Article 1: Purpose of Processing Personal Information

In accordance with Article 32 of the Personal Information Protection Act, KAIST KGEP uses and discloses personal information for the following purposes.

• Management of User Data

  • KAIST KGEP uses personal information to verify identity, confirm members' intent to subscribe, authenticate ID, maintain and manage membership, and send out various notifications for service provision.

• Service Provision

  • The purpose of processing personal information is to provide services on KAIST KGEP, such as Alumni Reporter Activity Report, Bulletin Board information, etc.

Article 2 Personal Information Processing and Retention Period

• Type of Information

  • (Required) KAIST KGEP User ID, password, name (first or last name), admission year, and degree obtained

    (Department, course, graduation year), email address

    (Optional) Name of institution and country of current employment

• Data Collection Method

  • Synchronize personal information from the KAIST system or collect data from the information subjects' registrations with KAIST KGEP.

• Legal Grounds for Data Retention

  • Consent of the information subject

• Retention Period

  • Until the date of membership withdrawal (The information subject can withdraw membership at My Page)

Article 3 Provision of Personal Information to Third Parties

KAIST KGEP processes users' personal information within the scope specified in Article 1 (Purpose of Processing Personal Information) and does not process the information beyond its original scope or provide it to third parties without the user's prior consent.

Article 4 Entrustment of Personal Information Processing

KAIST KGEP entrusts the following task to ensure smooth information processing.

Under Article 26 of the 「Personal Information Protection Act」, KAIST KGEP prohibits the use of personal information for any purpose other than that for which it was intended, takes technical and managerial protection measures, restricts the reconsignment of personal information, manages and supervises consignees, and supervises whether the consignee handles personal information safely. Changes to the entrusted business or consignee will be disclosed immediately through the privacy policy.

Article 5 Destruction Procedures and Methods of Personal Information

The KAIST KGEP discards personal information without delay once the retention period has expired or when its purpose has been served

• Destruction Procedure

  • KAIST KGEP selects the personal information for which the reasons for destruction occurred and destroys it with the approval of KAIST's personal information protection officer

• Destruction Method

  • Personal information in electronic files is destroyed using technical methods so that the records cannot be reproduced. Personal information recorded and kept on paper documents is shredded or incinerated to destroy it

Article 6 The Information Subject's Rights and Obligations, and How to Exercise Them

• Information subjects may exercise the following rights and request access, correction, deletion, or suspension of the processing of personal information.
  • Request for access to personal information
  • Request for correction in case of an error
  • Request for deletion
  • Request for suspension of processing
• Information subjects can exercise their rights under paragraph (1) on KAIST KGEP through written document, email, or facsimile (FAX) in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act.
• The exercise of rights under paragraph (1) may be conducted through an information subject's statutory agent or a delegated person. In such cases, the information subject must submit the power of attorney in the attached Form of "Enforcement Rules of the Personal Information Protection Act."
• Information subjects’ rights to request for access to personal information and suspend information processing can be limited under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
• A request for correction or deletion of personal information cannot be made in cases where certain data is mandatorily required under other laws and regulations.
• KAIST KGEP verifies the person making the request for access, correction, deletion, or suspension of processing based on their rights is the owner of the information or a legitimate agent.

Article 7 Security Measures for Personal Information Protection

• Conduct regular self-audit

  • Self-auditing is being conducted regularly (on a quarterly basis) in order to ensure the safety of handling personal information.

• Minimize and train the person who handles the personal information

  • Measures for designating and training a small number of officers to handle and manage personal information are being implemented.

• Establish and implement an internal management

  • For the safe processing of personal information, internal plans for managing personal information are being established and implemented.

• Technical measures for preventing∙mitigating hacking incidents, etc.

  • KAIST KGEP is committed to preventing the loss or damage of personal information by installing security programs that are regularly updated and inspected. Moreover, the systems are installed in an area with restricted access to technically and physically monitor and block external access.

• Encryption of personal information

  • A password for each user's personal information is encrypted for storage and management, making it available only to the information subject. Furthermore, essential data for storage and transmission is encrypted or locked using a separate security function.

• Storage and prevention of fabrication and alteration of access records

  • Access records for processing personal information are stored and managed for a minimum of one year, and records of additional personal information of more than 50,000 information subjects, or treatment of unique identification information or sensitive information are stored and managed for a minimum of two years. To prevent any forgery, theft, or loss of access records, security functions are used.

• Restriction of access to personal information

  • Necessary measures are taken to control access to personal information by granting, changing, and canceling access to the database system that processes personal information and by controlling unauthorized access from outside using the intrusion prevention system.

• Use locking devices for document security

  • Documents and supplementary storage mediums containing personal information are stored in an area that is secured with locking devices

• Access control against unauthorized persons

  • A separate physical site is being established for storing personal information, and access control procedures are being implemented and enforced.

Article 8 Establishment and operation of automatic collection tool and the refusal of users

KAIST KGEP does not use ‘cookies’ that store and periodically recall the information subjects’ information.

Article 9 Personal Information Manager

KAIST KGEP designates a personal information manager and a personal information protection manager as follows to protect personal information and handle complaints raised by information subjects related to personal information processing.

Article 10 Team responsible for handling requests for access to personal information

Under Article 35 of the Personal Information Protection Act, the information subject may request access to their personal information from the following team. In response to the request for access to personal information, KAIST Community-Global Connection will do its best to expedite the process.

Article 11 Remedies for infringement of information subjects' rights and interests

Information subjects may seek mediation or consultation with the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency's Personal Information Infringement Reporting Center for infringement of their personal information. Please contact the following organizations for additional information regarding other breaches of personal information.

• Personal Information Dispute Mediation Committee : (without country code) 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Reporting Center : (without country code) 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office : (without country code) 1301 (www.spo.go.kr)
• National Police Agency : (without country code) 182 (ecrm.cyber.go.kr)

When a public institution's head has acted in a manner that violates the rights or interests of individuals by refusing to comply with a request under Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Processing Personal Information, etc.), an individual may file an administrative appeal.

• For more information on administrative appeals, please refer to the website of the Online Administrative Appeals (www.simpan.go.kr)

Article 12 Changes in personal information processing policies

• Personal information processing policies came into effect on March 1, 2023.