Personal Information Processing Policy of Korea University Library
- The library has the following processing policy to protect users’ personal information and rights and interests in accordance with the Personal Information Protection Act and to smoothly handle users’ complaints related to personal information.
- In the event that the personal information processing policy is changed, the library will notify the time of implementation and the changes through the website announcement (or individual notice).
Article 1. Purpose of processing personal information
The library processes user personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and prior consent will be obtained when the purpose of use is changed.
- A. Services provided
- For purposes related to library access and facility use, seat and facility reservations, books and non-books, electronic materials, and multimedia materials use and purchase applications, research support services, document delivery and resource sharing, document copying, user education, announcements, and other library services we process personal information for appropriate purposes.
- B. User management
- Personal information is processed for the purpose of identity verification, personal identification, prevention of fraudulent use and unauthorized use, complaint handling, and announcement delivery.
Article 2. List of personal information to be processed
The items and methods of collecting personal information collected from the library are as follows.
- A. Information collected
- Student number (job number), name, date of birth, affiliation (university/department/major), identity, enrollment/occupation status, address, phone number, mobile phone number, email, period of use, portal ID
- B. Collecting method
- Linked to Bachelor and Personnel DB of Korea University, official request for library use by each institution within Korea University (consent to provide personal information is handled by requesting institution)
Article 3. Processing and retaining period of personal information
The personal information processed by the library is retained and used for a period of two years or less after the expiration of the user’s usage period or completion of the purpose of use of the personal information. During the retention period personal information will be deleted up on user request after confirming identity according to the established procedure. However, if there is a need to preserve the user’s personal information by regulations or other laws, the provisions of the applicable laws will be followed, and the above retention period may be excluded if necessary in connection with the operation of the library, such as unreturned books.
Article 4. Provision of personal information to third party
The library processes personal information within the scope specified for the purpose of collection and use. Except for the following cases, the library does not process or exceed the original purpose without providing it to a third party.
- A. Up on separate consent from information provider
- B. In case special regulation specified in the law
- C. If the information provider or its legal representative is in a state where he/she cannot express his/her opinion or cannot obtain prior consent due to unknown address, etc. When it is necessary for benefit of the life, health, wealth of the information provide or 3rd party.
- D. When providing personal information in a form that is not identifiable to a specific individual as necessary for statistical purposes and academic research purposes
- E. When personal information is not used for the purposes other than the original purpose or it is not provided to a third party, it is unable to perform the jurisdiction prescribed by other laws and has been deliberated and approved by the Protection Committee.
- F. When necessary to provide to foreign governments or international organizations for the implementation of treaties and other international agreements
- G. When necessary for the investigation of crimes and the filing and maintenance of charges
- H. When necessary for the court’s trial
- I. Where it is necessary for execution of sentence, protection and protective measures
Article 5. Matters concerning entrusting of personal information processing
In the case of entrusting the personal information processing, according to article 26 of Personal Information protection Act, responsibilities and details of trustee in case breaching obligation of supervision matters or entrusting process such as purpose of range of the entrusting, matters for the measures to secure safety of personal information, inspection of personal information management of holding personal information related to entrusting process are separately managed.
Current personal information entrusted companies are as follow.
Trustee | Purpose | Period |
---|---|---|
Wise Neosco Co., Ltd | Entrance management system and RFID automation equipment maintenance | Until the end of entrusting contract |
(주)Future Nuri Co., Ltd | Library system, database maintenance | |
Eras One Co., Ltd | Library hardware IT equipment maintenance | |
Ahnkook Trding | Library PC maintenance | |
KERIS | Digital academic information distribution system(dCollection) service maintenance | |
N2Solution Co., Ltd | Library website maintenance | |
Hodi Co., Ltd | Seating/facility reservation system maintenance |
Article 6. Rights and obligation of information provider and matter on execution
The information provider can exercise his/her right to view, modify, or delete his/her personal information at any time..
- A. If the information provider requests correction or deletion of personal information errors, the personal information will not be used or provided until the correction or deletion is completed.
- B. Requests for access to personal information and suspension of processing may be restricted in accordance with Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
- C. Requests for correction and deletion of personal information cannot be requested if the personal information is specified for collection in other laws and regulations.
- D. Personal information can be viewed and corrected after personal authentication on the library’s website, and correction of personal information that cannot be modified through the website can be requested by visiting the library in person and going through the personal identification process and following the procedure.
Article 7. Process and method of deleting personal information
In principle, the library destroys personal information without delay when the purpose of processing is achieved. However, this may not be the case if it must be preserved in accordance with other laws and regulations. The procedure, deadline and method of destroy are as follows.
- A. Destroy process
- Personal information is transferred to a separate space immediately after the purpose is achieved and stored for a certain period of time in accordance with internal policies and other related laws and then destroyed. Personal information transferred to a separate space will not be used for any other purpose unless required by law.
- B. Destroy deadline
- When the retention period is expired or when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information or the abolition of the relevant business, it is destroyed without delay.
- C. Destroy method
- For information in the form of electronic files, a technical method is used that cannot reproduce the records. The personal information printed on paper is shredded by paper shredder or destroyed through incineration.
Article 8. Measure to secure safety for personal information
In accordance with Article 29 (Obligation of Safety Measures) of the 「Personal Information Protection Act」, the library takes the technical, administrative, and physical measures necessary to ensure safety as follows.
- A. Establishment and execution of internal management schedule
- Establishment and execution of internal management schedule follows internal guideline of Korea University.
- B. Minimize employee to handle personal information and training
- Only necessary number of employees are designated and handle personal information and trainings are performed to them for safe management.
- C. Restriction access to personal information
- We take necessary measures to restrict access to personal information by granting, changing, or canceling access rights to the personal information processing system that processes personal information. We control unauthorized access from the outside using an intrusion prevention system.
- D. Storage of access record
- Access records to personal information processing system are stored and managed for minimum 2 years.
- E. Encryption of personal information
- Personal information is safely stored and managed through encryption. In addition, separate security functions such as encrypting important data for storage and transmission are used.
- F. Installation of security program and periodical maintenance and update
- In order to prevent the opening and damage of personal information due to hacking or computer viruses, security programs are installed and periodically updated and maintained.
- Access restriction of unauthorized personnel
- The physical storage location of the personal information processing system that stores personal information is separately designated and access control procedures are established and operated.
Article 9. Responsible person for personal information protection
- Person in charge for personal information protection – Head of Library : 02-3290-1432
- Department in charge for personal information – Academic information service department : 02-3290-1492
Change status of personal information processing policy
This personal information processing policy is applied from June 2nd 2020. Previous personal information processing method can be checked from below.
Damages due to breach of personal information
The owner of personal information can apply for a dispute resolution or consultation, etc. to the Personal Information Dispute Mediation Committee and the Korea Internet Security Agency’s Personal Information Breach Reporting Center to help relieve the damage caused by the breach of personal information.
- Personal Information Dispute Mediation Committee : 1833-6972, (www.kopico.go.kr)
- Personal Information Breach Reporting Center : (No area code) 118, (privacy.kisa.or.kr)
- Cyber Investigation Division of Supreme Prosecutor’s office: (No area code) 1301, (www.spo.go.kr)
- National Police Agency Cyber Safety Bureau : (No area code) 182, (cyberbureau.police.go.kr)