Personal Information Protection
TCIS Personal Information Protection Policy (Updated: October 2017)
Taejon Christian International School established Personal Information Protection Law in order to protect personal information and will process personal information in compliance with the Personal Information Protection Act and other relevant provisions of the Act.
Article 1 (Objective for handling personal information, retention period, and information details)
TCIS will collect and process personal information for various educational service purposes as specified below. TCIS will not use personal information other than for these purposes and when the intended usage of the information changes, the school will seek prior consent.
|Division||File Name||Purpose of Collection and Use||Period of Retention||Details of Collected Information|
|Admissions Office||New Student Information||New student admissions process||2 years after applying year||
Applicant personal information (photo, name, gender, nationality, ethnicity, social security number, passport information, alien registration number, relationship with guardian), admissions requirement details (immigration record, family details, birth details), contact information (address, e-mail, phone number), academic records (student records, resident country, mother tongue), medical records
Parent information (name, nationality, passport information, address, family relationship information, naturalization information, e-mail, contact information, marital status, religion, mother tongue, occupation, workplace, profession)
|Academic Division Office
School Registrar's Office
|Current Student Information, Transferred Student Information, Alumni Information||
To manage student report cards, transcripts, library services, withdrawal, parent services, student activities, and to create student lists.
|Permanent||Student information (photo, name, gender, nationality, ethnicity, social security number, passport information, alien registration number, relationship with guardian), admissions requirement details (immigration record, family details, birth details), contact information (address, e-mail, phone number), academic records (student records, resident country, mother tongue), medical records
Alumni (name, email, contact number, college information, occupation, address)
|Nurse's Office||Student/Staff Health Records||To manage student's and staff's health records||5 years||Personal information (ID, name, date of birth, parents name, address, phone number, emergency contact information), medical records (blood type, past medical history, present illness and medication), vaccination records, physical examination result
|Marketing Office||On/Off-Campus Marketing Activities & Data||Advertising and marketing activities on and off campus||Semi Permanent||Student name, grade, activities photo, video|
|Marketing Office||Donor||Donor record and receipt issuance||Semi Permanent||Business Name, license number, donor's ID, name of representative, address, phone number|
|Marketing Office||Scholarship Agreement||Selecting scholarship recipients||1 Year||
Student ID, grade, name, contact information, parents name, contact information, address
|Transportation Team||School Bus Application List of Bus Users||School bus service||1 Year||Student ID, grade, name, contact information, parents name, contact information, address
|Human Resources Team||School Staff (Dependents) Information||Management of HR services||Permanent||
Employee’s name, nationality, ID, alien card number, address, passport number, family detail
Article 2 (Personal information provided by a third party)
The school will only use the subject’s personal information stated in Article 1 (objective for handling personal information, processing of personal data and the retention period, provision in handling personal information) for stated purposes and will reveal subject’s personal information to a third party only with the subject’s consent, in particular legal provisions, and if the situation is applicable to Article 17 of the Privacy Act.
- If you have received a separate agreement from the subject
- If you have special provision in other laws
- If the subject or the third party is proven to need the information due to his/her imminent life situation, health, or for property interest but the subject or the legal representative is in a state where he/she cannot declare his/her will or when the address is unknown and cannot get a consent
- If the information is needed for the purpose of statistics and academic research where the specific individual cases will be kept private and not revealed
- If the case underwent the Protection Committee’s deliberation and decision when the personal information is used for its unintended purposes, when it is not provided to a third party, and when the case could not be completed by other legal jurisdiction
- If the information is needed by foreign governments or international organizations to handle treaties or other implementation of international agreements
- If it is necessary for the filing and maintenance of investigation and criminal charges
- If it is necessary for the conduct of court
- If it is necessary for custody or enforcement of child protection
Article 3 (Entrusting the processing of personal information)
TCIS will provide limited personal information only to the following third parties within listed purposes
|Purpose||Retention Period||Company Name|
|Student Travel||Until contract expires||SM C&C|
|School Bus||Until contract expires
|Cumson Kang San|
|Yearbook Print||Until contract expires
|Chun Il Printing|
|Yearbook Photo||Until contract expires
|Food Service||Until contract expires
Article 4 (Rights of the subject – obligations and ways to exercise the rights)
The subject can exercise the following subparagraphs’ privacy rights to the school at anytime.
- Request to view personal information
Subject may request to view personal information (or the files) the school holds based on Article 35 of the Personal Information Protection Law. However, request for viewing may be restricted due to the Personal Information Protection Law Article 35 Paragraph 5.
- If viewing is banned or restricted in accordance with the law
- If it may cause harm to another person’s life/body or if there is a possibility that it may infringe the property or interests of others
- If it significantly affects the work of public institutions in the following ways
- Business requiring levy of taxes or refund
- Business regarding grading or student selection in schools following the “Elementary and Secondary Education Act,” lifelong education schools following the “Lifelong Education Law”, and institutions of higher education following other laws
- Business requiring testing education/skills and eligibility testing
- Ongoing evaluation or judgments regarding calculations of compensation/benefits
- Ongoing work on auditing and investigation in accordance with other laws
- Request for correction and deletion
Subject can ask for correction and deletion of personal information (or file) that is held in the school in accordance to Article 36 of the Privacy Act. However, if the personal information is collected from other laws, the subject cannot ask for their deletion.
- Request to cease processing
Subject can ask the school to cease processing personal information in accordance to Article 37 of the Privacy Act (cease processing personal information and such). However, the request may be denied in accordance to the Privacy Act Article 37 Paragraph 5.
- If there is a special provision by law or if it becomes unavoidable due to complying with legal obligations
- If it may harm someone else’s life/body or if it may wrongfully infringe the property and interests of someone else
- If the public agency does not process the personal information and other legal jurisdiction is unable to perform prescribed duties
- If it is crucial to process personal information, or the subject information and service agreement cannot be revealed and the implementation of the agreement becomes difficult when the subject does not clearly state the termination of the contract
- Subject may have a legal representative, appointed according to the Presidential decree, request to view, correct, and/or delete personal information. Legal representative of children under 14 years old may request to access personal information.
- Claim to damage
Subject may make claims for damage if the school violates the Privacy Act with the personal information managed by the school and causes damage or loss to the subject.
- The following divisions manage and process personal information:
|Division||File Name||Contact Information|
Academic Division Office
|Current Student Information,
Transferred Student Information,
Registrar’s Office (042-620-9084)
Secondary School Office
Elementary School Office
Counseling Office (042-620-9080)
Dorm Office (042-620-9508)
|Admissions Office||Student Applicant Information||042-620-9116|
|Nurse's Office||Student/Staff Health Records||042-620-9073|
Advertising and Donation Records,
|Transportation Team||School Bus Application,
List of Bus Users
|Human Resources Team||School Staff Information||042-620-9036|
Article 5 (Destruction of personal information)
- The school will destroy personal information without delay when the retention period has passed and when the personal data processing objectives and such have become unnecessary.
- The school may keep personal information even after the end of the retention period or after the processing purpose has been achieved due to other laws. If this happens, the personal information (or files) will be moved to a separate database (DB) or preserved in a separate storage area.
- Procedures and methods for destroying personal information is as follows:
- Destruction Procedures
The school will establish a plan for destroying personal information (or files) that needs to be discarded. The school will decide the personal information (or files) that needs to be discarded, then after getting the approval of the school’s Chief Privacy Officer, the personal information (or files) will be destroyed.
- Methods of destruction
- Paper copies of personal information will be destroyed using a shredder or through incineration
- Electronic files will be destroyed through technical means, ensuring that they cannot be restored
- Destruction Procedures
Article 6 (Safety measures to secure personal information)
- Minimizing and educating person in charge of personal information
There will be appointed management of persons in charge of personal information. Furthermore, the handlers as well as past employees will receive training on how to safely manage personal information.
- Establishment and implementation of internal management plan
To safely manage personal information, the management guidelines and related laws will be kept, and internal management plan will be established and enforced.
- Personal Information Encryption
The user’s password and other main personal information will be encrypted and stored to only allow the subject to know the information. Furthermore, sending important data will require encryption or will have security features, such as an option to lock the file.
- Technological preparation for hacking and related situations
Safety programs will be installed to prevent hacking and viruses that can allow personal information to be revealed or damaged, and there will be periodic checks. A system will be installed that is inaccessible by outsiders and physically monitored and blocked.
- Request to access the personal information system
To access the data base system that handles personal information, one needs to go through necessary steps and other necessary measures to be granted to personal information.
- Storing of access records
The records of access into the personal information system (web logs, summary) will be stored for at least 6 months.
- Locking devices for file storage
Files and secondary storages containing personal information will be stored in a safe place with locking devices.
- Access control to unauthorized parties
The storage area of the personal information is located separately and access to this area has access control procedures established and operated.
Article 7 (Director and staff responsible for personal information)
The school is responsible for overseeing the work on handling personal information. For further information related to processing personal information, contact the following Privacy Officers:
- Chief Privacy Officer
Name: Eun Joo Jung
Title: Assistant to Director of Business Affairs
Contact Info: email@example.com | 042.620.9007
Address: 77 Yongsan 2-ro, Yuseong-gu, Daejeon 34035
- Privacy Officer
Name: Min Ki Shin
Contact Info: firstname.lastname@example.org | 042.620.9076
Address: 77 Yongsan 2-ro, Yuseong-gu, Daejeon 34035
Article 8 (Remedy for rights violations)
Subject can contact the following agencies about counseling on privacy and remedies.
- Privacy Complaint Center / Personal Information Dispute Mediation Committee: (no area code) 118
- Supreme Prosecutor’s Office Cyber Crime Division: 02-3480-3573 (www.spo.go.kr)
- Police Office – Cyber Terrorism Center: 1566-0112 (www.netan.go.kr)
Article 9 (Installing and operating security cameras)
The school is installing and operating security cameras with the following:
- Purpose for installing security cameras: to prevent crimes to ensure safety for facilities, fire safety, and student safety
- Number, location, and range of cameras: 130 cameras focused on front gate, back gate, building lobby, public area, and other main facilities
- Camera managing director and person with access: Joshua Chun – Commissioner Officer / Department: Operations Management Office
- Camera operating time, retention period, retention location, and method of handling
- Operating Time: 24 hours
- Retention Period: 30 days after recorded
- Retention Location and Method of Handling: Emergency room , each floor of each dorm, and the control room on the 2nd floor Administrative Building handle the security cameras
- Method to view the images and the location: contact the camera managing director
- Actions to take to request viewing the images: need to provide a bill of personal information. The video will be granted to those who have been captured on camera or when the subject needs the video to benefit his/her life, health, or property
- Technical, administrative, and physical measures to protect the videos: established an internal management plan, control access, use technology to safely store and transmit the information, processing archives and anti-forgery measures, storage facilities provided with lock installations, and such.