This site is the official e-Government website of the Republic of Korea.
URL LINK
COPYPrivacy Policy
The PIPC has established the following privacy policy to protect the personal information and rights of individuals and efficiently handles their complaints related to personal information according to Article 30 of the Personal Information Protection Act (hereinafter: 'Protection Act').
Article 1. Purpose of personal information processing
-
① The PIPC collects and processes the minimum amount of personal information and the personal information it processes will not be used for purposes other than the following, and if the purpose of use is changed, the PIPC will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. e-newsletter members
The PIPC processes personal information for the purpose of providing information on upcoming events such as seminars and education related to personal information protection.2. Dispute mediation application information and dispute mediation phone consultation recording files
The PIPC processes personal information for the purpose of fact-finding, contacts, etc., necessary for mediation of disputes regarding personal information as prescribed in Articles 40 through 50 of the Protection Act.3. Information used for processing requests (e.g. personal information access, etc.)
The PIPC processes personal information for reference or proof of facts in administrative work (e.g. processing personal information access requests, etc.).4. User information for education service
The PIPC processes personal information for self-authentication with regard to personal information protection online education, management of education history, and issuance of certificates of education.5. User information for handling reports of incidents of divulgence
The PIPC processes personal information for reference or proof of facts in administrative work (e.g. processing reports of divulgence of personal information, etc.).6. List of personal information protection instructors
The PIPC processes personal information to support personal information protection education.7. List of e-privacy withdrawal service complaints received and processed
The PIPC maintains personal information in order to process withdrawal from website membership.8. Public I-PIN member management
The PIPC processes personal information to provide resident registration number replacement.
Article 2. Personal information processing and retention period
- ① The PIPC processes and retains personal information within the personal information retention period according to relevant laws or within the personal information retention period to which individuals consented when collecting their personal information.
- ② The contents and retention period of the personal information processed by the PIPC are as follows:
| Personal information file name | Purpose | Operation basis (collection basis) |
Items collected | Retention period |
|---|---|---|---|---|
|
e-newsletter member |
Sending of newsletters |
Individual’s consent |
· (mandatory) e-mail · (optional) name |
2 years from the date of consent (immediately deleted if the individual refuses to consent) |
|
Personal information dispute mediation application information |
Personal information dispute mediation business processing |
Articles 40 through 50 of the Protection Act (Paragraphs 1, 2 & 3 of Article 15 of the Protection Act) |
· Applicant and agent: (mandatory) name, contact information, birthdate, address, details of application(optional) e-mail · Respondent: (mandatory) name, contact information, address (optional) e-mail and homepage address (URL) |
5 years from the date of application (dispute mediation application form) Permanent (written mediation decision ) |
|
Recording of the dispute mediation phone counseling conversation |
Personal information dispute mediation |
Articles 40 through 50 of the Protection Act (Subparagraphs 2, 3 & 6 of Paragraph 1 of Article 15 of the Protection Act) |
(mandatory) contact information and recordings of phone conversations | 6 months from the date of collection |
|
User information for processing requests for personal information access, etc. |
Processing requests for personal information access, etc. |
Articles 35 through 39 of the Protection Act |
· (mandatory) name, birthdate, phone number, address · (optional) cell phone number, fax number and e-mail |
3 years from the date of collection |
|
User information for providing education service |
Provision of education service |
Individual’s consent | · name, name of institution, position, phone number, e-mail |
2 years from the date of consent |
|
User information for processing reports of divulgence |
Processing reports of personal information divulgence |
Articles 34 and 39-4 of the Protection Act and Article 39-4 of the Credit Information Use and Protection Act |
· name, name of institution, department, position, phone number, e-mail |
3 years from the date of collection |
|
List of personal information protection instructors |
Provision of education services |
Individual’s consent | · name, news, position, lecture experience, contact information, e-mail, lecture areas |
3 years from the date of consent |
|
ist of e-privacy withdrawal service complaints received and processed |
Processing withdrawal from website membership |
Articles 37 and 62 of the Protection Act | · name, e-mail, cell phone number, birthdate |
30 days from the date when the complaint was filed |
※ For detailed information on your personal registration file held by the PIPC, go to the personal information protection website (www.privacy.go.kr) →Minwon Madang → Request personal information access, etc. → Search personal information file list of the PIPC menu.
Article 3. Provision of personal information to a third party
-
① The PIPC does not provide any personal information of individuals to any third party beyond the purposes specified as the purposes for which personal information is processed. In any of the following events, however, the PIPC may provide the personal information of an individual to a third party.
1. Where consent is obtained from the individual.
2. Where there are special provisions in other laws.
3. Where it is deemed manifestly necessary for the protection of the life, bodily or property interests of the individual, or to protect the third party from imminent danger where the individual or his/her legal representative is not in a position to express intention, or prior consent cannot be obtained owing to unknown addresses, etc.
4. Where personal information is provided in a form that cannot specify a particular individual for statistical purposes, academic research purposes, etc.
5. Where it is impossible to perform the duties under its jurisdiction as provided for in any Act, if the PIPC uses personal information for purposes other than the intended one, or provides it to a third party, and it is subject to deliberation and resolution by the PIPC.
6. Where it is necessary to provide personal information to a foreign government or international organization in accordance with requirements of a treaty or other international conventions.
7. Where it is necessary for the investigation of a crime, indictment and/or prosecution.
8. Where it is necessary for a court to proceed with trial-related duties.
9. Where it is necessary for the enforcement of punishment, probation or custody.
- ② The personal information items provided to a third party for personal information dispute mediation within the scope of the purposes for which the personal information collected by the PIPC are processed as follows:
| Personal information file name | Recipient | Recipient’s purpose of use | Basis of provision | Provided items | Retention period |
|---|---|---|---|---|---|
|
Dispute mediation application information |
Respondent of a dispute mediation case |
Responding to dispute mediation, e.g. dispute mediation fact finding |
Paragraph 2 of Article 43 of the Protection Act (Subparagraph 2 of Paragraph 1 of Article 17) |
Name, e-mail and contact info of (applicant and/or agent) |
Until the purpose of processing is accomplished |
Article 4. Outsourcing personal information processing
- ① The PIPC outsources the processing of personal information to efficiently mediate disputes as follows:
| Details of outsourced work | Outsourcee |
|---|---|
| Maintenance of the personal information dispute mediation |
· Outsourcee : Bandi S&C · Address: 8F, 432-9. Eonju-ro, Gangnam-gu, Seoul · Phone number: 02-6925-5508 |
| Maintenance of the recording system for personal information dispute mediation |
· Outsourcee: IR-Link · Address: 13, Seongsuil-ro, Seongdong-gu, Seoul · Phone number: 02-6905-2800 |
| Maintenance of the personal information protection portal |
∙ Outsourcer: KISA ∙ Address: Korea Internet Security Agency, 9, Jinheung-gil, Naju, Jeollanam-do ∙ Phone number: 061-820-1648 ∙ Outsourced work: Operation and maintenance of the personal information protection portal |
|
∙ Implementer 1:4 Depth ∙ Address: #1802, Samil Plaza, Dogok 1-gil, Gangnam-gu, Seoul ∙ Phone number: 02-6952-8651 ∙ Outsourced work: H/W & S/W maintenance, Help-Desk |
|
|
∙ Implementer 2: Seedgen ∙ Address: 28, Digital-ro 33-gil, Guro-gu, Seoul ∙ Phone number: 02-786-9601 ∙ Outsourced work: Operation of on-site education regarding personal information protection, and management of receipt of complaints and selection of instructors |
|
|
∙ Implementer 3: ILIT ∙ Address: 18, Teheran-ro 10-gil, Gangnam-gu, Seoul ∙ Phone number: 070-4333-8387 ∙ Outsourced work: Operation of the personal information impact assessment secretariat |
|
| Maintenance of e-privacy withdrawal service |
∙ Oursourcer: Korea Internet Security Agency ∙ Address: Korea Internet Security Agency, 9, Jinheung-gil, Naju, Jeollanam-do ∙ Phone number: 061-820-1648 ∙ Outsourced work: Operation of the personal information protection portal |
|
∙ Implementer 1: You and People ∙ Address: #901. 38-9, Digital-ro 31-gil, Guro-gu, Seoul ∙ Phone number: 061-334-5269 ∙ Outsourced work: Operation of the withdrawal service system |
|
|
∙ Implementer 2: Blue Data SYstems ∙ Address: 2F, 60, Dongnam-ro 9-gil, Songpa-gu, Seoul ∙ Phone number: 02-6150-3141 ∙ Outsourced work: Support for website membership withdrawal procedure |
|
| Maintenance of Public I-PIN |
∙ Outsourcer: Korea Local Information Research & Development Institute ∙ Address: 301, Seongam-ro, Mapo-gu, Seoul ∙ Phone number: 02-2031-9823 ∙ Outsourced work: Processing of personal information for improvement of the public I-PIN center service and policy evaluation |
|
∙ Implementer: CNB System ∙ Address: 5, Digital-ro 26-gil, Guro-gu, Seoul ∙ Phone number: 02-2031-8500 ∙ Outsourced work: Provision of resident registration number replacement |
-
② When concluding an outsourcing contract, the PIPC specifies the following in writing (e.g. the contract):
1. Matters concerning the prohibition of processing personal information for purposes other than the purposes of outsourcing;
2. Matters concerning the technical and administrative protection measures against personal information;
3. Purpose and scope of outsourced work;
4. Matters concerning limitations on re-outsourcing;
5. Matters concerning inspection of personal information management and education for the employees of the outsourcee; and
6. Matters concerning liability for damages, etc. if the outsource violates its duties
Article 5. Rights and duties of individuals and their options for legal recourse, and how to exercise them
-
① Any individual may exercise the following rights:
1. Request access to personal information
2. Request correction and erasure of personal information
3. Request suspension of personal information processing
-
② Any individual may request access to his/her personal information held by the PIPC according to Article 35 of the Protection Act (Access to Personal Information). If an individual requests access to his/her personal information, the PIPC may respond by limiting access according to Paragraph 4 of Article 35 of the Protection Act if any of the following occur or are involved:
1. Where access is prohibited or limited by law;
2. Where access may cause damage to the life or body of a third party, or cause unjustified infringement of property and/or other interests of any other person;
3. Where a public institution may have grave difficulties in performing any of the following duties:
A. Imposition, collection or refund of taxes;
B. Evaluation of academic achievements or admission affairs at the schools of each level established under the Elementary and Secondary Education Act and the Higher Education Act, lifelong educational facilities established under the Lifelong Education Act, and other higher educational institutions established under other acts;
C. Testing and qualification examination regarding academic competence, technical capability and employment;
D. Ongoing evaluation or decision-making in relation to compensation or assessment of a grant;
E. Ongoing audit and examination under another act. - ③ An individual may request correction or erasure of his/her personal information held by the PIPC according to Article 36 of the Protection Act. If other laws prescribe that the personal information should be collected, however, the individual may not request the erasure thereof.
-
④ An individual may request the suspension of the use of his/her personal information held by the PIPC according to Article 37 of the Protection Act. In the following circumstances, however, the PIPC may refuse to comply with the request for suspension of processing personal information according to Paragraph 2 of Article 27 of the Protection Act.
1. Where there are special provisions in other laws or it is inevitable to do so in order to observe legal obligations;
2. Where access may cause damage to the life or body of a third party, or unjustified infringement of property and other interests of any other person;
3. Where a public institution cannot perform its work as prescribed by any law without processing the personal information in question;
4. Where it is impracticable to perform a contract, such as provision of services as agreed upon with the said individual without processing the personal information in question, and the individual has not clearly expressed any desire to terminate the agreement.
- ⑤ With regard to an individual’s rights, if the personal information (access, correction, erasure or suspension of processing) request form pursuant to Annexed form No. 8 of the Enforcement Regulations of the Protection Act is requested in writing, by mail or fax, the PIPC will take necessary measures within 10 days from receiving the request.
- ⑥ If an individual requested that errors, etc. of his/her personal information be corrected or erased, the PIPC will not use or provide the personal information until the correction or erasure is completed.
- ⑦ Rights pursuant to Paragraph 1 may be exercised by an agent, e.g. a legal representative of the individual or a person delegated by the individual. In such case, the individual must submit Annexed form No. 11 of the Enforcement Regulations of the Protection Act.
- ☞ Download forms: [Annexed form No. 8_Personal information (access, erasure or suspension of processing) request form [Annexed form No. 11 _power of attorney]
Article 6. Destruction of personal information
-
In principle, if the purpose of using personal information had been attained, or the retention period expired, the PIPC will destroy the personal information (as below). If it needs to be retained according to another law, however, an exception will be made.
1. Destruction procedure
If the purpose of using personal information had been attained, or the retention period expired, the personal information will be destroyed according to the internal management plan and related laws.2. Destruction deadline
A. e-Newsletter member: If the retention period had expired or the publication of the newsletters had been terminated, the personal information must be destroyed immediately.
B. Information on applications for dispute mediation: Within 15 days from the start of a new half year (January or July) after expiration of the retention period
C. Dispute mediation phone consultation recording file: Within 5 days from the start of a new month after expiration of the retention period3. Destruction method
A. Electronic personal information file: destruction using technical methods that make reproduction impossible
B. Non-electronic personal information file: shredding
Article 7. Safeguards to ensure the safety of personal information
-
The PIPC has established administrative, technical and physical measures necessary for ensuring the safety of personal information according to Article 29 of the Protection Act as follows:
1. Administrative measures: establishment of an internal management plan, and minimization and education of personal information handlers
2. Technical measures: installation of security programs, system access controls, and access rights management, etc.
3. Physical measures: Control of unauthorized persons’ access to the computer room, data archive, etc.
Article 8. Installation and operation of an automatic personal information collection system and the denial thereof
- ① To obtain users’ website visit records, the PIPC uses a cookie that stores and retrieves user information, and will not use the information for purposes other than the intended one, or provide it to a third party.
-
② A cookie is a small amount of information that the server (http) of the website sends to the user’s PC via the user’s computer browser to be stored on the hard disk.
1. The purpose of using a cookie
A cookie is used to provide information optimized for users by obtaining website visit records, e.g. users’ access frequency and visit time.2. Installation and operation of a cookie and denial thereof
An individual may deny storage of a cookie by setting the option in the web browser(‘Tools > Internet options > Personal information’).
Article 9. Chief privacy officer
- The PIPC designates the chief privacy officer and working-level staff to protect personal information and handle complaints related to personal information processing as follows and according to Paragraph 1 of Article 31 of the Protection Act:
| Chief privacy officer | Director-general for coordination and planning, Kim Hoe-soo |
∙ Phone: 02-2100-2480 ∙ Fax: 02-2100-3005 ∙ Address: 4F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
| Privacy protection manager | Inspection officer of the Legal Affairs and Audit Division, Yang Gi-cheol | |
| Privacy protection working-level staff | Inspection officer of the Legal Affairs and Audit Division, Kim Seong-hyeon |
Article 10. Departments receiving and processing personal information access requests
- ① An individual may claim his/her rights as prescribed in Article 5 with the following departments:
| Department name | Personal information file | Person in charge | Contact |
|---|---|---|---|
| Office of the Spokesperson | e-newsletter member | Cho Ji-yeong |
∙ Phone: 02-2100-3037 ∙ Fax: 02-2100-3003 ∙ Address: 4F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
| Dispute Mediation Division |
Information on applying for mediation of a dispute, and recordings of dispute mediation phone consultations |
Lee Seon-ah |
∙ Phone: 02-2100-3145 ∙ Fax: 02-2100-3007 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
|
Personal Information Protection Policy Division |
User information for processing personal information access requests |
Go Han-pyo |
∙ Phone: 02-2100-3059 ∙ Fax: 02-2100-3006 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
| Self-protection Policy Division |
List of e-privacy withdrawal service complaints received and processed |
Ban Ok-jin |
∙ Phone: 02-2100-3087 ∙ Fax: 02-2100-3006 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
|
User information for education service List of instructors specializing in personal information |
Ban Jang-kwon |
∙ Phone: 02-2100-3086 ∙ Fax: 02-2100-3006 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
|
| General Investigation Division | User information for processing divulgence reports | Park Seon-ah |
∙ Phone: 02-2100-3104 ∙ Fax: 02-2100-3007 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
| New Technologies for Personal Information Division | Public I-PIN member information | Jeong Jin-ho |
∙ Phone: 02-2100-3065 ∙ Fax: 02-2100-3006 ∙ Address: 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul |
-
② An individual may request access to his/her personal information through the `personal information protection portal' (www.privacy.go.kr) of the PIPC, other than the departments mentioned in Paragraph 1, as follows:
※ Request procedure: personal information protection portal → Minwon Madang → Request access to personal information, etc. (Self-authentication through I-PIN is required)
Article 11. Remedies for infringements of rights
- An individual may ask the following institutions questions about remedies for and consultation about personal information infringements.
-
If you are not satisfied with the manner in which the Personal Information Protection Commission handled your complaints related to either your personal information or damage thereof, or if you need more help, please contact the following:
1. Personal Information Dispute Mediation Committee
A. Duties: application for personal information dispute mediation, collective dispute mediation
B. Homepage: www.kopico.go.kr
C. Phone: (without extension) 1833-6972
D. Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul2. Personal Information Infringement Report Center (operated by KISA)
A. Duties: Reporting personal information infringements and consultation requests
B. Homepage: privacy.kisa.or.kr
C. Phone: (without extension) 1183. Cybercrime Investigation Division, Supreme Prosecutor’s Office: (without extension) 1301 (www.spo.go.kr)
4. Cyber Security Division, National Police Agency: (without extension) 182 (www.police.go.kr/www/security/cyber.jsp)
Article 12. Changes to the privacy policy
- ① This privacy policy will be applied from August 5, 2020
-
② You can check previous privacy policies below.
- · March 23, 2020 ~ August 4, 2020 (Click)
- · January 1, 2020 ~ March 22, 2020 (Click)
- · June 4, 2019 ~ December 31, 2019 (Click)
- · July 11, 2018 ~ June 3, 2019 (Click)
- · March 27, 2018 ~ July 10, 2018 (Click)
- · February 1, 2018 ~ March 26, 2018 (Click)
- · September 22, 2017 ~ January 31, 2018 (Click)
- · October 5, 2016 ~ September 21, 2017 (Click)