—the applicant’s name, email address, contact information, mobile phone number, and payment method selection information, bank name (card company), corporate number, account holder name (cardholder name), bank account (credit card) number, date of birth, card expiration date, card name, card number, mobile phone number
① Personal information principals can exercise their rights to their personal information, such as to view, change, delete, and process the information.
② This exercise of rights in Clause ① can be made through written document or email according to Article 41 Clause 1 of the Personal Information Protection Act, and IWPG will make sure to answer to the request immediately.
③ The exercise of rights in Clause ① can be made by any authorized agent of the personal information principal, such as a legal representative. In this case, the person must submit a letter of attorney according to the template in [Appendix 11] of the Announcement on Personal Information Processing Methods (2020-7).
④ The request to view or process one’s personal information may be restricted in accordance with Personal Information Protection Act Article 35 Clause 4 and Article 37 Clause 2.
⑤ The right to change or delete one’s personal information may be restricted if the personal information is stipulated as an item to be collected in other laws.
⑥ When receiving a request to delete, change, or suspend the processing of personal information, IWPG will confirm whether the requester is the personal information principal or a legitimate agent, and if the requester is unidentified or found not to be a legitimate eligible requester, the request may be denied or restricted.
In accordance with Article 29 of the Personal Information Protection Act, IWPG takes technical/administrative and physical measures necessary to ensure security as follows:
1) Minimization and training of personnel handling personal information
IWPG is implementing measures to manage personal information by designating employees in charge of handling personal information and limiting access to information to only those PICs
2) Establishment and implementation of an internal management plan
IWPG has established and implemented an internal management plan for the safe processing of personal information.
3) Encryption of personal information
The user’s password is stored and managed in an encrypted form, so only the person can know it. For important data, separate security functions such as encrypting files and transmission data or the file lock function are in place.
4) Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information by hacking or computer viruses, IWPG has installed a security program, which is periodically updated and inspected and installed in an area where access is controlled from the outside to monitor and block any technical/physical risks.
■ Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information and blocking any external unauthorized access from outside using an intrusion prevention system.
■ Other
All information related to login to the membership application and personal information change web page is encrypted and cannot be decrypted. In addition, IWPG does not provide an administrator function that handles large amounts of personal information on the website.
1) IWPG can use ‘cookies’ that save and recall data in order to provide catered services for the users.
2) Cookies are small amounts of data that the server(http) used to maintain the website sends to the user’s PC browser, and this data is sometimes saved in the hard drive within the user’s PC.
① Purpose of cookies: Cookies are used to identify the pattern, popular key words, security level etc. of users that visit a certain website or service in order to provide tailored information to the user.
② The installation/operation or restriction of cookies: The user may block cookie savings by clicking the top of the web browser: “Tools > Internet options > Personal Information Options”
③ The user may not be able to receive tailored service when blocking cookies.
According to Article 15 Clause 3 and Article 17 Clause 4 of the Personal Information Protection Act and considering Article 14-2 of the Enforcement Decree of the Personal Information Protection Act, IWPG may additionally use and provide personal information without the consent of the personal information principal. When providing or using personal information additionally without the principal’s consent, IWPG takes into consideration the following:
① Whether the purpose of the additional usage/provision is relevant to the initial purpose of the information collection
② Whether this additional usage/provision is predictable according to the past history or practices of personal information collection and usage
③ Whether this additional usage/provision of personal information violates the interests of the personal information principal
④ Whether IWPG has taken proper security measures such as pseudonymization or encryption
IWPG appoints the relevant department and personal information manager as follows in order to protect members’ personal information and to handle complaints related to personal information.
■ Personal Information Manager
– Title: Director-General of Information Communications
– Phone number: +8225777440
– Email: iwpg@iwpg.org
If members wish to request rectification for infringement of their personal information, they can reach out to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency for conflict settlement or consultation.
■ Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
■ Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
■ Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
■ Police Cyber Investigation Bureau: 182 (ecrm.police.go.kr)
This Personal Information Policy goes into effect starting from 1 January 2025. The details of the policy and past versions are disclosed and can be tracked on the IWPG website, per Article 30 of the Personal Information Protection Act
■ Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
■ Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
■ Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
■ Police Cyber Investigation Bureau: 182 (ecrm.police.go.kr)
Present Personal Information Policy
Previous Personal Information Policy (2023.08.23 ~ 2024.08.19)
Previous Personal Information Policy (2024.08.19~2025.01.01)
