PAMC Privacy Policy (v.1.0)
All personal information handled by the Korea Polar Research Institute (hereinafter referred to as 'KOPRI') is collected, retained and processed with the relevant laws and regulations, and KOPRI will endeavor to properly conduct the duties of KOPRI and protect the rights and interests of users. If the rights and interests of the information are infringed, the user can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center, etc. Also, according to the provisions of the Administrative Appeal Law, the user can apply administrative appeal. Following to the Personal Information Protection Act, KOPRI has the privacy policy to protect users' rights and interests and handle users' complaints related to personal information. If this Privacy Policy is revised, it will be notified through PAMC (Polar and Alpine Microbial Collection) and related sites.
Article 1. The
Purposes of Collection and Use of Personal Information 
KOPRI processes personal information for the following purposes. The personal information will not be used for any purpose except the intended purpose. If the purpose of use is changed, necessary measures will be taken in accordance with Article 18 of the Personal Information Protection Act.
① Service and System operation: Personal information can be handled for the purposes of providing integrated services from PAMC and Related Platform such as for offering content, collecting user opinions, processing statistical information, conducting user authentication, delivering announcements, and handling inquiries and complaints regarding personal information.
- Range of PAMC integrated Services
PAMC (Polar and Alpine Microbial Collection)
② Complaint : Personal information is processed to deal with complaints related to personal information, such as viewing personal information, correcting/deleting personal information, requesting suspension of personal information process, and reporting personal information leakage.
Article 2. Personal
Information Processing and Retention Period 
① KOPRI processes personal information only within the period of personal information retention and use based on laws and regulations, or within the period of personal information retention and use agreed by PAMC integrated members.
② PAMC integrated service’s processing and retention period for personal information is until the user withdraws from membership, and reconsent for personal information processing is renewed and obtained every two years. Members who do not reconsent and members who have not logged in within 1 year will be converted to dormant accounts.※ If the account is converted to a dormant account, you cannot use the service until it is activated again. The personnel information of accounts that have been converted to dormant accounts is stored separately from the personal information of other members, and the information is destroyed after 1 year.※ Personal information collected through events, surveys, etc. shall be destroyed without delay when its purpose is fulfilled.
③ The retention period of personal information is stipulated in laws such as the Consumer Protection Act in Electronic Commerce Transactions, Electronic Financial Transactions Act, and Communications Secret Protection Act as follows. PAMC integrated service keeps personal information in accordance with the provisions of laws and regulations during this period, and never uses this information for any other purpose.
- Act on Consumer Protection in E-Commerce, Etc.
Records on consumer complaints or dispute resolution: 3 years
- Electronic Financial Transactions Act
Records related to electronic finance: 5 years
Communication Secret Protection Act
Login history: 3 months
Article 3.
Disclosure of Personal Information to Third Parties 
① KOPRI processes minimum amount of personal information for the specified purposes. Personal information will not be used for other purposes without agreement with the user. In the case of Personal Information Protection Law article 18 no.2, KOPRI can use it for the other purposes.
② Despite Paragraph 1, personal information shall not used for any purpose other than the intended purposes or provided to third parties if it could violate the interests of the individuals who have provided the information or the third parties.
③ KOPRI can cease to provide personal information and prohibit the use of personal information when it finds out that third parties are providing such information to other third parties without KOPRI’s content as follows:
1. KOPRI confirms that a third party has redistributed personal information provided to them to another party.
2. KOPRI warns the third party’s privacy officer.
3. KOPRI re-confirms that the third party has redistributed personal information provided to them to another party.
4. KOPRI, after acquiring an internal approval, officially notifies the third party to stop re-distributing persona information provided to them and that KOPRI will cease to provide them personal information.
④ The Personal Information Protection Act and its enforcement decree shall apply to matters related to providing personal information to third parties.
Article 4.
Entrusting the Processing of Personal Information 
① In order to improve user services, KOPRI entrusts the processing of personal information as follows and signs the entrust agreements including elements of the Personal Information Protection Act.
② KOPRI trains the party entrusted with personal information to prevent loss, theft, leakage, falsification and destruction of personal information and, supervises whether or not the party adheres to relevant laws and the entrustment agreement signed with KOPRI.
③ KOPRI can cease to provide personal information and prohibit the use of personal information when it finds out that third parties are providing such information to other third parties without KOPRI’s consent as follows:
1 .KOPRI confirms that a third party has redistributed personal information provided to them to another party.
2. KOPRI warns the third party’s privacy officer.
3. KOPRI re-confirms that the third party has redistributed personal information provided to them to another party.
4. KOPRI, after acquiring an internal approval, officially notifies the third party to stop re-distributing persona information provided to them and that KOPRI will cease to provide them personal information.
④ The Personal Information Protection Act and its enforcement decree shall apply to matters related to providing personal information to third parties.
Article 5. Rights of
information holder and legal representatives 
Users can exercise the following rights as information holder.
① Request to view personal information: The information holder can request access to personal information held by the research institute in accordance with Article 35 of the Personal Information Protection Act. However, it can be restricted in cases falling under Article 35 Paragraph 4 of the same Act.
② Request for correction/deletion of personal information: The information holder can request correction/deletion of personal information in accordance with Article 36 of the Personal Information Protection Act for the personal information held by the research institute. However, if the personal information is specified as a collection target in other laws, it cannot be requested to be deleted.
③ Request to suspend processing of personal information: The information holder can request the researcher to suspend processing of personal information in accordance with Article 37 of the Personal Information Protection Act with respect to personal information held by the research institute. However, if it falls under Article 37 Paragraph 2 of the same Act, the request to suspend processing can be rejected.
④ In order to exercise the above rights, the information holder must submit the request in the form in [Appendix 1] to KOPRI by e-mail, fax, etc.
⑤ The information holder can exercise its rights through an agent (legal representative or person who has been delegated). In this case, you must submit a power of attorney according to the [Appendix 2] form.
⑥ When there is a request to view, correct, delete, or stop processing of personal information, KOPRI confirms that he or she is the information subject in each of the following ways.
1. Written Request
A. Information Holder : Identification Certificate(certified by an administrative agency, such as a driver's license, that cannot be easily altered or stolen)
B. Agent of Information Holder : Warrant, Certification to identify delegator and agent such as their driver’s license
2. Online Request : Electronic authentication method
⑦ KOPRI will notify the relevant measures within 10 days from the date of receipt of the request under Paragraph 4.
⑧The department and person in charge of receiving/processing requests for personal information viewing, correction/deletion, and suspension of processing are as follows.
|
Department |
|
|
Person in charge of Personal Information |
Goheung Kim Tel.032-760-5483 |
|
Address |
26 Songdomirae-ro, Yeonsu-gu, Incheon, 21990 Republic of Korea |
Article 6. Items of
Processing Personal Information 
KOPRI processes personal information only for items stipulated in laws and regulations or items agreed by the information subject.
|
Purpose |
Personal Information |
Period for Collection and Processing |
|
① Service provision and member
management |
① PAMC Integrated Member |
-
processing and retention period for personal information is until the user
withdraws from membership |
Article 7.
Destruction of Personal Information 
PAMC and related sites destroys personal information after their retention periods or when they are no longer needed for any purpose unless they must be stored according to the law. The process, period and methods for the destruction of personal information are as follows:
① Destruction Process
The information provided by users shall be destroyed after their retention periods or after they’ve served their purposes according KOPRI’s policies and relevant laws.
② Destruction Period
The personal information of the users shall be destroyed within 5 days from the end date of the retention period or within 5 days from the day the personal information is deemed unnecessary after serving their intended purposes.
③ Destruction Methods
- KOPRI shall destroy users’ personal information as follows:
A. Electronic Files: Permanently destroyed to ensure that the information stored on it can never be recovered.
B. Personal Information in Non-Electric Forms as Prints and Other Media Forms: Shredding or incineration
- When it is difficult to destroy parts of the personal information, the following measures shall be used:
A. Electronic Files: Personal information within the files shall be destroyed and the files shall be monitored and supervised so that the information are not recovered.
B. Personal Information in Non-Electric Forms as Prints and Other Media Forms: Personal information deleted by masking and drilling holes.
Article 8. Measures
to secure the stability of personal information 
In accordance with Article 29 of the Personal Information Protection Act, the Research Institute takes the following technical, managerial, and physical measures necessary to ensure safety.
① Establishment and implementation of internal management plan: KOPRI establishes and implements an internal management plan in accordance with the ‘Standards for measures to ensure the safety of personal information’ (September 30, 2011, Ministry of Public Administration and Security Notice No. 2011-43).
② Minimization and education of personal information handlers: KOPRI minimize the designation of personal information handlers and conduct regular internal and external training.
③ Restriction of access to personal information: Control access to personal information by granting, changing, or canceling access rights to the database system that processes personal information, and using an intrusion prevention system and an intrusion prevention system Controlling access. In addition, we record the details of granting, changing, or canceling access to personal information, and keep the record for at least 3 years.
④ Storage of access records and prevention of forgery and falsification: Records of access to the personal information processing system (web logs, summary information, etc.) are stored and managed for at least 6 months, and to prevent forgery, alteration, theft, or loss of access records.
⑤ Encryption of personal information: Users' personal information is encrypted, stored and managed. In addition, we use a separate security function such as encrypting important data for storage and transmission.
⑥ Technical measures against hacking: In order to prevent leakage and damage of personal information caused by hacking or computer viruses, etc., KOPRI uses a device that blocks external intrusion and periodically updates and checks the area where access from outside is controlled. KOPRI is installing systems on the premises and are technically and physically monitoring and blocking them.
Article 9. About
concerning the installation and operation of the automatic personal information
collection device and its rejection 
KOPRI collects the ‘IP address’ and ‘cookie’ of the information holder to store the basic setting data of the information holder who uses the service.
* IP address is online address information given to devices such as PCs of information subjects accessing the Internet by Internet network operators.
* Cookies are very small text files sent to the user's browser by the server used to operate the website and are sometimes stored on the subscriber's computer hard disk.
* The information holder has the option to install cookies, and by setting options in the web browser, all cookies are allowed, checked every time a cookie is saved, or all cookies are rejected.
The way to refuse cookie settings
* Example: As a way to reject cookie setting, you can accept all cookies by selecting the option of the web browser used by the information holder, check each time a cookie is saved, or refuse to save all cookies.
* Example of setting (in case of Internet Explorer): Tools > Internet Options > Personal Information at the top of the web browser. However, if you refuse to install cookies, there can be difficulties in using some services that require login.
Article 10 Information transmission
KOPRI does not transmit advertising information for commercial purposes. However, only various information deemed necessary for the service can be provided by e-mail, etc. When sending an e-mail, the following items are specified in the subject and body of the e-mail.
① In case of receiving consent, the user agrees to the time and content
② In case of receiving consent, (advertisement), (adult advertisement), etc.
③ Name of sender (name of organization and representative)
④ E-mail address
⑤ Phone number
⑥ Place of business (address)
⑦ Matters concerning measures and methods for the recipient to easily refuse to receive them (written in Korean and English)
⑧ Other related laws and regulations
Article 11 Personal
Information Protection Officer 
① In order to protect personal information and handle matters related to personal information, the research institute designates the person in charge of personal information protection and the person in charge as follows.Information on KOPRI Personal Information Protection Officer
|
|
Representative of Personal Information |
Person in Charge of Personal Information |
|
Name |
Kim, Byung-Rok |
Ha, Sam-sik |
|
Tel. |
032-770-8700 |
032-770-8486 |
② KOPRI educates the trustee so that personal information is not lost, stolen, leaked, falsified or damaged, and supervises whether the trustee complies with the matters of the relevant laws and regulations and the contents specified in the consignment contract.
③ If the trustee re-provides personal information to a third party without the KOPRI’s consent and it is confirmed that the third party is processing it, the researcher can suspend the provision of the personal information and prohibit its use as follows.
1. Confirmation of re-provision of personal information by the target institution that received personal information
2. Warning by the person in charge of personal information protection
3. Reconfirmation of the fact that personal information is provided again
4. After obtaining approval through internal approval, sending an official notice related to the cessation of personal information provision and cessation of personal information provision
④ All matters related to entrustment of personal information processing shall follow the provisions of the Personal Information Protection Act and the Enforcement Decree of the same.
Article 12 Remedies
for Infringement of Rights 
The information
holder can apply for dispute resolution or consultation to the following organizations
in order to receive relief from personal information infringement.
<The following institutions
are separate institutions from KOPRI, so please contact us if you are not
satisfied with the KOPRI’s own personal information complaint process and damage
relief results, or if you need more detailed help.>
- Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Responsibilities : Report personal information infringement, apply for counseling
- Homepage : privacy.kisa.or.kr
- Phone number: (without area code) 118
- Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Responsibilities : personal information dispute mediation application, collective dispute mediation (civil settlement)
- Homepage : www.kopico.go.kr
- Phone number : (without area code) 1833-6972
- Supreme Prosecutor's Office Cyber Crime Investigation Team
- Website: www.spo.go.kr
- Phone number: 02-3480-3573
- Cyber Security Bureau
- Homepage : cyberbureau.police.go.kr
- Phone number : 182
※ If rights or interests, under Articles 35, 36, and 37 of the Personal Information Protection Act, are infringed due to the disposition or omission of KOPRI, an administrative judgment can be requested as stipulated by the Administrative Appeals Act.
Article 13.
Modification of Privacy Policy 
In the case that any change occurs to current privacy policy, such changes shall be notified 15 days in advance on the PAMC website, and related sites. However, important changes on matters related to user management such as collection and use of personal information and disclosure of information to third parties shall be notified 30 days in advance.
- Date of Notification : August 9, 2023
- Date of Implementation : September 9, 2023
• Privacy Policy archive