KRPIA Privacy Policy
The Korea Research-based Pharmaceutical Industry Association (hereinafter referred to as the “Association”) lawfully processes and safely manages personal information in accordance with the Personal Information Protection Act (hereinafter referred to as the “PIPA”) and relevant laws and regulations to protect the freedom and rights of data subjects. In accordance with Article 30 of the PIPA, the Association hereby establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards regarding the processing and protection of personal information, and to facilitate the prompt and appropriate handling of complaints related thereto.
I. Purpose of Processing, Categories of Personal Information, and Retention and Use Period
- The Association collects and uses personal information only to the minimum extent necessary for the provision of services, in accordance with the PIPA.
- The Association processes personal information for the purposes explicitly stated below, and does not use the information for any purpose other than those specified. If the purpose of use is changed, the Association will take necessary measures such as obtaining separate consent pursuant to Article 18 of the PIPA.
| Legal Basis | Category | Purpose of Processing | Personal Information Items | Retention and Use Period |
|---|---|---|---|---|
| PIPA, Article 15(1)4 (Performance of a contract) | Member company information (full and associate members) | Membership Management | Name of CEO and contact person, phone number, email address | Until withdrawal of membership |
| PIPA, Article 15(1)4 (Performance of a contract) | Board of Directors information | Operation and management of the Board of Directors | Name, phone number, email address, vehicle information, resident registration number of Board member | Until withdrawal of membership or resignation from the board |
| PIPA, Article 15(1)4 (Performance of a contract) | Official website membership, Committee website membership | Membership management, Execution of tasks related to KRPIA code (e-Reporting System), Execution of tasks related to Regulatory Affairs (RA Committee Community, Clinical Activity Reporting System, R&D Survey) | Name, organization, ID, email address, phone number | Until withdrawal of membership |
II. Provision of Personal Information to Third Parties
The Association processes personal information only within the scope explicitly stated for its processing purposes, and provides personal information to third parties only in cases where consent has been obtained from the data subject, or where permitted by special provisions of laws pursuant to Articles 17 and 18 of the PIPA. The Association currently does not provide personal information to any third party.
III. Entrustment of Personal Information Processing
- The Association entrusts certain personal information processing tasks as follows to ensure the smooth handling of personal data operations.
| Entrusted Company | Entrusted Operations |
|---|---|
| Nayuntech. Co., Ltd. | Operation and maintenance of the official website and committee websites |
| JeWon Accounting Co. | • Accounting audit • Review of reimbursement documents for sponsorship for participation in academic conferences |
| Semujigi | Financial statement review of the details of expenses for academic conferences and donations |
| MCI Korea Co., Ltd. , InnoN Co., Ltd. | Event management service |
| Iron Mountain, Inc. | Storage of reimbursement and the details of expenses |
- When entering into an entrustment agreement, the Association specifies in the contract or other written documents, in accordance with Article 26 of the PIPA, matters concerning the prohibition of processing personal information beyond the purpose of performing the entrusted tasks, technical and administrative safeguards, restrictions on re-entrustment, management and supervision of the entrustee, and liability for damages. The Association also supervises the entrustee to ensure that personal information is handled securely.
- If there are any changes to the details of the entrusted tasks or the entrustee, such changes will be disclosed without delay pursuant to this Privacy Policy.
IV. Procedures and Methods for Destruction of Personal Information
- The Association promptly destroys personal information without delay when the retention period has expired, the purpose of processing has been achieved, or when the information otherwise becomes unnecessary.
- If, despite the expiration of the retention period consented to by the data subject or the achievement of the processing purpose, it is necessary to continue retaining the personal information pursuant to other laws and regulations, such personal information will be stored in a separate database (DB) or preserved in a different storage location.
-
The procedures and methods for destruction of personal information are as follows:
-
Destruction Procedure
The Association selects personal information for which grounds for destruction have arisen and destroys such information with the approval of the Personal Information Protection Officer -
Destruction Method
Personal information recorded or stored in electronic file format is destroyed in an irreversible manner so that the records cannot be restored, and personal information recorded or stored on paper is destroyed by shredding.
-
Destruction Procedure
V. Measures to Ensure the Security of Personal Information
-
The Association takes the following measures to ensure the security of personal information:
- Administrative Measures: Regular training on personal information protection, operation of a dedicated department, etc.
- Technical Measures: Access control and management of access rights to personal information processing systems.
- Physical Measures: Access control to server room, data storage room, and other facilities where personal information is stored.
VI. Rights and Obligations of Data Subjects and Methods of Exercise
- Data subjects may, at any time, exercise their rights (“Exercise of Rights”) against the Association, including requests for access, correction, deletion, suspension of processing, and withdrawal of consent regarding their personal information.
- Exercise of Rights may be made to the Association in accordance with Article 41(1) of the Enforcement Decree of the PIPA, through written documents, telephone, email, fax, or other means, and the Association will take measures without delay.
- The right of a data subject to request access to or suspension of processing of personal information may be restricted pursuant to Article 35(4) and Article 37(2) of the PIPA.
- Where other laws and regulations explicitly require the collection of such personal information, the data subject may not request the deletion of such personal information.
VII. Privacy Officer & Responsible Department
-
The Association designates the following Privacy Officer, who is responsible for overseeing tasks related to personal information processing, and for handling complaints and providing remedies for data subjects in connection with personal information processing.
-
Privacy Officer
Name: Woo-Hyoung Cho, Head of EBP & Compliance -
Responsible Department
Department: EBP & Compliance
Contact (Telephone/Fax): 02-501-2928/02-456-8320
-
Privacy Officer
- Data subjects may direct inquiries regarding personal information protection, including complaints and remedies for damage, to the Privacy Officer and the Responsible Department. The Association will provide prompt answers and handle such inquiries without delay.
VIII. Remedies for Infringement of Rights
Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet Security Agency (KISA), etc. in order to obtain remedies for damages caused by personal information infringement. For other reports or consultations regarding personal information infringement, please contact the organizations below:
- Personal Information Dispute Mediation Committee: ☎ 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center, KISA: ☎ 118 (privacy.kisa.or.kr)
- Korean National Police Agency: ☎ 182 (ecrm.police.go.kr)
IX. Amendment to the Privacy Policy
This Privacy Policy has been effective since September 1, 2025.