Announcement on Privacy Policy
All personal information handled at Yonsei University website are collected, held and processed on the basis of relevant laws.
[Personal Information Protection Act] prescribes general standard on handling of such personal information, and Yonsei University legally and properly handles personal information collected, stored and processed in accordance with the regulations stipulated in these laws in order to appropriately perform public works and protect the rights of the principal of information.
Furthermore, Yonsei University respects the rights of principal of information including demand for inspection, correction, deletion, and cessation of processing of the personal information it holds in accordance with the regulations stipulated in relevant laws, and principal of information may claim administrative trial on infringement of such rights under the law in accordance with the regulations stipulated under the administrative trial law.
Yonsei University has established and published the following policy on processing of personal information in order to protect the personal information and rights of the principal of information in accordance with the Article 30 of [Personal Information Protection Law] and to harmoniously process distresses related to personal information. If any amendments are made, they will be announced on the website, or will be individually announced.
Article 1, Purpose of Processing Personal Information
Yonsei University website processes personal information for the following purposes. The personal information handled will not be used for any other purposes and if so, will be requesting consent beforehand.
- • To offer various services within the website and management of members
- • To offer various services such as online helper, discussion boards, polls, debate boards, etc, user verification and department guidance
Article 2, Personal Information Processing and Retention Period
Personal information, in principle, will be deleted without any delay once the purpose of collection has been fulfilled.
Article 3, Provision of Personal Information to Third Party
Yonsei University, in principle, processes the personal information of principal of information within the range specified in the Article 1 [Purpose of Processing of Personal Information], and does not process in excess of the original range or provide information to the 3rd party without the prior consent of the principal of information. However, the personal information can be processed under the following circumstances:
• In the event the principal of information has consented to provision to the 3rd party and public disclosure in advance.
• In the event of being required to provide in accordance with law, etc.
In the case of personal information necessary for execution of the contract on provision of service. for which acquisition of generally acknowledged consent is markedly difficult for economic and technological reasons
Article 4, Consignment of Personal Information Processing
Yonsei University does not in principle consign processing of the corresponding personal information to the 3rd party without the consent of the user. In the event of occurrence of need to consign the processing of the personal information in the future, subject of consignment, contents of consigned works, period of consignment and details of consignment contract will be notified through [Notice Board] and policies on processing of personal information. In addition, prior consent will be secured if necessary
Article 5, Rights and Obligations of the Information Principal and How to Exercise these Rights
The principal of information may exercise the following rights.
• Demand for inspection of personal information: Demand for inspection of the personal information held by Yonsei University can be made in accordance with the Article 35 [Inspection of Personal Information] of the Personal Information Protection Law. At the time of demanding inspection of personal information, inspection can be limited in the following circumstances with the Clause 5 of the Article 35 of the same law.
1. Where an inspection is prohibited or restricted by Acts
2. Where it is apprehended that any third person’s life and body may be harmed, or any third person’s property and other interests may be unduly infringed on
• Demand for correction and deletion of personal information: Demand for correction and deletion of the personal information file that Yonsei University holds can be made in accordance with the Article 36 [Correction of Deletion of Personal Information] of the Personal Information Protection Law. However, if other law specifies this personal information as the subject of collection, such deletion cannot be demanded.
• Inspection, correction and deletion of personal information can be requested after self-authentication procedure on Yonsei University website ‘Community’ menu and then in the ‘Change of Personal Information’.
Article 6, Types of Personal Information Processed
For the provision of service and membership management, the types of personal information processed and collected by Yonsei University website are as below.
• Types of Personal Information processed by the Yonsei University website
| File Name | Membership List |
|---|---|
| Legal Base | Membership Agreement of Yonsei University Website |
| Purpose of Retention | Use of Service in Website such as Bulletin Board, Club , Etc |
| Items of Retention |
Yonsei Member: Student ID Number, Name, Date of Birth, E-mail, Nickname General Public: ID, Password, Name, Nickname, Mobile Number, Virtual Identification Number, Duplicate Subscriptions |
| Holding Department | Information and Communication Support Team of Academic Information Agency |
| Retention Period | At the Time of Membership Withdrawal |
Article 7, Destruction of Personal Information
When the purpose of personal information’s management has been achieved and it becomes unnecessary to retain such information, it shall be destroyed without delay except for cases where the information shall be kept in accordance with any other Acts.
The procedures and methods for destroying personal information are as follows:
- • Destruction Procedure
Collected personal information will be destroyed after having been stored for prescribed time or immediately following accomplishment of the purpose in accordance with the internal policy and relevant laws.
- • Destruction Period
Collected personal information shall be destroyed within 5 days of the termination date of the holding period in the case of elapsing of the holding period personal information and within 5 days of the date of the acknowledgement of needlessness of the processing of personal information when the personal information has become unnecessary including accomplishment of purpose of processing of personal information, abolition of the corresponding service and cessation of business, etc.
• Destruction Methods: Information recorded and saved in an electronic file format shall be deleted technically to prevent any restoration
Article 8, Safety Measures for Personal Information
In accordance with Article 29 of [Personal Information Protection], Yonsei University is taking technical, administrative and physical measures necessary for securing safety.
1. Establishment and Implementation of Internal Management Plan
Yonsei University have established and implemented an internal management plan in accordance with the internal management guidelines of Yonsei University.
2. Minimization of the Number of Staff Managing Personal Information and Staff Training
Yonsei University designates and manages just the necessary number of staff who manages personal information and trains such staffers on safe management practices of personal information.
3. Access Restriction of Personal Information
Yonsei University takes necessary measures to control access to personal information by assigning, changing, and terminating access to the database system that processes personal information and also controls unauthorized access from outside through intrusion prevention system.
4. Storage of Access Records & Prevention of Falsification
Access records to the Personal Information Management System shall be stored and managed for a minimum of 6 months. Security program are installed to prevent personal information from loss, theft, leakage, alteration or damage.
5. Encryption of Personal Information
Personal information is safely stored and managed via methods such as encryption. Additional security functions are also employed, such as, for example, encrypting important data during storage and transfer.
6. Technical Measures against Hacking, etc.
To prevent personal information from being leaked or damaged by hacking or computer viruses, Yonsei University website installs security programs and updates and inspects them periodically. Furthermore, systems are installed in areas where access from outside is restricted and is technically and physically monitored and blocked. It also monitors control of network traffic as well as attempts to illegal information alteration.
7. Access Control against Unauthorized Persons
The University operates the Personal Information System, which stores information at a physically separate storing place and establishes and runs access control procedures.
Article 9, Designation of Personal Information Protection Officer
In order to protect the personal information of the information subject and handle the complaints related to the personal information, Yonsei University appoints the personal information protection person and person in charge as follows.
Personal Information Protection Manager of Yeonsei University Website
• Name: Hyo-sung Kim
• Position: Privacy officer
• Telephone: 02-2123-8500
• E-mail: privacy@yonsei.ac.kr
Article 10, Change of Personal Information Processing Policy
This personal information processing policy will be applied from their enforcement dates. If policies are added, deleted or corrected pursuant to the law or any other reason, it shall give notice of the changes 7 days prior to the enforcement of the changes by way of displaying [Notice Board] on the website.
• Public Notice Date: 8 February 2012
• Enforcement Date: 8 February 2012
Article 11, Remedies for Privacy Infringement
To receive help regarding the invasion of privacy, the subject of personal information may contact the Personal Information Dispute Mediation Committee and Personal Information Infringement Reporting Centers for the resolution of disputes or for counseling. Please contact the following organizations for further personal information violation reports or consultations.
- 1. Personal Information Dispute Mediation Committee: (without area code)118
- 2. Information Protection Mark Certification Committee: 02-580-0533~4 (http://eprivacy.or.kr/)
- 3. High-Tech Crime Investigation Division, Supreme Prosecutors’ Office: 02-3480-2000 (www.spo.go.kr)
- 4. Cyber Terror Response Center, National Police Agency: 02-392-0330 (http://www.ctrc.go.kr/)