Transfer of the personal information processing policy (2016.3.-2018.7.)

• Article 1. Purpose of the personal information processing

  • ① National Defense Electronic Library collects the personal information at least for the purpose of providing nationwide service, handling civil affairs.
  • ② We provide the guide for library users to check the specifications of the article 1 on the web site.

• Article 2. Processing and retention period of the personal information

  • ① Personal information processed by National Defense Electronic Library Library is processed within the scope specified for collection and use purposes, and the retention period prescribed by the Personal Information Protection Act and related statutes.
  • ② National Defense Electronic Library Library guides major personal information files collected and held through its website operated by each department.

• Article 3. Matters concerning the provision of personal information to a third party

  • ① In principle, National Defense Electronic Library Library processes personal information data within the scope specified for collection and use purposes, and does not process it beyond its original purpose or provide it to a third party without prior consent of the data subject, except in the following cases
    • 1. In case of prior consent of the data subject
    • 2. If there is a special regulation in the law
    • 3. If the data subject or legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc. and is clearly deemed necessary for the benefit of the urgent life, body, and property of the data subject or a third party
    • 4. If the personal information is provided in a form that is not recognized by a specific individual as necessary for the purpose of statistical preparation, academic research, etc.
    • 5. If the personal information cannot be performed under the jurisdiction prescribed by other Acts unless it is used for purposes other than the purpose or provided to a third party, and has undergone deliberation and resolution by the Protection Committee
    • 6. If it is necessary to provide it to foreign information or international organizations for the implementation of treaties or other international agreements
    • 7. If it is necessary for the investigation and the filing and maintenance of a crime
    • 8. If it is necessary for the performance of the court's judicial affairs
    • 9. If it is necessary for the execution of punishment, custody, and protective measures
  • ② We provide the guide for library users to check the specifications of the article 1 on the web site.

• Article 4. Entrustment of personal information processing

  • In the case of entrusting personal information processing, related matters are posted on the website operated by each department in order to guide the data subject to check it, and there is no separate entrustment on this website.

• Article 5. The rights and obligations of the data subject and the method of exercise them

  • ① Personal information data subject (If he or she is under 14 years of age, it refers to a legal representative)can exercise the rights related to the personal information protection as below.
    • 1. Request to access their personal information
    • 2. Request to correct wrong information
    • 3. Request to delete
    • 4. Request to stop processing
  • ② The exercise of rights under article ① can be completed in accordance with attached Form 8 of the Enforcement Rule of the Personal Information Protection Act and can be conducted in writing, e-mail, fax, etc. And the agency will take action without delay.
  • ④ The exercise of rights under article ① can be conducted through a legal representative of the data subject or an agent, such as a delegated person. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
  • ⑤ The rights of the data subject may be restricted in accordance with the Articles 35 (5) and 37 (2) of the Personal Information Protection Act for requesting suspension of personal information access and processing.
  • ⑥ A request for correction and deletion of personal information cannot be allowed if it is specified as the collection object in other laws and regulations.
  • ⑦ Check whether the person who made the request, such as request for perusal, correction and deletion according to the right of the data subject, etc. is the person or the legitimate agent.

• Article 6. Proceeded personal information items

  • Personal information processed by National Defense Electronic Library Library handles only the minimum personal information prescribed by the relevant duties and laws, and details are posted on the website operated by each department to be checked by the information subject.

• Article 7. Procedures and methods for destroying personal information

  • ① In principle, National Defense Electronic Library Library destroys personal information that has achieved the purpose of processing personal information without delay. However, this may not be the case if it has to be preserved in accordance with other laws. The procedure, due date, and method of revocation are as follows.
    • A. Destruction procedure
      • Unnecessary personal information and files are handled in accordance with the internal policy procedure under the responsibility of the personal information manager.
      • Personal information whose retention period has expired is destroyed without delay from the end date.
      • If the personal information file becomes unnecessary, such as achieving the purpose of processing the personal information file, abolishing the service, or terminating the project, the personal information file is destroyed without delay from the date it is deemed unnecessary.
    • B. Destruction method
      • 1) Electronic form of information uses a technical method that does not allow recordings to be recovered.
      • 2) The personal information printed on the paper is destroyed by grinding or incineration.
  • ② National Defense Electronic Library Library provides information on the status of destruction of personal information files through its website operated by each department.

• Article 8. Measures to ensure Safety of personal information

  • ① To ensure the safety of personal information, the agency is taking the following measures.
    • 1.Minimize the number of the personnel handling personal information and provide regular education.
      • Employees handling personal information are designated and managed only by the necessary personnel, and education for safe management is provided to the employees handling the personal information
    • 2.Restricting access to personal information
      • It takes necessary measures to control access to personal information by granting, changing, or canceling access to the personal information processing system that processes personal information, and controls unauthorized access from the outside using the intrusion prevention system.
    • 3.Access records storage
      • We keep and manage records accessed to the personal information processing system for at least 6 months.
    • 4.Encryption of personal information
      • Personal information is safely stored and managed through encryption. It also uses separate security features, such as encrypting and using sensitive data for storage and transmission.
    • 5.Installation and periodic inspection and renewal of security programs
      • Security programs are installed, updated, and inspected periodically to prevent leakage and damage of personal information due to hacking or computer viruses.
    • 6.Control of access to unauthorized persons
      • A separate physical storage place for the personal information processing system that stores personal information is established and for this, access control procedures are established and operated.

• Article 9. How to remedy infringement of rights and interests

  • Personal information subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement-Report Center to be relieved of damage caused by personal information infringement.
    • - Personal Information Dispute Mediation Committee : 02-2100-2499 (www.kopico.go.kr) 118 (privacy.kisa.or.kr)
    • - Korea Internet & Security Agency's Personal Information Infringement-Report Center : 118 (privacy.kisa.or.kr)
    • - Supreme Prosecutors' Office Cyber Crime Investigation Team : 02-3480-3571 (cybercid@spo.go.kr)
    • - National police agency cyber terror response center : 1566-0112 (www.netan.go.kr)
  • In addition, a person who has been infringed on rights or interests due to perusal, correction· deletion or treatment cessation, etc. by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act.
    • Central administrative appeals commission(www.simpan.go.kr)refer the call numbers of the website.

• Article 10. Personal Information Protection [field-specific] contact information for the officer and person in charge

  • Director for Personal Information Protection : The chief of staff
  • Person in charge of personal information protection processing : Information and Communication Division

• Article 11. Change of personal information processing policy

  • 2016.3.24.