| All personal information handled by ACU-OER services (hereinafter referred to as “ACU-OER”) is collected, retained and managed in accordance with the relevant Acts. The Personal Information Protection Act suggests general norms for processing personal information. ACU-OER will properly and appropriately handle personal information collected, possessed, and processed in accordance with the provisions of the Personal Information Protection Act in order to ensure proper conduct of public affairs and protect the interests of users. |
| Furthermore, ACU-OER respects the rights and interests of users, including request for viewing, correcting, deleting, and suspending the processing of personal information, as stipulated by the related laws and regulations. Users may, in accordance with the provisions of the Administrative Appeals Act, file an administrative appeal concerning the infringement on their rights and interests. |
| In accordance with Article 30 of the Personal Information Protection Act, ACU-OER establishes and discloses the following personal information processing policy in order to protect the privacy of personal information of the information subject and to protect the rights and interests of users related to personal information. |
|
This Privacy Policy is organized as follows: |
|
|
Article 1 Purpose of processing personal information |
|
|
Article 2 Period of processing and retaining personal information |
|
|
Article 3 Commissioning the Handling of Personal Information |
|
|
Article 4 User’s rights and duties, and methods of exercise of rights |
|
|
Article 5 Items of personal information processed |
|
|
Article 6 Procedures and methods of deleting personal information |
|
|
Article 7 Measures to ensure the safety of personal information |
|
|
Article 8 Privacy officer |
|
|
Article 9 Request for viewing personal information |
|
|
Article 10 Remedies for infringement on rights and interests |
|
|
Article 11 Amendment to the privacy policy |
Article 1 Purpose of processing personal information
|
| ① |
ACU-OER processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following. If the purpose of use changes, necessary measures, including receipt of additional consent in accordance with Article 18 of the Personal Information Protection act, will be implemented. |
|
A. |
Service Provision |
|
|
ACU-OER processes personal information for the purpose of providing contents and e-learning environment. |
|
B. |
Membership Management |
|
|
ACU-OER processes personal information for the purpose of member identification concerning the use of membership services, personal identification, prevention of illegal use by members in poor standing, prevention of unauthorized use, confirmation of intent to registration, preservation of records for dispute settlement, securement of a smooth communication path for resolving complaints, and delivery of announcements. |
|
C. |
Service Improvement |
|
|
ACU-OER processes personal information for the purpose of development and specialization of new services, provision of services based on statistical attributes, delivery of information and provision of opportunities to participate in events, and statistics about service utilization. |
| ② |
The purpose of processing the personal information files registered and disclosed by ACU-OER Pursuant to Article 32 or the Personal Information Protection Act is as follows. |
| ② |
Upon entering the commissioning agreements, ACU-OER expressly states in the documents, including the agreements, matters concerning the prohibition of handling personal information other than the purpose of performing the commissioned services, measures for technical and managerial protection, restriction on re-commissioning, management and supervision of the commissioned party, and responsibilities, including compensation for damages, in accordance to Article 25 of the Personal Information Protection Act. Also, ACU-OER supervises whether the commissioned party handles personal information in a safe manner. |
| ③ |
ACU-OER will give a public notice without delay through this privacy policy if there is any change in the commissioned services or the commissioned party. |
| Article 4 User’s rights and duties, and methods of exercise of rights |
| ① |
The subject of information, or the user who provides personal information, can exercise the following rights related to the protection of personal information at any time: |
|
A. |
Request for personal information. |
|
B. |
Request for correction of errors, etc. if any. |
|
C. |
Request for deletion. |
|
D. |
Request for suspension of the processing. |
| ② |
The exercise of rights under Paragraph 1 may be made not only in writing and by e-mail but also by phone and on the ACU-OER homepage as provided by the Annex 8 of the Enforcement Ordinance of the Personal Information Protection Act. ACU-OER will respond to the request immediately. |
| ③ |
If the user requests for correction or deletion of his/her personal information, ACU-OER will not use or provide his/her personal information until such correction or deletion is completed. |
| ④ |
The exercise of rights pursuant to Paragraph 1 above may be made through the legal representative of the information entity or an agent delegated to it. In this case, the user shall submit a power of attorney according to Annex 11 of the Enforcement Ordinance of the Personal Information Protection Act. |
| ⑤ |
The request for suspending the viewing and processing of personal information may limit the user’s rights in accordance with Article 35(5) and Article 37(2) of the Personal Information Protection Act. |
| ⑥ |
For correction and deletion of personal information, if other Acts stipulate the particular personal information be collected, the user shall not request for deletion thereof. |
| ⑦ |
Upon request for viewing, correction, deletion or suspension of the processing of personal information in accordance with the user’s rights, ACU-OER shall verify the identity of the user or the user’s legal representative. |
|
* |
[Annex 8. Enforcement Ordinance of the Personal Information Protection Act] Request for viewing, correction, deletion and suspension of the processing of personal information |
|
* |
[Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Power of Attorney |
| Article 5 Items of personal information processed |
| ① |
ACU-OER processes the following personal information items: |
| ② |
During the course of using the Internet service, the following personal information items can be automatically generated and collected. |
|
· IP address, Cookies, service use records, Web access records, etc |
| ③ |
The user may refuse the collection of his/her personal information for the ACU-OER membership registration and management. However, |
|
A. |
Since the required items in Article 4(1) are the minimum information necessary for using the ACU-OER, member registration may limited if the user refuses the collection of the information. |
|
B. |
Cookie is a temporary file that is created automatically when you access a website and contains information about you. You have the option of installing and collecting cookies and may refuse collection. However, if you refuse to store cookies, you will have difficulty in providing services that require login. |
|
* |
How to block Cookies |
|
|
[Chrome] |
|
|
· |
Go to the top right icon of the Web browser (Customized and Control Google Chrome button) > click Settings > Show advanced settings > Content setting button in the “Privacy” section > choose “Do not allow” in the “Cookies” section |
|
|
[Internet Explorer] |
|
|
· |
Go to Tools menu at the top of the Web browser > Internet options > “Privacy” tab > click the “Advanced” button |
| Article 6 Procedures and methods of deleting personal information |
| ACU-OER, in principle, shall delete personal information without delay if its purpose of processing the personal information is achieved. However, this does not apply to the personal information that needs to be preserved in accordance with other Acts. The procedures, terms, and methods of deleting personal information are as follows: |
| A. |
Procedures |
|
Any personal information and personal information files that are unnecessary to follow destruction procedures are handled by privacy officer or staff under his/her responsibility in accordance with the internal policy procedures as follows: |
|
- |
Deletion of personal information. |
|
|
Personal information whose retention period has expired will be deleted without delay from the expiry date. |
|
- |
Destruction of personal information files |
|
|
If a personal information file becomes unnecessary due to the attainment of the purpose of processing the personal information file, abolition of relevant services, and termination of business, the personal information file shall be destroyed without delay from the date when the processing of personal information is recognized as unnecessary. |
| B. |
Methods |
|
- |
Electronic forms of information shall be deleted/destroyed by using technical methods that make it impossible to reproduce records. |
|
- |
Paper-printed personal information shall be shredded or incinerated. |
| Article 7 Measures to ensure the safety of personal information |
| ACU-OER, pursuant to Article 29 of the Personal Information Protection Act, takes technical, administrative, and physical measures necessary for securing safety as follows: |
|
A. |
Establishment and implementation of internal management guidelines ACU-OER establishes and implements its internal management guidelines in compliance with the internal management guidelines of the Korea Education and Research Information Service (KERIS). |
|
B. |
Designation and minimization of the number of privacy officers ACU-OER has designated and minimized the number of privacy officers, or persons who take charge of handling personal information, and implemented measures to manage personal information. |
|
C. |
Restricted access to personal information ACU-OER takes necessary measures to control access to personal information through granting, modifying, and terminating rights to gain access to the database system that processes personal information. ACU-OER also controls unauthorized access from outside using an intrusion prevention system. |
|
D. |
Storage of access records and prevention of forgery ACU-OER stores and manages access records (Web logs, summary information, etc.) in the personal information processing system for at least six months. ACU-OER also takes security measures to prevent forgery, theft, or loss of the access records. |
|
E. |
Encryption of personal information The user’s personal information is encrypted to be stored and managed. ACU-OER also implements separate security measures for important data through encryption when storing or transferring them. |
|
F. |
Technical measures to prevent hacking, etc. ACU-OER installs computer security programs and periodically updates and monitors the programs to protect personal information from leakage and damage caused by hacking or computer virus. ACU-OER installs the personal information system in an area where access from outside is restricted and implements technical and physical surveillance of and shutting off access from outside. In addition, ACU-OER monitors network traffic and detects illegal attempts to change information. |
|
G. |
Access control to unauthorized persons ACU-OER separately sets up physical storage of personal information system, and establishes and operates access control procedures accordingly. |
| Article 8 Privacy officer |
| ACU-OER has designated the following privacy officers in order to protect personal information and to resolve complaints related to personal information pursuant to Article 31 Paragraph 1 of the Personal Information Protection Act. |
| Article 9 Request for viewing personal information |
| ① |
Users may request for viewing their personal information to the personal information protection department pursuant to Article 35 of the Personal Information Protection Act. ACU-OER will endeavor to promptly process the request for viewing personal information from users. |
| ② |
In addition to the Department of Paragraph 1, users may also request for viewing their personal information through the website (www.privacy.go.kr) of the Privacy Information Protection Portal of the Ministry of the Interior. |
|
* |
Privacy Information Protection Portal of the Ministry of the Interior → Civil affairs on personal information → Request for viewing personal information (Authentication of real name is required through public I-pin service.) |
| Article 10 Remedies for infringement on rights and interests |
| Users may inquire of the following organizations about remedies, consultation, etc. for damage from infringement on their personal information. As the following organizations are independent of ACU-OER, please inquire of the organizations for further help if you are not satisfied with ACU-OER’s resolution of complaints about personal information or with the outcomes of remedies for damage. |
|
A. |
Personal Information Infringement Report Center (run by the Korea Internet &Security Agency) |
|
- |
Job description : Report infringement on personal information, request for consultation |
|
- |
Website : http://privacy.kisa.or.kr |
|
- |
Tel : 118 (without area code) |
|
- |
Address : (05717) 135 Jungdaero, Sonpa-gu, Seoul, Korea, Personal Information Infringement Report Center, the
Korea Internet &Security Agency |
|
B. |
Personal Information Dispute Resolution Committee (run by the Korea Internet &Security Agency) |
|
- |
Job description : personal information dispute settlement application, collective dispute resolution (civil resolution) |
|
- |
Website : http://privacy.kisa.or.kr |
|
- |
Tel : 118 (without area code) |
|
- |
Address : (05717) 135 Jungdaero, Sonpa-gu Seoul, Korea, Personal Information Infringement Report Center, the
Korea Internet &Security Agency |
|
C. |
Cybercrime Investigation Department: 82-2-3480-3571 (www.spo.go.kr, cybercid@spo.go.kr) |
|
D. |
Cyber Terror Response Center: 1566-0112 (www.netan.go.kr) |
| Also, any person can request administrative judgment in accordance with the Administrative Appeals Act for any infringement on his/her rights and interests caused by the request from the user for viewing, correction, deletion or suspension of processing personal information. |
|
* |
Please refer to the telephone numbers on the Central Administrative Appeals Commission's website (www.simpan.go.kr). |
| Article 11 Amendment to the privacy policy |
| This amendment shall be effective on December 12, 2018. |
| Announced date: December 12, 2018. |
| Effective date: December 12, 2018. |
