|Date of Enforcement||2011. 09. 30.|
|Last Modified||2016. 07. 01.|
The Seoul National University Language Education Institute (hereafter, the “SNU LEI”) has established the following policy in accordance with the Personal Information Protection Act, in order to protect the privacy and interests of its users and to quickly respond to any problems users may encounter in regards to their personal information.
Any amendments made to this policy will be publically announced via the notice board of the website (or will be notified individually)
Article 1. Purpose of Collecting and Using Personal Information
The SNU LEI processes the users’ personal information for the following purposes. The processed personal information will not be used for any purposes other than that are stated below. The SNU LEI will be asking for prior consent from the users should any modification be made to the purposes.
- A.Provision of Services
- The SNU LEI collects personal information to provide various services for introducing the institute, uploading postings on the notice board, providing educational contents and admission-related information, verifying personal identity, issuing certificates (certificate of education), and for course application and payment.
- B.Membership Registration and Management
- Personal information will be processed for identity verification, personal identification, to check whether the user wants to join the website, the user’s age, and to check whether legal representatives have agreed with the provision of personal information when the user is under the age of 14. Personal information will also be processed with the purpose to respond to complaints and suggestions from users.
- C.Use for Marketing and Advertisement
- Personal information will be processed for providing customized service, to verify website access frequency, or for statistical data on the users’ use of service.
Article 2. Collected Personal Information
- (1)The SNU LEI collects the following personal information using the following methods for the provision of various services including membership registration and feedback to various user requests.
- A.List of Collected Personal Information
File Name CollectedInformation Method ofCollection Depart-ment Purpose ofCollection RetentionPeriod Website Members Name, contact information, affiliation, ID, English name, password, date of birth, e-mail address, visa type, nationality, department/year, parental information Via website SNU LEI ㅇSNU LEI Regulations Until two-years after consent and deactivation of account Management of Newly Enrolled LEI Students Name, contact information, affiliation, ID, English name, password, date of birth, e-mail address, visa type, nationality, department/year, parental information Via website SNU LEI ㅇManagement Guideline for International Students or Students Taking Language Courses (Ministry of Education)
ㅇRegulations for the Education Act
ㅇSNU LEI Regulations
Semi-permanent Management of LEI Students Name, contact information, affiliation, ID, English name, password, date of birth, e-mail address, visa type, nationality, department/year, parental information Via website SNU LEI ㅇManagement Guideline for International Students or Students Taking Language Courses (Ministry of Education)
ㅇRegulations for the Education Act
ㅇSNU LEI Regulations
- B.Types of Personal Information Collected
- The SNU LEI seeks consent for each item listed below.
- •Required Information
Underage Member General Member Foreign Member ① ID of Choice ① ID of Choice ① ID of Choice ② Password ② Password ② Password ③ Name in Korean ③ Name in Korean ③ Name in Passport ④ Date of Birth ④ Date of Birth ④ Date of Birth ⑤ Sex ⑤ Sex ⑤ Sex ⑥ Department/ Year ⑥ Mobile Phone Number ⑥ E-mail Address ⑦ Name of Parent ⑦ E-mail Address ⑦ Nationality ⑧ Mobile Phone Number of Parent ⑧ Passport Number ⑨ E-mail Address of Parent
- C.Method of Collection
- •Information entered in the personal information section by the user when registering as a member of the website
- •Information collected via forms, phone/fax, provided by affiliated institutions, or collected by information generation tools, etc.
Article 3. Retention and Usage Period of Personal Information
Personal information collected in accordance to Article 2 (Collected Personal Information) will be retained and used by the SNU LEI as follows. Personal information of students attending the Foreign Languages Education Center will be semi-permanently retained and used for personal identification, verifying enrollment, and issuing certificates. Personal information of students attending the Korean Language Education Center will be self-permanently retained and used to manage educational affairs (enrollment, assessment and graduation) and administrative affairs within the SNU LEI. The personal information will be destroyed immediately if a user should request to deactivate their account or withdraw their consent to collect and use their personal information.
- • Legal Basis: Management Guideline for International Students or Students Taking Language Courses (Ministry of Education)
- • Retention Period: Semi-permanent
- • Other Related Regulations: Management Guideline of Personal Information Files for Public Institutions
Article 4. The Right to Refuse and Disadvantages
The SNU LEI website collects personal information when the user joins the website for the first time to create personal accounts and provide various services. The collected personal information will be retained for the duration of the user’s membership. The user may refuse to agree to provide personal information, but this may also limit membership registration.
Article 5. Provision of Personal Information to Third Party
The SNU LEI, in principle, processes the users’ personal information in accordance with the areas stated in Article 1 (Purpose of Collecting and Using Personal Information) and does not process the information outside the expressly specified range or provide it to third parties without the consent of the user. The SNU LEI, however, may process personal information in the following cases.
- •In cases which the user has agreed to provide and open their personal information to the third party in advance
- •In cases which provision is required by regulations, etc.
- •In cases which personal information is necessary to fulfill a contract related to provision of service and when it is conspicuously difficult to receive consent in an ordinary way, due to economic/ technological issues
- •In cases which personal information is processed to make it impossible to identify individuals before usage
The SNU LEI website provides personal information to the following institutions. The purposes and information provided are as follows.
|Recipients||Purpose of Provision||Information Provided||Period of Retentionand Usage|
|Gwanak PoliceStation||To secure residential information of entrants from specific countries (Iran, Syria, etc.) in accordance with the National Security Law||Name, nationality, current place of residence||Until date of Departure|
|Dongjak PoliceStation||To investigate suspects to a criminal case||Name, nationality, contact information||Until end of investigation|
|Mapo PoliceStation||To investigate a criminal case||Name, nationality, contact information||Until end of investigation|
Article 6. Entrustment of Personal Information Processing
Article 7. The Data Subject’s Rights and Methods to Exercise the Rights
Users may exercise their rights as data subjects over personal information files retained by the SNU LEI in the following cases, in accordance with Article 35 (Disclosure of Personal Information), Article 36 (Correction and Deletion of Personal Information) and Article 37 (Suspension of Processing Personal Information).
- 1.In cases which the user or an underage user under the age of 14 wishes to view, edit, or delete their personal information
- 2.In cases which one should request correction or deletion of errors in one’s personal information.
- 3.Users can view, edit or delete one’s personal information or deactivate one’s personal account after verifying their identity and by clicking on “Edit Personal Information” or “Deactivate Account.”
- 4.Should the user request to edit or delete errors found in their personal information, the information will not be used or provided to any party until the information is fully edited or deleted. If any incorrect personal information has been used or provided by the SNU LEI, this will be rectified directly.
- 5.Personal information closed or deleted by the user’s request will be processed in accordance with Article 3 (Retention and Usage Period of Personal Information).
- 6.Access to the information, however, can be restricted under the provision of Article 35 Clause 5 of the Act, and requests to cease processing can be denied under the provision of Article 37 Clause 2 of the law. In addition, deletion will not be allowed in cases which the personal information is specified as information to be collected by other regulations.
- •In cases which there are specific legal regulations or when it is inevitable to observe the regulation
- •In cases which there is a danger of harming the life or body of other people or when there is a possibility of infringing upon the property or interests of other people
- •In cases which a public institution is unable to fulfill its duty without processing the personal information
- •In cases which the fulfillment of a contract with the data subject, of providing the contracted service, becomes difficult if personal information were to be left unprocessed and when the data subject has not explicitly stated their intention to terminate the contract
Article 8. Disposal of Personal Information
The SNU LEI saves personal information in accordance with its internal policy and related regulations for a certain period and then disposes of such information when the purpose of processing the information has been fulfilled. The disposal process, timing and methods are as follows.
- 1.Disposal Process
- The information the user entered is moved to a separate database after it serves its purpose (in case of information in paper form, to a different paper form), then saved for a certain period in accordance with the SNU LEI policy and other related regulations or disposed of immediately. The information moved to the database will not be used for any other purpose except in accordance to law.
- 2.Disposal Timing
- Personal information is destroyed within 5 days after its retention period ends, and when the personal information becomes unnecessary due to the fulfillment of the purpose of its collection, cancellation of the relevant service or the termination of the project, such information is destroyed within 5 days after the information is acknowledged to be unnecessary.
- 3.Disposal Method
- Personal information in electronic form is to be destroyed by using a technical method which will make it impossible to reproduce such information. Information in paper form is shredded or incinerated.
Article 9. Safety Measures to Secure Personal Information
The SNU LEI takes the following technical/administrative and physical measures to secure the safety of personal information in accordance with Article 29 of the Personal Information Protection Act.
- 1.Minimizing the number of staff processing personal information and training
- The SNU LEI manages personal information by appointing a minimal number of staff for processing personal information.
- 2.Regular internal audits
- The SNU LEI conducts regular (once every half-year) internal audits to ensure the safety of personal information processing.
- 3.Establishing and implementing internal management plan
- The SNU LEI establishes and implements an internal management plan to process personal information safely.
- 4.Encryption of personal information
- User passwords are stored and managed after encryption so that only the said user can know them. In addition, important data are stored and transmitted in an encrypted format or stored in locked files.
- 5.Technological measures to prevent hacking
- The SNU LEI installs security programs to prevent leakage or damage of personal information by computer hacking or virus and renews and inspects its system regularly. The SNU LEI system is installed in a regulated area which is technologically and physically monitored and regulated.
- 6.Limited access to personal information
- The SNU LEI takes measures to limit access to personal information by providing, changing or cancelling access to the personal information database system and prevents unauthorized access from the outside by using a firewall system.
- 7.Using locking devices to secure documents
- The SNU LEI stores documents and other storage media containing personal information in a safe place with locking devices.
- 8.Controlling unauthorized access
- The SNU LEI has a separate physical storage to secure personal information, and establishes and implements a controlling process to limit unauthorized access.
Article 10. Personal Information Protection Managers
The SNU LEI has assigned personal information protection managers and people in charge as follows in order to protect personal information and handle complaints regarding personal information.
(Personal Information Protection Managers in Accordance to Article 31 Clause 1 of the Personal Information Protect Act)
|Chief Manager of Personal Information at Seoul National University||Person in Charge of Protecting Personal Information at Seoul National University|
|Bureau in Charge: Bureau of General Administration||Division in Charge: Division of General Administration, Bureau of General Administration|
|Name: Sam-je Sung||Name: Cheol-jin Yoon|
|Phone Number: 02-880-5092||Phone Number: 02-880-5092|
|E-mail Address: firstname.lastname@example.org||E-mail Address: email@example.com|
|Chief Manager of Personal Information for the SNU LEI Website||Person in Charge of Protecting Personal Information for the SNU LEI Website|
|Office in Charge: Office of Administration||Office in Charge: IT Office|
|Name: Hye-nyeon Kim||Name: Jong-ok Won|
|Phone Number: 02-880-5483||Phone Number: 02-880-8695|
|E-mail Address: firstname.lastname@example.org||E-mail Address: email@example.com|
Article 12. Ways to Remedy Infringement on Rights and Interests
Data subjects may apply for dispute mediations or counsels at the Personal Information Dispute Mediation Committee or the Personal Information Protection Center at the Korean Internet and Security Agency (KISA) or other organizations regarding any infringement on information rights and interests.
Please contact the following organizations to report or get advice on other infringement upon personal information.
- 1.Personal Information Dispute Mediation Committee: 118 (without area code)
- 2.E-Privacy Mark Certification Committee: 02-580-0533~4 (http://eprivacy.or.kr)
- 3.High-Tech Crime Investigation Department, Supreme Prosecutors’ Office: 02-3480-3573 (http://www.spo.go.kr)
- 4.Cyber Terror Response Center, Korean National Police Agency: 02-1566-0112 (http://www.netan.go.kr)