Provide personal information to third parties

In principle, ksss2024 shall process the personal information of the data subject within the scope specified for the purpose of collection and use, and shall not be processed beyond the scope of the original purpose or provided to a third party without the prior consent of the data subject, except in the following cases.
In the case of obtaining separate consent from the data subject,
If there are special provisions in the law,
Where the data subject or legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc., and is clearly deemed necessary for the immediate life, body, and property interests of the data subject or a third party.
If personal information is provided in a form that cannot be recognized as necessary for the purpose of statistics preparation and academic research,
Where it is impossible to perform duties under the jurisdiction of other Acts unless personal information is used for purposes other than its purpose or provided to a third party, it has been deliberated and resolved by the Protection Committee in case
If necessary to provide foreign information or international organizations for the implementation of treaties or other international agreements,
If necessary for the investigation of crimes and for the filing and maintenance of prosecution,
If necessary for the performance of court's judicial affairs
If necessary for the execution of sentence, custody, and protective disposition,
Consignment of personal information processing
In the case of entrusting the processing of ksss2024 personal information, it is processed according to a document containing the following contents and supervises whether the trustee handles personal information safely.
Matters concerning the prohibition of the processing of personal information other than the purpose of performing entrusted duties.
Matters concerning the management and technical protection of personal information.
Matters concerning the safety management of personal information.
Matters concerning the purpose and scope of consignment work, restrictions on re-consignment, measures to secure personal information safety, supervision such as checking the management status of personal information held in connection with consignment work, and liability for damages in case the trustee violates his/her obligation to comply with it.
In addition, in the case of entrusting the processing of personal information, related matters are posted on the website under the jurisdiction of each department to guide the data subject to check, We inform you that there is no additional consignment on our website.

The rights and obligations of the data subject and the method of exercising them
The data subject (referring to a legal representative in the case of under the age of 14) may exercise the right to protect personal information at any time, such as reading, correction, deletion, and suspension of processing.
① The exercise of rights can be done in writing, e-mail, and fax after completion in accordance with attached Form 8 of the Enforcement Regulations of the Personal Information Act, and we will take action without delay.
② If the data subject requests correction or deletion of personal information errors, the relevant personal information shall not be used or provided until the correction or deletion is completed.
③ The exercise of rights can be done through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ Requests to view and suspend processing of personal information may limit the rights of the data subject under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be requested to be deleted if the personal information is specified as a collection target in other laws.
⑥ Check whether the Chinese characters are themselves or legitimate agents for requests for reading, correction and deletion, and suspension of processing according to the data subject's rights.


Procedures and methods for destroying personal information In principle, the Korean Urology Association destroys personal information for which the purpose of processing personal information has been achieved without delay. The procedure, deadline, and method of destruction are as follows.

Destruction procedure
Personal information is immediately transferred to a separate space after the purpose is achieved and stored for a certain period of time in accordance with internal policies and other relevant laws and regulations before being destroyed. Personal information transferred to a separate space is not used for any other purpose unless it is by law.
Deadline for destruction and method of destruction
If the retention period expires, or personal information becomes unnecessary, such as achieving the purpose of processing personal information, or abolishing the relevant work, it shall be destroyed without delay. Information in the form of electronic files uses a technical method that cannot reproduce records, and personal information printed on paper is shredded with a shredder or destroyed by incineration.
Measures to ensure the safety of personal information
Minimize personal information handling staff and train them
Employees who handle personal information are designated and managed only for the number of people who are absolutely necessary, and training for safe management is provided for the handling staff.
Restricting access to personal information
We take necessary measures to control access to personal information by granting, changing, and canceling access to personal information processing systems that process personal information, and control unauthorized access from outside using an intrusion prevention system.
Keep Access Records
We keep and manage records (web logs, summary information, etc.) connected to the personal information processing system for at least one year.
Encrypting Personal Information
Personal information is stored and managed securely through encryption. It also uses separate security features, such as encrypting and using sensitive data during storage and transfer.
Installation, periodic inspection, and update of security programs
In order to prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed and regularly updated and inspected.
Access control for unauthorized persons
There is a separate physical storage place for the personal information system that stores personal information, and access control procedures are established and operated.