Seoul National University Research Institute of Nursing Science (hereinafter referred to as the Research Institute) has the following processing policy in accordance with the Personal Information Protection Act to protect users' personal information and rights and to smoothly handle users' complaints related to personal information. If the personal information processing policy is revised, a notice will be posted on the website.
1. Purpose of processing personal information
The research institute processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes, and if the purpose of use changes, prior consent will be sought.
a. Service provided
Personal information is processed for the purpose of providing services such as introduction and announcement of the research institute, content provision, and information related to participation in academic conferences.
b. Membership registration and management
Personal information is processed for the purpose of handling complaints such as identification, personal identification, confirmation of intention to join, prevention of illegal use and unauthorized use of delinquent members, age verification, record preservation for dispute settlement, and complaint handling according to the use of membership services.
2. Articles and methods of collecting personal information
The items and methods of collecting personal information collected for the provision of various services such as membership registration and complaint processing are as follows on the research institute's website.
a. Personal information file title: homepage management, research institute member management
b. Collecting personal information items
- Name (Korean, English)
- Affiliation / workplace
- Nurse's license
- Nurse license number
- Mobile phone number
- Address
- Email (E-mail)
- Password
c. Collection method
- The member himself/herself enters the personal information input field in the membership section of the website.
3. Period of Retention and Use of Personal Information
Personal information collected in accordance with Article 2 (Articles and Methods of Collection of Personal Information) will be retained and used for the period specified below, and will be immediately destroyed in the event of a request for membership withdrawal or withdrawal of consent to the collection and use of personal information. However, if there is a need to preserve the user's personal information by law, the provisions of the relevant law will be followed.
- Basis for retention: Membership management
- Retention period: Semi-permanent
4. Provision of Personal Information to a Third Party
In principle, the Institute's website processes users' personal information within the scope specified in Article 1 (Purpose of Personal Information Processing), and does not process it beyond the original scope or provide it to a third party without the user's prior consent. However, personal information may be processed in the following cases:
- When the user consents to provision and disclosure to a third party in advance
- When provision is required by law, etc.
- Personal information is required for the performance of a contract regarding the provision of services, and it is significantly difficult to obtain normal consent due to economic/technical reasons.
- When processed and used in a state that cannot be used to identify an individual
5. Consignment of personal information processing
For effective service, the research institute website entrusts the processing of personal information as follows with the consent of the user, and the trustee will process personal information to the minimum extent necessary to perform the entrusted work.
|
Subject to consignment |
Details of consignment work |
Consignment period |
|---|---|---|
|
Zenda soft Co., Ltd. |
Homepage maintenance, etc. |
At the time of achieving the purpose of processing or completing the consignment contract |
6. Rights and obligations of information subjects and methods of exercising them
As a subject of personal information, users can exercise the following rights.
a. Request to view personal information
- You may request to view personal information files held on the institute's website in accordance with Article 35 (view of personal information) of the Personal Information Protection Act. However, when requesting to view personal information, that access may be restricted pursuant to Article 35, Paragraph 5 of the Act.
- When viewing is prohibited or restricted by law
- When there is a risk of harming another person's life or body or unfairly infringing on another person's property or other interests.
- When public institutions cannot perform their duties prescribed by other laws if they do not process personal information.
- In cases where it is difficult to fulfill the contract, such as not being able to provide the service agreed upon with the information subject if personal information is not processed, and the information subject does not clearly indicate his/her intention to terminate the contract
7. Destruction of personal information
In principle, the research institute's website destroys the personal information without delay when the purpose of processing personal information has been achieved. The procedures, deadlines and methods for destruction are as follows.
a. Destruction procedure
The information entered by the user is transferred to a separate database(separate documents in the case of paper) after the purpose is achieved and stored for a certain period of time or immediately destroyed in accordance with internal policies and other relevant laws. At this time, personal information transferred to the DB will not be used for any other purpose unless required by law.
b. Destruction deadline
If the personal information retention period has elapsed, the user's personal information will be retained within 5 days from the end of the retention period, and if the personal information becomes unnecessary due to the achievement of the purpose of processing the personal information, abolition of the relevant service, or termination of business, etc. Personal information will be destroyed within 5 days from the date the processing is deemed unnecessary.
c. Method of destruction
Information in the form of electronic files uses technical methods that do not allow the records to be reproduced.
Personal information printed on paper is destroyed by shredding or incineration.
8. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the research institute website takes the following technical/administrative and physical measures to ensure safety.
a. Minimization and training of employees handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and limiting it to the person in charge.
b. Conduct regular self-audits
To ensure stability in the handling of personal information, we conduct self-audits on a regular basis (half a year).
c. Establishment and implementation of internal management plan
We are establishing and implementing an internal management plan to ensure safe processing of personal information.
d. Encryption of personal information
Among the user's personal information, passwords and resident registration numbers are encrypted, stored and managed, so only the user can know them, and important data uses separate security functions such as encrypting files and transmission data or using the file lock function are used.
e. Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the research institute installs security programs, periodically updates and inspects them, and installs systems in areas where access from the outside is controlled, and monitors and blocks them technically and physically.
f. Restrictions on access to personal information
Necessary measures are taken to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and unauthorized access from outside is controlled using an intrusion prevention system.
g. Access control for unauthorized persons
We have a separate physical storage location where personal information is stored and have established and operated access control procedures for it.
9. Personal Information Protection Manager
In order to protect personal information and handle complaints related to personal information, the research institute designates a personal information protection general manager and officer in charge as follows.
|
General Manager of Personal Information Protection on the Research Institute of Nursing Science |
Personal Information Protection Officer on the Research Institute of Nursing Science |
|---|---|
|
- Department in charge: Research Institute of Nursing Science - Name: Bo-young Hwang - Phone number: 02-740-8822 |
- Department in charge: Research Institute of Nursing Science - Name: Min-kyung Kim - Phone number: 02-740-8839 |
10. Changes to personal information processing policy
This personal information processing policy will take effect from the the date of enforcement, and if there are additions, deletions, or corrections of changes in accordance with laws and policies, they will be notified through notices 7 days prior to the implementation of the changes.
11. Methods for relief from rights infringement
Personal information subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. in order to receive relief from personal information infringement.
For other personal information infringement reports and consultations, please contact the organizations below.
a. Personal Dispute Mediation Committee: (without area code) 118
b. Information Protection Mark Certification Committee: 02-580-0533~4 (http://eprivacy.or.kr)
c. Supreme Prosecutors' Office Cyber Crime Investigation Team: 02-3480-3573 (http://www.spo.go.kr)
d. National Police Agency Cyber Terror Response Center: 02-1566-0112 (https://ecrm.police.go.kr)
