The Asian Cyber Security Challenge (ACSC) Steering Committee (hereinafter referred to as the “Committee”) has established the following policy regarding the handling of personal information, and users agree to it.
The definition of terms in this document shall be in accordance with the Act on the Protection of Personal Information (hereinafter referred to as the “Personal Information Protection Act”) and related laws and regulations.
1. Compliance with Relevant Laws and Regulations, and Guidelines
2. Acquisition of Personal Information
The Committee will acquire your personal information through legal and appropriate means.
3. Purpose of Use of Personal Information
The Committee will use your personal information within the scope of the following purposes of use or within the scope of the purposes of use that are clear from the circumstances under which the information was obtained, and will not use it for any other purposes unless the Committee have your consent or are permitted to do so by laws and regulations.
- ACSC2021 (hereinafter referred to as the "Event")
- After-event service and support
- Notification of other information at related events
- To respond to inquiries and consultations from customers
- Requests for payment, refunds, payments, and related work
- Improving the quality of registrant support and preventing problems
4. Entrustment of Personal Data
In order to facilitate our business and provide better services to our customers, the Committee may outsource the handling of personal data of our customers to our partner companies. However, the personal data to be entrusted will be limited to the minimum information necessary to carry out the entrusted business.
5. Provision of Personal Data to Third Parties
The Committee will not provide your personal data to a third party (excluding contractors) unless the Committee has your prior consent or are permitted to do so by law. The Committee will not provide your personal data to third parties (excluding contractors) without your prior consent or when permitted by law.
6. Management of Personal Data
Ensuring the Accuracy of Data ContentThe Committee will endeavor to keep the personal data of customers accurate and up-to-date to the extent necessary to achieve the purpose of use, and to delete such personal data when it is no longer necessary to use it.
Safety Management MeasuresThe Committee will take necessary and appropriate measures to prevent the leakage, loss, or damage of customers' personal data and for other safety management.
Supervision of EmployeesWhen the Committee allows its employees to handle the personal data of our customers, the Committee will ensure that they are familiar with the proper handling of personal information, provide them with appropriate training, and supervise them in a necessary and appropriate manner.
Supervision of ContractorsWhen entrusting the handling of customers' personal data to a subcontractor, the Committee will select a subcontractor that has taken appropriate security management measures and will provide necessary and appropriate supervision to the subcontractor.
7. Acceptance of Personal Data in Possession
- If a customer or its agent requests notification of the purpose of use of retained personal data, the Committee will notify the customer or its agent without delay, except in the following cases:
- When the purpose of use of retained personal data that identifies the customer is clear;
- When there is a risk of harm to the life, body, property, or other rights or interests of the customer or a third party;
- When there is a risk of harm to the rights or legitimate interests of the Committee; or
- When it is necessary to cooperate with a national agency or a local government in executing affairs prescribed by laws and regulations, and when there is a risk of interfering with the execution of said affairs.
- When a customer or its agent requests disclosure of retained personal data, the Committee will notify the customer without delay, except in the following cases:
- When there is a risk of harm to the life, body, property, or other rights and interests of the customer or a third party
- When there is a risk of significant hindrance to the proper execution of the Committee's business.
- When it would violate laws and regulations
- If a customer or its agent requests the correction, addition, or deletion of retained personal data, the Committee will investigate the request without delay and take appropriate action based on the results.
- In the event that a customer or its agent requests the cessation of use or deletion of retained personal data, and it is found that there is a reason for the request, the Committee will take appropriate action.
- If you wish to make a request as described in the preceding four paragraphs, please fill out the Committee’s prescribed request form and send it together with the documents described in the request form to the Committee’s contact point as described in 8 below. The personal information provided by the customer will be used for the purpose of responding to the customer's request and will be kept strictly confidential. Please note that the Committee will not send back the request form and attached documents.
8. Contact for Inquiries and Complaints
The Asian Cyber Security Challenge (ACSC) Steering Committee Secretariat
(Except Saturdays, Sundays, national holidays and the Committee’s holidays.)
10. Governing Law and Jurisdiction
[Prescribed on 9/16/2021]