Korea University Personal Information Management Policy
All personal information collected, retained, and managed byKorea University (hereinafter referred to as 'The University') is done so pursuant to, and in full compliance with personal information protection rules of relevant Acts and subordinate statutes, such as the Personal Information Protection Act.
The University has implemented the management policy detailed below to protect personal information, rights and interests and effectively resolve complaints raised in connection with personal information pursuant to the Personal Information Protection Act.
The University, in particular, has set forth the Personal Information Management Policy specifically for theonline records databasethat manages personal information pursuant to Article 30, Paragraph (1) of the Personal Information Protection Act and Article 31, Paragraph (1) of its Enforcement Ordinance.
WheneverThe University revises its Personal Information Management Policy, it shall make public the timing of implementation and the revised content via its online database (or a separate notice) to allow those who are the subject of information to reliably and conveniently verify it.
A. Purpose of Managing Personal Information, Management and Retention Period of Personal Information, and Items of Personal Information to be Managed
Go to Personal Information Protection General Support Portal (www.privacy.go.kr) Personal information-related civil complaints Requests such as the inspection of personal information, etc. Search the list of personal information files Enter "Korea University" in the organization name box and search
B. Provision of Personal Information to a Third Party
The University may manage personal information to fulfill the intended purpose of collection and use in principle andnot handle it beyond the intended purpose and not provide it to a third party without the prior consent of a subject of information except for any of the following cases.
Where the consent of a subject of information has been obtained
Where special provisions exist in any Act
Where it is deemed obviously necessary for the physical safety and property interests of a subject of information or a third party when the subject of information or his/her legal representative cannot give prior consent because he/she is unable to express his/her intention or by reason of his/her lack of current address, etc.
Where personal information is necessary for compiling statistics, or scientific research purposes, etc., and the personal information is provided in a form in which a specific individual cannot be identified
Where not using personal information for any purpose other than the intended purpose or a failure to provide a third person with such information makes it impossible to perform affairs provided for in any other Act, and this has undergone deliberation and resolution by the Personal Information Protection Committee
Where it is necessary to provide a foreign government or international organization with personal information in order to implement a treaty or any other international agreement
Where it is necessary to investigate a crime, and institute and sustain a public prosecution
Where it is necessary for a court to perform its judicial functions
Where it is necessary to execute a punishment, ensure care and custody or enforce protective disposition.
C. Entrustment of Management Affairs of Personal Information
When The University entrusts a third person with the management of personal information, it shall do so in writing stating the following matters
Matters concerning prohibiting a third person from managing personal information for any purpose other than for performance of entrusted functions
Matters concerning technical and administrative protection measures for personal information
Other matters prescribed for the safe administration of personal information
- The purpose and scope of entrusted affairs, matters that may prohibit The University from re-entrusting a third person with the management affairs of person information, matters to ensure the confidentiality of personal information, supervisory matters such as the inspection of management operations of personal information retained for such entrusted affairs, matters regarding liability for damages in the event that a trustee violates his/her duties, the details of entrusted affairs and the identity of any person who performs the management affairs of personal information upon entrustment ("trustee") shall disclosed on the above online database.
D. Matters Concerning Rights and Duties of a Subject of Information, and How to Exercise Them
A subject of any personal related information managed by The University may exercise the following rights and a legal guardian of a child under the age of 14 may request inspection, correction, deletion, and suspension of management of the child's personal information.
Request for Inspection of Personal Information : A subject of information referred to above may requestinspection of his/her personal information in the personnel information files retained by The University pursuant to Article 35 of the Personal Information Protection Act (Inspection of Personal Information). However, the request for the inspection of personal information may be restricted pursuant to Article 35, Paragraph (5) of the Act.
Request for Correction/Deletion of Personal Information : A subject of information referred to above may request deletion/correction of his/her personal information in the personal information files retained by The University pursuant to Article 36 of the Personal Information Protection Act (Correction or Deletion of Personal Information), provided that if other Acts and subordinate statutes stipulate that the particular personal information be collected, the request shall not be granted.
Request for Suspension of Management of Personal Information : A subject of information referred to above may request the suspension of management of his/her personal information in the personal information files retained by The University pursuant to Article 37 of the Personal Information Protection Act (Suspension, etc. from Managing Personal Information). However, the request for the suspension of management of personal information may be rejected pursuant to Article 37, Paragraph (2) of the Act.
Methods and Procedures of Exercising Rights
: A subject of information referred to above may submit a personal information-related request form (inspection, correction, deletion, and suspension of management of personal information) and be notified of the result within 10 days after the receipt of the form. A subject of information may have his/her representative make a request by submitting a letter of attorney (*Download request and letter of attorney forms
※ Submit your forms to: Korea University ONESTOP Service Center (For questions, please contact: Anam Campus 02-3290-1141~5, Sejong Campus 044-860-1072)
E.Destruction of Personal Information
When the purpose of personal information's management has been achieved, The University, in principle, shall destroy the personal information without delay. Procedures for, timing of, and methods for destroying personal information are as follows.
Procedures of Destruction : After or as soon as the purpose of retaining personal information has been achieved, it shall be transferred to a separate storage unitand stored for a certain period of time and destroyed pursuant to internal policies and other Acts and subordinate statutes. The personal information transferredto the separate storing place shall not be used for other purposes except as stipulated in Acts.
Timing of and Methods for Destruction : When the retention of personal information becomes unnecessary uponits reaching the expiration date, either its management purpose is considered achieved or the relevant service is deemedabolished. Accordingly, the personal information shall be destroyed without delay. Information in the form of an electronic file shall be destroyed via technical methods so as to prevent its recycling. Printed or hardcopyversions of personal information shall be shredded or incinerated.
F. Measures to secure safety of personal information
Minimization of the Number of Staff ManagingPersonal Information and StaffTraining : The University designates and manages just the necessary number of staff who manages personal information and trains such staffers on safe management practices of personal information.
Access Restriction of Personal Information : TheUniversity takes necessary measures to control access to personal information by granting, revising, and eliminating access rights to the database system that manages personal information and also controls unauthorized access from external parties through the use of firewall systems.
Storage of Access Records : Access records to the Personal Information Management System shall be stored and managed for a minimum of 6 months.
Installation and Regular Inspection/Update of Security Programs : Security programs are installed and updated/inspected on a regular basis to prevent unauthorized outflow or alteration of personal information from hacking or computer viruses.
Access Control against Unauthorized Persons : The University operates the Personal Information System, which stores personal information at a physically separate storing place and establishes and runs access control procedures.
Encryption of Personal Information : Personal information is safely stored and managed via methods such as encryption. Additional security functions are also employed, such as, for example, encrypting important data during storage and transfer.
G. Resolution for Infringement on Rights and Interests
A person whose personal information-related rights or interests have been infringed upon may report the infringement to the Center for Reporting Personal Information Infringement Cases
※ The Center for Reporting Personal Information Infringement Cases:(without a telephone exchange number) 118 (extension number 2)
A person whose personal information-related rights or interests have been infringed upon by measures taken by the head of a public institution against a request by a subject of information for the inspection, correction/deletion, and the suspension of management of personal information may make an administrative appeal pursuant to the Administrative Appeals Act.
※ Refer to the information provided by the Central Administrative Appeals Commission (www.simpan.go.kr)
H. Personal Information Protection Managers
Personal Information Chief Manager:Chief Manager Won-joo Jeong of KUICC
Personal Information Manager: Manager Cheol-ho Choi of System Operation Team of KUICC
For questions, please contact: 02-3290-4194, firstname.lastname@example.org
Enforcement dateNovember 29th, 2011