The purpose of this Guideline is to provide information on how and for what purpose that the captured image data at Factory Mutual Insurance Company Korea Branch (the “Branch”) is processed, used, and managed.

Information obtained through video surveillance will be used and retained exclusively for the purposes outlined in this guideline or as authorized or required by applicable law.

Article 1 (Reason for Installation of Image Data Processing Device(s) & Purpose of Installation)
The Branch installs and operates the image data processing device(s) for the purpose as illustrated below, and in accordance with the Clause 1, Article 25 of the Personal Information Protection Act.

  • Safety for the facility and fire prevention
  • Crime prevention for employees’ and clients’ safety

Article 2 (Definitions)

Personal Information

Personal information relating to privacy data, which can be used to identify or specify a person through name, resident registration number, as well as image (including data, which on its own, may not be sufficient to pinpoint an individual, but can be used in combination with other data to identify a person).


'Processing' refers to collection, creation, recording, storage, possession, treatment, editing, searching, printing, correction, recovery, use, provision, disclosure, destruction, and similar activities concerning personal information.

Data Subject

Data Subject of personal information refers to any individual who can be identified by references taken from the processed data.

Person-in-Charge of Image Data Processing Device Operations

This refers to the person who carries out the actual task(s) relating to installation, operation, and management of the image data processing device(s), or who is delegated or designated to perform such tasks by the manager in charge.

Article 3 (Number of Devices Installed, Location of Installation, Scope of Recording)

Number of Devices Installed Location of Installation and Scope of Recording
3 Entrance to the Office, Server Room, and Office corridor

Article 4 (Manager-in-Charge & Authorized Personnel)

Manager-in-Charge of personal image data management and authorized personnel shall be appointed with the aim to protect the personal image data and handling any complaints arising from processing of personal image data.

Name Department Contact
Manager-in-Charge Cho, Suyoung Compliance Department 02-6370-6016
Authorized Personnel Lee, Kyle IT Department 02-6370-6070

Article 5 (Recording Time of Image Data, Storage Period, Storage Location, Method of Data Processing)

Recording Time Storage Period Storage Location
Recording is activated 24/7 when a motion is detected 30 days Server: Server Room
Monitor: Compliance Officer’s Room

Processing Method: Log and keep the records relating to the use of personal image data for the purposes not prescribed in the Policy, provision of the data to a third party, destruction, and review request of the data; and permanent deletion of expired data in an irreversible way. (print outs shall be shredded or incinerated)

Article 6 (How and Where to Review Personal Image Data)

How: Contact the Manager-in-Charge first, fill out and sign “Personal Image Data Review Request and visit the Manager-in-Charge in person.

Where: Compliance Officer’s Room

Article 7 (Responding to Request to Review Data by Data Subject)

When a request for review by Data Subject is made, the review shall be limited only to the image involving the data subject and whereby such data required is for the purpose of protecting his/her physical or financial well being, or to protect the data subject from an imminent threat to his/her life. The Branch will take necessary measures when it is requested to allow a review, to confirm the existence of the personal image data, or to delete the data in question in circumstances required by applicable law.

When a review is required for criminal investigation, safety of the facility, and prevention of the fire

When a judge issues out a warrant or the court gives an order to submit the data: to be limited to the scope required for the investigation

When it meets the exceptional requirements prescribed in other laws or regulations

Except for the above, access to viewing details in the image information processing device(s) is restricted so that it cannot be viewed or disclosed.

A review shall be carried out under the supervision of Manager-in-Charge or a delegated person in accordance with the restrictions, and according to the Branch generating and administering “Personal Image Data Review Log Book.

Article 8 (Measures to Ensure Security of Personal Image Data)

As an operational and protective measure, those who can access the image data processing device(s)shall be limited to a minimum number of people. Data access may be granted to:

  • Manager-in-Charge of image data processing device and those who have access right to the device(s)

Person(s) who manages image data processing device(s)(Manager-in-Charge/access right holder) shall assign a Password to restrict access to the system.

Passwords shall only be shared with Manager-in-Charge and access right holder(s).

As a physical protection measure, access shall be controlled and to be restricted to only allow employees with access right to enter the location with image data processing devices.

Printing or copying of image data shall be approved under the supervision of Manager-in-Charge or access right holders(serial number, type, date, purpose, the department of the person who will print/copy, recipient, date of destruction (scheduled), and the person in charge of destroying data.

Data shall not be copied or viewed other than for those purposes prescribed above.

Article 9 (Installment of Notice Board)

The Branch is to install a notice board with the information below at the respective locations of the devices so that data subjects can easily recognize the device.

  • Purpose of installation
  • Scope and time of recording
  • Name and contact details of the person-in-charge of image data processing device(s)

Article 10 (Matters relating to Policy Changes on Operation and Management of Image Data Processing Device(s))

Policy on Operation and Management of Image Data Processing Device(s)may be revised in accordance with additions, deletions, or updates on requirements due to changes in regulations, regulatory policies, or security technologies. Revisions shall be announced and notified via the Branch's website 7 days prior to the revision coming into effect.

Effective Date: July 27th, 2022