Personal Information Protection Policy

Pohang University of Science and Technology has the following management policies in compliance with the Personal Information Protection Act in order to protect users’ personal information and interests and to handle user complaints efficiently. When the personal information management policies are revised, it will be notified through the website announcements (or individual notification).

Article 1 The Purpose of Managing Personal Information

Pohang University of Science and Technology manages personal information for the following purposes. The managed personal data shall not be used for any purpose other than the following and when the purpose is changed, POSTECH will ask for prior consent.

  1. A.Provision of Services

    Personal information shall be managed for the purpose of payment and performance of the contract regarding the provision of services – POSTECH introduction and announcements, provision of educational content, user authentication, certificate issuance and admission, etc.

  2. B.Membership Registration and Management

    Personal information shall be managed for the purpose of user authentication, personal identification and delivery of notices, etc. which are required for the use of POSTECH membership services such as admission, academic affairs, students, books, research and health care, etc.

Article 2 Period for which Personal Information is Managed and Held and Items of Personal Information to be Managed

The items, management department, management basis and management period of personal information for the provision of POSTECH services and membership registration are as listed below.

The items, management department, management basis and management period of personal information for the provision of POSTECH services and membership registration are as listed below.
Personal Information File Name Collection Items Management Department Management Basis Management Period
International exchange student management Name, resident registration number, student ID number, contacts, E-mail, bank account number, address, grades, English test scores International Relations Team Foreign students and language trainee management guidelines
(Ministry of Education and Science Technology)
Semi-permanent
Development fund depositor management Name, resident registration number, donation history, contact, address, E-mail, etc. University Advancement Team Article 160(3), Income Tax Act
(Article 208(3), Enforcement Decree of the Income Tax Act)
Semi-permanent
Graduate enrollment management Name, educational background, date of birth, foreign registration number, gender, student ID number, etc. Graduate Admissions and Student Affairs Team Article 35, Enforcement Decree of the Higher Education Act
(Data for Admission Screening)
5 years
Graduate admissions applicants list Name, date of birth, educational background, grades, addresses, application fee payment, etc. Graduate Admissions and Student Affairs Team Article 35, Enforcement Decree of the Higher Education Act
(Data for Admission Screening)
5 years
Graduate school application fee settlement Name, application fee payment (yes or no) Graduate Admissions and Student Affairs Team Article 35, Enforcement Decree of the Higher Education Act
(Data for Admission Screening)
5 years
Graduate Scholarship Management Name, date of birth, address, scholarship organization, etc. Graduate Admissions and Student Affairs Team Article 3, Rules on College Education Fees
(Exemption or Reduction of Tuition)
10 years
University newspaper subscriber management Name, address The POSTECH Times Article 15, Personal Information Protection Act 5 years
Radiation workers management Name, resident registration number, employee/student number, contacts, E-mail, education history, special medical examination history, personal radiation exposure dosage General Affairs and Safety Team Atomic Energy Act Semi-permanent
Health Administration Name, resident registration number, student number, contacts, medical history General Affairs and Safety Team Article 7-3, School Health Act (Health Examination Records) 10 years
Smart card system administration Name, resident registration number, employee/student number, contacts, E-mail, address, photo, affiliation, department/division, position, etc. General Affairs and Safety Team IT service provision, consent of information subject Semi-permanent
Access control system management Name, resident registration number, employee/student number, department/division, position General Affairs and Safety Team IT service provision Semi-permanent
Academic Competition participants list Name, resident registration number, telephone number, mobile number, email address, date of participation Undergraduate Admissions Team Article 15, Personal Information Protection Act
(Collection and Use of Personal Information)
5 years
Management of students commissioned by Gyeongbuk Education Institute for the Gifted Name, resident registration number, telephone number, mobile number, email address Undergraduate Admissions Team Article 15, Personal Information Protection Act
(Collection and Use of Personal Information)
5 years
Management of students commissioned by Busan Education Institute for the Gifted Name, resident registration number, telephone number, mobile number, email address Undergraduate Admissions Team Article 15, Personal Information Protection Act
(Collection and Use of Personal Information)
5 years
DM Name, resident registration number, telephone number, mobile number, email address Undergraduate Admissions Team Article 15, Personal Information Protection Act
(Collection and Use of Personal Information)
3 years
Admissions applicants list Name, resident registration number, telephone number, mobile number, email address, family relationships, educational background, grades, rewards and punishments history Undergraduate Admissions Team Article 35, Enforcement Decree of the Higher Education Act
(Data for Admission Screening)
5 years
Library Lending Service management Account, name, employee/student number, contacts, E-mail, book lending status Academic Information Resources Team Article 35, Libraries Act (Duties) Semi-permanent
Residents management Name, resident registration number, student number, contacts, E-mail, address, Housing Services Team Statutes of Pohang University of Science and Technology 5 years
School register Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. Educational Affairs and Records Team Article 4, Enforcement Decree of the Higher Education Act (School Regulations) Semi-permanent
Grades Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. Educational Affairs and Records Team Article 4, Enforcement Decree of the Higher Education Act (School Regulations) Semi-permanent
Graduation Management Student number, name, resident registration number, account, address, telephone number, date of birth, contacts, E-mail, family relationships, bank account number, educational background, grades, awards and punishment history and other academic affairs information, etc. Educational Affairs and Records Team Article 4, Enforcement Decree of the Higher Education Act (School Regulations) Semi-permanent
Professional researcher list Name, gender, resident registration number, student ID number, department, contacts, E-mail Undergraduate Student Affairs Team Article 82, Enforcement Decree of the Military Service Act Semi-permanent
Employment management Name, gender, resident registration number, student number, department, contacts, E-mail Undergraduate Student Affairs Team Ministry of Education and Science Technology Directive No. 48, Instructions of basic education statistics survey 5 years
Students with disabilities Name, gender, resident registration number, student number, department, contacts, E-mail, disability ratings Undergraduate Student Affairs Team Article 30, Act on Special Education for the Disabled Persons, etc. 5 years
Scholarship Student Management Name, gender, resident registration number, student ID number, department, contacts, E-mail and scholarships payment history Undergraduate Student Affairs Team Article 3, Ministry of Education and Science Technology Rules No. 83, Rules on College education fees 10 years

* Other details of POSTECH’s personal information files status is available: visit the Personal Information Protection General Support Portal of the Ministry of Government Administration and Home Affairs (www.privacy.go.kr) → Civil petitions for personal information → Application for inspection of personal information → Personal information files list search. Then enter “Pohang University of Science and Technology” for the institute name to access the information.

Article 3 Personal Information Provided to Third Party

In principle, Pohang University of Science and Technology, manages the user’s personal information under the purposes set forth in Article 1 (The Purpose of Managing Personal Information) and without the prior consent of users, shall not manage the user’s personal information for any purpose other than intended ones, nor provide them to any third party: Provided, however that management in the following subparagraphs may be allowed

  1. 1.Where the user has, in advance, agreed to provide to a third party or disclose to the public.
  2. 2.Where the provision is required by statues.
  3. 3.Where it is necessary for performing a contract and considerably difficult to obtain the usual consent of a subject for economic or technical reasons.
  4. 4.Where personal information is used in a form by which an individual cannot specifically be identified.

Article 4 Entrustment of Personal Information Management

  1. 1.Pohang University of Science and Technology entrusts the smooth management of personal information as follows.

    <College Newsletter Dispatch Management>

    • Trustee: DUE
    • Entrusted affairs: collecting and managing the recipients of the newsletter and dispatching the newsletter, etc.
  2. 2.When Pohang University of Science and Technology concludes a contract for entrustment of personal information management, it clearly states in writing in accordance with Article 25 of the Korean Personal Information Protection Act; matters concerning prohibition of managing personal information for any purpose other than for performance of entrusted affairs; matters concerning technical and administrative protection measures; matters concerning the restriction on re-entrust; supervision and management of the trustee; and compensation for losses and any other liabilities. Moreover, it supervises whether the trustee safely manages the personal information.
  3. 3.When there is a change of the affairs of management or trustee, it shall be immediately disclosed through this privacy policy.

Article 5 The Rights and Responsibilities of the Subject of Information and Methods of Exercising Rights

A user may exercise its rights as follows.

  1. 1.A subject of information may exercise the following rights of personal information protection at any time towards Pohang University of Science and Technology.
    1. 1.To make a request for inspection of his/her personal information
    2. 2.To make a request for correction of errors, if necessary
    3. 3.To make a request for deletion
    4. 4.To make a request for suspension of management
  2. 2.The exercise of the rights pursuant to Clause 1 shall be implemented through submitting a hand-written document, sending an e-mail or a fax, etc. Then Pohang University of Science and Technology shall take necessary measures immediately.
  3. 3.When the subject of information makes a request for either correction or deletion of errors of personal information, Pohang University of Science and Technology shall not use or provide the corresponding personal information until the correction or deletion process is completed.
  4. 4.The exercise of the rights pursuant to Clause 1 shall be conducted by his/her legal representative of the subject of information or a person who holds a delegation of authority. Provided, however that it is necessary to submit a power of attorney in Appendix 11 prescribed by Enforcement Rule of the Personal Information Protection Act.

Article 6 Destruction of Personal information

In principle, Pohang University of Science and Technology shall destroy the personal information immediately when management purpose of personal information is achieved. Methods, procedures and periods of destroying personal information are as follows.

  • Destruction Procedure
    Once the management purpose of the information that users registered is achieved, the information shall be destroyed immediately or after the lapse of time period for which the storage in a separate DB (or in a separate document, if it was in the form of papers) is allowed as prescribed in relevant acts or internal policy. At this time, the personal information transferred to the separate DB shall not be used for any other purpose other than the ones prescribed in the regulations.
  • Destruction Period
    When the personal information holding period is expired, the information shall be destroyed within 5 days from the expiration date. When the information becomes unnecessary as its management purpose is achieved, the relevant service is terminated, the relevant business is closed and any other ground shall destroy the personal information within five (5) days from the date that the personal information is acknowledged to be of no need.
  • Destruction Method
    Electronic file form of information shall be permanently deleted beyond recoverability through technical measures. Personal information printed on paper shall be shred or incinerated.

Article 7 Measures to Ensure Safety of Personal Information

Pohang University of Science and Technology takes the technical, administrative and physical measures to ensure safety pursuant to Article 29 of the Korean Personal Information Protection Act.

  1. 1.Minimizing the numbers of managing employees of personal information and Educating them
    For personal information management, it is our policy to appoint and give an access authority to only the managing employees of personal information at a minimum level.
  2. 2.Enforcement of periodic internal audit
    To ensure safety in managing personal information, internal audit is carried out periodically (by quarter).
  3. 3.Establishment and enforcement of internal management plan
    POSTECH establishes and enforces the internal management plan to ensure safe management of personal information.
  4. 4.Encryption of personal information
    For the storage and management of user’s personal information, it is encrypted with passwords that only a user can identify. For more important data, additional security features are applied such as the encryption of files and transmitted data and the file lock-down, etc.
  5. 5.Technical measures against hacking, etc.
    To prevent the leak and damage of personal information through hacking or computer viruses, etc., Pohang University of Science and Technology installs, checks and renew periodically the security program. Moreover, the university installs the system in access control area from outside and manages the system with the technical and physical surveillance and interception measures.
  6. 6.Limited access to personal information
    We take necessary measures for access control to personal information through assigning, changing, terminating access authority to the database system managing personal information; and POSTECH controls unauthorized access from outside through firewall system.
  7. 7.Tamper-proof archiving of access records
    POSTECH stores and manages the access records to the personal information management system for at least 6 months. Moreover, the university adopts security features to prevent the forgery, illegal alteration, theft and loss of the access record.
  8. 8.Access control against unauthorized persons
    POSTECH installs physical space to store the personal information and establishes and enforces access control procedures.

Article 8 Personal Information Protection Officer

Pohang University of Science and Technology appoints personal information protection officers as described below who are in charge of the personal information management to help deal with complaints from the subjects of information and remedy against injury.

Article 8 Personal Information Protection Officer
Chief personal information protection officers at POSTECH Personal information protection officer at POSTECH
Academic Affairs Division
  • Department in charge: Director, Information and Communication Services Team
  • Staff in charge: Information security officer
  • Tel: 054-279-2514
  • Email: security@postech.ac.kr
Educational Affairs and Records Division
Human Resources Division

Article 9 Remedies for Rights and Interests Infringement

The subject of personal information may apply for dispute resolution or consultation to secure the remedies for personal information infringement towards the Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc.
For other personal information infringement reporting and consultation, contact the following agencies.

  • Personal Information Infringement Report Center (under the Korea Internet & Security Agency): (without area code) 118 ( privacy.kisa.or.kr )
  • Personal Information Dispute Mediation Committee (under the Korea Internet & Security Agency): (without area code) 118 ( privacy.kisa.or.kr )
  • Cybercrime Investigation Division, Supreme Prosecutors’ Office: + 82-2-3480-4555 ( www.spo.go.kr )
  • Cybercrime Investigation Division, National Police Agency: 1566-0112 ( www.netan.go.kr )

Article 10 The Changes of Personal Information Policy

This personal information policy applies from the date of enforcement and in the event of addition, deletion and amendment of its content. Following the change in the statutes and policies, the event will be notified via announcement on the website 7 days prior to the enforcement.

Enforcement date: January 29, 2016

Last Modified : 2017-03-06