When creating a recruitment site, refer to this template to create your privacy policy document!
Parts like "{Company Name}" need to be edited.
"{Company Name}" (hereinafter 'the Company') establishes and discloses the following privacy policy pursuant to Article 30 of the Personal Information Protection Act, in order to guide data subjects on the procedures and standards for processing personal information and to enable prompt and smooth handling of related grievances.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the Personal Information Protection Act.
Conducting recruitment process: Identifying applicants, confirming intention to apply, conducting recruitment process such as interviews, conveying notices, using reference materials for ongoing recruitment
Responding to inquiries related to joining and recruitment
Smooth communication with job applicants
Used for calculating treatment upon final selection, verifying identity of new employees, concluding/performing employment contracts (personnel placement, employee benefits and salary contracts, etc.), and preparing employee rosters and payroll ledgers
Article 2 (Processing and Retention Period of Personal Information)
The Company processes and retains personal information within the personal information retention and use period stipulated by law or the personal information retention and use period agreed upon when collecting personal information from data subjects, and in principle, destroys personal information without delay when the purpose of processing personal information is achieved or when a data subject requests deletion.
However, the personal information of job applicants is retained in the Company's talent pool for "{Processing and Retention Period}" and may be used for ongoing recruitment from that talent pool when recruitment is needed. If a job applicant wishes to delete their personal information, that information will be deleted without delay.
Article 3 (Personal Information Items Processed)
The Company processes the following personal information items.
Required items
Name, contact information, email, application route, career information, educational background, military service status (if applicable), disability status (if applicable), veteran status (if applicable), and all information in the resume and career description that may identify an individual
Optional items
Portfolio (if submitting a file containing personal information), additional links (when providing URLs for personally managed sites such as personal blogs, websites, etc.), and all other information directly entered or uploaded via attachments that may identify an individual
During service use
User browser type and OS, visit records (IP information, access time), cookies
Article 4 (Provision of Personal Information to Third Parties)
The Company uses personal information only within the scope notified in Article 1 (Purpose of Processing Personal Information) and Article 3 (Personal Information Items Processed), and does not use personal information beyond that scope or disclose or provide personal information externally without prior consent of the data subject. However, exceptions are made in the following cases.
When the data subject has given prior consent
When required by law or when an investigation agency requests it in accordance with procedures and methods prescribed by law for investigative purposes
Article 5 (Entrustment of Personal Information Processing)
The Company entrusts personal information processing as follows for smooth personal information business processing.
Entrusted Party (Trustee) | Entrusted Tasks |
flex Inc. | Development and maintenance of recruitment site and flex, system operation and management |
2. When concluding entrustment contracts, the Company specifies matters related to liability such as prohibition of personal information processing outside the purpose of the entrusted work, technical and administrative protection measures, restrictions on re-entrustment, supervision and management of trustees, and damages in documents such as contracts pursuant to Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
3. If the content of the entrusted work or the trustee changes, we will disclose it through this privacy policy without delay.
Article 6 (Procedures and Methods for Destruction of Personal Information)
The Company destroys the relevant personal information without delay when it becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the processing purpose.
If personal information must continue to be preserved in accordance with other laws despite the expiration of the personal information retention period agreed upon by the data subject or the achievement of the processing purpose, the personal information is moved to a separate database (DB) or stored in a different storage location.
The procedures and methods for destroying personal information are as follows.
Destruction procedure: The Company selects personal information for which grounds for destruction have arisen and destroys it with the approval of the Company's Personal Information Protection Officer.
Destruction method: The Company destroys personal information recorded and stored in electronic file format so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.
Article 7 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives )
Data subjects may exercise rights such as requesting access, correction, deletion, and suspension of processing of personal information against the Company at any time.
The exercise of rights may be done in writing or by electronic mail in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
The exercise of rights may also be done through an agent, such as the data subject's legal representative or a person who has received a power of attorney. In this case, a power of attorney pursuant to Form 11 of the Annex to the "Notice on Methods of Processing Personal Information (No. 2020-7)" must be submitted.
Requests for access to personal information and suspension of processing may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
The Company verifies whether the person making a request for access, correction/deletion, or suspension of processing pursuant to the data subject's rights is the person themselves or a legitimate agent.
Article 8 (Measures to Ensure Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.
Administrative measures: Establishment and implementation of internal management plans, regular employee training
Technical measures: Management of access rights to personal information, installation of access control systems, encryption of personal information, installation and updating of security programs against hacking, etc., retention of access records and prevention of forgery and alteration
Physical measures: Use of locking devices for document security, access control for unauthorized persons
Article 9 (Matters Regarding Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)
The Company uses 'cookies' that store usage information and retrieve it from time to time in order to provide individualized customized services to users.
Cookies are small pieces of information sent by the server used to operate websites to the user's computer browser and may also be stored on the hard disk of the user's PC computer.
Purpose of cookie use: Used to understand the visit and usage patterns for each service and website visited by the user, popular search terms, security access status, etc., in order to provide users with optimized information.
Cookie installation, operation and rejection: You can refuse cookie storage by going to Tools > Internet Options > Privacy menu option settings at the top of the web browser.
If you refuse to store cookies, you may have difficulty using customized services.
Article 10 (Personal Information Protection Officer)
The Company designates a Personal Information Protection Officer as follows to take overall responsibility for personal information processing work and to handle complaints and damage relief from data subjects related to personal information processing.
[Personal Information Protection Officer]
Name: "{Name of HR team lead, organization head, or person in charge}"
Title: "{Position}"
Contact:"{Contact}"
Email: "{Email Address}"
Article 11 (Request for Access to Personal Information)
Data subjects may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department below.
The Company will strive to process data subject's requests for access to personal information promptly.
[Department for Receiving and Processing Personal Information Access Requests]
Department Name: "{Department Name}"
Email: "{Email Address}"
Article 12 (Remedies for Infringement of Rights)
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. to receive relief from personal information infringement. For other reports and consultations regarding personal information infringement, please contact the institutions below.
Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
The Company guarantees data subjects' right to self-determination of personal information and strives to provide consultation and damage relief from personal information infringement. If you need to report or consult, please contact the department below.
[Customer Consultation and Report Related to Personal Information Protection]
Department Name: "{Department Name}"
Email: "{Email Address}"
A person whose rights or interests have been infringed by a disposition or inaction of the head of a public institution in response to a request under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
[Central Administrative Appeals Commission]
(without area code) 110 (www.simpan.go.kr)
Article 13 (Changes to Privacy Policy)
This privacy policy is effective from "{YYYY.MM.DD.}"
The previous privacy policy can be found below.
"{URL of Previously Changed Privacy Policy}"