Personal Information Protection Policy
Pohang University of Science and Technology has the following management policies in compliance with the Personal Information Protection Act in order to protect users’ personal information and interests and to handle user complaints efficiently. When the personal information management policies are revised, it will be notified through the website announcements (or individual notification).
Article 1 The Purpose of Managing Personal Information
Pohang University of Science and Technology manages personal information for the following purposes. The managed personal data shall not be used for any purpose other than the following and when the purpose is changed, POSTECH will ask for prior consent.
-
A.Provision of Services
Personal information shall be managed for the purpose of payment and performance of the contract regarding the provision of services – POSTECH introduction and announcements, provision of educational content, user authentication, certificate issuance and admission, etc.
-
B.Membership Registration and Management
Personal information shall be managed for the purpose of user authentication, personal identification and delivery of notices, etc. which are required for the use of POSTECH membership services such as admission, academic affairs, students, books, research and health care, etc.
Article 2 Period for which Personal Information is Managed and Held and Items of Personal Information to be Managed
The items, management department, management basis and management period of personal information for the provision of POSTECH services and membership registration are as listed below.
Personal Information File Name | Collection Items | Management Department | Management Basis | Management Period |
---|---|---|---|---|
International exchange student management | Name, resident registration number, student ID number, contacts, E-mail, bank account number, address, grades, English test scores | Student Affairs Team | Foreign students and language trainee management guidelines (Ministry of Education and Science Technology) |
Semi-permanent |
Development fund depositor management | Name, resident registration number, donation history, contact, address, E-mail, etc. | University Advancement Team | Article 160(3), Income Tax Act (Article 208(3), Enforcement Decree of the Income Tax Act) |
Semi-permanent |
Graduate enrollment management | Name, educational background, date of birth, foreign registration number, gender, student ID number, etc. | Graduate Admissions and Student Affairs Team | Article 35, Enforcement Decree of the Higher Education Act (Data for Admission Screening) |
5 years |
Graduate admissions applicants list | Name, date of birth, educational background, grades, addresses, application fee payment, etc. | Graduate Admissions and Student Affairs Team | Article 35, Enforcement Decree of the Higher Education Act (Data for Admission Screening) |
5 years |
Graduate school application fee settlement | Name, application fee payment (yes or no) | Graduate Admissions and Student Affairs Team | Article 35, Enforcement Decree of the Higher Education Act (Data for Admission Screening) |
5 years |
Graduate Scholarship Management | Name, date of birth, address, scholarship organization, etc. | Graduate Admissions and Student Affairs Team | Article 3, Rules on College Education Fees (Exemption or Reduction of Tuition) |
10 years |
University newspaper subscriber management | Name, address | The POSTECH Times | Article 15, Personal Information Protection Act | 5 years |
Radiation workers management | Name, resident registration number, employee/student number, contacts, E-mail, education history, special medical examination history, personal radiation exposure dosage | General Affairs and Safety Team | Atomic Energy Act | Semi-permanent |
Health Administration | Name, resident registration number, student number, contacts, medical history | General Affairs and Safety Team | Article 7-3, School Health Act (Health Examination Records) | 10 years |
Smart card system administration | Name, resident registration number, employee/student number, contacts, E-mail, address, photo, affiliation, department/division, position, etc. | General Affairs and Safety Team | IT service provision, consent of information subject | Semi-permanent |
Access control system management | Name, resident registration number, employee/student number, department/division, position | General Affairs and Safety Team | IT service provision | Semi-permanent |
Academic Competition participants list | Name, resident registration number, telephone number, mobile number, email address, date of participation | Undergraduate Admissions Team | Article 15, Personal Information Protection Act (Collection and Use of Personal Information) |
5 years |
Management of students commissioned by Gyeongbuk Education Institute for the Gifted | Name, resident registration number, telephone number, mobile number, email address | Undergraduate Admissions Team | Article 15, Personal Information Protection Act (Collection and Use of Personal Information) |
5 years |
Management of students commissioned by Busan Education Institute for the Gifted | Name, resident registration number, telephone number, mobile number, email address | Undergraduate Admissions Team | Article 15, Personal Information Protection Act (Collection and Use of Personal Information) |
5 years |
DM | Name, resident registration number, telephone number, mobile number, email address | Undergraduate Admissions Team | Article 15, Personal Information Protection Act (Collection and Use of Personal Information) |
3 years |
Admissions applicants list | Name, resident registration number, telephone number, mobile number, email address, family relationships, educational background, grades, rewards and punishments history | Undergraduate Admissions Team | Article 35, Enforcement Decree of the Higher Education Act (Data for Admission Screening) |
5 years |
Library Lending Service management | Account, name, employee/student number, contacts, E-mail, book lending status | Academic Information Resources Team | Article 35, Libraries Act (Duties) | Semi-permanent |
Residents management | Name, resident registration number, student number, contacts, E-mail, address, | Housing Services Team | Statutes of Pohang University of Science and Technology | 5 years |
School register | Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. | Educational Affairs and Records Team | Article 4, Enforcement Decree of the Higher Education Act (School Regulations) | Semi-permanent |
Grades | Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. | Educational Affairs and Records Team | Article 4, Enforcement Decree of the Higher Education Act (School Regulations) | Semi-permanent |
Graduation Management | Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. | Educational Affairs and Records Team | Article 4, Enforcement Decree of the Higher Education Act (School Regulations) | Semi-permanent |
Professional researcher list | Name, gender, resident registration number, student ID number, department, contacts, E-mail | Undergraduate Student Affairs Team | Article 82, Enforcement Decree of the Military Service Act | Semi-permanent |
Employment management | Name, gender, resident registration number, student number, department, contacts, E-mail | Undergraduate Student Affairs Team | Ministry of Education and Science Technology Directive No. 48, Instructions of basic education statistics survey | 5 years |
Students with disabilities | Name, gender, resident registration number, student number, department, contacts, E-mail, disability ratings | Undergraduate Student Affairs Team | Article 30, Act on Special Education for the Disabled Persons, etc. | 5 years |
Scholarship Student Management | Name, gender, resident registration number, student ID number, department, contacts, E-mail and scholarships payment history | Undergraduate Student Affairs Team | Article 3, Ministry of Education and Science Technology Rules No. 83, Rules on College education fees | 10 years |
* Other details of POSTECH’s personal information files status is available: visit the Personal Information Protection General Support Portal of the Ministry of Government Administration and Home Affairs (www.privacy.go.kr) → Civil petitions for personal information → Application for inspection of personal information → Personal information files list search. Then enter “Pohang University of Science and Technology” for the institute name to access the information.
Article 3 Personal Information Provided to Third Party
In principle, Pohang University of Science and Technology, manages the user’s personal information under the purposes set forth in Article 1 (The Purpose of Managing Personal Information) and without the prior consent of users, shall not manage the user’s personal information for any purpose other than intended ones, nor provide them to any third party: Provided, however that management in the following subparagraphs may be allowed
- 1.Where the user has, in advance, agreed to provide to a third party or disclose to the public.
- 2.Where the provision is required by statues.
- 3.Where it is necessary for performing a contract and considerably difficult to obtain the usual consent of a subject for economic or technical reasons.
- 4.Where personal information is used in a form by which an individual cannot specifically be identified.
Article 4 Entrustment of Personal Information Management
-
1.Pohang University of Science and Technology entrusts the smooth management of personal information as follows.
<College Newsletter Dispatch Management>
- 2.When Pohang University of Science and Technology concludes a contract for entrustment of personal information management, it clearly states in writing in accordance with Article 25 of the Korean Personal Information Protection Act; matters concerning prohibition of managing personal information for any purpose other than for performance of entrusted affairs; matters concerning technical and administrative protection measures; matters concerning the restriction on re-entrust; supervision and management of the trustee; and compensation for losses and any other liabilities. Moreover, it supervises whether the trustee safely manages the personal information.
- 3.When there is a change of the affairs of management or trustee, it shall be immediately disclosed through this privacy policy.
Article 5 The Rights and Responsibilities of the Subject of Information and Methods of Exercising Rights
A user may exercise its rights as follows.
- 1.A subject of information may exercise the following rights of personal information protection at any time towards Pohang University of Science and Technology.
- 1.To make a request for inspection of his/her personal information
- 2.To make a request for correction of errors, if necessary
- 3.To make a request for deletion
- 4.To make a request for suspension of management
- 2.The exercise of the rights pursuant to Clause 1 shall be implemented through submitting a hand-written document, sending an e-mail or a fax, etc. Then Pohang University of Science and Technology shall take necessary measures immediately.
- 3.When the subject of information makes a request for either correction or deletion of errors of personal information, Pohang University of Science and Technology shall not use or provide the corresponding personal information until the correction or deletion process is completed.
- 4.The exercise of the rights pursuant to Clause 1 shall be conducted by his/her legal representative of the subject of information or a person who holds a delegation of authority. Provided, however that it is necessary to submit a power of attorney in Appendix 11 prescribed by Enforcement Rule of the Personal Information Protection Act.
Article 6 Destruction of Personal information
In principle, Pohang University of Science and Technology shall destroy the personal information immediately when management purpose of personal information is achieved. Methods, procedures and periods of destroying personal information are as follows.
Article 7 Measures to Ensure Safety of Personal Information
Pohang University of Science and Technology takes the technical, administrative and physical measures to ensure safety pursuant to Article 29 of the Korean Personal Information Protection Act.
- 1.Minimizing the numbers of managing employees of personal information and Educating them
For personal information management, it is our policy to appoint and give an access authority to only the managing employees of personal information at a minimum level. - 2.Enforcement of periodic internal audit
To ensure safety in managing personal information, internal audit is carried out periodically (by quarter). - 3.Establishment and enforcement of internal management plan
POSTECH establishes and enforces the internal management plan to ensure safe management of personal information. - 4.Encryption of personal information
For the storage and management of user’s personal information, it is encrypted with passwords that only a user can identify. For more important data, additional security features are applied such as the encryption of files and transmitted data and the file lock-down, etc. - 5.Technical measures against hacking, etc.
To prevent the leak and damage of personal information through hacking or computer viruses, etc., Pohang University of Science and Technology installs, checks and renew periodically the security program. Moreover, the university installs the system in access control area from outside and manages the system with the technical and physical surveillance and interception measures. - 6.Limited access to personal information
We take necessary measures for access control to personal information through assigning, changing, terminating access authority to the database system managing personal information; and POSTECH controls unauthorized access from outside through firewall system. - 7.Tamper-proof archiving of access records
POSTECH stores and manages the access records to the personal information management system for at least 6 months. Moreover, the university adopts security features to prevent the forgery, illegal alteration, theft and loss of the access record. - 8.Access control against unauthorized persons
POSTECH installs physical space to store the personal information and establishes and enforces access control procedures.
Article 8 Personal Information Protection Officer
Pohang University of Science and Technology appoints personal information protection officers as described below who are in charge of the personal information management to help deal with complaints from the subjects of information and remedy against injury.
Chief personal information protection officers at POSTECH | Personal information protection officer at POSTECH | |
---|---|---|
Academic Affairs Division | ||
Educational Affairs and Records Division | ||
Human Resources Division |
Article 9 Remedies for Rights and Interests Infringement
The subject of personal information may apply for dispute resolution or consultation to secure the remedies for personal information infringement towards the Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc.
For other personal information infringement reporting and consultation, contact the following agencies.
- Personal Information Infringement Report Center (under the Korea Internet & Security Agency): (without area code) 118 ( privacy.kisa.or.kr )
- Personal Information Dispute Mediation Committee (under the Korea Internet & Security Agency): (without area code) 118 ( privacy.kisa.or.kr )
- Cybercrime Investigation Division, Supreme Prosecutors’ Office: + 82-2-3480-4555 ( www.spo.go.kr )
- Cybercrime Investigation Division, National Police Agency: 1566-0112 ( www.netan.go.kr )
Article 10 The Changes of Personal Information Policy
This personal information policy applies from the date of enforcement and in the event of addition, deletion and amendment of its content. Following the change in the statutes and policies, the event will be notified via announcement on the website 7 days prior to the enforcement.
Enforcement date: January 29, 2016