The purpose of this Guideline is to provide information on how and for what purpose that the captured image data at Factory Mutual Insurance Company Korea Branch (the “Branch”) is processed, used, and managed.
Information obtained through video surveillance will be used and retained exclusively for the purposes outlined in this guideline or as authorized or required by applicable law.
Article 1 (Reason for Installation of Image Data Processing Device(s) & Purpose of Installation)
The Branch installs and operates the image data processing device(s) for the purpose as illustrated below, and in accordance with the Clause 1, Article 25 of the Personal Information Protection Act.
Article 2 (Definitions)
①Personal Information
Personal information relating to privacy data, which can be used to identify or specify a person through name, resident registration number, as well as image (including data, which on its own, may not be sufficient to pinpoint an individual, but can be used in combination with other data to identify a person).
②Processing
'Processing' refers to collection, creation, recording, storage, possession, treatment, editing, searching, printing, correction, recovery, use, provision, disclosure, destruction, and similar activities concerning personal information.
③Data Subject
Data Subject of personal information refers to any individual who can be identified by references taken from the processed data.
④Person-in-Charge of Image Data Processing Device Operations
This refers to the person who carries out the actual task(s) relating to installation, operation, and management of the image data processing device(s), or who is delegated or designated to perform such tasks by the manager in charge.
Article 3 (Number of Devices Installed, Location of Installation, Scope of Recording)
| Number of Devices Installed | Location of Installation and Scope of Recording |
|---|---|
| 3 | Entrance to the Office, Server Room, and Office corridor |
Article 4 (Manager-in-Charge & Authorized Personnel)
Manager-in-Charge of personal image data management and authorized personnel shall be appointed with the aim to protect the personal image data and handling any complaints arising from processing of personal image data.
| Name | Department | Contact | |
|---|---|---|---|
| Manager-in-Charge | Cho, Suyoung | Compliance Department | 02-6370-6016 |
| Authorized Personnel | Lee, Kyle | IT Department | 02-6370-6070 |
Article 5 (Recording Time of Image Data, Storage Period, Storage Location, Method of Data Processing)
| Recording Time | Storage Period | Storage Location |
|---|---|---|
| Recording is activated 24/7 when a motion is detected | 30 days | Server: Server Room Monitor: Compliance Officer’s Room |
Processing Method: Log and keep the records relating to the use of personal image data for the purposes not prescribed in the Policy, provision of the data to a third party, destruction, and review request of the data; and permanent deletion of expired data in an irreversible way. (print outs shall be shredded or incinerated)
Article 6 (How and Where to Review Personal Image Data)
①How: Contact the Manager-in-Charge first, fill out and sign “Personal Image Data Review Request and visit the Manager-in-Charge in person.
②Where: Compliance Officer’s Room
Article 7 (Responding to Request to Review Data by Data Subject)
①When a request for review by Data Subject is made, the review shall be limited only to the image involving the data subject and whereby such data required is for the purpose of protecting his/her physical or financial well being, or to protect the data subject from an imminent threat to his/her life. The Branch will take necessary measures when it is requested to allow a review, to confirm the existence of the personal image data, or to delete the data in question in circumstances required by applicable law.
②When a review is required for criminal investigation, safety of the facility, and prevention of the fire
③When a judge issues out a warrant or the court gives an order to submit the data: to be limited to the scope required for the investigation
④When it meets the exceptional requirements prescribed in other laws or regulations
⑤Except for the above, access to viewing details in the image information processing device(s) is restricted so that it cannot be viewed or disclosed.
⑥A review shall be carried out under the supervision of Manager-in-Charge or a delegated person in accordance with the restrictions, and according to the Branch generating and administering “Personal Image Data Review Log Book.
Article 8 (Measures to Ensure Security of Personal Image Data)
①As an operational and protective measure, those who can access the image data processing device(s)shall be limited to a minimum number of people. Data access may be granted to:
②Person(s) who manages image data processing device(s)(Manager-in-Charge/access right holder) shall assign a Password to restrict access to the system.
③Passwords shall only be shared with Manager-in-Charge and access right holder(s).
④As a physical protection measure, access shall be controlled and to be restricted to only allow employees with access right to enter the location with image data processing devices.
⑤Printing or copying of image data shall be approved under the supervision of Manager-in-Charge or access right holders(serial number, type, date, purpose, the department of the person who will print/copy, recipient, date of destruction (scheduled), and the person in charge of destroying data.
⑥Data shall not be copied or viewed other than for those purposes prescribed above.
Article 9 (Installment of Notice Board)
The Branch is to install a notice board with the information below at the respective locations of the devices so that data subjects can easily recognize the device.
Article 10 (Matters relating to Policy Changes on Operation and Management of Image Data Processing Device(s))
Policy on Operation and Management of Image Data Processing Device(s)may be revised in accordance with additions, deletions, or updates on requirements due to changes in regulations, regulatory policies, or security technologies. Revisions shall be announced and notified via the Branch's website 7 days prior to the revision coming into effect.
Effective Date: July 27th, 2022