Article 1 (Purpose of processing personal information)
KIS collects and processes personal information for the purpose stated below.
1. Provide academic services
2. Member authentication of academic records management system or admission system users
3. Prevention of unauthorized server access and fraudulent server use
4. Management of academic records, attendance records, and to assist university admission applications, etc.
5. Personal information is used as it is required by Primary and Secondary Education Act and other regulations
Article 2 (Collect and Retain Personal Information)
All personal information that KIS handles is collected and processed under relevant statutes or with consent of each user. KIS destroys a user’s personal information after the retention period. In accordance to the Personal Information Protection Act, KIS process as outlined below.
|Retained by||File name||Purpose||Basis of Retention||Details of collected information||Retention Period|
|Admission Office||Applicant information||Admission review||Consent by information holder (user)||Applicant ID number, photo, personal details (name, gender, nationality, resident registration number/alien registration number, address, parent name, occupation of parent, contact number of parent, birth date of parent, nationality of parent, special note, passport copy including number, family details), student records||5 years after admission review|
|Registrar||Student Record, Current student information, Graduates information, Transferred students information||Management of student records Certificate issuance Processing of admission/withdrawal/transfer||Article 25, Elementary & Secondary Education Act Article 3, Regulations on creation & management of student records||Student ID number, personal details (name, gender, nationality, resident registration number/alien registration number, address, parent name, occupation of parent, contact number of parent, birth date of parent, nationality of parent, special note, passport number, family details), photo, student record||Permanent|
|General Affairs||Business Staff Personal Information||Management of business staff personal information Recruitment examine||Consent by information holder (user)||Staff ID number, name, resident registration number/alien registration number, address, affiliation, contact number, email address, degree of education, work experience, military service, license, qualifications||5 years after termination|
|Faculty Support||Faculty Staff Personal Information||Management of faculty staff personal information||Consent by information holder (user)||Staff ID number, name, resident registration number/alien registration number, address, affiliation, contact number, email address, degree of education, work experience, personal information||5 years after termination|
|IT Office||Student/Parent portal member information||Access to student information, academic records, and attendance records by student, parents and staff||Article 23-3, Framework Act on Education||Student ID number, password, member type (student/parent), name, gender, nationality, address, parent name, occupation of parent, contact number of parent, birth of parent, nationality of parent, special note, family details, student records, etc.||After member withdrawal|
|IT Office||Mail user information||Management of web mail user||Consent by information holder (user)||Name, email address||After account termination|
|Nurse Office||Student Health records||Management of student health records||Article 9 ,Regulations on student medical test, Article 14, Guidelines on electronic process & management||Personal details (name, date of birth, gender, name of parent/guardian, address, emergency contacts), student health information (blood type, previous medical history, current medical issues, medications in use)of student health records||5 years after graduation/withdrawal|
|Textbook Library / Text book||Library user information||Management of book loan/return||Article 38, Library Act, Consent by information holder (user), Article 14, School library promotion act||Barcode number, student name, class, student ID number, contact number, list of book loans, photo, address, email address||6 months after graduation/withdrawal|
|Athletics department||Overseas trip Sign-up||Extracurricular activities & school promotion||Consent by information holder (user)||Student ID number, photo, name, date of birth, gender, emergency contacts, student health information (blood type, previous medical history, current medical issues, medication use)||6 months after graduation/withdrawal|
|Security||Parent Vehicle entry clearance list||Control of vehicle entry||Consent by information holder (user)||Student Id number, grade, student name, contact number of student, parent name, contact number of parent, student’s address, car license plate number||6 months after graduation / withdrawal|
|Operation Support Team||School bus registration form, School bus rider list||Management of school bus riders||Consent by information holder (user)||Student name, Student ID number, grade, parent name, contact number of parent, student’s address||
Article 3. (Provide Personal Information to a Third Party)
① The purpose of supply and details of information are as follows:
|Third party||Schools where a student has transferred, applying colleges, military service||Schools where a student has transferred, emergency medical facility (ER)||Hyundai Greenfood||Travel agencies|
|Purpose||support student’s transfer/admission and compliance to regulations||: student health management and medical assistance in emergency||collection of unpaid meal||Reservation for transportation/hotel/travel insurance|
|Legal grounds||Article 25, Elementary & Secondary Education Act, Article 35, Higher Education Act Decree, Military Service Act Article 11-2||Business office/Admission||Consent by information holder (user)||Consent by information holder (user)|
|Name of personal information||student records||student health records||contact number||Information for booking boarding pass/visa/hotel reservation|
|Details of personal information||Details of personal information||name of student, gender, resident registration number, blood type||name of student, contact number for parents||name of student, nationality, gender, passport number, resident registration number / ARC number, name of parents, contact number of parents, copy of passport, photo|
② KIS handles and retains personal information only for the purposes specified in Article 1. Also, KIS does not provide personal information collected and retained thereby, to any third party without user’s consent, except in the following cases:
- Where a user specifically consents to provision of his/her personal information
- Where other statute provides expressly
- Where it is considered necessary for the interests of the users
- Where a user or his/her legal representative is impossible to obtain consent from a user or his/her legal representative because his/her whereabouts are unknown or he/she is unconscious.
5. Where personal information is provided in a form that makes it impossible to identify a specific person, as necessary for compiling statistics or scientific research
③ When KIS provide your personal information to a third party, KIS will inform you of the following facts to obtain consent from you:
- The name and contact information of the recipient of personal information (or the name of the corporation or organization, if the recipient is a corporation or organization)
- The recipient’s purposes of using personal information and the items of personal information to be provided
- The duration during which the personal information will be retained and used by the recipient
- The fact that the user has a right to refuse to consent and details of any disadvantages
Article 4.( Matters concerning Outsourced Processing of Personal Information)
① KIS outsources the processing of a user’s personal information for the following purposes below:
|Organization||Details of outsourcing||Period|
|YBM Net||Online admission system||Until the contract expiration of online admission site (all personal information outsourced will be destroyed upon completion of contract period.)|
|Follett||Destiny Library system||Until the contract expiration of library management system (all personal information outsourced will be destroyed upon completion of contract period.)|
|Powerschool||Academic records system||Until the contract expiration of academic records system (all personal information outsourced will be destroyed upon completion of contract period.)|
|Maialearning||Post-secondary admission application system||Until the contract expiration of post-secondary admission application system (all personal information outsourced will be destroyed upon completion of contract period.)|
② When KIS contracts outsourced process of personal information, KIS stipulates compliance with laws and regulations related to personal information protection, prohibition of third party provision of personal information, and burden of liability .
Article 5. (Right and Responsibility of Information Entity and Exercise Method)
① As a user, one can exercise following rights:
- Request to browse, modify the personal information
- Request to rectify and suspend the incorrect information
- Request to delete
② If any user requested to rectify or delete his/her personal information by request form, we will complete the request and send the notification within 10 days.
|File name||Browsing Location||Phone Number|
|Student information, Graduates information||Business office/Admission||031-789-0554/031-748-0509|
|Applicant information||Admission Office||031-789-0505/031-255-0505|
|Employee information||Business office/General Affairs||031-789-0514/031-748-0509|
|Faculty information||Business office/Faculty Support||031-789-0520/031-748-0509|
|Students/Parent Portal||ES/MS/HS Secretary, IT||031-789-0509/031-748-0509|
|Mail User information||IT||031-789-0533/031-748-0509|
|Student Health records||Nurse Office||031-789-0549/031-724-5733|
|ES, MS/HS Library User information||ES, MS/HS Library||ES : 031-789-0540
MS/HS : 031-789-0539
|School bus rider list||Management/Operation Support Team||031-789-0552/031-748-0509|
Article 6. (Destruction of personal information)
Personal information is destroyed when the purpose has been fulfilled. The procedure of the destruction of personal information, deadline and method is as below.
- Procedure: Personal information is moved to a separate database once the purpose has been fulfilled. In accordance with school policy and other related laws, the information is saved for a certain period of time and destroyed later. All information moved to the database is used for other purposes unless enforced by the law.
- Deadline: Personal information will be destroyed within 5 days after the personal information is not requires due to fulfillment of the purpose, deadline of the possession and etc.
- Method: Personal information as electronic files will be destroyed to be irreproducible and the paper type files with personal information will be shredded using the shredder or be incinerated.
Article 7 (Measures to secure safety)
KIS has taken the following technical and physical measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:
- Formulating and implementing internal management plans: KIS has formulated and implemented internal management plans in accordance with the guidelines for measures for ensuring the safety of personal information;
- Minimizing and educating personnel authorized to handle personal information: The number of personnel authorized to handle personal information has been minimized and regular educational programs have been implemented for such personnel;
- Restrictions on access to personal information: Access to personal information is controlled by granting, amending, or cancelling the authority to access the database system that processes personal information, and unauthorized external access is controlled by operating firewalls for blocking and preventing invasion and intrusion, while personnel authorized to handle personal information are precluded from accessing the personal information processing system externally via information and communications networks. Furthermore, details on granting, amending, or cancelling authority are recorded, and such records are preserved for at least three years;
- Encryption of personal information: Passwords and identification numbers, among each user’s personal information, are encoded for storage and management. Furthermore, additional means, such as encrypting essential data for storage and transmission, are used for security.
- Technical measures against hacking: KIS has installed security programs and updates and inspects the programs to protect personal information from being leaked externally or destroyed by hacking or computer viruses and has installed its systems in an area with restricted access to technically and physically monitor and block external access.
- Restricting access by unauthorized persons: The space for the physical storage of the personal information system that keeps personal information, is separated from other areas, and a procedure for controlling access to the space, has been established and is implemented.
Article 8. (Privacy Officer / Access Request)
The persons below have been designated by KIS as officer and manager to protect personal information and to handle any possible disputes regarding personal information.
|Role||Privacy Officer||Privacy Manager||Privacy Manager||Access request|
|Position||School Director||Principal of Technology, Innovation, & Strategic Planning||Business Administrator||Team leader of General Affairs|
|Name||Michelle Quirin||Daniel Kilback||Younghoon Kim||Minsung Kim|
|Contact Information||031-789-0507 firstname.lastname@example.org||031-789-0734 email@example.com||031-789-0510 firstname.lastname@example.org||031-789-0514 email@example.com|
VIDEO EQUIPMENT OPERATION/MANAGEMENT POLICY
Through the operation and management policy of the video information processing equipment, KIS will inform you of the purpose and management of the video information processed by the school.
Article 1 (Base and Purpose of Installation)
Video information processing equipment is installed and operated based on the following reasons. The collected personal video information is not used for purposes other than installation purposes.
- Base of Installation: Article 25 paragraph 1 of the Personal Information Protection Act
- Purpose of Installation:
A. Crime Prevention for the safety of faculty and students
B. Safety management of facilities and fire prevention
C. Prevention of accidents
Article 2 (Operation status)
The current status of the video information processing equipment operated by the school is as follows.
- Number of installations: 176
- Installation Location: Building entrances, lobbies, corridors, soccer fields, gyms, playgrounds, parking lots, etc.
- Recording time: 24 hours
- Processing method: Real-time recording by magnetic device (no sound recording function)
- Storage Location: Control Room on B2 of Elementary School Building
- Retention period: Within 30 days (this may vary depending on storage capacity)
Article 3 (Manager and access authority)
In order to protect personal video information processing equipment safely and deal with related requests, the video information processing equipment management manager and access authority are designated and operated.
- Manager: Kim Tae-young, Facility Team Leader 031-789-0561
- Access authority: Hong Seung-pyo, Facility Team 031-789-0563
Article 4 (Viewing personal video information of a user)
A user can request the school to access or confirm the existence of personal video information only when it is clearly necessary for the urgent investigation of life, body and property. In the event that the user requests in writing to view or confirm the existence of the personal video information, KIS will take action in accordance with the relevant laws. However, KIS can reject the request, such as viewing personal video information, and notify the user within 10 days of the reason for rejection.
- In case of serious impact on criminal investigations, maintenance of arraignment, and trial
- In case it is technically difficult to delete video information of a specific user only
- In case there is a high possibility that other people’s rights and interests may be infringed
- If there are other valid reasons for rejecting the request
Article 5 (Measures to secure safety)
KIS safely manages the video information through encryption measures, etc. The place where personal video information is actually viewed and played is designated as a restricted area and access is restricted to those who are authorized to access it. In addition, to prevent forgery and falsification of personal video information, KIS records and manages the date of creation of personal video information, purpose of viewing, viewing audience, and reading date.
Article 6 (Policy amendment)
The operation and management policy of the video information processing device was revised on January 15th, 2019. It will be announced on the school homepage if there is any additional, deletion or amendment of contents according to the change of laws, policies or security technology.