KLRI’s Privacy Policy

KLRI’s Privacy Policy

All personal information that the Korea Legislation Research Institute handles is collected, retained, and processed under relevant statutes or with consent of each person whose information becomes subject to this Policy. The Personal Information Protection Act provides for general norms concerning managing personal information, and the Korea Legislation Research Institute will lawfully and properly manage the information collected, retained, and processed under the provisions of such statutes, so as to properly perform public services and appropriately protect citizens’ rights and interests.

Futhermore, we, at the Korea Legislation Research Institute, respect your rights, including the right to request us to permit you to inspect your personal information retained by us and the right to request us to correct such information. You also have a right to file a petition for an administrative hearing to seek remedies for a violation of any of such rights under the Administrative Appeals Act.

KLRI’s Policy for Handling Personal Information

1. Purposes of Handling Personal Information

Most services provided by the Korea Legislation Research Institute through its web-site, are accessible by any user at any time without user registration. However, we, at the Korea Legislation Research Institute, collect and use users’ personal information in order to provide more advanced, higher quality services, including service for downloading publications and a mailing service. Furthermore, only users who have registered with us as members are allowed to post their messages and comments on our message boards so as to curb reckless and defamatory or libelous expressions and strengthen the effects of opinions collected from you.

Your personal information processed by us are not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.

1.1. Personal Information Automatically Collected and Stored

When you access the web-site of the Korea Legislation Research Institute, the following information is automatically collected and stored:

Users' Internet domain names and URLs of web-sites from which they navigated to access our web-site

Browsers and operating systems (OS) used by users

Date and time of visit, etc.

In order to provide higher-quality services to users, cookies are used as means of storing and retrieving user information from time to time. A cookie is a small piece of data sent from a server operated and used for the operation of a web-site (HTTP) to the web browser in a user’s personal computer. The information automatically collected and stored, as explained above, is used for statistical analysis to improve and supplement web pages and to faciliate communications between users and the web-site so as to provide better services to users. However, please note and understand that relevant statutes require us to provide such information to a relevant authority in certain cases.

1.2. Personal Information Collected when Additional Services are Used

A user’s personal information collected when the user attempts to download a publication forwarded by the Korea Legislation Research Institute, use the regular mailing service, or post a message or comment on a message board, is limited to the minimum extent necessary.

Subscription

Personal Information Collected when Additional Services are Used Table
Consent to Use Purpose of Handling Major Items Period of Retaining
Consent of a user whose information becomes subject to this Policy To send newsletters and compile statistical data about areas for which research reports are used Required items, including use of additional services : ID, Name, Password, E-mail, Whether to receive newsletters
Optional items : None (no resident or alien registration numbers are collected)
Two years (until a user withdraws subscription)
2. Period during which Personal Information is Handled and Retained

(a) The Korea Legislation Research Institute handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information
or the period to which each user consents when we collect the user’s personal information.

(b) The period during which a user’s personal information is handled and retained is as follows:
Subscription to the website: Two years (until a user withdraws subscription to the website).

3. Matters concerning Provision of Personal Information to Third Parties

The Korea Legislation Research Institute does not provide personal information collected and retained thereby, to any third party without the relevant user’s consent, except in the following cases:

(a) Where a user specifically consents to provision of his/her personal information;

(b) Where other statute provides expressly;

(c) Where a user or his/her legal representative is incapable of communicating his/her intention or it is impossible to obtain consent from a user or his/her legal representative
because his/her whereabouts are unknown but it is considered clearly necessary to urgently provide his/her personal information to a third party for the safety, health,
or economic interests of the user or of a third party;

(d) Where personal information is provided in a form that makes it impossible to identify a specific person, as necessary for compiling statistics or scientific research;

(e) Where it is impracticable to perform relevant duties prescribed in other Acts unless personal information is provided for any purpose other than its original purpose or is provided
to a third party and where such case is deliberated on and determined by the Personal Information Protection Commission;

(f) Where it is necessary to provide such information to a foreign government or an international organization to implement treaties or other international agreements;

(g) Where it is necessary to investigate a crime and to file and sustain a prosecution;

(h) Where it is necessary for a court to proceed with a trial;

(i) Where it is necessary to enforce a sentence, custody, or protective order imposed.

When we provide your personal information to a third party, we will inform you of the following facts to obtain consent from you:

The name of the recipient of personal information (or the name of the corporation or organization, if the recipient is a corporation or organization) and the contact information of the recipient;

The recipient’s purposes of using personal information and the items of personal information to be provided;

The duration during which the personal information will be retained and used by the recipient;

The fact that the user has a right to refuse to consent and details of any disadvantages.

4. Matters concerning Outsourced Processing of Personal Information

The Korea Legislation Research Institute outsources the processing of a user’s personal information to maintain its website as follows:

Matters concerning Outsourced Processing of Personal Information
Company Outsourced Outsourced Matters Outsourcing Period
I&T System Co.,Ltd Project to Upgrade the Website and the English Translation of the Statutes of the Republic of Korea Web Service Dec. 16, 2016 - Apr. 29, 2018 (Free Maintenance & Repair Period)
5. Rights and Obligations of Users, Exercise of Rights, and Performance of Obligations

A user, as a person whose information becomes subject to the Policy, may exercise the following rights:

(1) A user (if the user is under the age of 14, referring to his/her legal representative) may exercise the following rights in relation to protecting personal information:

(a) The right to request permission to inspect his/her personal information;

(b) The right to request correction of his/her personal information if there is any error, etc.;

(c) The right to request the deletion of his/her personal information;

(d) The right to request KLRI to suspend handling his/her personal information.

(2) A user may exercise his/her rights prescribed in paragraph (1) by completing the form specified in attached Form 8 and submitting it to the Korea Legislation Research Institute
by post, email or fax KLRI will take necessary measures promptly.

(3) Where a user requests the correction or deletion of any error, etc., in his/her personal information, the relevant information shall not be provided to any third party pursuant to
this Policy, until the relevant information is corrected or deleted.

(4) A user may exercise his/her rights through an agent such as his/her legal representative or a person with a mandate. In such cases, the user shall submit a power of attorney as
specified in attached Form 11 of the Enforcement Rule of the Personal Information Protection Act.

(5) Where a user requests permission to inspect his/her personal information or requests KLRI to suspend handling personal information, his/her rights may be limited in the following
cases under Article 35 (4) or 37 (2) of the Personal Information Protection Act:

1. Where any Act prohibits or restricts such inspection;

2. Where such inspection is likely to harm another person’s health or safety or is likely to unreasonably encroach on another person’s property or interests;

3. Where such inspection substantially interferes with a public institution performing any of the following business affairs:

(a) Affairs concerning assessing, collecting, or refunding taxes;

(b) Affairs concerning assessing academic achievements or selecting new enrollees; and affairs concerning testing academic skills, aptitudes, and skills for employment,
and examination of qualifications at every level of education under the Elementary and Secondary Education Act and the Higher Education Act, lifelong education facilities under
the Lifelong Education Act, and higher education facilities under other Acts;

(c) Affairs concerning evaluation or determining in the process for calculating, etc., damages or grants;

(d) Affairs concerning audits and investigations in progress under any other Act.

(6) No user may request KLRI to delete his/her personal information where such personal information is clearly specified as information subject to collection under any statute.

(7) Upon receipt of a request to inspect, correct, or delete personal information or a request to suspend handling personal information, the Korea Legislation Research Institute will
verify whether the requesting person is the actual user or his/her legitimate representative.

* A request to [inspect, correct/delete, suspend handling] personal information [attached Form 8 of the Enforcement Rule of the Personal Information Protection Act]

* Power of Attorney [attached Form 11 of the Enforcement Rule of the Personal Information Protection Act]

6. Items of Personal Information to be Handled

The Korea Legislation Research Institute collects and retains personal information only in compliance with the provisions of relevant statutes or with consent from users whose information becomes subject to this Policy. The main personal information collected and retained by the Korea Legislation Research Institute, are as follows:

Subscription

Items of Personal Information to be Handled Table
Consent to Use Purpose of Handling Main Items Retention Period
Consent of a user whose information becomes subject to this Policy To send newsletters and compile statistical data about areas for which research reports are used Required items, including use of additional services : ID, Name, Password, E-mail, Whether to receive newsletters
Optional items : None (no resident or alien registration numbers are collected)
Two years (until a user withdraws subscription)
7. Destruction of Personal Information

In principle, the Korea Legislation Research Institute destroys a user’s personal information after the period during which the personal information is retained ends or the purposes of handling the personal information have been attained, except where it is required to preserve the personal information under an Act. The procedure, deadlines, and methods for destroying it are as follows:

(a) Procedure for destruction: The information that a user has entered is destroyed in accordance with internal policies and relevant statutes after the period during which the
information is retained ends or the purposes of handling the information have been attained;

(b) Methods for destruction: Personal information recorded and stored in electronic files will be destroyed by means of Low Level Formatting or other similar methods,
so as to prevent restoration of records, while personal information recorded and preserved in paper documents will be shredded by a shredder.

8. Measures for Ensuring Safety of Personal Information

The Korea Legislation Research Institute has taken the following technical and physical measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:

(a) Formulating and implementing internal management plans: The Korea Legislation Research Institute has formulated and implemented internal management plans in accordance
with the guidelines for measures for ensuring the safety of personal information;

(b) Minimizing and educating personnel authorized to handle personal information: The number of personnel authorized to handle personal information has been minimized and
regular educational programs have been implemented for such personnel;

(c) Restrictions on access to personal information: Access to personal information is controlled by granting, amending, or cancelling the authority to access the database system
that processes personal information, and unauthorized external access is controlled by operating firewalls for blocking and preventing invasion and intrusion, while personnel
authorized to handle personal information are precluded from accessing the personal information processing system externally via information and communications networks.
Furthermore, details about granting, amending, or cancelling authority are recorded, and such records are preserved for at least three years;

(d) Preserving access records and preventing forgery and alteration of access records: Log data about access to the personal information processing system (including web logs and
summary information) are retained and managed for at least six months, and access records are maintained properly to prevent forgery, alteration, theft, and loss;

(e) Encryption of personal information: Passwords and identification numbers, among each user’s personal information, are encoded for storage and management. Furthermore,
additional means, such as encrypting essential data for storage and transmission, are used for security.

(f) Technical measures against hacking: The Korea Legislation Research Institute has installed security programs and updates and inspects the programs to protect personal
information from being leaked externally or destroyed by hacking or computer viruses and has installed its systems in an area with restricted access to technically and physically
monitor and block external access.

(g) Restricting access by unauthorized persons: The space for the physical storage of the personal information system that keeps personal information, is separated from other
areas, and a procedure for controlling access to the space, has been established and is implemented.

9. Linked Web-Sites and Web-pages

When you visit any other web-site or web-page by clicking a link or banner on our web-site, please check the policies of the web-sites that you visit, since the privacy policy of the new web-site is that posted by the agency that operates the web-site.

10. Acquisition of Third Party’s Personal Information while Using Web-Site

No one shall acquire any personally identifiable information, including any e-mail address, from the web-site operated by the Korea Legislation Research Institute. Any person who inspects or obtains such personal information by fraud or other misconduct, is punishable under the provisions of Article 59 of the Personal Information Protection Act.

11. Managers and Officers in Charge of Managing Personal Information

In order to ensure the legality of personal information and the appropriateness of procedures to protect citizens’ rights and interests, and to properly perform public services, the Korea Legislation Research Institute appoints one of its personnel as the officer in charge of protecting personal information as follows: For any question or inquiry about personal information retained by the Korea Legislation Research Institute and the policy on the protection of personal information, please do not hesitate to contact us by any of the following means:

(a) Information Protection Officer

Office : Administration Office of the Korea Legislation Research Institute

Name and position : Sohn Young-houn, Head Administrator

Tel. : 044-861-0331, Fax: 044-868-9913

E-mail : Send e-mail (yhson@klri.re.kr)

Address : 15 Gukchaegyeonguwon-ro (Bangok-dong), Sejong-si, 30147, Republic of Korea

If you have any questions regarding personal information held by KLRI and its privacy policy, etc., please contact us as follows:

(b) Person in Charge of Protecting Personal Information

Office : Information and Budget Office, Research Planning Department of the Korea Legislation Research Institute

Name and position : Kim Hyun-kyoung, Senior Administrator

Tel. : 044-861-0313, Fax: 044-868-9913

E-mail : Send e-mail (webmaster@klri.re.kr)

Address : 15 Gukchaegyeonguwon-ro, Sejong-si (Bangok-dong), Sejong-si , 30147, Republic of Korea

12. Requests to Inspect Personal Information

A user may request KLRI to permit him/her to inspect his/her personal information under Article 35 of the Personal Information Protection Act. The Korea Legislation Research Institute will strive to ensure that such request will be processed without delay.

Office : Information and Budget Office, Research Planning Department of the Korea Legislation Research Institute

Name and position : Kim Hyun-kyoung, Senior Administrator

Tel. : 044-861-0313, Fax: 044-868-9913

E-mail : Send e-mail (webmaster@klri.re.kr)

Address : 15 Gukchaegyeonguwon-ro (Bangok-dong), Sejong-si, 30147, Republic of Korea

13. Amending Privacy Policy

This Privacy Policy currently in force was wholly amended on March 29, 2013, and further amended on May 2, 2017, and took effect on May 2, 2017.

The former Privacy Policy can be found as follows:

Date Privacy Policy wholly amended: March 29, 2013

Date Privacy Policy amended: February 04, 2014

Date Privacy Policy amended: March 20, 2014

Date Privacy Policy amended: April 29, 2015

Date Privacy Policy amended: December 29, 2015

Date Privacy Policy amended: December 29, 2016

14. Withdrawing Consent to Collect, Use, and Provide Personal Information

You may withdraw your consent to KLRI collecting, using, and providing your personal information, at any time. If you click on [Sign in/Log in>Member Services>Sign out] or contact the Personal Information Officer in writing, by phone or e-mail, to withdraw your consent, the Officer will take necessary measures to delete your personal information immediately. We, at the Korea Legislation Research Institute, will guide and supervise our personnel to ensure that personal information collected under the provisions of relevant statutes, will be used appropriately for the purposes of collection and processing.

15. Remedies for Violation of Rights and Interests

A user whose personal information becomes subject to this Policy, may file a petition for settlement of, or give notice of, a dispute with the Personal Information Dispute Mediation Committee, the Korea Internet Security Agency, or a breach of privacy reporting center to seek remedies for the breach of privacy. In addition, you may contact any of the following agencies to report or receive counselling on the breach of privacy:

(a) The Personal Information Dispute Mediation Committee (Korea Internet and Security Agency): 118 (without dialling an area code)

(b) Personal Information Infringement Report Center (Korea Internet and Security Agency): 118 (without dialing an area code)

(c) The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office: 02-3480-3573 (http://www.spo.go.kr)

(d) The Cyber Terrorism Response Center of the National Police Agency: 1566-0112 (http://www.netan.go.kr)

Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36, or 37 of the Personal Information Dispute Mediation Committee, may file a petition for an administrative hearing in accordance with the provisions of the Administrative Appeals Act.

※ Please refer to the information on telephone numbers offered by the Central Administrative Appeals Commission (http://www.simpan.go.kr)