Personal Information Processing Policy of National Defense Electronic Library

• Article 1. Purpose of processing personal information

  • ① The National Defense Electronic Library processes personal information for the purpose of joining an electronic library membership and using library services. Personal information is not used for any purpose other than its purpose, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the「Personal Information Protection Act」.
  • ② The purpose of processing personal information files registered and disclosed by the National Defense Electronic Library pursuant to Article 32 of the 「Personal Information Protection Act」is as follows.

    개인정보의 처리목적

    File Name	Base of operation	Purpose of processing	Retention period
    User DB	Article 40 of the Regulations for the Operation of the Library (Rules of use and user management)	Membership registration and management, Use of e-library services	2 Years

• Article 2. Processing and retention period of personal information

  • ① The National Defense Electronic Library processes and holds personal information within the period of retention agreed upon when collecting personal information from the information subject.
  • ② The period of processing and holding personal information is as follows.
    • 1. User DB : Semi-permanent

• Article 3. Matters concerning the provision of personal information to a third party

  • ① In principle, the library processes personal information of the data subject within the scope specified for the purpose of collecting and using it, and does not process it beyond the scope of its original purpose or provide it to a third party without the prior consent of the data subject.

• Article 4. Matters concerning entrustment of personal information processing

  • ① There is no entrustment of personal information on the library website.

• Article 5. Matters concerning the rights and obligations of the data subject and the method of exercise

  • ① The information subject may exercise the right to view, correct, delete, or suspend processing of personal information to the library at any time.
  • ② The exercise of rights under article ① may be conducted in writing, e-mail, fax, etc. to the Library pursuant to Article 41 (1) of the「Enforcement Decree of the Personal Information Protection Act」, and the National Defense Electronic Library will take action without delay.
  • ③ The exercise of rights under article ① may be conducted through a legal representative of the data subject or an agent, such as a delegated person. In this case, you must submit a power of attorney in accordance with attached Form 11 of the「Enforcement Rules of the Personal Information Protection Act」.
  • ④ The rights of the data subject may be limited pursuant to Articles 35 (5) and 37 (2) of the 「Personal Information Protection Act」 for the requesting suspension of personal information access and processing.
  • ⑤ A request for correction and deletion of personal information cannot be requested to delete the personal information if it is specified as the collection object in other laws and regulations.
  • ⑥ The National Defense Electronic Library checks whether the person who made the request, such as request for access, correction and deletion, or access when requesting suspension of processing, is the right person or a legitimate agent.
  • ⑦ If there is an objection to the action against the exercise of rights under article ①, the information subject may raise an objection through e-mail, fax, etc. within 10 days of receiving the notification of the result. National Defense Electronic Library will review this and notify you of the results within 10 days.

• Article 6. Items and methods of collecting personal information

  • ① The National Defense Electronic Library handles the following personal information items:

    처리하는 개인정보의 항목

    File Name	Required items
    User DB	Affiliation, name, ID, password, position, military, rank, Email, mobile phone number, library usage information

• Article 7. Procedures and methods for destroying personal information

  • ① The National Defense Electronic Library destroys personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
  • ② If personal information is to be preserved in accordance with other laws and regulations despite the expiration of the period of personal information retention agreed by the data subject or the purpose of processing has been achieved, the personal information (or personal information file) is transferred to a separate database (DB) or stored elsewhere.
  • ③ The procedure and method of destroying personal information are as follows.
    • 1. Destruction procedure
      • The National Defense Electronic Library establishes and destroys a personal information destruction plan for personal information (or personal information file) that must be destroyed. The National Defense Electronic Library selects personal information (or personal information file) based on the reason for destruction occurs, and destroys personal information (or personal information file) with the approval of the personal information protection manager of the National Defense Electronic Library.
    • 2. Destruction method
      • The National Defense Electronic Library destroys personal information recorded and stored in the form of electronic files so that records cannot be read, and shreds or incinerates personal information recorded and stored in paper documents.

• Article 8. Measures to ensure the safety of personal information

  • ① The National Defense Electronic Library is taking the following measures to ensure the safety of personal information.
    • 1. Administrative measures : Establishment and implementation of internal management plans, regular education, etc.
    • 2. Technical measures : Management of access rights, such as personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs

• Article 9. Matters concerning the installation and operation of an automatic collection device for personal information and its refusal

  • ① This website uses 'cookie' to store and recall usage information from time to time to provide individual customized services to users.
  • ② A cookie is a small amount of information that the server (http) sends to the user's computer browser to run the website and is sometimes stored in the user's PC's hard disk.
    • 1. Purpose of use of cookies: It is used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search keywords, and security access.
    • 2. Install, operate, and reject cookies: You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser.
    • 3. If you refuse to save cookies can cause difficulties in using customized services.

• Article 10. Person in charge of personal information protection

  • ① The National Defense Electronic Library is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages of information subjects related to personal information processing.
    • - Person in charge of personal information protection
      • Position: Director of Administrative Support
      • Position: Deputy Director
    • - Department in charge of personal information
      • Department Name: Information and Communication Division of the Administrative Support Department
      • Phone number and fax number : 041-831-3561 / 02-748-7588
  • ② The information subject can contact the person and department in charge of personal information protection for handling complaints, and relief of damage caused by using the service of the library. The library will respond and process inquiries from the information subject without delay.

• Article 11. Request for access to personal information

  • ① The information subject may request the following departments to view personal information under Article 35 of the 「Personal Information Protection Act」. The library will try to expedite the request for access to personal information by the information subject.
    • - Personal information access request reception/processing department
      • Department Name: The National Defense Electronic Library
      • Contact information: Electronic Information Officer(041-931-6513)
  • ② In addition to the reception and processing department of requests for perusal under paragraph (1), the data subject shall also use the website of the Ministry of Public Administration and Security's Comprehensive Support Portal( www.privacy.go.kr)to request to view the personal information

• Article 12. Method of remedy for infringement of rights and interests

  • ① The information subject can contact the following institution for damage relief and counseling for personal information infringement.
    • - Personal Information Infringement Report Center (operated by the Korea Internet Agency))
      • - Business under the jurisdiction : Report personal information infringement, request for consultation
      • - Website : privacy.kisa.or.kr
      • - Phone number : 118
      • - Address : (58324) 3rd floor, 9, Jinheung-gil, Naju-si, Jeollanam-do, Republic of Korea. The Personal Information Infringement Report Center
    • - Personal Information Dispute Mediation Committee
      • - Business under the jurisdiction : Personal information dispute settlement application, collective dispute settlement (private settlement)
      • - Website : www.kopico.go.kr
      • - Phone number : 1833-6972
      • - Address : (03171)4th floor, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea
    • - Supreme Prosecutors' Office Cyber Crime Investigation Team : 02-3480-3573 (www.spo.go.kr)
    • - National Police Agency's Cyber Safety Bureau : 182 (http://cyberbureau.police.go.kr)

• Article 13. Installation and operation of video information processing devices

  • ① The National Defense Electronic Library installs and operates video information processing devices as follows.
    • 1. Fundamentals and purpose of installation of the video information processing devices: Facility Safety and fire prevention in the library
    • 2. Number of installations, location of installation, and scope of photography: 26 major facilities, such as library lobby, are installed as a range of photography
    • 3. Management manager, department in charge, and authorized access to video information: Planning and General Affairs Division of National Defense Electronic Library
    • 4. Video information recording time, storage period, storage place, processing method
      • - Recording time: 24 hours
      • - Storage period: 15 days from the time of shooting
      • - Storage place and processing method: Storage and processing in the control room of the video information processing device
    • 5. Measures for requesting access to video information by the data subject: Personal video information shall be applied as a request for access and confirmation of existence, and access to the information shall be permitted only when the data subject itself or clearly necessary for the benefit of life, body, and property
    • 6. Technical, management, and physical measures to protect image information: Establish internal management plans, restrict access control and access rights, apply safe storage and transmission technology of image information, store processing records and prevent forgery, prepare storage facilities, install locks, etc.
    • 7. Video Information Confirmation Method: Request to the Planning and General Affairs Department of National Defense Electronic Library

• Article 14. Changes in the personal information processing policy

  • ① This personal information processing policy will be applied from January 29, 2019.
  • ② The previous privacy policy can be found below.
    • - View the previous personal information processing policy on March, 2016- July, 2018
    • - View the previous personal information processing policy on July 4, 2018 - January 28, 2019