Korea Education and Research Information Service collects, retains and processes all personal information based on relevant laws or with the consent of the information subject.

Korea Education and Research Information Service, an agency supported by the Ministry of Education, provides ACU Platform, an educational information service.
To safeguard the freedom and rights of information subjects, the Korea Education and Research Information Service handles and secures personal data in accordance with the "Personal Information Protection Act" and other applicable laws. Consequently, in accordance with Article 30 of the "Personal Information Protection Act," information subjects are informed of the procedures and standards for handling personal information. In order to promptly and efficiently handle related difficulties, the following policy for processing personal information is established and disclosed.

Article 1 (Purpose of Processing Personal Information)

① The objectives for which Korea Education and Research Information Service handles personal information are as follows. The personal information being processed will not be used for any other purpose, and if the purpose of use changes, the actions required by Article 18 of the Personal Information Protection Act, such as obtaining separate consent, will be implemented.

1. Membership registration and management
   We process personal information for the purposes of confirmation of intention to join membership, identification and authentication of identity according to provision of membership service, maintenance and management of membership, prevention of illegal use of services, confirmation of consent of legal representative when handling personal information of children younger than 14 years old, providing various notices, and resolution of complaints.

2. Handling of civil complaints
   Personal information is processed for the purposes of establishing the complainant's identity, confirming complaints, contacting and notifying for fact-finding, and communicating the results of processing.

3. Utilization in improving the service
   Personal information is processed for the development and specialization of new services, data for delivering tailored services, identification of access frequency, statistics on member service usage, and the dissemination of information about new services and events.

Article 2 (Processing and Retention Period of Personal Information)

① Korea Education and Research Information Service processes, maintains, and uses personal information in compliance with applicable laws and regulations or within the duration of retention and use of personal information to which the information subject agreed at the time of collection. After this term expires, separate consent is obtained.
② The processing and retention periods for each type of personal information are as follows. However, personal information is processed and retained until the investigation or inquiry is complete in the event of a violation of related laws and regulations, and until the settlement of the bond/debt relationship if the bond/debt relationship remains as a result of the use of the website.

[ Website membership registration and management ]
   1) When three years have passed from the date of the last access (based on login), the account is deactivated
   2) Until membership withdrawal
   3) When three years have passed since the date of the last consent to the use of personal information, the information will be deleted.
       (If re-consent is not obtained, it is destroyed when three years have elapsed from the date of last consent.)

Article 3 (Registration and Disclosure of Personal Information File)

① In accordance with Article 32 of the "Personal Information Protection Act", the "Korea Education and Research Information Service" registers personal information files containing items of personal information with the Personal Information Protection Committee.
② The purpose of processing, retention period, and items of personal information files are regulated differently depending on the characteristics of each personal information file. Detailed information for each personal information file can be found through the link below. 

Name of Personal Information File	Purpose of processing	Items collected		Retention Period
User registration information file	- Registration and participation in online   courses within the ACU platform - service improvement - processing civil affairs	Required	Name, e-mail	Three years or until the withdrawal of the member from the ACU platform
		Optional	Country, Organization/University, Contact number, Profile photo
Learning activity information file	To provide online learning service	Optional	Learning activity information	Semi-permanent, Until the date when user request
Certificate information file	To issue online certificate	Optional	Certificate information	Semi-permanent, Until the date when user request

Article 4 (Provision of Personal Information to Third Parties)

① Korea Education and Research Information Service handles the personal information of users solely within the scope defined in Article 1 (Purpose of Processing Personal Information) and does not process it beyond the original scope or transfer it to a third party without the user's consent. However, personal information is only disclosed to third parties in accordance with Articles 17 and 18 of the "Personal Information Protection Act," such as with the consent of the information subject and under exceptional legal provisions.

② Korea Education and Research Information Service provides the following personal information to third parties:
   [ Survey of Public Institutions' Customer Satisfaction ]
     - Recipient of private information: Research organization (refer to notice)
     - Purpose for utilizing the recipient's personal information: Surveying individuals who have personally encountered the services of the Korea Education and Research
       Information Service as part of public institution customer satisfaction surveys
     - Personal information supplied: service name, client (corporate) name, name, email address
     - Recipient's retention and use period: Until the completion of the customer satisfaction survey

Article 5 (Consignment of Processing Personal Information)

① Korea Education and Research Information Service entrusts the processing of personal information to a third party for the efficient processing of personal information.

② Korea Education and Research Information Service prohibits the processing of personal information other than for the purpose of performing entrusted work in accordance with Article 26 of the "Personal Information Protection Act" when entering into a consignment contract, and documents such as contracts specify technical and administrative protection measures, restrictions on re-entrustment, management and supervision of trustees, compensation for damages, etc. We oversee the trustee's safe handling of sensitive data.
   1. Purpose and Scope of the Entrusted Tasks
   2. Prohibition of Processing Personal Information for Purposes Other Than the consigned Tasks
   3. Technical and Managerial Safeguards
   4. Restrictions on Sub-Entrustment
   5. Management and Supervision of Entrusted and Sub-Entrusted Institutions, Including Liability and Compensation for Damages

③ Korea Education and Research Information Service shall immediately report any changes to the contents of consignment or recipient through our personal information processing policy.

Consigned tasks	Consigned‧sub-consigned Institution
	Category	Institution Name	Consignment Period
- Support for ACU Platform service   operations - Preservation and usage of personal   information	Consigned	Futurenuri Co. Ltd.	- January 2025 – December 2025 - Until membership withdrawal or   consignment agreement expiration

Article 6 (Procedures and Methods for Destruction of Personal Information)

① Korea Education and Research Information Service destroys the personal information without delay when it is no longer necessary, such as when the personal information retention term expires or the processing purpose is fulfilled.

② The approach and method for destroying personal information are as follows.
    1. Destruction procedure
    Korea Education and Research Information Service generates a personal information destruction plan and then destroys the personal information (or personal information file). Korea Education and Research Information Service identifies the personally identifiable information for which the reason for destruction has occurred and destroys it in accordance with the applicable procedure.

    2. Destruction method
    Korea Education and Research Information Service eliminates personal information recorded and stored in electronic file format so that it cannot be replicated, and destroys personal information recorded and kept in paper documents by crushing or incinerating them.

③ If the personal information retention period consented to by the personal information subject has expired or if the personal information must be kept in accordance with other laws despite the achievement of the purpose of processing, the personal information may be moved to a separate database (DB) or stored in a different location in order to preserve it. If there is a need to preserve, we will reveal the items of personal information and the rationale for preservation in this policy.

Article 7 (Rights and Duties of Information Subjects and Legal Representatives and Implementing Methods)

① The information subject may at any moment exercise the following rights pertaining to the protection of their personal information with Korea Education and Research Information Service
    1. a request to review one's personal information
    2. a request to fix any inaccuracies, etc.
    3. a request for deletion
    4. a request to halt processing
    ※ Requests for access, correction, deletion, or suspension of processing of personal information for children under the age of 14 must be made directly by their legal representative. For minors aged 14 and above, the information subject may exercise their rights regarding personal information either personally or through a legal representative.

② The exercise of rights under Paragraph 1 may be made in writing, by e-mail, fax, and so on in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and Korea Education and Research Information Service will take prompt action.
    *. [Ministry of Education Personal Information Protection Guidelines Attachment No. 1] Request Form for Personal Information (Reading, Correction/Deletion, Suspension of Processing, Withdrawal of consent)

③ If the information subject requests correction or deletion of inaccurate personal information, the information will not be used or disclosed until the request is fulfilled.

④ The exercise of rights under Paragraph 1 may be conducted through an agent, such as the information subject's legal representative or a delegated individual. In this instance, you must submit a power of attorney in accordance with Attachment No. 2 of the Ministry of Education Personal Information Protection Guidelines Notice.
    *. [Ministry of Education Personal Information Protection Guidelines Attachment No. 2] Power of Attorney

⑤ The information subject's rights of requesting to view personal information and halt processing may be restricted in line with Article 35, section 4, and Article 37, section 2, of the “Personal Information Protection Act”.

⑥ If the personal information is specified as a target of collection in other laws, it is not possible to seek its correction or deletion.

⑦ Korea Education and Research Information Service verifies if the person making a request, such as a request for access, a request for correction/deletion, or a request for suspension of processing, is the information subject or a legitimate representative, in accordance with the information subject's rights. Article 35 of the 'Personal Information Protection Act' allows information subjects to request access to their personal information at the department listed below. Korea Educational Research Information Service will make every effort to immediately handle an individual's request to obtain his or her personal information.

Section in charge	Service name	Responsible personnel	Contact Information
Higher Education Innovation Section	ACU Platform service	Person in charge : Kwang-hoon Jung Staff in charge : Borim Seo	☎+82-(0)53-714-0530 (Mail) benecia0109@keris.or.kr    acu_team@keris.or.kr (Fax) +82-(0)53-714-0194

⑧ Outlined below is the method for filing an objection due to dissatisfaction in the event that the information subject's request to exercise his or her right is denied.
    1) In the case of a delay or denial of a request for inspection, etc. by the relevant department, the relevant department is notified within 10 days of receipt of the request of the legitimate cause and manner of submitting an objection.
    2) The relevant department applies and receives the information subject's objection (in writing, via phone, by e-mail, etc), and the person in charge of the protection of personal information reviews the content.
    3) Final assessment of processing results by the person in charge of managing personal information
    4) The relevant department notifies the information subject of the outcome of the processing

*. Personal Information Access and Objection Form

In addition to the department described in Paragraph 8 for accepting and processing access requests, the information subject may seek access to personal information using the website titled "Personal Information Protection Portal" (www.privacy.go.kr).
▶ Personal Information Protection Portal → Civil Service Center → Request for personal information viewing, etc. (Mobile phone or I-PIN, are required for identification)

*. Information Subject and Procedure for Requesting Access, Correction· Deletion, and Suspension of Personal Information Processing

Article 8 (Measures Ensuring the Safety of Personal Information)

Korea Education and Research Information Service takes the following precautions to protect personal information in line with Article 29 of the "Personal Information Protection Act."

1. Establishment and Implementation of an Internal Management Plan : The Korea Education and Research Information Service establishes and implements an internal management plan in accordance with standards for ensuring the safety of personal information. Each year, we establish a basic operational plan to create a system that ensures more secure management of personal information.
2. Minimization and Training of Personnel Handling Personal Information : We minimize the designation of personnel authorized to handle personal information and conduct regular training.
3. Access Restrictions to Personal Information : Access to personal information is managed by granting, modifying, and revoking permissions within the database system that stores this information. Additionally, we implement intrusion prevention and detection systems to regulate external access.
4. Retention of Access Records and Prevention of Tampering : Access records for the personal information processing system are securely recorded and stored in compliance with established standards for safeguarding personal information.
5. Encryption of Personal Information : The personal information of data subjects is encrypted during both storage and management. Furthermore, sensitive data is encrypted during storage and transmission, and additional security measures are implemented to ensure its protection.
6. Technical Measures Against Hacking : The Korea Education and Research Information Service implements security programs that undergo regular updates and inspections to prevent personal information leaks caused by hacking or computer viruses. Additionally, we install systems in controlled areas to ensure both the technical and physical safety of the system from external access.
7. Control of Unauthorized Access : Personal information systems and related data are stored in a secure, separate physical location.
8. Additional Privacy Protection Activities : In addition to the regulations mandated by law, we participate in various personal information protection initiatives. These include developing and distributing awareness materials and obtaining certifications related to personal information, all aimed at ensuring the secure management of data subjects' personal information.

Article 9 (Installation, Operation and Rejection of Automatic Personal Information Collection Device)

① Korea Education and Research Information Service uses 'cookies' to store and retrieve user information as needed in order to provide personalized services to information subjects.

② Cookies are a small quantity of information supplied by the server (http) used to operate the website to the user's computer browser, and they are also kept on the mobile user's PC's hard drive.
    1) Purpose of use of cookies:  Cookies are utilized to offer consumers with more convenient services.
    2) Installation, use, and rejection of cookies: You may configure your browser's option settings to accept or reject cookies.
    ▶ Allowing or Blocking Cookies in Web Browsers
      - Chrome : Web browser Settings > Privacy and security > Clear browsing data
      - Edge : Web browser Settings > Cookies and site permissions > Manage and delete cookies and site data
      - Whale : Settings menu at the top right of the web browser > Privacy > Clear browsing data
    ▶ Allowing or Blocking Cookies in Mobile Browsers
      - Chrome : Mobile browser settings > Privacy and security > Clear browsing data
      - Safari : Mobile device settings > Safari > Advanced > Block all cookies
      - Samsung Internet: Mobile browser settings > Browsing history > Clear browsing data
    3) If you reject or restrict the storing of cookies, you may encounter difficulty utilizing the service.

Article 10 (Officer for the Protection of Personal Information)

① The "Korea Educational Research Information Service" is responsible for the handling of personal information and appoints the following person in charge of personal information protection for handling complaints and redressing damages of information subjects resulting from the processing of personal information.

Section	Person in Charge	Contact Information
KERIS Chief Officer for the Protection of Personal Information	Taewoo KIM, Information Security Division	· Tel: +82-(0)53-714-0439 · Fax: +82-(0)053-714-0195 · Email: lsy@keris.or.kr
KERIS Manager for the Protection of Personal Information	Sangyeop LEE, Personal Information Policy Section

② The information subject can inquire about any matters pertaining to the protection of personal information, including complaint management and damage relief. The Korea Education and Research Information Service (KERIS) will respond to and manage information-related inquiries.

Article 11 (Method of Remedy for Infringement of Rights)

① To gain relief from personal information infringement, the information subject may submit a request for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency’s Personal Information Infringement Report Center. In addition, please contact the following institutions for complaints and consultations regarding violations of personal information.
    1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
    2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
    3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
    4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

② The "Korea Education and Research Information Service" ensures the right to self-determination of personal information of information subjects and aims to provide counseling and remedy from damage resulting from personal information violation. In case of any need for assistance or consultation, please contact the department listed below.

    ▶ Customer consultation and reporting related to personal information
        Section in charge: Higher Education and Lifelong Learning Section
        Staff in charge: Borim SEO
        Contact Information: ☎+82-(0)53-714-0530
                 (Mail) beneica0109＠keris.or.kr/acu_team@keris.or.kr
                 (Fax) +82-(0)53-714-0194

③ Regarding requests under Article 35 (Perusal of Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing, etc) of the "Personal Information Protection Act", a person whose rights or interests have been encroached due to a disposition or omission taken by the head of a public institution may file an administrative appeal pursuant to the Administrative Appeals Act.
※ For additional information about administrative adjudication, please call 110 or visit the Central Administrative Appeals Committee's website (www.simpan.go.kr).

Article 12 (Diagnosis Result of Personal Information Management Level)

① Korea Education and Research Information Service undergoes an annual "Public Institution Personal Information Management Level Diagnosis" conducted by the Personal Information Commission in accordance with Article 11 of the "Personal Information Protection Act" in order to safely manage the personal information of information subjects.

② Korea Education and Research Information Service received an "A grade" in the 2023 Personal Information Management Level Diagnosis conducted by the Personal Information Commission.

Article 13 (Judgment Criteria of Additional Use and Provision)

Regarding situations under the Article 14 Section 2 of the "Enforcement Decree of Personal Information Protection Act," Korea Education and Research Information Service may use or disclose personal information without the agreement of the information subject as well as in line with Articles 15  Section 3 and Article 17 Section 4 of the "Personal Information Protection Act." Therefore, if the "Korea Education and Research Information Service" makes more use and provision without the information subject's agreement, we will assist you through this Privacy Policy to identify the consideration criteria for such use and provision.
  ▶ Whether the objective of additional use or provision of personal information is relevant to the original purpose of collection
  ▶ Whether additional use or provision is predictable in light of the circumstances under which personal information was gathered or processing practices
  ▶ Whether the additional use or provision of personal information unduly infringes on the information subject's interests
  ▶ Whether required safety measures, such as pseudonymous processing or encryption, have been implemented

Article 14 (Change of Privacy Policy)

When Korea Education and Research Information Service modifies the personal information processing policy in line with Article 30 of the "Personal Information Protection Act," the changes are announced on the website so that the subject of the information may readily access it, and the change history is maintained.
① The effective date of this personal information processing policy is 17 March, 2025.
② You may view the previous privacy policies by selecting the previous versions, provided at the dropbox at the top right corner of this policy.