privacy-policy

All personal information collected, retained, and managed by Korea University Business School (hereinafter referred to as “KUBS”) is done so pursuant to, and in full compliance with personal information protection rules of relevant Acts and subordinate statutes, such as the Personal Information Protection Act.
 

 
1. KUBS has implemented the management policy detailed below to protect personal information, rights and interests and effectively resolve complaints raised in connection with personal information pursuant to the Personal Information Protection Act.
2. KUBS, in particular, has set forth the Personal Information Management Policy specifically for the online records database that manages personal information pursuant to Article 30, Paragraph (1) of the Personal Information Protection Act and Article 31, Paragraph (1) of its Enforcement Ordinance.
3. Whenever KUBS revises its Personal Information Management Policy, it shall make public the timing of implementation and the revised content via its online database (or a separate notice) to allow those who are the subject of information to reliably and conveniently verify it.

 

 
A. Purpose of Managing Personal Information, Management and Retention Period of Personal Information, and Items of Personal Information to be Managed
 
Go to Personal Information Protection General Support Portal (www.privacy.go.kr) → Personal information-related civil complaints → Requests such as the inspection of personal information, etc. → Search the list of personal information files → Enter "Korea University" in the organization name box and search
Personal Information File from KUBS: List of MBA Admission Applicants, Management of MBA Admitted Students, Management of Funds and Donors of Hyundai Motor Hall, Management of KUBS Alumni Information
 
B. Provision of Personal Information to a Third Party
 
KUBS may manage personal information to fulfill the intended purpose of collection and use in principle and not handle it beyond the intended purpose and not provide it to a third party without the prior consent of a subject of information except for any of the following cases.
1. Where the consent of a subject of information has been obtained
2. Where special provisions exist in any Act
3. Where it is deemed obviously necessary for the physical safety and property interests of a subject of information or a third party when the subject of information or his/her legal representative cannot give prior consent because he/she is unable to express his/her intention or by reason of his/her lack of current address, etc.
4. Where personal information is necessary for compiling statistics, or scientific research purposes, etc., and the personal information is provided in a form in which a specific individual cannot be identified
5. Where not using personal information for any purpose other than the intended purpose or a failure to provide a third person with such information makes it impossible to perform affairs provided for in any other Act, and this has undergone deliberation and resolution by the Personal Information Protection Committee
6. Where it is necessary to provide a foreign government or international organization with personal information in order to implement a treaty or any other international agreement
7. Where it is necessary to investigate a crime, and institute and sustain a public prosecution
8. Where it is necessary for a court to perform its judicial functions
9. Where it is necessary to execute a punishment, ensure care and custody or enforce protective disposition.

 
C. Matters Concerning Rights and Duties of a Subject of Information, and How to Exercise Them
 
A subject of any personal related information managed by KUBS may exercise the following rights and a legal guardian of a child under the age of 14 may request inspection, correction, deletion, and suspension of management of the child’s personal information.
1. Request for Inspection of Personal Information: A subject of information referred to above may request inspection of his/her personal information in the personnel information files retained by KUBS pursuant to Article 35 of the Personal Information Protection Act (Inspection of Personal Information). However, the request for the inspection of personal information may be restricted pursuant to Article 35, Paragraph (5) of the Act.
2. Request for Correction/Deletion of Personal Information: A subject of information referred to above may request deletion/correction of his/her personal information in the personal information files retained by KUBS pursuant to Article 36 of the Personal Information Protection Act (Correction or Deletion of Personal Information), provided that if other Acts and subordinate statutes stipulate that the particular personal information be collected, the request shall not be granted.
3. Request for Suspension of Management of Personal Information: A subject of information referred to above may request the suspension of management of his/her personal information in the personal information files retained by KUBS pursuant to Article 37 of the Personal Information Protection Act (Suspension, etc. from Managing Personal Information). However, the request for the suspension of management of personal information may be rejected pursuant to Article 37, Paragraph (2) of the Act.

- Where any Act expressly prohibits such suspension or it is unavoidable to handle personal information in order to fulfill obligations under relevant statutes;
- Where such suspension is likely to harm another person’s life or body or is likely to unreasonably encroach on another person’s property or other interest;
- Where KUBS as a public agency is unable to carry out administrative affairs assigned to it by any Act without handling personal information;
- Where KUBS will be unable to provide services that it has agreed with a user to provide to the user whose personal information becomes subject to this policy or will have difficulties in performing the relevant contract made with the user, unless it is permitted to handle his/her personal information, and the user has not clearly expressed his/her intention to terminate the agreement.
D. Destruction of Personal Information
 
When the purpose of personal information’s management has been achieved, KUBS, in principle, shall destroy the personal information without delay. Procedures for, timing of, and methods for destroying personal information are as follows.
1. Procedures of Destruction: After or as soon as the purpose of retaining personal information has been achieved, it shall be transferred to a separate storage unit and stored for a certain period of time and destroyed pursuant to internal policies and other Acts and subordinate statutes. The personal information transferred to the separate storing place shall not be used for other purposes except as stipulated in Acts.

2. Timing of and Methods for Destruction: When the retention of personal information becomes unnecessary upon its reaching the expiration date, either its management purpose is considered achieved or the relevant service is deemed abolished. Accordingly, the personal information shall be destroyed without delay. Information in the form of an electronic file shall be destroyed via technical methods so as to prevent its recycling. Printed or hardcopy versions of personal information shall be shredded or incinerated.
 
E. Measures to Secure Safety of Personal Information
 
1. Minimization of the Number of Staff Managing Personal Information and Staff Training: KUBS designates and manages just the necessary number of staff who manages personal information and trains such staffers on safe management practices of personal information.
2. Access Restriction of Personal Information: KUBS takes necessary measures to control access to personal information by granting, revising, and eliminating access rights to the database system that manages personal information and also controls unauthorized access from external parties through the use of firewall systems.
3. Storage of Access Records: Access records to the Personal Information Management System shall be stored and managed for a minimum of 6 months.
4. Installation and Regular Inspection/Update of Security Programs: Security programs are installed and updated/inspected on a regular basis to prevent unauthorized outflow or alteration of personal information from hacking or computer viruses.
5. Access Control against Unauthorized Persons: KUBS operates the Personal Information System, which stores personal information at a physically separate storing place and establishes and runs access control procedures.
6. Encryption of Personal Information: Personal information is safely stored and managed via methods such as encryption. Additional security functions are also employed, such as, for example, encrypting important data during storage and transfer.

 
F. Resolution for Infringement on Rights and Interests
1. A person whose personal information-related rights or interests have been infringed upon may report the infringement to the Center for Reporting Personal Information Infringement Cases
The Center for Reporting Personal Information Infringement Cases:(without a telephone exchange number) 118 (extension number 2)
2. A person whose personal information-related rights or interests have been infringed upon by measures taken by the head of a public institution against a request by a subject of information for the inspection, correction/deletion, and the suspension of management of personal information may make an administrative appeal pursuant to the Administrative Appeals Act.

Refer to the information provided by the Central Administrative Appeals Commission (www.simpan.go.kr)
 
G. Rejection of Unauthorized Collection of Email Address
 
It is strictly forbidden to collect the email address from this website by using email address extraction programs or any other technical devices. Those who violate this will receive a criminal punishment in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection.
 
- Act on Promotion of Information and Communication Network Utilization and information Protection, etc.
 
Article 50-2 (Prohibition on Unauthorized Collection of Electronic Mail Addresses)
(1) No one may collect electronic mail addresses from an internet homepage without prior consent of the operator or manager of the internet homepage automatically by a program for collecting electronic mail addresses or any other technical device.
(2) No one may sell or distribute electronic mail addresses collected in violation of paragraph (1).
(3) No one may knowingly use an electronic mail address, the collection, sale, and distribution of which are prohibited pursuant to paragraphs (1) and (2), in transmitting information.
 
Article 70 (Penal Provisions)
A person falling under the following subparagraphs shall be punished by a fine for negligence not exceeding 10 million won
 
H. Personal Information Protection Managers
 
1. Personal Information Chief: Dean of KUBS
2. Personal Information Manager: Information Systems Office Manager Kyung Sik Kang

3. For questions, please contact: 02-3290-1629, kskang9@korea.ac.kr