National Aviation Museum of Korea (hereinafter referred to as “the museum”) is working based on the following privacy policy according to Personal Information Protection Act in order to protect the personal information and rights and interests of users and handle the grievance of users related to personal information smoothly.
If the museum revises its privacy policy, we will publicize it through the notice of our website (or individual notification).
1. Purpose of collection and use of personal information The museum processes personal information for the following purposes, and the processed personal information will not be used for other purposes. If the purpose of use of personal information is changed, we bill obtain prior consent of users.
A. Homepage management We process personal information for the purpose of solving the grievances occurring during use of our homepage, retaining the records for settlement of conflicts, etc.
B. Grasping connection frequency and user statistics We process personal information for the purpose of grasping the connection frequency or preparing user statistics with the connection IP, cookie, browser information, connection log, etc. that are collected automatically.
2. Items of collected personal information and collection method
① Collected items A. Automatic collection - Connection IP information, cookie, service use records, browser information, connection log, etc. ② Collection method We collect personal information using the following methods.
3. Consent to collection of personal information If it is necessary to collect some information besides the automatically collected information for settlement of conflicts and operation, the museum will prepare a separate device to collect such information after obtaining the consent of users.
4. Matters about installation and operation of automatic personal information collection device and refusal ① We use cookie which stores use information and recall it frequently in order to provide individual customized service.
② Cookie is a small amount of information sent to the computer browser of the user by the server (http) used for operation of the website, and it may be stored in the hard disc of the PC of the user.
A. Purpose of use of cookie: Cookie is used for provision of information optimized for users by grasping each service visited by the user, pattern of visit and use of the service, popular search words, the status of secure connection, etc.
B. Installation and operation of cookie and refusal: It is possible to refuse cookie storing by setting options in ‘Tool>Internet option>Personal information’ C. It may become difficult to use the customized services if you refuse cookie storing.
5. Period of processing and retention of personal information
A. The museum processes and retains personal information only for the period of retention and use of personal information prescribed in laws or the period of retention and use of personal information agreed by the information principal at the time of collection of the personal information.
B. However, if it is necessary to retain the personal information for a certain period for checking claims and obligations related to transactions pursuant to relevant laws such as Commercial Act and the ‘Act on the Consumer Protection in electronic Commerce, etc.’, the information is retained for a certain prescribed period. – Records on contracts, cancellation of subscription, etc.: 5 years; - Records on consumer complaints or settlement of conflicts: 3 years
6. Offering personal information to a third party or sharing it
The museum does not use the personal information of users or offer it to a third party beyond the scope stated in the “items of collection of personal information or purpose of collection” and the “purpose of use of personal information” under any circumstances without the consent of the user or required to do so by relevant laws. However, the following are exceptions. – If the user agrees to it in advance – If it is necessary to do so for payment of service fees - If it is necessary to do so for performance of contracts (delivery/installation of products, service work) – If there are enough grounds for the judgment to open customer information in order to take legal actions due to inflicting mental or material damage on others - If it is necessary to do so for preparation of statistics, marketing analysis or market research and the information is processed not identifying a specific person when it is offered to an external agency or organization – If it is prescribed in laws or there is a request from an investigating agency according to lawful procedures and methods – If it is personal information necessary for performance of contracts on provision of service and it is very difficult to obtain consent of users due to an economic/technical reason
7. Rights and obligations of information principal and the method of exercise of the rights A user can exercise the following rights as the principal of personal information.
A. The information principal can exercise the following rights related to protection of personal information against the museum anytime. – Demand for perusal of personal information – Demand for correction of errors – Demand for deletion – Demand for stoppage of processing
B. The rights in the foregoing paragraph can be exercised against the museum by a written document, e-mail, fax, etc. using the No. 8 form attached to the Enforcement Rules of Personal Information Protection Act, and the museum will take measures about it immediately.
C. If the information principal demands correction or deletion of an error, etc. in personal information, the museum will not use or provide the relevant personal information until it is corrected or deleted completely.
D. The rights in the foregoing paragraph can be exercised through a proxy such as the legal representative of the information principal or a delegated person. In this case, it is necessary to submit a power of attorney using the No. 11 form attached to the Enforcement Rules of Personal Information Protection Act.
8. Destruction of personal information
In principle, the museum shall destroy the relevant personal information immediately after achievement of the purpose of processing personal information. The following are the procedure, deadline and method of destruction of personal information.
A. Destruction procedure The information entered by the user is moved to a separate DB (or a separate document in the case of a paper document) and destroyed immediately or after a certain period according to the internal policy or other related laws after achievement of the goal. At this time, the personal information moved to the DB are not used for other purposes unless it is stipulated to do so in laws.
B. Destruction deadline The personal information of a user shall be destroyed within 5 days from the expiration date or within 5 days from the date when it is recognized that it is not needed any more due to achievement of the personal information, cancellation of the relevant service, end of the service, etc.
C. Destruction method The information in an electronic file shall be destroyed by a technical method preventing reproduction of the records. Personal information in a printed paper shall be destroyed by a crusher or incineration.
9. Measures to secure safety of personal information The museum is taking the following technical/managerial and physical measures necessary for securing safety of personal information pursuant to Article 29 of Personal Information Protection Act.
A. Minimizing the number of the staffers handling personal information and education: Designating the staffers handling personal information and managing personal information by minimizing the number of the staffers in charge of personal information
B. Conducting self-auditing on a regular basis: Conducting self-auditing regularly in order to secure safety in handling personal information
C. Establishment and execution of internal management plan: Establishing and executing internal management plan for safe processing of personal information
C. Encoding personal information: The password of the personal information of the user is encoded for storing and management, and thus only the user can know it. Important data is encoded for the file and the transmission data and the file is locked for separate security function.
E. Technical measures to prevent hacking: The museum has installed security programs that are updated regularly to prevent leakage of or damage to personal information by hacking, computer virus, etc. The system is installed in an area restricted from access from the outside which is monitored and blocked technically and physically.
F. Restriction of access to personal information: Measures necessary for restriction of access to personal information are being taken by granting, changing, and cancelling the right to access the database system which processes personal information, and illegal access from the outside is controlled with the firewall.
G. Storing connection records and preventing forgery: The records of connection with the personal information processing system are stored and managed at least 6 months, and the security function is used for prevention of forgery, theft and loss.
H. Using locking device for document security: The documents, secondary storage media, etc. containing personal information are being saved in a safe place with a locking device.
I. Restricting entry of unauthorized people: There is a physically separate place for storing personal information which is being operated with access control process.
10. Persons responsible for protection of personal information
A. The museum has designated the persons responsible for protection of personal information who will take responsibility for all the matters related to processing of personal information; solve the grievances of the information principal regarding the processing of personal information, relieve damages, etc.
B. The information principal can inquire with the person and department responsible for personal information about the matters related to protection of personal information, handling of complaints, damage relief, etc. that occur while using the service (or programs) of the museum. The museum will answer and handle the matters inquired by the information principal.
11. Change of Privacy Policy
A. This Privacy Policy shall take effect from the date of enforcement. If the contents of the Privacy Policy are changed, deleted or corrected due to change of laws, it will be publicized by notice, etc. through Notice at least 7 days before the date of enforcement of the changed items.
If the museum revises its privacy policy, we will publicize it through the notice of our website (or individual notification).
1. Purpose of collection and use of personal information The museum processes personal information for the following purposes, and the processed personal information will not be used for other purposes. If the purpose of use of personal information is changed, we bill obtain prior consent of users.
A. Homepage management We process personal information for the purpose of solving the grievances occurring during use of our homepage, retaining the records for settlement of conflicts, etc.
B. Grasping connection frequency and user statistics We process personal information for the purpose of grasping the connection frequency or preparing user statistics with the connection IP, cookie, browser information, connection log, etc. that are collected automatically.
2. Items of collected personal information and collection method
① Collected items A. Automatic collection - Connection IP information, cookie, service use records, browser information, connection log, etc. ② Collection method We collect personal information using the following methods.
3. Consent to collection of personal information If it is necessary to collect some information besides the automatically collected information for settlement of conflicts and operation, the museum will prepare a separate device to collect such information after obtaining the consent of users.
4. Matters about installation and operation of automatic personal information collection device and refusal ① We use cookie which stores use information and recall it frequently in order to provide individual customized service.
② Cookie is a small amount of information sent to the computer browser of the user by the server (http) used for operation of the website, and it may be stored in the hard disc of the PC of the user.
A. Purpose of use of cookie: Cookie is used for provision of information optimized for users by grasping each service visited by the user, pattern of visit and use of the service, popular search words, the status of secure connection, etc.
B. Installation and operation of cookie and refusal: It is possible to refuse cookie storing by setting options in ‘Tool>Internet option>Personal information’ C. It may become difficult to use the customized services if you refuse cookie storing.
5. Period of processing and retention of personal information
A. The museum processes and retains personal information only for the period of retention and use of personal information prescribed in laws or the period of retention and use of personal information agreed by the information principal at the time of collection of the personal information.
B. However, if it is necessary to retain the personal information for a certain period for checking claims and obligations related to transactions pursuant to relevant laws such as Commercial Act and the ‘Act on the Consumer Protection in electronic Commerce, etc.’, the information is retained for a certain prescribed period. – Records on contracts, cancellation of subscription, etc.: 5 years; - Records on consumer complaints or settlement of conflicts: 3 years
6. Offering personal information to a third party or sharing it
The museum does not use the personal information of users or offer it to a third party beyond the scope stated in the “items of collection of personal information or purpose of collection” and the “purpose of use of personal information” under any circumstances without the consent of the user or required to do so by relevant laws. However, the following are exceptions. – If the user agrees to it in advance – If it is necessary to do so for payment of service fees - If it is necessary to do so for performance of contracts (delivery/installation of products, service work) – If there are enough grounds for the judgment to open customer information in order to take legal actions due to inflicting mental or material damage on others - If it is necessary to do so for preparation of statistics, marketing analysis or market research and the information is processed not identifying a specific person when it is offered to an external agency or organization – If it is prescribed in laws or there is a request from an investigating agency according to lawful procedures and methods – If it is personal information necessary for performance of contracts on provision of service and it is very difficult to obtain consent of users due to an economic/technical reason
7. Rights and obligations of information principal and the method of exercise of the rights A user can exercise the following rights as the principal of personal information.
A. The information principal can exercise the following rights related to protection of personal information against the museum anytime. – Demand for perusal of personal information – Demand for correction of errors – Demand for deletion – Demand for stoppage of processing
B. The rights in the foregoing paragraph can be exercised against the museum by a written document, e-mail, fax, etc. using the No. 8 form attached to the Enforcement Rules of Personal Information Protection Act, and the museum will take measures about it immediately.
C. If the information principal demands correction or deletion of an error, etc. in personal information, the museum will not use or provide the relevant personal information until it is corrected or deleted completely.
D. The rights in the foregoing paragraph can be exercised through a proxy such as the legal representative of the information principal or a delegated person. In this case, it is necessary to submit a power of attorney using the No. 11 form attached to the Enforcement Rules of Personal Information Protection Act.
8. Destruction of personal information
In principle, the museum shall destroy the relevant personal information immediately after achievement of the purpose of processing personal information. The following are the procedure, deadline and method of destruction of personal information.
A. Destruction procedure The information entered by the user is moved to a separate DB (or a separate document in the case of a paper document) and destroyed immediately or after a certain period according to the internal policy or other related laws after achievement of the goal. At this time, the personal information moved to the DB are not used for other purposes unless it is stipulated to do so in laws.
B. Destruction deadline The personal information of a user shall be destroyed within 5 days from the expiration date or within 5 days from the date when it is recognized that it is not needed any more due to achievement of the personal information, cancellation of the relevant service, end of the service, etc.
C. Destruction method The information in an electronic file shall be destroyed by a technical method preventing reproduction of the records. Personal information in a printed paper shall be destroyed by a crusher or incineration.
9. Measures to secure safety of personal information The museum is taking the following technical/managerial and physical measures necessary for securing safety of personal information pursuant to Article 29 of Personal Information Protection Act.
A. Minimizing the number of the staffers handling personal information and education: Designating the staffers handling personal information and managing personal information by minimizing the number of the staffers in charge of personal information
B. Conducting self-auditing on a regular basis: Conducting self-auditing regularly in order to secure safety in handling personal information
C. Establishment and execution of internal management plan: Establishing and executing internal management plan for safe processing of personal information
C. Encoding personal information: The password of the personal information of the user is encoded for storing and management, and thus only the user can know it. Important data is encoded for the file and the transmission data and the file is locked for separate security function.
E. Technical measures to prevent hacking: The museum has installed security programs that are updated regularly to prevent leakage of or damage to personal information by hacking, computer virus, etc. The system is installed in an area restricted from access from the outside which is monitored and blocked technically and physically.
F. Restriction of access to personal information: Measures necessary for restriction of access to personal information are being taken by granting, changing, and cancelling the right to access the database system which processes personal information, and illegal access from the outside is controlled with the firewall.
G. Storing connection records and preventing forgery: The records of connection with the personal information processing system are stored and managed at least 6 months, and the security function is used for prevention of forgery, theft and loss.
H. Using locking device for document security: The documents, secondary storage media, etc. containing personal information are being saved in a safe place with a locking device.
I. Restricting entry of unauthorized people: There is a physically separate place for storing personal information which is being operated with access control process.
10. Persons responsible for protection of personal information
A. The museum has designated the persons responsible for protection of personal information who will take responsibility for all the matters related to processing of personal information; solve the grievances of the information principal regarding the processing of personal information, relieve damages, etc.
| Title | Name | Dept. | Tel. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Person responsible for protection of personal information | Ui-Heon Jeong | Management Control HQ | 02-6940-3057 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Person in charge of personal information | Sang-Lim Lee | Safety Management Team | 02-6940-3057 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
11. Change of Privacy Policy
A. This Privacy Policy shall take effect from the date of enforcement. If the contents of the Privacy Policy are changed, deleted or corrected due to change of laws, it will be publicized by notice, etc. through Notice at least 7 days before the date of enforcement of the changed items.