한국어|ENGLISH

Privacy Policy

The Durihana Welfare Association (hereinafter "the Association") establishes and discloses this Privacy Policy in accordance with the Personal Information Protection Act of the Republic of Korea, to protect the personal information of the Data Subject and to promptly and efficiently handle related grievances.



Article 1 (Purpose of Personal Information Processing)

The Association processes personal information for the following purposes. The processed personal information will not be used for any purpose other than those stated below. If the purpose of use is changed, the Association will implement necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.


  1. Management of Donor Members and Service Users Personal information is processed for the purpose of verifying donor membership, managing donation payments and history (including CMS), issuing tax receipts for donations, providing donation-related information and consultation, verifying identity for service use, personal identification, and preventing unauthorized use.

  2. Handling of Complaints and Inquiries Personal information is processed for the purpose of verifying the identity of the Data Subject, confirming the content of the complaint, contacting for fact-finding investigations, and notifying the results of the processing.

  3. Marketing and Advertising Utilization Personal information is processed for the purpose of providing information about new campaigns and services/projects, and offering opportunities to participate in events and promotional activities.



Article 2 (Legal Basis for Processing)

The Association processes personal information based on the following legal grounds, in accordance with the Personal Information Protection Act and other relevant laws:


  1. Consent: Processing based on the explicit consent of the Data Subject (e.g., membership registration, optional donation marketing consent).

  2. Contract Fulfillment: Processing necessary for the fulfillment of a contract with the Data Subject or for taking steps at the request of the Data Subject prior to entering into a contract (e.g., processing donations and issuing tax receipts).

  3. Legal Obligation: Processing necessary for compliance with a legal obligation to which the Association is subject (e.g., retaining records as required by the Electronic Commerce Act, providing information to the National Tax Service).



Article 3 (Processing and Retention Period of Personal Information)

The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



Article 4 (Provision of Personal Information to Third Parties)

The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



Article 5 (Delegation of Personal Information Processing)

To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



Article 6 (Rights and Obligations of the Data Subject and How to Exercise Them)

The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



Article 7 (Measures for Securing Safety of Personal Information)

The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



Article 8 (Personal Information Protection Officer)

The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



Article 9 (Remedies for Infringement of Data Subject’s Rights)

Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Article 10 (Matters Concerning the Amendment of the Privacy Policy)

This Privacy Policy shall be effective from November 01, 2025.

This Privacy Policy shall be effective from November 01, 2025.

This Privacy Policy shall be effective from November 01, 2025.

Donate

한국어|ENGLISH

Privacy Policy

The Durihana Welfare Association (hereinafter "the Association") establishes and discloses this Privacy Policy in accordance with the Personal Information Protection Act of the Republic of Korea, to protect the personal information of the Data Subject and to promptly and efficiently handle related grievances.



Article 1 (Purpose of Personal Information Processing)

The Association processes personal information for the following purposes. The processed personal information will not be used for any purpose other than those stated below. If the purpose of use is changed, the Association will implement necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.


  1. Management of Donor Members and Service Users Personal information is processed for the purpose of verifying donor membership, managing donation payments and history (including CMS), issuing tax receipts for donations, providing donation-related information and consultation, verifying identity for service use, personal identification, and preventing unauthorized use.

  2. Handling of Complaints and Inquiries Personal information is processed for the purpose of verifying the identity of the Data Subject, confirming the content of the complaint, contacting for fact-finding investigations, and notifying the results of the processing.

  3. Marketing and Advertising Utilization Personal information is processed for the purpose of providing information about new campaigns and services/projects, and offering opportunities to participate in events and promotional activities.



Article 2 (Legal Basis for Processing)

The Association processes personal information based on the following legal grounds, in accordance with the Personal Information Protection Act and other relevant laws:


  1. Consent: Processing based on the explicit consent of the Data Subject (e.g., membership registration, optional donation marketing consent).

  2. Contract Fulfillment: Processing necessary for the fulfillment of a contract with the Data Subject or for taking steps at the request of the Data Subject prior to entering into a contract (e.g., processing donations and issuing tax receipts).

  3. Legal Obligation: Processing necessary for compliance with a legal obligation to which the Association is subject (e.g., retaining records as required by the Electronic Commerce Act, providing information to the National Tax Service).



Article 3 (Processing and Retention Period of Personal Information)

The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



The Association processes and retains personal information within the agreed-upon retention period consented to by the Data Subject, or within the retention period stipulated by relevant laws.


The processing and retention periods for each personal information category are as follows:


  1. Under the Act on Consumer Protection in Electronic Commerce:

    • Records concerning display/advertisement: 6 months

    • Records concerning contracts or withdrawal of offers, etc.: 5 years

    • Records concerning payment settlement and supply of goods, etc.: 5 years

    • Records concerning consumer complaints or dispute resolution: 3 years

  2. Under the Electronic Financial Transactions Act:

    • Records concerning electronic financial transactions: 5 years

  3. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection:

    • Records concerning identity verification: 6 months

  4. Under the Protection of Communications Secrets Act:

    • Records concerning website visits: 3 months

  5. Under the Social Welfare Volunteer Management Regulations:

    • Volunteer and volunteer performance information: Retained until withdrawal or required period.



Article 4 (Provision of Personal Information to Third Parties)

The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



The Association processes the personal information of the Data Subject only within the scope specified in Article 1 (Purpose of Personal Information Processing) and shall not process it beyond the original purpose or provide it to third parties without the prior consent of the Data Subject, except in the following cases:


  1. Where separate consent has been obtained from the Data Subject.

  2. Where there is a special provision in other laws.

  3. Where it is clearly recognized as necessary for the urgent life, body, or property interests of the Data Subject or a third party, and the Data Subject or their legal representative is unable to express their intent or obtain prior consent due to unknown address.

  4. Where the personal information is provided in a form that cannot identify a specific individual for the purpose of statistical compilation, academic research, or market research.


When the Association intends to provide personal information to a third party, the Association will notify the Data Subject and obtain consent regarding the following matters:


  1. The name (or title, if a corporation or organization) and contact information of the recipient.

  2. The recipient’s purpose of using the personal information, and the items of personal information to be provided.

  3. The personal information retention and usage period of the recipient.

  4. The fact that the Data Subject has the right to refuse consent, and the disadvantages, if any, resulting from the refusal of consent.



Article 5 (Delegation of Personal Information Processing)

To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



To improve the service, the Association ensures, upon entering into a consignment contract, that the consignee/trustee complies with the following in accordance with Article 26 of the Personal Information Protection Act: prohibition of personal information processing beyond the scope of the consigned work, implementation of technical and administrative protection measures, restriction on re-delegation, supervision and inspection of the consignee/trustee, and liability for damages. The Association supervises whether the consignee/trustee processes personal information safely.


The Association currently delegates personal information processing as follows:

  1. Korea Financial Telecommunications and Clearings Institute (KFTC)

    • Consigned Work: Donation payment and CMS direct debit processing

  2. Post Office, Courier Companies

    • Consigned Work: Sending mail and commemorative gifts



Article 6 (Rights and Obligations of the Data Subject and How to Exercise Them)

The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



The Data Subject may exercise the following rights related to personal information protection against the Association at any time.


  1. Right to Access: Request access to personal information.

  2. Right to Rectification: Request rectification of errors, etc., if any.

  3. Right to Erasure (Deletion): Request the deletion of personal information.

  4. Right to Restriction of Processing: Request the suspension of personal information processing.

  5. Right to Object to Processing: Object to the processing of personal information.

  6. Right to Data Portability: Request a copy of the personal information in a structured, commonly used, and machine-readable format.


The rights pursuant to Paragraph 1 may be exercised against the Association via written notice, telephone, email, or fax. The Association will take action without delay. If the Data Subject requests the rectification or erasure of personal information, the Association will not use or provide the relevant personal information until the rectification or deletion is completed.



Article 7 (Measures for Securing Safety of Personal Information)

The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



The Association is taking the following measures to secure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.

  2. Technical Measures: Management of access rights to personal information processing systems, installation and renewal of security programs, encryption of unique identification information, etc.

  3. Physical Measures: Access control of computer rooms and data storage rooms, etc.



Article 8 (Personal Information Protection Officer)

The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



The Association takes overall responsibility for matters related to personal information processing and designates a Personal Information Protection Officer as follows for handling complaints and providing relief for damages related to personal information processing:


  1. Personal Information Protection Officer

    • Name: Lee Young Gi

    • Role: Overall responsibility for personal data processing

    • Contact: +82 051-265-2101

    • Email: yglee@durihana.org

  2. Responsible Department

    • Department Name: Activity Support Center

    • Role: Handling inquiries and grievances

    • Contact: +82 051-265-2101

    • Email: hope@durihana.org


Data Subjects may contact the Personal Information Protection Officer or the responsible department with all inquiries, complaints, and requests for damage relief related to personal information protection that arise while using the Association’s services (or projects).



Article 9 (Remedies for Infringement of Data Subject’s Rights)

Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Data Subjects may apply for dispute resolution or consultation to the following external organizations for relief from personal information infringement:


  1. Personal Information Infringement Reporting Center (operated by KISA)

    • Purpose: Reporting personal information infringement, consultation application

    • Website: privacy.kisa.or.kr

    • Phone: 118

    • Address: (58324) 9 Jinheung-gil, Naju-si, Jeollanam-do, KISA

  2. Personal Information Dispute Mediation Committee

    • Purpose: Dispute mediation application, collective dispute mediation (civil resolution)

    • Website: www.kopico.go.kr

    • Phone: 1833-6972

    • Address: (03171) 12F Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul

  3. Supreme Prosecutors' Office Cyber Crime Investigation Division

    • Phone: 1301

  4. National Police Agency Cyber Bureau

    • Phone: 182



Article 10 (Matters Concerning the Amendment of the Privacy Policy)

This Privacy Policy shall be effective from November 01, 2025.

This Privacy Policy shall be effective from November 01, 2025.

This Privacy Policy shall be effective from November 01, 2025.

Donate