Chapter 1. General Provisions
Article 1 (Purpose)
The Asian Forest Cooperation Organization (hereinafter referred to as “AFoCO”) is committed to safeguarding users’ personal information in accordance with the Personal Information Protection Act and related regulations. This Privacy Policy has been established and is disclosed to enable prompt and appropriate handling of any issues related to the processing of personal data.
AFoCO informs users, through this Privacy Policy, how their personal data is collected, used, and protected. This Policy is made available on AFoCO’s website to ensure users can access it easily at any time.
AFoCO may revise this Privacy Policy in accordance with changes in relevant laws or internal policy updates to improve its services. In such cases, any changes will be announced on the website (or through individual notifications), and users are encouraged to review the Policy regularly.
Chapter 2. Collection and Use of Personal Information
Article 2 (Purpose of Personal Information Collection and Use)
Personal information refers to information about a living individual that allows identification, either by itself or when combined with other data. AFoCO collects and uses personal information for the following purposes:
Provision of Services
Service agreements, identity verification, age verification, confirmation of legal representative's consent for minors, verification and authentication of financial transactions, prevention of unauthorized use, handling complaints, delivering notices.
Development and Improvement of Services
Legal Compliance
Submitting documentation for financial auto-transfer agreements, year-end tax deductions, issuance of donation receipts, and other legally required disclosures.
Processing Based on Separate Consent
Article 3 (Items and Methods of Collection)
Collected Items
For donation applications:
Required – name, phone number, email, donation details, donation amount
For tax receipts – resident registration number
For partnership applications:
Name, organization/company, country, position, email, phone number, business registration number
During website or service use:
IP address, cookies, visit logs
For participation in events, campaigns, or training:
Name, phone number, birthdate, email, address, reason for participation or donation, other event-specific information
For users under the age of 14:
Legal guardian’s name, birthdate, contact details, and email
Collection Methods
Through membership registration and service usage
Via web and mobile platforms
Direct input from users via inquiries
Information provided by partners
Through automated collection tools
Via written forms during events and campaigns
Users may refuse to provide their personal data, but doing so may result in restricted access to certain services. AFoCO minimizes personal data collection and never collects sensitive information (e.g., race, origin, political views, criminal records, health) unless legally required or explicitly consented by the user.
Chapter 3. Retention and Destruction of Personal Information
Article 4 (Retention Period)
In principle, AFoCO destroys personal information without delay once the collection and use purposes are achieved. However, the following records are retained in accordance with applicable laws:
CategoryLegal BasisRetention Period
|
| Carryover donations | Income Tax Act | 10 years |
| Donation receipt records | Income Tax Act, Corporate Tax Act | 5 years |
| Donation or service cancellation | Act on Consumer Protection in E-commerce | 5 years |
| Payment and supply records | Act on Consumer Protection in E-commerce | 5 years |
| Complaint and dispute handling | Act on Consumer Protection in E-commerce | 3 years |
| Access and usage records | Protection of Communications Secrets Act | 3 months |
| Donor information | Personal Information Protection Act, Act on Promotion of Information and Communications Network | 5 years (or as consented) |
Article 5 (Destruction Procedure and Method)
Procedure
Once the retention period ends or the purpose is achieved, personal data collected through AFoCO or partner services is deleted in accordance with internal policy and relevant laws.
Method
Chapter 4. Provision and Outsourcing of Personal Information
Article 6 (Provision to Third Parties)
AFoCO uses personal information only for the purposes stated during collection and does not disclose it to third parties without user consent, except in the following cases:
When the user has given prior consent
When the user violates service terms and policies
When necessary to protect rights or for legal action due to user misconduct
When legally required (e.g., by court order, investigation agency request)
Article 7 (Outsourcing of Data Processing)
AFoCO may outsource personal data processing to third-party service providers for operational efficiency. These providers are bound by data protection clauses and are supervised to ensure compliance.
Vendor Purpose and Retention Period
|
| KG Inicis, PayPal, KFTC, Hyosung CMS | Payment processing | Until withdrawal or termination of contract |
| Korea PortOne | Payment integration and management | Until withdrawal or termination of contract |
| Im Web | Website development and maintenance | Until withdrawal or termination of contract |
Changes in outsourcing arrangements will be disclosed through this Privacy Policy.
Chapter 5. Data Management and Protection Measures
Article 8 (Use of Cookies and Similar Technologies)
AFoCO uses cookies and similar technologies to improve services and user experience.
Purpose: Maintain session, analyze usage behavior, provide personalized content and ads.
Control: Users may configure their browser settings to allow, block, or prompt cookie storage.
Article 9 (Technical and Administrative Safeguards)
AFoCO applies the following measures to protect personal data:
Administrative: Internal management plans, staff training
Technical: Firewalls, encryption, anti-virus software, access control, log monitoring
Physical: Restricted access to storage and data rooms
AFoCO shall not be responsible for data breaches caused by user negligence.
Chapter 6. Rights and Inquiries
Article 10 (User and Legal Guardian Rights)
Users and legal guardians may request access, correction, deletion, or suspension of personal data at any time.
Requests can be submitted in writing or by email, and will be addressed without delay.
Representatives must provide a power of attorney form (Form No. 11, Notification No. 2020-7).
For users under 14, consent must be obtained from a legal guardian.
Guardians' personal information is collected only for verification and is not used for other purposes.
Guardians may withdraw consent or request deletion of a minor’s data.
Withdrawal forms are deleted 30 days after expiration, unless retention is required by law.
Requests may be restricted under applicable law.
Personal data required by law may not be deleted.
AFoCO verifies the identity of any individual making a data request.
Article 11 (Privacy Officer)
AFoCO designates the following individuals to oversee personal data protection and handle complaints:
Article 12 (Remedies for Infringement)
Users may seek assistance from the following organizations:
Personal Information Infringement Report Center: 118 / privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
Supreme Prosecutors’ Office Cybercrime Division: 1301 / www.spo.go.kr
Cyber Bureau, National Police Agency: 182 / ecrm.cyber.go.kr
Supplementary Provision
This Privacy Policy shall take effect on April 22, 2025.
Chapter 1. General Provisions
Article 1 (Purpose)
The Asian Forest Cooperation Organization (hereinafter referred to as “AFoCO”) is committed to safeguarding users’ personal information in accordance with the Personal Information Protection Act and related regulations. This Privacy Policy has been established and is disclosed to enable prompt and appropriate handling of any issues related to the processing of personal data.
AFoCO informs users, through this Privacy Policy, how their personal data is collected, used, and protected. This Policy is made available on AFoCO’s website to ensure users can access it easily at any time.
AFoCO may revise this Privacy Policy in accordance with changes in relevant laws or internal policy updates to improve its services. In such cases, any changes will be announced on the website (or through individual notifications), and users are encouraged to review the Policy regularly.
Chapter 2. Collection and Use of Personal Information
Article 2 (Purpose of Personal Information Collection and Use)
Personal information refers to information about a living individual that allows identification, either by itself or when combined with other data. AFoCO collects and uses personal information for the following purposes:
Provision of Services
Service agreements, identity verification, age verification, confirmation of legal representative's consent for minors, verification and authentication of financial transactions, prevention of unauthorized use, handling complaints, delivering notices.
Development and Improvement of Services
Providing new or improved services, statistical analysis, participation in events and promotional activities.
Legal Compliance
Submitting documentation for financial auto-transfer agreements, year-end tax deductions, issuance of donation receipts, and other legally required disclosures.
Processing Based on Separate Consent
When the user has given separate consent for specific purposes.
Article 3 (Items and Methods of Collection)
Collected Items
For donation applications:
Required – name, phone number, email, donation details, donation amount
For tax receipts – resident registration number
For partnership applications:
Name, organization/company, country, position, email, phone number, business registration number
During website or service use:
IP address, cookies, visit logs
For participation in events, campaigns, or training:
Name, phone number, birthdate, email, address, reason for participation or donation, other event-specific information
For users under the age of 14:
Legal guardian’s name, birthdate, contact details, and email
Collection Methods
Through membership registration and service usage
Via web and mobile platforms
Direct input from users via inquiries
Information provided by partners
Through automated collection tools
Via written forms during events and campaigns
Users may refuse to provide their personal data, but doing so may result in restricted access to certain services. AFoCO minimizes personal data collection and never collects sensitive information (e.g., race, origin, political views, criminal records, health) unless legally required or explicitly consented by the user.
Chapter 3. Retention and Destruction of Personal Information
Article 4 (Retention Period)
In principle, AFoCO destroys personal information without delay once the collection and use purposes are achieved. However, the following records are retained in accordance with applicable laws:
CategoryLegal BasisRetention Period
Article 5 (Destruction Procedure and Method)
Procedure
Once the retention period ends or the purpose is achieved, personal data collected through AFoCO or partner services is deleted in accordance with internal policy and relevant laws.
Method
Printed materials are shredded or incinerated.
Electronic files are permanently deleted using irreversible technical methods.
Chapter 4. Provision and Outsourcing of Personal Information
Article 6 (Provision to Third Parties)
AFoCO uses personal information only for the purposes stated during collection and does not disclose it to third parties without user consent, except in the following cases:
When the user has given prior consent
When the user violates service terms and policies
When necessary to protect rights or for legal action due to user misconduct
When legally required (e.g., by court order, investigation agency request)
Article 7 (Outsourcing of Data Processing)
AFoCO may outsource personal data processing to third-party service providers for operational efficiency. These providers are bound by data protection clauses and are supervised to ensure compliance.
Vendor Purpose and Retention Period
Changes in outsourcing arrangements will be disclosed through this Privacy Policy.
Chapter 5. Data Management and Protection Measures
Article 8 (Use of Cookies and Similar Technologies)
AFoCO uses cookies and similar technologies to improve services and user experience.
Purpose: Maintain session, analyze usage behavior, provide personalized content and ads.
Control: Users may configure their browser settings to allow, block, or prompt cookie storage.
Article 9 (Technical and Administrative Safeguards)
AFoCO applies the following measures to protect personal data:
Administrative: Internal management plans, staff training
Technical: Firewalls, encryption, anti-virus software, access control, log monitoring
Physical: Restricted access to storage and data rooms
AFoCO shall not be responsible for data breaches caused by user negligence.
Chapter 6. Rights and Inquiries
Article 10 (User and Legal Guardian Rights)
Users and legal guardians may request access, correction, deletion, or suspension of personal data at any time.
Requests can be submitted in writing or by email, and will be addressed without delay.
Representatives must provide a power of attorney form (Form No. 11, Notification No. 2020-7).
For users under 14, consent must be obtained from a legal guardian.
Guardians' personal information is collected only for verification and is not used for other purposes.
Guardians may withdraw consent or request deletion of a minor’s data.
Withdrawal forms are deleted 30 days after expiration, unless retention is required by law.
Requests may be restricted under applicable law.
Personal data required by law may not be deleted.
AFoCO verifies the identity of any individual making a data request.
Article 11 (Privacy Officer)
AFoCO designates the following individuals to oversee personal data protection and handle complaints:
Chief Privacy Officer
Name: Sunpil Jin
Position: Vice Executive Director
Email: spjin@afocosec.org
Privacy Manager
Name: Kikang Bae
Position: Team Leader
Email: baekikang@afocosec.org
Article 12 (Remedies for Infringement)
Users may seek assistance from the following organizations:
Personal Information Infringement Report Center: 118 / privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972 / www.kopico.go.kr
Supreme Prosecutors’ Office Cybercrime Division: 1301 / www.spo.go.kr
Cyber Bureau, National Police Agency: 182 / ecrm.cyber.go.kr
Supplementary Provision
This Privacy Policy shall take effect on April 22, 2025.