Privacy Policy l INKSLIB
Go to menu Go to content

Privacy Policy

Personal Information Protection Policy

The following describes the personal information protection policy of the National Library of Korea (NLK), which is designed to protect the privacy of its users and address related problems in a timely and seamless manner in compliance with Article 30 of the Personal Information Protection Act.

Acquisition and storage of personal information

  • The NLK acquires and stores its users’ personal information in accordance with the law and only with the express consent of relevant individuals. Major personal information files that the NLK retains in compliance with the law are the followings.
File name Retention period Related laws Purpose of acquisition and retention Content
Database on the members of the Library Service Council for Children 3 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the members of the Library Service Council for Children Name, organization, organization address, phone number, fax number, division, title, home address, cellphone number, email address, ID, password
National Library for Children and Young Adults Program Applicants 3 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of program applicants Name, home address, email address, phone number (home), cellphone number, date of birth, other (gender, school), ID, password
Users of the Information Center for the Disabled 3 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and the NLK’s internal regulations Management of the users of the Information Center for the Disabled Name, cellphone number (contact number), date of birth, other (disability type and level)
Users of the Audio-Visual Studio of the Digital Library Media Center 1 yr Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and the NLK’s internal regulations Management of studio equipment and facility users Name, occupation/organization , date of birth, address, email address, phone number, ID, password
Users of the Video Studio of the  Digital Library Media Center 1 yr Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and the NLK’s internal regulations Management of the studio equipment and facility users Name, occupation/organization , date of birth, address, email address, contact number, ID, password
Lecturers for librarian training 30 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and NLK regulations on the operation of the library Management of internal/external lecturers for librarian training Name, address (home), address (work), email, phone number (work), cellphone number, date of birth (gender, organization, title, lecture subject, education level, major career, published books/articles, organizations that you provide lectures, license plate number, bank account number), ID, password
Database of participants to librarian training Semi-permanent Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the training history of training participants Name, email, cellphone number, date of birth, other (organization, division, gender, title, job type)
Users of the Integrated Library Service 10 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Provision of the Integrated Library Service Integrated Service user ID number, library code, Connecting Information (CI), name, email address, phone number
Users of the Small Library Integrated Materials Management System 10 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the users of the Small Library Integrated Materials Management System Name, home address, email address, phone number, date of birth, ID, password
NLK Integrated Service users 2 yrs Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) Management of the library users and provision of customized information service Name, address (home), address (work), email address, phone number (home), phone number (work), cellphone number, date of birth, profession, ID, password, health status (disability type and level)
Overseas Korean Studies librarians Semi-permanent Clause 1 of Article 15 of the Personal Information Protection Act (Consent of data subjects) and the NLK’s internal regulations Operation of the overseas Korean Studies librarian network (essential items) ID, password, name (Korean/English), gender, organization, division, address, phone number, fax, email address
(optional) whether or not receiving The Report on the Trend in Korean Studies Libraries, whether or not disclosing email address, the proportion of the work related Korean Studies in the person’s role at work
  • For more details on personal information files managed by the Ministry of Culture, Sports and Tourism, please visit www.privacy.go.kr (Comprehensive Support for Privacy Protection Portal of the Ministry of Government Administration and Home Affairs) → Regarding Personal Information (개인정보민원) → Requests for Access to Personal Information (개인정보의 열람 등 요구) → Catalog Service for Personal Information Files.
  • The data that is automatically collected and stored when browsing our website: the following data is automatically collected and stored in order for statistical analysis to improve our service and user experience. → Domain name of the user’s Internet server, the websites that you visited before coming to our website, visit dates
  • Data sharing by law: When required by law to preserve it, the user information will be retained for a specific period of time defined by the law. The information will be used only for the purpose of such preservation.
  • Access to personal information files
Department in charge File name Contact details
Phone (Fax) E-mail Address
National Library of Korea National Library of Korea (02) 590-6311 administrator@mail.nl.go.kr 201 Banpodae-ro Seocho-gu Seoul, 137-702
Information Technology Division Integrated Users DB (02) 590-0577
  • The NLK will strive to protect its users’ rights by lawfully and appropriately processing users’ personal information that it retains. However, the information may be subject to partial publication in accordance with the law.

Use and provision of personal information

  • The NLK uses, provides to a third party, or publishes the personal information of its users only to the extent that meets the terms and conditions previously announced to or agreed upon by its users, except that the provision of such information is allowed or requested by the law.
    • The NLK uses, provides to a third party, or publishes the personal information of its users only to the extent that meets the terms and conditions previously announced to or agreed upon by its users, except that the provision of such information is allowed or requested by the law.
  • Commissioning of personal information processing
    • In the case of commissioning another organization for the processing of the data it retains, the NLK shall establish necessary regulations and/or procedures in accordance with Article 26 of the Personal Information Protection Act (Restrictions to the commissioned processing of personal information) and requires the commissioner to abide by them. The NLK shall conduct monitoring of the commissioner’s observance of those regulations and/or procedures.
      The types of personal information that the NLK is commissioning to a third party are as below.
Commissioner Commissioned information Purpose Duration
Daumsoft Inc ID, password, name, phone number, email, date of birth, gender, and occupation Management of the NLK website Until the termination of the commissioning contract
  • Limitations in the use and provision of data
    • While the use and provision of the personal information that the NLK retains is strictly restricted, Article 18 of the Personal Information Protection Act (Restrictions to the use and provision of personal information) defines exceptions as the following.
      1. 1. Upon a special approval by data subjects
      2. 2. In accordance with other laws
      3. 3. When it is believed to be necessary for the clear benefit for the life, health, and/or property of the data subject but a prior approval is unobtainable due to such reasons as the inability of the individual or his/her legal representative to express his/her intent or the inability to find out the whereabouts of the individual or his/her legal representative
      4. 4. When personal information is provided with anonymity for the purpose of statistical analysis or academic research
      5. 5. When it is determined through the deliberation of the personal information protection committee that it is impossible to perform certain activities required by law unless such information is made available for such exceptional causes or to the third party
      6. 6. When it needs to be provided to foreign governments or international organizations in order for international treaties/agreements to be implemented
      7. 7. When it is needed for criminal investigation and/or prosecution
      8. 8. When it is needed for court hearings and
      9. 9. When it is needed for the execution of court rulings such as imprisonment and protective disposition

Rights of data subjects

  • In accordance with Chapter 5 of the Personal Information Protection Act: Rights of Data subjects, data subjects have the rights as below in regard to the processing of personal information.
    1. 1. Access to their personal information
    2. 2. Request for correction or deletion of the information
    3. 3. Request for discontinuance of the processing of the information
    4. 4. Methods and procedures of the execution of rights
    5. 5. Indemnification

Requests for access to, correction, deletion, or discontinuance of the processing of personal information files

  • In accordance with Article 35 (Access to personal information), Article 36 (Correction and deletion of personal information), and Article 37-9 (Discontinuance of the processing of personal information) of the Personal Information Protection Act, data subjects can make a request for access to, correction, deletion, or discontinuance of the processing of the information that the NLK retains.
Contact Information Technology Division, NLK
Method www.privacy.go.kr (Comprehensive Support for Privacy Protection portal run by the Ministry of Government Administration and Home Affairs) → Regarding Personal Information (개인정보민원) → Requests for Access to Personal Information (개인정보의 열람 등 청구)
Person in charge Lee Geum-hwa, Information Technology Division (02-590-0569)
  • Access to personal information
    • In accordance with the Personal Information Protection Act and related regulations, users can request for access to their personal information retained by the NLK by submitting the request form provided below
  • As to the following cases, access may be restricted in compliance with Clause 4 of Article 35 of the Personal Information Protection Act.
    • 1. When access is prohibited or restricted by law
    • 2. When it is likely to cause bodily harm to other individuals or unduly damage the financial and/or other interests of other individuals
      • ♦ Affairs related to taxation or refunds
      • ♦ Affairs related to academic assessment or admissions at educational institutions established by the Elementary and Secondary Education Act, Higher Education Act, Lifelong Education Act, and other laws
      • ♦ Affairs related to tests or qualification assessments regarding academic performance, skills, or employment
      • ♦ Affairs related to ongoing deliberations or assessments regarding compensation and benefits
      • ♦ Affairs related to audits and investigations being undertaken in accordance with the law
    • Correction, deletion, and discontinuance of the processing of personal information
      • - Users may make a request for correction, deletion, or discontinuance of the processing of the information. If the information is subject to collection as defined by the law, however, it may not be deleted.
      • - A request for correction, deletion, or discontinuance of the processing of personal information can be made by submitting the relevant form provided below.
      • - The Request for Access form The Request for Correction/Deletion form

Reporting of the violation of personal information protection

  • Victimization by unlawful or unsolicited collection, utilization, provision, and/or commissioning of personal information or impingement of the rights of data subjects should be reported as the following.
  • Or such incidents may be reported to the 118 Center run by the Ministry of Government Administration and Home Affairs in accordance with Article 62 of the Personal Information Protection Act (Reporting rights impingement).
    • - Korea Internet and Security Agency 118 Center (http://www.kisa.or.kr, phone: 118)

Destruction of personal information

  • Users’ personal information will be destroyed upon the fulfilment of the purposes of its collection and utilization according to the following procedures and methods.
  • Procedures
    • ♦ Upon the completion of its goals, the personal information that the NLK has collected will be destroyed after being retained for a certain period of time defined by internal regulations and related laws for the purpose of information protection (See the Duration for Storage and Utilization).
    • ♦ Such personal information will not be used for purposes other than defined purposes for such storage unless prescribed otherwise by law.
  • Methods
    • ♦ Personal information printed in paper will be destroyed through shredding or incineration
    • ♦ Personal information stored in electronic formats will be irrevocably deleted.

Measures to guarantee the security of personal information

  • The NLK has in place such technical/managerial measures as the following in order to securely protect the personal information of users from loss, disclosure, alteration, or damage.
  • Password encryption
    • ♦ Passwords are stored and managed by encryption technology and only known to corresponding users. Personal information can be viewed and changed only by the data subject who has the password to access it
  • Storage of access records
    • ♦ The NLK keeps access records to its Personal Information Processing System (system logs, summary information, etc.) for minimum six months and take measures to prevent unauthorized alternation.
  • Prohibition of unauthorized access
    • ♦ The NLK has the Personal Information Processing System in a separate physical location with measures to prohibit unauthorized access.
  • Anti-hacking measures
    • ♦ The NLK has in place technical/managerial measures to securely protect users’ personal information from loss, disclosure, alternation, or damage.
    • ♦ Backup files for personal data are generated on a regular basis; latest vaccine programs are installed to protect such data from loss or disclosure; and encryption technology is used for personal information to be safely transmitted on the network.
    • ♦ An intrusion prevention system is implemented to prohibit unauthorized access. The NLK is also striving to equip itself with every possible technical measure to ensure the security of the system.
  • Minimizing the number of those authorized to access such information and employee training
    • ♦ Access to users’ personal information is restricted to the staff in charge, who regularly changes the password to the system. Regular training is offered to the staff in order to ensure the observation of the NLK’s regulations on the handling of personal information.
  • Operation of a special taskforce for the protection of personal information
    • ♦ The NLK regularly monitors the implementation of its regulations on the handling of personal information and tries to address any possible problems in a timely manner. However, the NLK is not liable for any problem arising from the user’s failure to keep ID/password confidential or from Internet problems that are beyond the NLK’s control.

Designation of the staff in charge of the protection of personal information

  • The NLK has designated personnel who are responsible for affairs related to the processing of personal information and remedial responses to complaints from data subjects.
  • Oh Se-heung, Manager, Information Technology Division, NLK
  • Lee Geum-hwa, Information Technology Division, NLK

Remedial measures for infringement of rights

  • Data subjects may make a claim for remedies for rights infringement or may request consultations on related matters. If you are not satisfied with the NLK’s decision on your complaints, you may also get help from the following organizations.
  • Korea Internet and Security Agency 118 Center: reporting violation of privacy rights, consultations
    • ♦ Website: privacy.kisa.or.kr (hotline: 118)
    • ♦ Address: 135 Jungdae-ro Songpa-gu Seoul (138-950)
  • Personal Information Dispute Mediation Committee: making a request for mediation of conflicts regarding personal information issues or conflicts between groups (civil remedies)
    • ♦ Website: privacy.kisa.or.kr (hotline: 118)
    • ♦ Address: 135 Jungdae-ro Songpa-gu Seoul (138-950)
  • Supreme Prosecutors’ Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
  • National Police Agency Cyber Terror Investigation: 1566-0112 (www.netan.go.kr)

The revised regulation on personal information processing

  • This regulation shall take effect on January 31, 2013.
  • See below for previous regulations.
    • ♦ Regulations implemented before January 32, 2013
top