Privacy Policy

• Established the university privacy policy : September 1, 2011.
• 1st amendment of the privacy policy : Enforced on September 8, 2014.
• 2nd amendment of the privacy policy : Enforced on January 1, 2017.
• 3rd amendment of the privacy policy : Enforced on January 1, 2018.
• 4th amendment of the privacy policy : Enforced on January 1, 2019.
• 5th amendment of the privacy policy : Enforced on January 30, 2020.
• 6th amendment of the privacy policy : Enforced on February 1, 2021.
• 7th amendment of the privacy policy : Enforced on May 10, 2021.

① Personal information shall be used in accordance with the purpose of use, but shall be processed in accordance with each of the following subparagraphs.

1. The personal information provided at the time of membership registration shall be processed for the verification of personal information to allow member access to membership services, prevent illegal use by bad members, block the use of membership services by unauthorized members, preserve records for dispute resolution/complaint handling purposes, and deliver notices, etc.
2. Personal information provided at the time of initial library membership registration shall be used only for library-related business, such as returning books and managing users.

② In case the purpose of use of personal information is amended, prior member consent shall be obtained.

① [Personal Information Protection Act] Pursuant to Article 32 of the Act, a personal information file containing items of personal information shall be registered with the Minister of the Interior and Safety.
② The processing and retention period of personal information files registered with the Minister of the Interior and Safety shall be as follows.

① In principle, the personal information of a member shall be processed within the range specified for the purpose of its collection and use. Except for the following cases, personal information shall not be processed beyond the scope of its original purpose or provided to a third party without the prior consent of the member.

1. When obtaining separate consent from the member
2. When there are special provisions in the law
3. When the member or the member’s legal representative is unable to express his/her intention or if prior consent cannot be obtained due to unknown/inaccurate address information, etc. (here, the provision of personal information must be clearly necessary in responding to immediate threats to the life, body, or property of the member or a third party)
4. When providing in a form that does not reveal the identity of a specific individual (used for the purpose of statistical preparation and academic research)
5. When personal information is not used for purposes other than the intended purpose, or when it is impossible to perform the duties prescribed by other laws and has undergone deliberation and resolution by the Protection Committee if the personal information is not provided to a third party
6. When it is necessary to provide the personal information to a foreign information agency or international organization for the implementation of treaties and other international agreements
7. When the personal information is necessary for the investigation of a crime and the initiation and maintenance of public prosecution
8. When the personal information is necessary for the execution of the judicial affairs of the court

① Pursuant to Article 26 of the Personal Information Protection Act, details regarding the consigned tasks related to the processing of personal information and the consigned entity (institution) are as follows.

② When consigning the processing of personal information to a third party, it shall be processed according to the documents stipulating the following requirements. Details of the consigned tasks and the consigned entity (including changes) shall be disclosed on the website.

1. Matters concerning the prohibition of processing of personal information other than for the purpose of performing consigned tasks
2. Matters concerning technical and administrative protection measures for personal information
3. Following matters prescribed by Presidential Decree for the safe management of personal information

③ Educate consigned entities to prevent loss, theft, leakage, alteration, or damage of personal information provided by members, and supervise whether consigned entities safely process personal information (e.g. check processing status).

The member (information subject) can exercise the following rights, and the legal representative of a child under the age of 14 may request to access, correct, delete, or suspend the processing of the child’s personal information.

① (Request to access personal information) A member or legal representative of a child under the age of 14 may request access to personal information files retained by Kyungpook National University pursuant to Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, requests to access personal information may be restricted as follows pursuant to Article 35 Paragraph 5 of the Act.

1. If access is prohibited or restricted by law
2. If there is a risk of harming the life or body of another person or unfairly infringing upon the property rights and other interests of another person

② (Request to correct/delete personal information) A member or legal representative of a child under the age of 14 may request to correct/delete personal information files retained by Kyungpook National University pursuant to Article 36 (Rectification or Erasure of Personal Information) of the Personal Information Protection Act. However, if the personal information item in question is specified as a required item in other laws, the request shall be denied.
③ (Request to suspend the processing of personal information) A member or legal representative of a child under the age of 14 may request to correct/delete personal information files retained by Kyungpook National University pursuant to Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act. However, requests to suspend the processing of personal information may be declined as follows pursuant to Article 35 Paragraph 5 of the Act.

1. If there are special provisions in the law or it is unavoidable to comply with legal obligations
2. If there is a risk of harming the life or body of another person or unfairly infringing upon the property rights and other interests of another person
3. If a public institution cannot perform its duties as stipulated in other laws without processing said personal information
4. If it is difficult to fulfill a contractual obligation (e.g. not being able to provide the service agreed with the data subject if personal information is not processed, etc.), and the data subject does not clearly indicate his/her intention to terminate the contract

① Kyungpook National University Library handles and retains personal information items in accordance with the workflow specified in Article 2 Paragraph 2. The following personal information items may be automatically created and collected in the course of using the library’s online services.

1. IP address, Cookies, MAC address, Service use records, access records, bad use records, etc.

① Once a personal information item becomes unnecessary (e.g. expiration of the personal information retention period, achievement of the purpose of processing personal information, etc.), the entity tasked with handling said personal information item shall report it in writing to the person in charge of personal information protection without delay, and destroy the personal information. However, exceptions may be made when further retention is required according to other laws.
② Personal information in electronic form shall be destroyed using technical means that render the information non-reproducible or recoverable. Personal information on paper shall be destroyed by way of shredding or incinerating the paper.

① In order to secure the safety of personal information, the library shall take the following measures.

1. Technical measures : Restrict access to personal information, prevent intrusions, encrypt unique identification information, store access records, etc.
2. Managerial measures : Establish and implement an internal management plan, minimize personnel tasked with handling personal information, conduct regular employee training, etc.
3. Physical measures : Control access to data storage rooms, install locking mechanisms, etc.

① Kyungpook National University Library uses “cookies” that store and retrieve access information on-demand to provide users with customized services.
② Cookies are a small collection of information that the server operating a website sends to the user’s computer browser. They are also stored on the hard disk drive of the user’s PC.

1. Purpose of cookies: Cookies are used to provide optimized information to users by identifying the types of access and usage of each service as well as websites visited by the user, popular search terms, and whether or not secure access is available.
2. Installation, operation, and rejection of cookies: Members can refuse to store cookies by going to the Tools>Internet Options>Personal Information menu at the top of the web browser.
3. If a member refuses to use cookies, he/she may experience difficulties in using customized services.

In the case of personal information infringement, the member in question may apply for dispute resolution or consult with the relevant institution in order to seek a remedy.

1. Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
3. National Digital Forensic Center : 02-3480-3573 (www.spo.go.kr)
4. Korean National Police Agency Cyber Bureau : 182 (cyberbureau.police.go.kr)

② Pursuant to Article 35 of the Personal Information Protection Act, a member can request to access, correct, delete, suspend processing, and check the retention of personal information files containing his/her personal information, etc. at the General Affairs Division of the Secretariat (4th floor of the main building / 053-950-2516).

① The privacy policy shall be enforced and amended as follows.

1. Establishment of the university privacy policy (2011. 9. 1.) Privacy policy
2. Establishment of the university privacy policy (2014. 8. 1.) Privacy policy
3. Establishment of the university privacy policy (2017. 1. 1.) Privacy policy
4. Establishment of the university privacy policy (2018. 3. 1.) Privacy policy
5. Establishment of the university privacy policy (2019. 2. 1.) Privacy policy
6. Establishment of the university privacy policy (2020. 1. 30.) Privacy policy
7. Establishment of the university privacy policy (2021. 2. 1.) Privacy policy
8. Establishment of the university privacy policy (2021. 5. 10.) Privacy policy

② This privacy policy shall be enforced on January 25, 2022.