Seoul Gallery

Article 1 (Purpose of Processing Personal Information)

(1) Seoul Gallery processes personal information to the minimum extent necessary for purposes such as providing public services, handling civil petitions, and performing its duties. If the purpose of use changes, Seoul Gallery shall take the necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
(2) Matters related to personal information processing are managed under the responsibility of each relevant department, and Seoul Gallery provides guidance to enable data subjects to verify them.

Article 2 (Processing and Retention Period of Personal Information)

(1) Seoul Gallery processes and retains personal information within the personal information retention and use period prescribed by applicable laws, or within the retention and use period consented to by the data subject at the time of collection.

(2) Processing and retention period of personal information at Seoul Gallery

Table regarding processing and retention period of personal information at Seoul Gallery
Service Name	Processing Purpose	Items Collected	Retention Period
Newsletter	Sending newsletters	Email address	Until subscription is canceled or the newsletter service is terminated

Article 3 (Registration and Disclosure of Personal Information Files)

(1) The purposes, retention periods, and items of personal information files that Seoul Gallery registers and discloses pursuant to Article 32 of the Personal Information Protection Act can be checked through the Personal Information Portal.
(2) For detailed information on the registration and disclosure of personal information files, please check the Personal Information Protection Portal.

※ [Personal Information Portal of the Personal Information Protection Commission] List of Seoul Gallery’s personal information files (Click) (opens in new window)

Article 4 (Processing Personal Information of Children Under 14)

(1) When collecting personal information of a child under the age of 14, Seoul Gallery obtains consent from the child’s legal representative and collects only the minimum personal information necessary to perform the relevant service.
(2) Where personal information of a child is collected in relation to the processing purposes of Seoul Gallery, separate consent shall be obtained from the child’s legal representative.
(3) When collecting personal information of a child under the age of 14, Seoul Gallery may request from the child only the minimum information, such as the legal representative’s name and contact details, and the legal representative shall indicate consent or non-consent on the website where the consent details are posted.
(4) Seoul Gallery processes personal information in compliance with Seoul Metropolitan Government Privacy Policy for Children and Youth.

※ Seoul Metropolitan Government Privacy Policy for Children and Youth(Click) (opens in new window)

Article 5 (Provision of Personal Information to Third Parties)

Seoul Gallery provides personal information to third parties only in cases falling under Article 17 and Article 18 of the Personal Information Protection Act, such as where the data subject has given consent or where there are special provisions in laws and regulations.

Article 6 (Procedures and Methods for Destruction of Personal Information)

(1) When personal information becomes unnecessary due to the expiration of the retention period or fulfillment of the processing purpose, Seoul Gallery destroys the relevant personal information without delay.
(2) The procedures and methods for destruction of personal information are as follows:
- 1. Destruction Procedure
  
  Seoul Gallery selects personal information for which grounds for destruction have arisen, and destroys such personal information upon approval from the responsible person in charge of personal information for each relevant area at Seoul Gallery.
- 2. Destruction Method
  
  Seoul Gallery destroys personal information recorded and stored in electronic file form in a manner that prevents restoration or reproduction, and destroys personal information recorded and stored in paper documents by shredding or incinerating.

Article 7 (Outsourcing of Personal Information Processing)

(1) To ensure smooth handling of personal information-related tasks, Seoul Gallery outsources personal information processing tasks as follows.
(2) When entering into an outsourcing agreement, Seoul Gallery, in accordance with Article 26 of the Personal Information Protection Act, specifies in documents such as the outsourcing agreement matters including the prohibition of personal information processing for purposes other than performing the outsourced tasks, technical and managerial safeguards, restrictions on re-outsourcing, management and supervision of the service provider, and liability such as compensation for damages, and monitors whether the service provider processes personal information safely.
(3) If the details of the outsourced tasks or the service provider change, Seoul Gallery shall disclose such changes through this Privacy Policy without delay.

Table regarding outsourced tasks (Service Name, Service Provider, Contract Period, Outsourced Tasks)
Service Name	Service Provider	Contract Period	Outsourced Tasks
Operation of the Seoul Gallery website	Insight Motion Co., Ltd.	January 1 - December 31, 2026	Newsletter operation
Maintenance of the Seoul Gallery website	Innodis Co., Ltd.	January 1 - December 31, 2026	Maintenance, including troubleshooting

Article 8 (Rights and Obligations of Data Subjects and Legal Representatives, and Methods for Exercising Such Rights)

(1) A data subject may, at any time, exercise rights against Seoul Gallery, including requesting access to, correction, deletion, or suspension of processing of personal information, withdrawal of consent, and refusal of automated decision-making or a request for explanation.
※ Requests such as access to personal information of a child under the age of 14 must be made directly by the legal representative. A data subject who is a minor aged 14 or older may exercise such rights personally or through a legal representative.
(2) Data subjects may exercise their rights against Seoul Gallery in writing, by email, by facsimile (FAX), or other means in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and Seoul Gallery shall take action without delay.
(3) Rights may be exercised through an agent, such as a legal representative or a person authorized by the data subject. In such cases, a power of attorney in accordance with the Notice on Personal Information Processing Methods [Annex Form No. 11] shall be submitted.
(4) The right to request access to personal information and suspension of processing may be limited under Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
(5) Where personal information is specified as subject to collection under other laws and regulations, deletion of such personal information may not be requested.
(6) Where the data subject has consented to automated decision-making, has been notified in advance through a contract, or where such decision-making is clearly prescribed by law, refusal of automated decision-making is not permitted, and only requests for explanation and review may be made. Requests for refusal or explanation may be denied where there are justifiable grounds, such as where the request is likely to unjustly infringe the life, body, property, or other interests of another person.
(7) When a request is made for access, correction/deletion, suspension of processing, or refusal/explanation of automated decision-making, Seoul Gallery verifies whether the requester is the data subject or a duly authorized representative.

Article 9 (Chief Privacy Officer)

(1) Seoul Gallery takes overall responsibility for tasks related to personal information processing, and has designated the following Chief Privacy Officers to handle complaints and remedies related to personal information processing:

Table of Chief Privacy Officers designated to handle complaints and remedies related to personal information processing (Item, Department, Position, Name, Contact)
Item	Department	Position	Name	Contact
Chief Privacy Officer of the Seoul Metropolitan Government	Digital City Bureau	Director-General	Kang Ok-hyeon	Information Security Division (Personal Information Protection Team) Tel : +82-2-2133-7812 Email : privacy@seoul.go.kr
Privacy Officer of the Seoul Metropolitan Government	Information Security Division	Manager	Kang Ji-won
Chief Privacy Officer of Seoul Gallery	Public Relations Division	Director	Kang Seon-mi	Public Relations Division (On-site PR Team) Tel : +82-2-2133-6419 Email : srseo@seoul.go.kr Fax : +82-2-2133-0787
Privacy Officer of Seoul Gallery	Public Relations Division	Manager	Seo Seong-yeol

(2) Data subjects may contact the Privacy Officer regarding any inquiries, complaint handling, or remedies related to personal information protection arising from the use of Seoul Gallery’s services or projects. Seoul Gallery shall respond to and handle such inquiries without delay.

Article 10 (Request for Access to Personal Information)

(1) A data subject may submit a request for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following department. Seoul Gallery shall make every effort to ensure prompt handling of such requests:

▸ Department for Receiving/Processing Access Requests of Seoul Gallery

Department for Receiving/Processing Access Requests of Seoul Gallery
Receiving/Processing Department	Person in Charge	Contact
Public Relations Division	Seo Seong-yeol	Tel : +82-2-2133-6419 Email : srseo@seoul.go.kr

In addition to the department specified in paragraph (1), data subjects may also submit a request for access to personal information through the Personal Information Protection Commission’s Integrated Privacy Portal (www.privacy.go.kr).

▸ Integrated Privacy Portal → Civil Complaints → Requests for Access, etc. (Real-name verification via i-PIN or mobile phone required)

Article 11 (Measures to Ensure the Security of Personal Information)

(1) Seoul Gallery takes the following measures to ensure the security of personal information:
- 1. Administrative Measures: Compliance with the Seoul Metropolitan Government’s internal management plan and regular staff training
- 2. Technical Measures: Management of access privileges to personal information processing systems, use of access control systems, encryption of unique identifiers, and installation of security programs
- 3. Physical Measures: Access control for server rooms, records storage rooms, etc.

Article 12 (Installation, Operation, and Refusal of Devices that Automatically Collect Personal Information)

Seoul Gallery does not use cookies that store and retrieve data subjects’ usage information.

Article 13 (Remedies for Infringement of Rights and Interests)

(1) To obtain remedies for personal information infringement, a data subject may apply for dispute resolution or counseling through the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency. For other reports or consultations regarding personal information infringement, please contact the following organizations:

List of organizations for reporting or consulting on personal information infringement (Item, Organization, URL, Phone Number)
Item	Organization	URL	Phone Number
Personal Information Infringement Report Center	Korea Internet & Security Agency (KISA)	https://privacy.kisa.or.kr	118 (without area code)
Personal Information Dispute Mediation Committee	Personal Information Dispute Mediation Committee	https://kopico.go.kr	1833-6972
Cyber Investigation Division, Forensic Science Department	Supreme Prosecutors' Office	https://spo.go.kr	1301 (without area code)
Cyber Investigation Bureau	Korean National Police Agency	https://ecrm.police.go.kr	182 (without area code)

(2) A person whose rights or interests have been infringed due to a disposition or omission by the head of a public institution in response to a request under Article 35 (Access to Personal Information), Article 36 (Correction or Erasure of Personal Information), or Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
※ For inquiries, please refer to the Online Administrative Appeals website (www.simpan.go.kr)

Article 14 (Effective Date)

(1) This Privacy Policy shall apply from January 1, 2026.

PRIVACY POLICY

Details of Privacy Policy