Personal Information Processing Guidelines

The Seoul YMCA Marathon (hereinafter referred to as “Marathon”) hosted by the Korea Sports Tourism Marketing Association (hereinafter referred to as “Association”) is held in accordance with the Personal Information Protection Act and related laws to protect the freedom and rights of information subjects. In compliance with the law, personal information is processed legally and managed safely. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, we collect and disclose personal information processing guidelines as follows in order to inform information subjects of the procedures and standards for personal information processing and to promptly and smoothly handle complaints related thereto. The Association's personal information processing policy contains the following contents.

1. Personal information items processed
2. Purpose of processing personal information
3. Personal information retention and use period
4. Matters regarding the processing of personal information of children under 14 years of age
5. Entrustment of processing of personal information
6. Matters regarding provision of personal information to third parties
7. Information subject’s rights (viewing, correction, deletion, etc.) and how to exercise them
8. Matters related to the installation, operation, and refusal of automatic personal information collection devices
9. Matters regarding measures to ensure the safety of personal information
10. Personal information destruction procedures and methods
11. Personal information protection manager information
12. Remedy for infringement of rights and interests

1. Personal information items processed

The Association processes the following personal information items:

1. Marathon participation application
   • Required items: name, nationality, date of birth, password, participation category, gender, t-shirt size, blood type, email address, address, mobile phone number
   • Optional items: English name, best record
2. Marathon accident insurance subscription
   • Required items: (if domestic) resident registration number, (if foreign) passport number
3. Provision of goods or services
   • Required items: Payment information (payment amount, payment method, payment status, payment type), participation application date

2. Purpose of processing personal information

The Association processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following:

1. Marathon participation application
   • Personal information is processed for the purposes of identifying marathon participants (age verification, real name verification, etc.), confirming their intention to participate, sending goods, and providing marathon-related information.
2. Marathon accident insurance subscription
   • Personal information is processed for marathon participants to sign up for accident insurance.
3. Provision of goods or services
   • Personal information is processed for marathon participation fee payment and marathon-related record services.

3. Personal information retention and use period

1. The Association processes and retains personal information within the personal information retention and use period pursuant to the law or within the personal information retention and use period agreed upon when collecting personal information from the information subject.
2. The processing and retention period for each personal information is as follows:
   1. Personal information will be destroyed without delay when the marathon participant cancels participation or when the marathon event ends, whichever is earlier, or when the purpose is achieved after the marathon event ends. However, there are exceptions in cases where it can be preserved in accordance with other laws or when separate consent from the participant is obtained.
   2. Provision of goods or services: Until completion of supply of goods or services and completion of payment/settlement. However, in the following cases, until the end of the relevant period:
      • Records of transactions such as labeling, advertising, contract details, and performance pursuant to the Act on Consumer Protection in Electronic Commerce, etc.:
        • Records of labeling and advertising: 6 months
        • Records of contract or subscription cancellation, payment, supply of goods, etc.: 5 years
        • Records of consumer complaints or dispute resolution: 3 years
      • Storage of communication confirmation data in accordance with the 「Communication Secrets Protection Act」:
        • Computer communication, internet log records, access point tracking data: 3 months

4. Matters regarding the processing of personal information of children under 14 years of age

1. When collecting personal information about children under the age of 14, the Association may request minimum information such as the name and contact information of the legal representative and collect the minimum personal information necessary to perform the service with the consent of the legal representative.
2. The Association confirms whether the legal representative has given consent using one of the following methods:
   1. A method of having a legal representative indicate whether or not he/she has consented on an internet site where consent is posted and notifying the legal representative's mobile phone text message that the personal information processor has confirmed the consent.
   2. A method of having the legal representative indicate whether or not he/she consents on the Internet site where the consent is posted and receiving card information such as the legal representative's credit card and debit card.
   3. A method of having a legal representative indicate whether consent is given on the Internet site where consent is posted and confirming the identity of the legal representative through mobile phone identity verification, etc.
   4. A method of issuing a document containing the consent directly to the legal representative or delivering it via mail or fax and having the legal representative sign and seal the consent and then submit it.
   5. How to send an e-mail containing consent and receive an e-mail expressing consent from your legal representative.
   6. Inform the legal representative of the consent over the phone and obtain consent or provide instructions on how to check the consent such as the Internet address and receive consent through a phone call again.
   7. Other methods that comply with the provisions of subparagraphs 1 through 6 include notifying the legal representative of the consent and confirming the expression of intent to consent.

5. Entrustment of processing of personal information

1. In order to smoothly process personal information, the Association entrusts personal information processing as follows:

   Entrusted person (trustee)	Consignment work
   Korea Sports Tourism Marketing Association	website operation, Participant reception management and spotting app operation
   Sporting Co. Ltd.	Participation fee credit card payment
   Live Run Co. Ltd.	Delivery of goods, Goods transportation, photo operation
   Sporting Co. Ltd., Live Run Co. Ltd.	Records management

2. When concluding a consignment contract in accordance with Article 26 of the Personal Information Protection Act, the Association enters into the contract matters relating to responsibilities such as prohibition of processing personal information for purposes other than the purpose of performing consignment work, safety protection measures, restrictions on re-entrustment, management and supervision of the consignee, and compensation for damages, etc. are specified in documents, and we supervise whether the trustee handles personal information safely.
3. If the contents of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

6. Matters regarding provision of personal information to third parties

1. The Association processes the personal information of the information subject only within the scope specified in the purpose of processing personal information, and personal information is processed only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law, and is provided to a third party. Other than that, the personal information of the information subject is not provided to a third party.
2. In order to provide smooth services, the Association obtains the consent of the information subject in the following cases and provides only the minimum necessary scope:

   Recipient	Purpose of provision	What we offer	Retention and use period
   Samsung Fire & Marine Insurance	marathon participant Accident insurance subscription	(If you are a Korean) Resident registration number, (If you are a foreigner) Passport number, name, nationality, date of birth, gender, blood type, email address, mobile phone number, emergency contact network	When a marathon participant cancels participation in the marathon and after the marathon event ends

7. Information subject’s rights (viewing, correction, deletion, etc.) and how to exercise them

1. The information subject may exercise his/her rights such as requesting the Association to view, correct, delete, or suspend processing of personal information at any time.

   ※ Requests to view personal information regarding children under the age of 14 must be made directly by the legal representative. Information subjects who are minors over the age of 14 may exercise their rights regarding the personal information of the information subject themselves or through their legal representative.

2. Rights can be exercised against the Association through writing, e-mail, facsimile (FAX), etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Association will take action without delay.
3. Rights may be exercised through an agent, such as the information subject's legal representative or a person authorized to do so. In this case, you must submit a power of attorney in the form of Annex No. 11 of the “Notice on Personal Information Processing Methods (No. 2023-12).”
4. Requests to view and suspend personal information processing may limit the information subject's rights pursuant to Article 35 Paragraph 4 and Article 37 Paragraph 2 of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
6. The Association confirms whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.

8. Matters related to the installation, operation, and refusal of automatic personal information collection devices

1. The Association uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.
2. Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer
   1. Purpose of use of cookies: They are used to provide optimized information to users by identifying visit and usage patterns, popular search terms, and secure access for each service and website visited by the user.
   2. Installation, operation, and refusal of cookies: You can refuse the storage of cookies through the option settings in the Tools > Internet Options > Personal Information menu at the top of your web browser.
   3. If you refuse to store cookies, you may have difficulty using customized services.

9. Matters regarding measures to ensure the safety of personal information

When handling the personal information of information subjects, the Association is taking the following technical/administrative/physical measures to ensure safety and prevent personal information from being lost, stolen, leaked, altered, or damaged:

1. Administrative protection measures
   • Establishment and implementation of internal personal information management plan
   • Minimization and training of personal information handlers
   • Operation of a dedicated information protection organization
2. Technical protection measures
   • Restrict and minimize access to personal information
   • Install security program
   • Installation of access control system
   • Encryption of personal information
3. Physical protection measures
   • Computer room access control
   • Access control to data storage rooms, etc.

10. Personal information destruction procedures and methods

1. The Association destroys the personal information without delay when the personal information becomes unnecessary such as when the personal information retention period has passed or the purpose of processing has been achieved.
2. If personal information must continue to be preserved pursuant to other laws and regulations even though the personal information retention period agreed to by the information subject has elapsed or the purpose of processing has been achieved, the personal information must be transferred to a separate database (DB) or storage location changed. We preserve it differently.
3. The procedures and methods for destroying personal information are as follows:
   1. Destruction procedure: The Association selects personal information that requires destruction and destroys the personal information with the approval of the relevant person in charge.
   2. Destruction method: The Association destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced and personal information recorded and stored in paper documents is destroyed by shredding or incineration.

11. Personal information protection manager information

1. The Association is responsible for overall management of personal information processing and has designated a personal information protection manager as follows to handle complaints and provide relief for damage from information subjects related to personal information processing.
   • Personal information protection officer
     • Name: Taeho Kim
     • Department and position: Secretary General of the Secretariat
     • Contact: 070-7722-1290
     • E-mail: artwjr@naver.com
2. The information subject may make a request to view personal information pursuant to Article 35 of the Personal Information Protection Act to the department below and the Association will endeavor to promptly process the information subject's request to view personal information.
   • Personal information access request reception and processing department
     • Department Name: Seoul YMCA Marathon Secretariat
     • Person in charge: Director Song Jae-jin
     • Contact: 070-7766-1238
     • Email: kstma0320@naver.com

12. Remedy for infringement of rights and interests

In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. For other personal information infringement reports and consultations, please contact the organizations below.

• Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
• National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

Supplementary provisions

This privacy policy is effective from August 25, 2024.