Purpose of processing personal information

UNIST collects and processes the minimum amount of personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, we plan to take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. Provision and Management of Academics and Research Services: Undergraduate and Graduate admissions, academic record management, scholarship management, operation of non-degree programs, management of Research Findings , intellectual property management, management of Research rights for projects, safety Academics management for Research personnel, management of radiation workers
2. Organization Introduction and Website Management: Member information, promotion of Research Findings , Newsletter distribution, Website membership management, Library Website user management, Research Support Website membership management, family company Mail list management, Giving donor management
3. Other services provided: Library loan management, Dormitory resident management, external event participant management, construction management, startup support, affiliated clinic operation, counseling service management, health management and health checkup management, guesthouse operation

Processing and Retention Period of Personal Information

1. UNIST processes and retains personal information within the personal information retention and usage period stipulated by relevant laws and regulations or within the personal information retention and usage period agreed upon by the data subject at the time of collection.
2. The personal information processing and retention periods for representative business activities are as follows. Further details regarding the personal information processing and retention periods of UNIST of Science and Technology can be viewed at 'Personal Information Portal (www.privacy.go.kr) → Personal Services → Exercise of Data Subject Rights → Guide on Requests for Access to Personal Information, etc. → Search Personal Information File List → Institution Name (Select): Ulsan National Institute of Science and Technology '.

Status of personal information file Tuition Fee Payment and items of personal information processed

1. Pursuant to Article 32 of the Personal Information Protection Act, the processing purposes and personal information items of representative personal information files Tuition Fee Payment and disclosed are as follows:

   A table showing the status of Tuition Fee Payment personal information files, classification of personal information items processed ( personal information file name), purpose of collection and use (processing purpose), and personal information processing items.

   Category(Personal Information File Name)	Purpose of collection and use (purpose of processing)	Personal Information Processing Items
   Admissions Management	Performance of admissions screening duties	Name, Home Address, E-Mail, Home Contact, Resident Registration No., Photo, Gender, School Attended, Approval Status of Computerized Student Record, Account No., Guardian's Name, Guardian's Tel., Date of Birth, Nationality
   Academic Affairs	Academic affairs and school administration	Name, Date of Birth, Gender, Nationality, Student ID, Department and Major, Photo, Personal Contact(Address, Tel., Mobile Tel., Mail), Guardian Contact(Guardian Name, Relationship, Address, Tel.), Bank Account Information, Post-Graduation Career Path, Admissions, Tuition Fee Payment, Scholarship, Classes, Grade, Promotion, Graduation, Internship, Language Grade, Military Service Details, Awards and Disciplinary Actions, Advisor, Academic Status Changes
   Research Findings Management	Collection and management of Research Findings	Name, E-Mail, Date of Birth, Employee Number, Researcher Tuition Fee Payment No., Affiliation, Position, Date of Appointment, Photo, Laboratory Name, Research Field, Work Experience, Degrees, Qualifications, Research Achievements, Mobile Phone (Contact), (Optional) Laboratory Tel.
   Intellectual Property Management	Intellectual Property Management	Name, Work Address(Affiliation), Work Contact/ Mobile Contact, Resident Registration Number, Student ID / Employee ID / Teacher ID, E-mail
   Special health checkups	Examination and Management of Users of Substances Subject to Special Health Examinations	Name, Mobile Phone (Contact), Resident Registration Number, Identity, Admissions/Employment Date

2. The processing purposes and items of personal information files are stipulated differently depending on the characteristics of the personal information file, and please check the detailed Content for each personal information file through the personal information portal.
   • Checking the list of personal information files

Matters concerning the provision of personal information to third parties

1. UNIST provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject or special provisions of the law.
2. UNIST and Technology provides personal information to third parties on a regular and repetitive basis as follows, in accordance with the law and the consent of the data subject.
   • View status of third-party provision of personal information
3. Other one-time and irregular provision of information to third parties is disclosed through the separate bulletin board below.
   • Bulletin board for providing personal information to third parties for purposes other than the intended purpose

Matters concerning the entrustment of personal information processing tasks

1. UNIST entrusts personal information processing tasks as follows to ensure smooth processing of personal information.
   • Status of Outsourcing of Personal Information Processing Tasks
2. When concluding a consignment contract, UNIST specifies matters regarding the prohibition of processing personal information for purposes other than the performance of entrusted tasks, technical and administrative protective measures, restrictions on re-consignment, management and supervision of the trustee, and liability such as compensation for damages in documents such as contracts, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee safely processes personal information.
3. If there are any changes to the Content of the entrusted work or the trustee, we will disclose them without delay through this Privacy Policy.

Procedures and Methods for Destruction of Personal Information

1. In principle, UNIST destroys personal information without delay when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the purpose of processing. However, if personal information must be preserved in accordance with other laws, the relevant personal information (or personal information file) is transferred to a separate database (DB) or stored in a different location.
2. The procedure, deadline, and method of destruction are as follows.
   • Destruction Procedure: UNIST of Science and Technology selects personal information and personal information files for which grounds for destruction have arisen, and destroys personal information as follows under the responsibility of the Chief Privacy Officer of UNIST of Science and Technology.
     • Destruction of Personal Information: Personal information whose retention period has expired will be destroyed without delay from the expiration date.
     • Destruction of personal information files: When a personal information file becomes unnecessary due to the achievement of the purpose of processing the personal information file, the discontinuation of the relevant service, or the termination of the business, the personal information file is destroyed without delay from the date on which the processing of the personal information is deemed unnecessary.
   • Method of destruction:
     • Information in electronic form uses technical methods that cannot reproduce the records.
     • Personal information printed on paper is destroyed by shredding or incineration.

Matters concerning the rights and obligations of data subjects and their legal representatives and the method of exercising them

1. The data subject (or their legal representative in the case of a person under the age of 14) may exercise their rights, such as requesting access to, correction of, deletion of, or suspension of processing of personal information held by UNIST and Technology, at any time.
2. You may exercise your rights pursuant to Paragraph 1 against UNIST in writing, via email, fax, etc., in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and UNIST will take action regarding this without delay.
   • [Form No. 8 of the Personal Information Protection Commission Notice (No. 2020-7)] Request for Access to Personal Information
3. The exercise of rights pursuant to Paragraph 1 may be carried out through a representative, such as a legal representative of the data subject or an authorized agent. In this case, you must submit a power of attorney in accordance with Form No. 11 of the “Notice on Methods of Processing Personal Information (No. 2020-7).”
   • [Form No. 11 of the Personal Information Protection Commission Notice (No. 2020-7)] Power of Attorney
4. The rights of a data subject to request access to and suspension of processing of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for the correction or deletion of personal information cannot be made if such personal information is explicitly designated as a subject of collection under other laws.
6. When a request for access, correction/deletion, or suspension of processing is made in accordance with the rights of a data subject, UNIST verifies whether the person making the request is the principal or a legitimate representative.

Matters concerning measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, UNIST is taking the following administrative, technical, and physical measures necessary to ensure safety.

1. Administrative measures
   • Establishment and Implementation of Internal Personal Information Management Plan: We have established and are implementing an internal management plan for the safe processing of personal information.
   • Minimization and Academics of Personal Information Handlers: Personnel handling personal information are designated and managed only to the extent absolutely necessary, and Academics is provided to handlers for safe management.
2. Technical measures
   • Access Control and Restriction of Access Rights to Personal Information: We take necessary measures to control access to personal information by granting, modifying, or revoking access rights to database systems that process personal information, and we control unauthorized access from the outside by utilizing an intrusion prevention system.
   • Storage of Access Logs and Prevention of Tampering/Forgery: We inspect the access logs of the personal information processing system and store them securely to prevent forgery, tampering, theft, or loss.
   • Encryption of Personal Information: The unique identification information and passwords of data subjects are managed through encryption. In addition, separate security features are applied, such as encrypting important data during storage and transmission.
   • Technical measures against hacking, etc.: To prevent the leakage and damage of personal information caused by hacking or computer viruses, we install security programs and perform periodic updates and checks. We also install systems in areas where external access is controlled and monitor and block access technically and physically.
3. physical measures
   • Access control for unauthorized persons: We maintain a separate physical storage location for personal information systems that store personal information and have established and operate access control procedures for this area.

Matters concerning the installation, operation, and refusal of devices that automatically collect personal information

1. Purpose of using cookies: They are used to identify users' access frequency or visit times in order to provide more convenient services to users.
2. Installation, Operation, and Rejection of Cookies: You can configure settings such as allowing or blocking cookies through your browser options.
   • Internet Explorer: Tools menu at the top right of the web browser > Internet Options > Privacy > Settings > Advanced
   • Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data
   • Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and Etc data

Criteria for Determining Additional Use and Provision

1. UNIST does not use or provide personal information for purposes other than the original purpose of collection. However, if necessary, additional use or provision of collected personal information may be made pursuant to Article 15, Paragraph 3 and Article 17, Paragraph 4 of the Personal Information Protection Act, and additional use or provision of personal information may be made without the consent of the data subject in consideration of matters specified in Article 14-2 of the Enforcement Decree of the same Act.
2. In cases of additional use or provision without the consent of the data subject, we consider the following:
   • Whether the purpose of additionally using or providing personal information is related to the original purpose of collection
   • Whether there is foreseeability of additional use or provision in light of the circumstances under which personal information was collected or processing practices
   • Whether the additional use or provision of personal information unduly infringes upon the interests of the data subject
   • Whether necessary measures to ensure safety, such as pseudonymization or encryption, have been taken

Matters concerning the Chief Privacy Officer

In accordance with Article 31, Paragraph 1 of the Personal Information Protection Act, UNIST designates a Chief Privacy Officer and working-level personnel as follows to protect personal information and handle complaints related to the processing of personal information.

Department that receives and processes requests for access to personal information

1. Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act from the department listed below. UNIST will endeavor to ensure that requests for access to personal information by data subjects are processed promptly.
   • Department and Contact responsible for receiving and processing requests for access to personal information
     • Department Name/Person in Charge: General Affairs Team / Administrative Officer Kim Tae-hoon
     • Contact: (Tel.) 052-217-1162 , (Mail) privacy@unist.ac.kr
2. In addition to the department responsible for receiving and processing access requests under Paragraph 1, data subjects may also request access to their personal information through the Personal Information Protection Commission's 'Personal Information Portal' (www.privacy.go.kr).
   • Claim Procedure: Personal Information Portal → Personal Services → Exercise of Data Subject Rights → Request for Access to Personal Information, etc.

Remedies for infringement of the rights and interests of data subjects

1. Data subjects may contact the following institutions for relief from damages, consultation, etc., regarding personal information infringement.
   (The organizations listed below are separate from UNIST. If you are not satisfied with UNIST's internal handling of personal information complaints or damage relief, or if you require further assistance, please contact them.)
   • Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
     • Scope of duties: Reporting personal information infringement, requesting consultation
     • Website: privacy.kisa.or.kr
     • Tel.: 118 (without area code)
   • Personal Information Dispute Mediation Committee
     • Scope of duties: Application for personal information dispute mediation, collective dispute mediation (civil settlement)
     • Website: www.kopico.go.kr
     • Tel.: 1833-6972
   • Supreme Prosecutors' Office Cyber ​​Investigation Division: 1301 (without area code), www.spo.go.kr
   • Cybercrime Reporting System (ECRM): 182 (without area code), ecrm.police.go.kr
2. Any person whose rights or interests have been infringed upon by a disposition or inaction of the head of a public institution regarding a data subject's request for access, correction, deletion, or suspension of processing of personal information may file an administrative appeal in accordance with the Administrative Appeals Act. For detailed information regarding administrative appeals, please refer to the Website of the National Administrative Appeals Commission ( www.simpan.go.kr ).

Matters concerning the assessment of personal information protection levels

1. UNIST safely manages the personal information of data subjects and must comply with the 'Personal Information Protection Level Assessment' conducted annually by the Personal Information Protection Commission pursuant to Article 11-2 of the Personal Information Protection Act.
2. UNIST obtained an 'S' grade in the personal information management level diagnostic evaluation (personal information protection level evaluation) conducted in 2022.
3. UNIST is striving for safer personal information management through improvements in personal information processing procedures and strengthened management of personal information processing systems.

Matters concerning the operation and management of fixed image information processing devices

In accordance with Article 25, Paragraph 1 of the Personal Information Protection Act, UNIST of Science and Technology installs and operates fixed image information processing devices for the purposes of facility safety and management, fire prevention, and crime prevention. Please refer to the 'Policy on Operation and Management of Image Information Processing Devices' for Content.