Privacy Policy

  • 페이지 위로
  • 페이지 아래로

Personal Information Protection Policy

The following describes the personal information protection policy of the National Library of Korea (NLK), which is designed to protect the privacy of its users and address related problems in a timely and seamless manner in compliance with Article 30 of the Personal Information Protection Act.

Acquisition and storage of personal information
The NLK acquires and stores its users’ personal information in accordance with the law and only with the express consent of relevant individuals. Major personal information files that the NLK retains in compliance with the law are the followings.
Acquisition and storage of personal information
File name Holding Period Applicable Law Objectives List of Personal Information Collected
Small Library material mangement system (KOLASYS-NET II) user list 3 yrs Personal Information Protection Act Article 15.1 Obtaining the Consent of an Owner of Information and Small Library material mangement system (KOLASYS-NET II) Operation Guidelines Book loan/return service and user identification for Small Library users, making announcements (essential items) Name, ID, date of birth, password, gender, CI(optional) E-Mail, home phone, cellphone number(contact number)
Small Library material mangement system (KOLASYS-NET II) administrator list 3 yrs Personal Information Protection Act Article 15.1 Obtaining the Consent of an Owner of Information and Small Library material mangement system (KOLASYS-NET II) Operation Guidelines User identification for Small Library users, making announcements (essential items) Name, address(work), E-Mail, cellphone number(contact number), ID, password, title, related information(optional) name of department
Database of Chaekeum Service (Library one service) users Until canceling the membership Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Provision of the Chaekeum Service (Library one service) (essential items) Name, email, cellphone number(contact number), membership number, CI(other) ID, password
NLK Integrated Service users 2 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the library users and provision of customized information service (essential items) Name, address(home), E-Mail, cellphone number(contact number), date of birth, ID, password(optional) address(work), home phone, work phone
Database of participants to librarian training Semi-permanent Libraries Act Article 19 and Enforcement Decree of the Talent Development for Public Officials Act Article 44 Management of the training history of training participants (essential items) Name, E-Mail, contact number, date of birth, gender, place of employment and department, title, responsibilities, certification, appointment date
Database of lecturers for librarian training 30 yrs Libraries Act Article 19 and Enforcement Decree of the Talent Development for Public Officials Act Article 44 Management of internal/external lecturers for librarian training (essential items) Name, date of birth, gender, type, employment status, place of employment and department, title, etc. (optional) address, E-Mail, contact number, place of ployment, title,lecture subject, license plate number
Users of the KOLASYS-NET (Small Library Integrated Materials Management System) 3 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the users of the KOLASYS-NET (essential items) Name, address(home), E-Mail, cellphone number(contact number), date of birth(other) place of employment, ID, password
Users of the Information Center for the Disabled Semi-permanent Personal information collected by the consent of users with reading disabilities as per internal operation rules Management of the users of the Information Center for the Disabled (essential items) Name, cellphone number(contact number), date of birth, disability type and level(other) place of residence (city)
Database on the members of the Library Service Council for Children 10 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the members of the Library Service Council for Children (essential items) Name, place of employment, workplace address, phoe number, cellphone number, E-Mail(other) fax number, department, title
Users of the Video Studio of the Digital Library Media Center 1 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the studio equipment and facility users (essential items) Name, ID, contact number, previous experiences and production details, date of birth (optional) address, E-Mail, job and place of employment
Users of the Audio-Visual Studio of the Digital Library Media Center 1 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the studio equipment and facility users (essential items) Name, ID, contact number, previous experiences and production details, date of birth (optional) address, E-Mail, job and place of employment
DB of members the integrated authentication service Until canceling the membership Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Provision of a member authentication service for the joint use of digital library seat reservation in local public libraries (essential items) Name, ID, password, library user number
National Library for Children and Young Adults Program Applicants 3 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of program applicants (essential items) Name, home phone, date of birth (other) gender, school, ID, password
Users of the International Network for Korean Studies Librarians (INKSLIB) Semi-permanent Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and the NLK’s internal regulations Operation of the International Network for Korean Studies Librarians (INKSLIB) (essential items) Name, E-Mail, gender, place of employment and department, address, phone number, fax number (optional) whether or not receiving The Report on the Trend in Korean Studies Libraries, whether or not disclosing email address, the proportion of the work related Korean Studies in the person’s role at work)
For more details on personal information files managed by the Ministry of Culture, Sports and Tourism, please visit www.privacy.go.kr (Comprehensive Support for Privacy Protection Portal of the Ministry of Government Administration and Home Affairs)→Regarding Personal Information →Requests for Access to Personal Information →Catalog Service for Personal Information Files.
The data that is automatically collected and stored when browsing our website: the following data is automatically collected and stored in order for statistical analysis to improve our service and user experience.
→Domain name of the user’s Internet server, the websites that you visited before coming to our website, visit dates
Data sharing by law: When required by law to preserve it, the user information will be retained for a specific period of time defined by the law. The information will be used only for the purpose of such preservation.
Access to personal information files
Acquisition and storage of personal information
Department in charge File name Contact details
Phone (Fax) E-mail Address
National Library of Korea Information Technology Division National Library of Korea Integrated Users DB (02) 590-0569
(02) 590-0577
webmaster@mail.nl.go.kr 201 Banpodae-ro Seocho-gu Seoul, 06579
The NLK will strive to protect its users’ rights by lawfully and appropriately processing users’ personal information that it retains. However, the information may be subject to partial publication in accordance with the law
Use and provision of personal information
Provision of the information to a third party
The NLK uses, provides to a third party, or publishes the personal information of its users only to the extent that meets the terms and conditions previously announced to or agreed upon by its users, except that the provision of such information is allowed or requested by the law.
Commissioning of personal information processing
In the case of commissioning another organization for the processing of the data it retains, the NLK shall establish necessary regulations and/or procedures in accordance with Article 26 of the Personal Information Protection Act (Restrictions to the commissioned processing of personal information) and requires the commissioner to abide by them. The NLK shall conduct monitoring of the commissioner’s observance of those regulations and/or procedures.
The types of personal information that the NLK is commissioning to a third party are as below.
Use and provision of personal information
Contracters Contracted Task List Description (Objectives) Duration
Daumsoft Inc. name, date of birth, gender, ID, password, address, contact number, email Operates the National Library of Korea’s official website Until the termination of the commissioning contract
Gapia Inc. email, mobile number (contact number) Maintains & repairs World Library, the National Library of Korea’s webzine system (only for delivering prizes for user surveys) Until the termination of the commissioning contract
Channel 121 name, address (home), place of employment, cellphone number (contact number) Publishes Library Today (sending mails and delivering prizes for user surveys) Until the termination of the commissioning contract
Chaeum Inc.
Consortium
• Chaeum Inc.
• eco Inc.
• Kait Inc.
Library One Service user number, library of membership issued, name, mobile number (contact number), gender, date of birth, email Manages Library One Service system Until the termination of the commissioning contract
ID, password Operates the Library One Service website
name, address(home), email, cellphone number(contact number), date of birth, place of employment, ID, password Manages Small Library material management system (KOLASYS-NET)
library of membership issued, membership number, name, date of birth, gender, phone number, cellphone number, email, address, ID, password Manages Small Library material management system (KOLASYS-NET II)
library of membership issued, membership number, name, ID, password Manages integrated authentication system
Limitations in the use and provision of data
While the use and provision of the personal information that the NLK retains is strictly restricted, Article 18 of the Personal Information Protection Act (Restrictions to the use and provision of personal information) defines exceptions as the following.
  1. Upon a special approval by data subjects
  2. In accordance with other laws
  3. When it is believed to be necessary for the clear benefit for the life, health, and/or property of the data subject but a prior approval is unobtainable due to such reasons as the inability of the individual or his/her legal representative to express his/her intent or the inability to find out the whereabouts of the individual or his/her legal representative
  4. When personal information is provided with anonymity for the purpose of statistical analysis or academic research
  5. When it is determined through the deliberation of the personal information protection committee that it is impossible to perform certain activities required by law unless such information is made available for such exceptional causes or to the third party
  6. When it needs to be provided to foreign governments or international organizations in order for international treaties/agreements to be implemented
  7. When it is needed for criminal investigation and/or prosecution
  8. When it is needed for court hearings; and
  9. When it is needed for the execution of court rulings such as imprisonment and protective disposition
Rights of data subjects
In accordance with Chapter 5 of the Personal Information Protection Act: Rights of Data subjects, data subjects have the rights as below in regard to the processing of personal information.
  1. Access to their personal information
  2. Request for correction or deletion of the information
  3. Request for discontinuance of the processing of the information
  4. Methods and procedures of the execution of rights
  5. Indemnification
Requests for access to, correction, deletion, or discontinuance of the processing of personal information files
In accordance with Article 35 (Access to personal information), Article 36 (Correction and deletion of personal information), and Article 37 (Discontinuance of the processing of personal information) of the Personal Information Protection Act, data subjects can make a request for access to, correction, deletion, or discontinuance of the processing of the information that the NLK retains.
Use and provision of personal information
Contact Information Technology Division, NLK
Method www.privacy.go.kr (Comprehensive Support for Privacy Protection portal run by the Ministry of the Interior and Home Affairs)→Regarding Personal Information →Requests for Access to Personal Information
Person in charge Kang, Su-yeon, Information Technology Division (02-590-0569)
Access to personal information
In accordance with the Personal Information Protection Act and related regulations, users can request for access to their personal information retained by the NLK.
그림설명
As to the following cases, access may be restricted in compliance with Clause 4 of Article 35 of the Personal Information Protection Act.
  1. 1. When access is prohibited or restricted by law
  2. 2. When it is likely to cause bodily harm to other individuals or unduly damage the financial and/or other interests of other individuals
    • Affairs related to taxation or refunds
    • Affairs related to academic assessment or admissions at educational institutions established by the Elementary and Secondary Education Act, Higher Education Act, Lifelong Education Act, and other laws
    • Affairs related to tests or qualification assessments regarding academic performance, skills, or employment
    • Affairs related to ongoing deliberations or assessments regarding compensation and benefits
    • Affairs related to audits and investigations being undertaken in accordance with the law
Correction, deletion, and discontinuance of the processing of personal information
  • Users may make a request for correction, deletion, or discontinuance of the processing of the information. If the information is subject to collection as defined by the law, however, it may not be deleted.
  • A request for correction, deletion, or discontinuance of the processing of personal information can be made.
  • 그림설명
Reporting of the violation of personal information protection
Correction, deletion, and discontinuance of the processing of personal information
  • Victimization by unlawful or unsolicited collection, utilization, provision, and/or commissioning of personal information or impingement of the rights of data subjects should be reported as the following
  • 그림설명
  • Or such incidents may be reported to the 118 Center run by the Ministry of Government Administration and Home Affairs in accordance with Article 62 of the Personal Information Protection Act (Reporting rights impingement).
    • Korea Internet and Security Agency 118 Center (http://www.kisa.or.kr, phone: 118)
Destruction of personal information
Users’ personal information will be destroyed upon the fulfilment of the purposes of its collection and utilization according to the following procedures and methods.
Procedures
  • Upon the completion of its goals, the personal information that the NLK has collected will be destroyed after being retained for a certain period of time defined by internal regulations and related laws for the purpose of information protection (See the Duration for Storage and Utilization).
  • Such personal information will not be used for purposes other than defined purposes for such storage unless prescribed otherwise by law.
Methods
  • Personal information printed in paper will be destroyed through shredding or incineration
  • Personal information stored in electronic formats will be irrevocably deleted
Measures to guarantee the security of personal information
The NLK has in place such technical/managerial measures as the following in order to securely protect the personal information of users from loss, disclosure, alteration, or damage.
Password encryption
  • Passwords are stored and managed by encryption technology and only known to corresponding users. Personal information can be viewed and changed only by the data subject who has the password to access it.
Storage of access records
  • The NLK keeps access records to its Personal Information Processing System (system logs, summary information, etc.) for minimum six months and take measures to prevent unauthorized alternation
Prohibition of unauthorized access
  • The NLK has the Personal Information Processing System in a separate physical location with measures to prohibit unauthorized access.
Anti-hacking measures
  • The NLK has in place technical/managerial measures to securely protect users’ personal information from loss, disclosure, alternation, or damage.
  • Backup files for personal data are generated on a regular basis; latest vaccine programs are installed to protect such data from loss or disclosure; and encryption technology is used for personal information to be safely transmitted on the network.
  • An intrusion prevention system is implemented to prohibit unauthorized access. The NLK is also striving to equip itself with every possible technical measure to ensure the security of the system.
Minimizing the number of those authorized to access such information and employee training
  • Access to users’ personal information is restricted to the staff in charge, who regularly changes the password to the system. Regular training is offered to the staff in order to ensure the observation of the NLK’s regulations on the handling of personal information.
Operation of a special taskforce for the protection of personal information
  • The NLK regularly monitors the implementation of its regulations on the handling of personal information and tries to address any possible problems in a timely manner. However, the NLK is not liable for any problem arising from the user’s failure to keep ID/password confidential or from Internet problems that are beyond the NLK’s control.
Designation of the staff in charge of the protection of personal information
The NLK has designated personnel who are responsible for affairs related to the processing of personal information and remedial responses to complaints from data subjects.
Oh Se-heung, Manager, Information Technology Division, NLK
  • E-mail: webmaster@mail.nl.go.kr
  • Phone: 02) 590-0719
  • Address: 201 Banpodae-ro Seocho-gu Seoul (06579)
Kang, Su-yeon, Information Technology Division, NLK
  • E-mail: suyoun3968@korea.kr
  • Phone: 02) 590-0569
  • Fax: 02) 590-0577
Remedial measures for infringement of rights
Data subjects may make a claim for remedies for rights infringement or may request consultations on related matters. If you are not satisfied with the NLK’s decision on your complaints, you may also get help from the following organizations.
Korea Internet and Security Agency 118 Center: reporting violation of privacy rights, consultations
  • Website: privacy.kisa.or.kr (hotline: 118)
  • Address: 135 Jungdae-ro Songpa-gu Seoul (05717)
Personal Information Dispute Mediation Committee: making a request for mediation of conflicts regarding personal information issues or conflicts between groups (civil remedies)
  • Website: kopico.go.kr (Phone : 02-1833-6972)
  • Address: (03171) 4F, Seoul Government Complex, 209 Sejong-daero (Sejong-ro), Jongno-gu, Seoul, Republic of Korea
Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
National Police Agency Cyber Terror Investigation: 1566-0112 (www.netan.go.kr)
The revised regulation on personal information processing
This regulation shall take effect on January 31, 2013.
See below for previous regulations
  • Regulations implemented before January 32, 2013