Article 1 (Purpose of Processing Personal Information)
Personal information is processed for the following purposes. No personal information shall be used for any other purposes, and RPIK will obtain the prior consent of users before modifying any purpose of use.
1. Website membership and management
- Personal information is processed for the purposes of checking users’ intent to create a membership, identifying and authenticating users under the membership service system, and maintaining and managing membership qualifications.
2. Services provided
- Personal information is processed for the purpose of processing complaints about the website, such as on-the-website services and e-petition services (Q&A, bulletin board, etc.).
Article 2 (Scope of Application)
① This policy applies to the processing of personal information of RPIK users.
② Any matters not specified in this policy shall be in accordance with the personal information processing policy disclosed on the National Research Foundation of Korea website (www.nrf.re.kr).
Article 3 (Processing of Personal Information and Personal Information Items)
① Personal information processed by RPIK shall be processed within the scope specified for the purpose of collection and use, and personal information shall be processed and retained within the retention period specified by the Personal Information Protection Act and related laws.
② The personal information items processed by RPIK and retention period are as follows.
Lab member (institutional member)
Current Country of residence
Field of research
Date degree was conferred
Desired annual salary range
Name of Research Institute
Name of Laboratory
Field of Research
Laboratory Director Information
Location of Lab
Person in Charge
Email address of person in charge
Contact information of person in charge
- Method of collection: RPIK Website
- Period of retention: 1, 2, or 3 years, as selected by members
- Applicable laws: Personal Information Protection Act
Article 4 (Provision of Personal Information to Third Parties)
RPIK shall not provide any personal information it has collected and retains to a third party in principle, but may provide the same to a third party if:
1. The subject of the relevant information has provided consent;
2. There are provisions in other laws necessitating it;
3. Prior consent cannot be obtained because the subject of the relevant information, or his or her legal representative, is unable to express an opinion, or their address is unknown, and it is evidently deemed necessary for the imminent interest in the life, health, or property of the subject of the information or a third party;
4. Personal information is necessary for statistics and academic research and provided in a form wherein a specific individual cannot be identified;
5. The protection committee has undergone deliberation and come to a resolution under other laws where any competent business cannot be performed unless certain personal information is used for any unintended purpose or provided to a third party;
6. It is necessary to provide it to a foreign government or international organization in accordance with a treaty or any other international agreement;
7. It is necessary for a criminal investigation, and prosecution and maintenance thereof;
8. It is necessary for a court to perform its trial affairs;
9. It is necessary for the execution of punishment, care and custody, and protective disposition.
Article 5 (Entrustment of Processing of Personal Information)
RPIK shall not entrust the processing of personal information.
Article 6 (Method of Exercising Rights and Obligations of Information Subjects and Their Legal Representatives)
① Information subjects (if under 14 years of age, their legal representative) may, at any time, exercise their right regarding the protection of personal information through the following:
1. Request for inspection of personal information;
2. Request for correction of any errors;
3. Request for deletion;
4. Request for suspension of processing.
② The rights under paragraph 1 above may be exercised anytime by using the information edit function on the RPIK website. It can also be done by filing an application using the Attached Form 8 of the Enforcement Rules of the Personal Information Protection Act in writing, by email, or fax, and appropriate measures shall be taken immediately.
③ If any information subject has requested the correction or deletion of any errors in his or her personal information, RPIK will not use or provide such personal information until the correction or depletion is completed.
④ The form for exercising the rights under paragraph 1 above may be submitted through the information subject’s legal representative or any other delegated person. In such cases, the power of attorney in Attached Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted as well.
⑤ Requests for inspection and the suspended processing of personal information may restrict the rights of information subjects pursuant to Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
⑥ Requests for the deletion of personal information shall not be made if such personal information is prescribed in other laws as items to be collected.
⑦ RPIK verifies requests for the inspection, correction/deletion, or suspension of processing of personal information based on the information subjects’ rights in terms of whether it was made by the information subjects himself or herself, or by his or her authorized representative.
* [Attached Form 8 of the Enforcement Rules of the Personal Information Protection Act] Request for (Inspection, Correction/Deletion, Suspension of Processing) of Personal Information
* [Attached Form 11 of the Enforcement Rules of the Personal Information Protection Act] Power of Attorney
Article 7 (Automatic Personal Information Collection Program Installation, Operation, and Refusal)
① The following information may be automatically collected and stored during the use of RPIK.
- IP Address, cookies, browsing history, type of browser, OS, etc.
② Information collected and stored automatically as described in paragraph 1 will be used to provide better service to users, to analyze statistics for the improvement and supplementation of the homepage, and to facilitate smooth communication between users and the website.
③ The user has the option of installing cookies. Therefore, by adjusting his or her web browser settings, the user may choose to allow all cookies to be installed, confirm each time a cookie is stored, or refuse to allow all cookies. However, if the user refuses to allow cookies, the user may find it difficult to use some services which require log-in, such as Naver. Below is the method for specifying whether to allow cookies to be installed (in Internet Explorer):
※ From upper left of web browser: [Tools] → [Internet Options] → [Privacy] → [Advanced] → [Block All Cookies]
Article 8 (Procedures and Method of Destroying Personal Information)
① RPIK shall in principle destroy any personal information, without delay, if the period for retention has elapsed or the purpose of processing such personal information is achieved, or the personal information becomes unnecessary, unless such information shall be preserved in accordance with other applicable laws. The procedures, deadline, and method of destruction shall be as follows:
② Procedures, deadline, and methods of destroying personal information are as follows:
1. Procedures and deadline
- Any information entered by users shall be destroyed in accordance with internal policies and applicable laws once the period for retention has elapsed or the purpose of processing is achieved.
2. Method of destruction
- Electronic files: Permanently deleted in an irrecoverable manner
- Non-electronic records, printouts, documents, and other media: Shredded or incinerated
③ RPIK will announce the status of destruction of personal information files on its website.
Article 9 (Measures to Ensure Security of Personal Information)
In accordance with Article 29 of the Personal Information Protection Act, RPIK takes all necessary technical, managerial, and physical measures to ensure security, as follows:
1. Minimization and training of personal information processing staff
- We designate employees who handle personal information, limit it to the person in charge, and take measures to manage personal information.
2. Regular self-inspections
- In order to secure the stability of personal information processing, we conduct self-inspections on a regular basis (once a year).
3. Establishing and implementing an internal management plan
- We have established and implemented an internal management plan for the secure processing of personal information.
4. Encryption of personal information
- User passwords are encrypted, stored and managed, and data provided to third parties is sent using password-protected files.
5. Technical measures against hacking, etc.
- We install, regularly renew, and inspect security programs to prevent leakage of or damage to personal information due to hacking or computer viruses. We install such systems in a restricted area, and monitor and block viruses from these systems using technical and physical means.
6. Restriction of access to personal information
- We take necessary measures to control access to personal information by granting, modifying, and removing access rights to the personal information processing database system, and use an intrusion prevention system to restrict unauthorized access from outside sources.
7. Retention of access records and prevention of forgery
- We store and manage personal information processing system access records for at least 6 months, and use security functions to prevent these access records from being forged, lost, or stolen.
8. Use of locks for document security
- Documents and auxiliary storage media containing personal information are stored in a secure location with a locking device.
9. Control of access for unauthorized persons
- We have established and operate access control procedures for the physical storage area for personal information.
Article 10 (Method to Remedy Infringement of Rights and Interests)
Information subjects may contact the following institutions for inquiries regarding consulting and remedying an infringement upon personal information. These institutions are separate from the National Research Foundation of Korea. If you are not satisfied with the results of the National
Research Foundation of Korea's own personal information complaint and damage relief system, or if you need further assistance, please contact:
1. Personal Information Infringement Report Center (http://www.privacy.kisa.or.kr/): 118
2. Personal Information Dispute Mediation Committee (http://www.kopico.go.kr): 02-2100-2499
3. Cybercrime Investigation Department of the Supreme Prosecutor’s Office (http://www.spo.go.kr/): 02-3480-3571
4. Cyber Bureau of the National Police Agency (http://cyberbureau.police.go.kr/): 182
Article 11 (Rejection of collection and use of personal information)
The user may reject the collection and use of personal information items. In case of rejection, there is a limit on the use of services.
Article 12 (Contact Information of Personal Information Manager)
① RPIK has designated a personal information manager to be responsible for general affairs regarding the processing of personal information and dealing with complaints and damage relief by information subjects related to personal information processing, as follows.
▶ Personal Information Manager
Name: Yun Sook Kim
Position: Personal information manager
Rank: Team manager
Contact information: 02-3460-5620, firstname.lastname@example.org
※ Redirected to the department responsible for the protection of personal information.
▶ Department responsible for protection of personal information
Department: International R&D Collaboration Team
Staff member in charge: Joohye Nam
Contact information: 02-3460-5639, email@example.com
② Information subjects may contact the personal information manager or the department responsible for the protection of personal information with respect to any inquiries, complaints or remedies in connection with the protection of personal information arising from the use of the Service (or business) of RPIK, which will respond to and deal with said inquiries without delay.