Privacy Policy

Digital Human Rights Watch Privacy Policy

​

Digital Human Rights Watch (hereinafter referred to as 'the Organization') complies with personal information protection regulations under relevant laws, including the Personal Information Protection Act. To protect users' personal information and rights, and to smoothly handle user grievances related to personal information, the Organization has established the following privacy policy. This policy may be changed due to amendments to laws, changes in government policies, changes in the Organization's internal policies, or changes in security technology. Any changes will be announced through notices on the website (or individual notifications).

Article 1 (Purpose of Processing Personal Information) The Organization processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below. If the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be implemented.

• Service Provision and Victim Support:

  • Receiving and counseling on digital sexual violence victim content, including non-consensual leaked sexual videos.

  • Supporting requests for deletion of harmful posts and securing electronic evidence.

  • Connecting and supporting specialized organizations for legal and psychological counseling.

  • Supporting anonymous user identity verification procedures (if necessary).

• Sponsor and Member Management:

  • Sponsorship payment processing, issuance of donation receipts, and management of sponsorship details.

  • Membership registration and management, delivery of notices, and sending of newsletters (with consent).

• Campaign and Education Activities:

  • Guidance and management of participation in various campaigns.

  • Guidance and application processing for digital human rights education programs.

• Website Operation and Improvement:

  • Website access statistics analysis, service improvement, and development.

• Policy Research and Advocacy Activities:

  • (If necessary, in an unidentifiable form) Research on digital human rights infringement cases and statistical analysis.

  • Utilization of basic data for policy proposals and advocacy activities.

Article 2 (Items of Personal Information Processed and Collection Methods)

• Collected Items:

  • When requesting victim support and counseling:

    • Required: Name, contact information (email, phone number), detailed victim content, relevant URLs, evidence (images, videos, etc.).

    • Optional: Age, gender, and other information necessary to understand the victim's situation.

  • When applying for sponsorship: Name, contact information, date of birth (for donation receipt issuance), payment information (account number, card number, etc.), address.

  • When registering as a member: ID, password, name, nickname, email address, contact information.

  • When participating in campaigns/education: Name, contact information, email address, and other information necessary for participation.

  • Automatically collected items: Service usage records, access logs, cookies, access IP information.

• Collection Methods:

  • Consultation application, sponsorship application, member registration forms on the website.

  • Consultation and inquiries via email, phone, or written correspondence.

  • Automatic generation and collection during the service usage process.

Article 3 (Processing and Retention Period of Personal Information) The Organization processes and retains personal information within the personal information retention and usage period stipulated by law or agreed upon by the data subject at the time of collection.

• Information related to victim support: 5 years after the termination of support services (unless there is a separate request from the data subject or a provision in other laws, in which case those provisions apply) or until the data subject requests deletion. However, anonymized statistics and research data may be permanently preserved.

• Sponsor/Member information: Until sponsorship is suspended or membership is withdrawn. However, it may be retained for a certain period for the issuance of donation receipts and accounting processing according to relevant laws (e.g., 5 years) before being destroyed.

• Website usage records: 3 months (Telecommunications Secret Protection Act).

• Other information: Destroyed without delay upon achievement of the purpose of collection and use.

Article 4 (Provision of Personal Information to Third Parties) The Organization provides personal information to third parties only with the consent of the data subject or when there are special provisions in the law, as stipulated in Articles 17 and 18 of the Personal Information Protection Act.

• For victim support purposes (with separate consent from the data subject):

  • Lawyers or legal aid organizations for legal support linkage.

  • Counseling agencies for psychological counseling support linkage.

  • Domestic and international partner organizations for deletion support work cooperation (e.g., LEXON, StopNCII, etc.).

• For sponsorship payment: Payment gateway (PG) companies.

• When required by law: If an investigative agency requests it for investigative purposes according to procedures and methods prescribed by law.

Article 5 (Consignment of Personal Information Processing)

The Organization may entrust the processing of personal information as follows for smooth personal information processing.

When concluding a consignment contract, the Organization specifies matters concerning the prohibition of processing personal information for purposes other than the entrusted work, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and liability for damages in documents such as contracts, in accordance with Article 26 of the Personal Information Protection Act. The Organization also supervises whether the consignee processes personal information safely. If the content of the entrusted work or the consignee changes, it will be disclosed through this privacy policy without delay.

Article 6 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)

Data subjects may exercise the following rights related to personal information protection against the Organization at any time.

• Request for access to personal information.

• Request for correction if there are errors, etc.

• Request for deletion.

• Request for suspension of processing.

The exercise of rights under Paragraph 1 can be done in writing, by phone, email, or fax to the Organization, and the Organization will take action without delay.

If the data subject requests correction or deletion of errors in personal information, the Organization will not use or provide the personal information until the correction or deletion is completed.

The exercise of rights under Paragraph 1 can be done through a legal representative of the data subject or a person entrusted by them. In this case, a power of attorney in the form of Appendix 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.

For the processing of personal information of children under 14 years of age, consent from a legal representative must be obtained. The legal representative can exercise the rights to access, correct/delete, and suspend processing of the child's personal information. (However, due to the nature of DHRW services, direct service requests from children under 14 may be restricted, and requests and support through a legal representative may be the principle.)

Article 7 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices) The Organization, in principle, does not use 'cookies' to store and retrieve user information for providing individualized customized services. However, if it is used in a limited, anonymized form for basic website functionality or statistical analysis, users have the option to allow all cookies, confirm each time a cookie is stored, or refuse to store all cookies by setting options in their web browser. (Refusal may make it difficult to use some services.)

Article 8 (Destruction of Personal Information) The Organization destroys personal information without delay when it becomes unnecessary, such as when the personal information retention period has expired or the purpose of processing has been achieved. The destruction procedure and method are as follows:

• Destruction Procedure: Select personal information for which destruction reasons have occurred, and destroy the personal information with the approval of the Organization's personal information protection officer.

• Destruction Method: Personal information recorded and stored in electronic file format is deleted using technical methods that prevent reproduction of the records. Personal information recorded and stored on paper documents is destroyed by shredding or incineration.

Article 9 (Measures to Ensure the Safety of Personal Information) The Organization implements the following technical, administrative, and physical measures to ensure the safety of personal information. (Refer to the security level of LEXON or specify measures equivalent to it if cooperating with LEXON.)

• Establishment and implementation of internal management plans: Internal management plans are established and implemented for the safe processing of personal information.

• Minimization and training of personal information handling staff: Staff handling personal information are designated and limited to those in charge, and personal information protection training is provided.

• Restriction of access to personal information: Necessary measures are taken to control access to personal information by granting, changing, and revoking access rights to database systems that process personal information. Unauthorized access from outside is controlled using intrusion prevention systems.

• Storage of access records and prevention of falsification/alteration: Access records to the personal information processing system are stored and managed for at least 1 year, and security functions are used to prevent falsification, theft, or loss of access records.

• Encryption of personal information: User passwords are encrypted, stored, and managed so that only the user knows them. Important data uses separate security functions such as encrypting files and transmitted data or using file lock functions.

• Technical measures against hacking, etc.: Security programs are installed and periodically updated/checked to prevent leakage and damage of personal information due to hacking or computer viruses. Systems are installed in areas where access from outside is controlled, and they are technically/physically monitored and blocked.

• Access control for unauthorized persons: A separate physical storage location is designated for personal information, and access control procedures are established and operated for it.

Article 10 (Personal Information Protection Officer) The Organization is responsible for overseeing all personal information processing operations and has designated the following personal information protection officer to handle user complaints and provide relief for damages related to personal information processing.

• Name: Yoon Tae-seon

• Position: Secretary General

• Contact: yoon@dhrw.org

• Department: Secretariat

Data subjects can contact the personal information protection officer and the relevant department with any inquiries, complaints, or requests for damage relief related to personal information protection that arise while using the Organization's services (or business). The Organization will respond and process data subjects' inquiries without delay.

Article 11 (Methods for Remedying Infringement of Rights) Data subjects can contact the following organizations for damage relief and counseling regarding personal information infringement. <The organizations below are separate from the Organization. If you are not satisfied with the Organization's self-processed personal information complaints or damage relief results, or if you need more detailed assistance, please contact them.>

• Personal Information Infringement Reporting Center (operated by Korea Internet & Security Agency)

  • Responsibilities: Reporting personal information infringement, requesting counseling.

  • Website: privacy.kisa.or.kr

  • Phone: 118 (without area code)

  • Address: (58324) 3rd Floor, Personal Information Infringement Reporting Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong 301-2)

• Personal Information Dispute Mediation Committee

  • Responsibilities: Applying for personal information dispute mediation, collective dispute mediation (civil resolution).

  • Website: www.kopico.go.kr

  • Phone: 1833-6972 (without area code)

  • Address: (03171) 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul

• Supreme Prosecutors' Office Cyber Crime Investigation Department: 1301 (without area code) (www.spo.go.kr)

• National Police Agency Cyber Bureau: 182 (without area code) (ecrm.cyber.go.kr)

Article 12 (Changes to Privacy Policy) This privacy policy will apply from its effective date. In the event of additions, deletions, or corrections to the content according to laws and policies, the changes will be announced through notices at least 7 days prior to their effective date.

​

Addendum This policy takes effect on May 15, 2024.