Article 1 (Purpose of Managing Personal Information)

The homepage collects and uses the personal information for the following purpose: The collected personal information will be used only according to the defined purposes and if the purpose of collection is changed, the User will be notified and asked for consent in advance.

Article 2 (Management of Personal Information and Holding Period)

A personal information will be only collected when the subject of that information consented or according to the law and the minimum of personal information will be collected according to the purpose. In addition, the collected information will be used only according to the purpose of collection. When personal information becomes unnecessary as its holding period expires, its management purpose is achieved and by any other ground, the personal information will be destroyed without delay.

Article 3 (Provision of Personal Information)

For the security and consistent service of the homepage, KODDI runs various programs not only to monitor the network traffic but also to detect the attempt to change the information illegally.

Link site web page
The homepage, basically manage a personal information within the scope defined in Article 1 (Purpose of Managing Personal Information) Without the consent of the subject of information, the scope will be abide by and the information will be not provided to a third person.
When specific provisions requests or for the situation that Article 18 provision 2 of the Personal Information Protection Act applies such as criminal investigation, a personal information can be accessed. For the better service, surveys to provide customer convenience, statistics producing, the provision of information for academic research, a personal information can be provided so please KODDI ask for your understanding and KODDI will do its best to abide by the provisions and regulations of the Personal Information Protection Act, not to violate the original purpose of collection and usage.

Article 4 (Management of Personal Information Following Entrustment of Affairs)

When the management of a personal information managed by KODDI is entrusted to other public institution or other specialized organization, the truster ask the turestee to follow the necessary limitation and procedures not to expose a personal information acknowledged by managing personal information, manage a personal information without authorization and provide personal information to a third person. In addition, when signing an contract for entrustment, the contract includes the following: the observation of relevant laws to strengthen personal information protection, prohibition of providing personal information to a third person and chargeability for personal information extrusion.

Article 5 (Rights and Duties of a Subject of Information and How to Excercise them)

A user, as a subject of information, can exercise the following rights.

1. Inquire and edit one's own personal information and ask for the cancellation of registration
2. Requesting correction or deletion of personal information in question
3. You can check, edit or withdraw your personal information by clicking on ‘Changing personal information/edit my info’ or ‘termination/withdrawal/recantation’ following identification.
4. Upon request from user to correct and delete the personal information in question, the personal information shall not be provided to the concerned company until the subject of information finishes correcting and deleting. When personal information in question is used or provided, the corrective measures will be administrated.
5. The homepage will process the personal information that the subject of information intents to terminate or delete and its period of storage according to the Article 2 above.

Article 6 (Items of Personal Information to Process)

Personal infoirmation mangement system collects necessary and optional information for services provided as follows:

1. Items to Collect : Name, ID, Password, Mobile Phone Number
2. Method of Collection : Homepage, Online Survey

Article 7 (Destruction of Personal Information)

When personal information becomes unnecessary as its holding period expires, its management purpose is achieved and by any other ground, a personal information manager shall destroy the personal information within five days after the end of holding period: Provided, That this shall not apply where the personal information must be preserved pursuant to any other Act or subordinate statue. The methods, period and procedures of destroying personal information is as follows.

1. The procedures of destroying personal information
The information that a user enters for registration will be moved to separate database (another filing cabinet in case of paper), stored for certain period according to information protection purpose based on internal regulations or any other Act after achieving management purpose. The personal information that was moved to separate database is intended to be stored, not to be used for another purpose except for the legal purpose.
2. Period and method of destroying personal information
The personal information of a user will be destroyed permanently when personal information becomes unnecessary as its holding period expires, its management purpose is achieved or the termination of the service provided The personal information that was printed out will be shredded or incinerated.
[Reading the history of destroying personal information]

Article 8 (Designation of Personal Information Protection Managers and Reporting Facts of Infringements)

KODDI designates personal information protection managers as follows to protect the rights and interests of the citizens of the Republic of Korea and to be responsible for public services by securing the integrity of personal information and propriety of procedures. Please contact the following information if you want to know more about persona information and personal information managaing regulation in KODDI.

1. Personal Information Protection Manager : Oh, Nam-ju, Director of Department of Management Support
Tel : 02-3433-0610
E-mail : namju24@koddi.or.kr
2. Notification on Leakage of Personal Information and Report Procedures on Leakage
When a personal information manager becomes aware that personal information has leaked out, he/she shall notify the relevant subject of information of the following matters without delay; items of leaked personal information, when and how personal information has leaked, information on means, available to a subject of information to minimize damage that could inflicted on by leakage, a personal information manager’s actions and damage remedy procedures, a department in charge of receiving report and contact if damage in inflicted on a subject of information. When personal information has leaked, a personal information manager shall prepare measures to minimize the damage therefrom, and take necessary measures. Where personal information has leaked in excess of the scale of 10,000 persons, KODDI will report to the Ministry of Security and Publid Administration and post the notification of leakage on the homepage and in writing for seven days.
3. How the leakage of personal information is managed
http://www.koddi.or.kr/images/etc/img_privacy3_2.gif

Article 9 (Amendment of Personal Information Management Policies)

The personal information management policies will take effect on the date of enforcement and in case of addition, deletion or amendment of policies according to Acts and regulations, it will be notified through notifications before applying any changes to the existing policies.

Article 10 (Duty to Take Safety Measures)

A personal information manager shall establish an internal administration plan, keep access records, and take technical, administrative and physical measures necessary for securing safety in order to prevent personal information from loss, theft, leakage, alteration or damage according to the Article 29 of the Personal Information Protection Act.

1. Establishment and execution of internal administration plan
Establishment and execution of internal administration plan follows the internal administration plan gide of KODDI.
2. Minimize the number of personal information managers and education
Designate and minimize the number of personal information mangers and educate them how to manage personal information.
3. Limitation on the access to personal information
KODDI is taking necessary measures to control the access to personal information by grating, alternating and terminating the authority to access to the personal information management system and also control the unauthorized access from the outside through firewall system.
4. Keeping access records and Preventing alternation and falsification
A personal information manager keeps and manages the records of accessing the personal information management system for at least six months and runs security function to prevent alternation, falsification, loss and theft of access records.
5. Encryption of Personal Information
The personal information of a user is encrypted, stored and managed. In addition, sensitive and important data is encrypted while saved and transferred.
6. Technical measures in case of hacking
KODDI installs security programs to prevent the leakage and corruption of personal information due to hacking and computer viruses, regularily updates and manages those programs, establishes personal information management system where the access is limited from the outside and technically and physically monitors and isolate the system. In addition, KODDI does network traffic monitoring along with monitors the attempt to change personal information illegally.
7. Access control for unauthorized personnel
Locate personal information management system in physically isolated area and control the access to it.

Article 11 (Inspection and Edit of Personal Information File)

Personal information files that KODDI possesses can be asked to be inspected according to the regulations of the Personal Information Protection Act (applying relevant Act when there is other Acts).

1. Procedures to request inspection (based on the Personal Information Protection Act)
http://www.koddi.or.kr/images/etc/img_privacy1.jpg
2. When the Personal Information Protection Act, Article 35 Provision 4 applies, the inspection to personal information can be limited with stating the reason.
A. Inspection is prohibited or limited according to the Act
B. Where providing information could harm any third person’s life or physical safety, or unreasonably infringe on any third person’s property and other interests.
C. Where a public institution causes any inconvenience while carrying out any of the following affairs:
- Affairs concerning the imposition, collection or refund of taxes;
- Affairs concerning grade evaluation or the selection of newly enrolled students at schools of each level under the Elementary and Secondary Education Act and the Higher Education Act, lifelong education centers under the Life long Education Act, and other higher education institutions established under other Acts;
- Affairs concerning tests of academic ability, functions and employment, and qualification evaluation;
- Affairs concerning an assessment or decision in progress in connection with the calculation, etc. of compensation or benefits;
- Affairs concerning an audit and an investigation in progress under other Acts
3. A subject of information who inspects the personal information of his/her own information can ask for correction or deletion of that personal information.
A. Procedures to request correction

Article 12 (Remedy for Infringement on Rights and Interests)

A subject of personal information can apply for dispute resolution or counseling to the Conciliation Committee to Resolve Dispute or Korea Internet and Security Agency for remedy for personal information infringement. In addition, a subject of information can contact the following if he/she wants to report or get consultation regarding the infringement of personal information.

1. The Korea Perosnal Information Protection Committee : 118번(ARS Extension #3)
2. ePrivary Committee: 02-580-0533~4
3. Cybercrime Investigation Center of Supreme Prosecutors’ Office: 02-3480-2000
4. National Police Agency Cyper Bureau: 02-392-0330

Article 13 (A department in charge of receiving and processing the inspection request of personal information)

A department in charge of receiving and processing the inspection request of personal information.

Department in Charge: Department of Management Support
Tel: 02-3433-0614