Transfer of the personal information processing policy (2018.7.4.-2019.1.28)

• Article 1. Purpose of the personal information processing

  • The library processes the user's personal information for the following purposes. The processed personal information is not used for any purpose other than the following purposes, and prior consent will be sought when the purpose of use is changed.
  • ① Services delivery
    • - Personal information is processed for access to the library, book checkout/renewal/reservation, announcements, personal information modification, literature copy, inter-library loan, service application inquiry, electronic journals, e-books, various databases, general reading rooms and group study rooms, and other services.
  • ② Membership registration and management
    • - Personal information is processed for the purpose of identification, personal identification, prevention of illegal use and non-authorization of defective users, preservation of records to resolve various complaints, handling complaints, and delivering announcements.

• Article 2. Processing and retention period of personal information

  • User personal information is retained and used for the period specified below. However, if there is a request to delete the user's personal information even during the below period, the personal information shall be deleted according to the determined procedure after the identity verification process.

    Personal information provision table subject to holding period

    Holding period	Personal information object
    Semi-permanent	- Information related to overdue books by users and loan history information - Personal information of students, graduates, and staff

  • Grounds for holding: Article 7 of the University Library Promotion Act (Business of University Libraries, etc.)

• Article 3. Matters concerning the provision of personal information to a third party

  • In principle, the library processes personal information of the data subject within the scope specified for collection and use purposes, and does not process it beyond the scope of its original purpose or provide it to a third party without prior consent of the data subject, except in the following cases.
    • 1. In case of prior consent of the data subject
    • 2. If there is a special regulation in the law
    • 3. If the data subject or legal representative is unable to express his/her intention or cannot obtain prior consent due to unknown address, etc. and is clearly deemed necessary for the benefit of the urgent life, body, and property of the data subject or a third party
    • 4. If the personal information is provided in a form that is not recognized by a specific individual as necessary for the purpose of statistical preparation, academic research, etc.
    • 5. If the personal information cannot be performed under the jurisdiction prescribed by other Acts unless it is used for purposes other than the purpose or provided to a third party, and has undergone deliberation and resolution by the Protection Committee
    • 6. If it is necessary to provide it to foreign information or international organizations for the implementation of treaties or other international agreements
    • 7. If it is necessary for the investigation and the filing and maintenance of a crime
    • 8. If it is necessary for the performance of the court's judicial affairs
    • 9. If it is necessary for the execution of punishment, custody, and protective measures

• Article 4. Entrustment of personal information processing

  • In the case of entrusting personal information processing, related matters are posted on the website operated by each department in order to guide the data subject to check it, and there is no separate entrustment on this website.

• Article 5. The rights and obligations of the data subject and the method of exercise them

  • ① Personal information data subject (If he or she is under 14 years of age, it refers to a legal representative)can exercise the rights related to the personal information protection as below.
    • 1. Request to access their personal information
    • 2. Request to correct / delete wrong information
    • 3. Request to stop processing
  • ② The exercise of rights under paragraph ① may be completed in accordance with attached Form 8 of the Enforcement Rule of the Personal Information Protection Act and may be conducted in writing, e-mail, or fax, and the agency will take action without delay.
  • ③ If the data subject requests correction or deletion of errors in personal information, the personal information shall not be used or provided until the correction or deletion is completed.
  • ④ The exercise of rights under paragraph ① may be conducted through a legal representative of the information subject or an agent, such as a delegated person. In this case, you must submit a power of attorney in accordance with attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
  • ⑤ The rights of the data subject may be restricted pursuant to Articles 35 (5) and 37 (2) of the Personal Information Protection Act for requesting suspension of personal information access and processing.
  • ⑥ A request for correction and deletion of personal information cannot be requested to delete personal information if it is specified in other laws and regulations.
  • ⑦ Check whether the person who made the request, such as request for perusal, correction, deletion, suspension of processing according to the right of the data subject, is the person or the legitimate agent.

• Article 6. Items and methods of collecting personal information

  • The items and methods of collecting personal information collected by the library for identification, civil petition processing, and providing various services are as follows.
    • ① Collected personal information items
      • 1. Required information : Affiliation, name, ID, password, position, military (Army, Air Force, Navy, etc.), rank, e-mail, mobile phone number
      • 2. Selective information : Office phone number, place of work,military serial number 군번
    • ② Collection method
      • 1. System linkage : Collect relevant data of the relevant users (students) in conjunction with the academic management system (the requesting agency is responsible for consent to the provision of personal information).
      • 2. Individual collection : For other users, when registering them as the library members, collect relevant information.
    • ③ Restrictions on refusal to provide personal information
      • You have the right to refuse consent when collecting personal information, and if you refuse consent, you are not allowed to enter the library of the ROK Army Intelligence School, and you are not allowed to use circulation and other services.

• Article 7. Procedures and methods for destroying personal information

  • In principle, the library destroys personal information that has achieved the purpose of processing personal information without delay. However, this may not be the case if it has to be preserved in accordance with other laws. The procedure, due date, and method of revocation are as follows.
    • 1. Destruction procedure
      • Unnecessary personal information and personal information files are stored for a certain period of time or immediately destroyed under the responsibility of the personal information manager.
    • 2. Destruction due date
      • If the personal information file becomes unnecessary, such as achieving the purpose of processing the personal information file, abolishing the service, or terminating the project, the personal information file is destroyed within five days from the date on which it is deemed unnecessary.
    • 3. Destruction method
      • 1) Electronic form of information uses a technical method that does not allow recordings to be recovered.
      • 2) The personal information printed on the paper is destroyed by grinding or incineration.

• Article 8. Contact information of officer and person in charge of privacy

  • Personal information protection officer : Director of Administrative Support
  • Person in charge of personal information protection processing : Information and Communication Division (041-831-3561)

• Article 9. Changes in the privacy policy

  • This personal information processing policy will take effect from the date of enforcement, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, it will be notified by notice seven days before the enforcement of the changes.
    • - Enforcement date : 2016.3.
    • - Revision date : 2018.7.
    • - (2016.3.-2018.7.) View Privacy Policy

• Article 10. Measures to ensure safety of personal information

  • To ensure the safety of personal information, the library is taking the following measures.
    • 1. Establishment and implementation of internal management plan
      • The establishment and implementation of the library's internal management plan complies with the internal management plan of the National Defense Electronic Library.
    • 2. Minimize the number of the personnel handling personal information and provide regular education.
      • Employees handling personal information are designated and managed only by the necessary personnel, and education for safe management is provided to the employees handling the personal information
    • 3. Restricting access to personal information
      • It takes necessary measures to control access to personal information by granting, changing, or canceling access to the personal information processing system that processes personal information, and controls unauthorized access from the outside using the intrusion prevention system.
    • 4. Access records storage
      • We keep and manage records accessed to the personal information processing system for at least 6 months.
    • 5. Encryption of personal information
      • Personal information is safely stored and managed through encryption. It also uses separate security features, such as encrypting and using sensitive data for storage and transmission.
    • 6. Installation, periodic inspection and renewal of security programs
      • Security programs are installed, updated, and inspected periodically to prevent leakage and damage of personal information due to hacking or computer viruses.
    • 7. Control of Access to Unauthorized Persons
      • A separate physical storage place for the personal information processing system that stores personal information is established and for this, access control procedures are established and operated.

• Article 11. How to remedy infringement of rights and interests

  • Personal information subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement-Report Center to be relieved of damage caused by personal information infringement.
    • - Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
    • - Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
    • - Supreme Prosecutors' Office Cyber Crime Investigation Team : (국번없이) 1301 (www.spo.go.kr/minwon))
    • - ㅆhe National Police Agency's Cyber Safety Bureau : 182 (cyberbureau.police.go.kr)
  • In addition, a person who has been infringed on rights or interests due to perusal, correction· deletion or treatment cessation, etc. by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act.
    • - Central administrative appeals commission(www.simpan.go.kr)refer the call numbers of the website.