Privacy Policy Korea Institute of Industrial Economics and Trade Privacy Policy 선택 16/05/2022

• □ All personal information collected, held and processed by the Korea Institute for Industrial Economics and Trade (henceforth ""KIET"") is done so with the express consent of the individual that has provided personal information to KIET (henceforth known as the ""data subject""), in accordance with the provisions and clauses of Article 30 of the Personal Information Protection Act.
• □ The personal information collected, held and processed by KIET is to be used exclusively in accordance within the provisions of the law and in a manner that protects the rights and interests of the data subject.
• □ KIET respects the right of the data subject to request access to personal information, including the right to edit, delete and suspend the processing of personal data in accordance with relevant laws and regulations. The data subject has the right to administrative appeal in the event that rights and interests under relevant laws and regulations are deemed to have been violated, in accorance with the Administrative Appeals Act. The data subject may also apply for dispute arbitration through the Persoanl Information Dispute Mediation Committee or the Personal Information Infringement Reporting Center.
• □ In accordance with the Personal Information Protection Act, the KIET home page (kiet.re.kr) operates a Privacy Policy to ensure the satisfactory protection of personal data and the resolution of potential disputes with the data subject. The stipulations of the policy are as below. Updates and amendments to the Privacy Policy are to be posted on KIET's home page.

Article 1: Purpose of data collection, data retention period

1. ① KIET processes personal information for the purposes described in the following paragraphs. Personal information is not be used in any manner not explicitly described in the provision of this Privacy Policy without the express consent of the data subject, in accordance with Article 18 of the Personal Information Protection Act. For individuals under the age of 14, consent to the collection and processing of personal information can only be given through a verified legal guardian.
2. ② The methods by which personal information is registered and shard are circumscribed by Article 32 of the Personal Information Protection Act as follows.

   Personal information file name	Purpose of data process	Personal information items	Data retention period
   KIET newsletter	Delivery of KIET newsletter	Name, e-mail	Until unubscribed
   Fixed distribution department	Delivery of other published materials	Name of departmention/division, job title	Until voluntary deactivation and account deletion

   Personal information file name	Purpose of data process
   KIET newsletter	Delivery of KIET newsletter
   Fixed distribution department	Delivery of other published materials
   Personal information items	Data retention period
   Name, e-mail	Until unubscribed
   Name of departmention/division, job title	Until voluntary deactivation and account deletion

※ Users may view what personal data KIET has in its possession and related file designations through the government's personal information portal at www.privacy.co.kr. Copy and paste "산업연구원" into the search field after registration.

Article 2: Provision of personal information to third parties

KIET does not provide, release or disclose personal information to third parties on principle.
KIET is authorized to do so only in a manner consistent with special clauses and provisions of Articles 17 and 18 of the Personal Information Protection Act and only after obtaining the explicit consent of the data subject.

Article 3: Personal information processing

1. ① KIET outsources the processing of some personal information to professional data processing contractors; the names of these firms are listed below.

   KIET's data processing partners	Consigned company name	TEL
   Homepage services	CUBEA	02-6959-0602
   Data server services	KLIC	042-824-1077
   Surveys and polling	BIZ IS Solutions	02-3406-9390
   Publication services	Korea DM	02-461-8514

2. ② When outsourcing the processing of personal information, KIET includes the following stipulations in contractual matters, in accordance with Article 26 of the Personal Information Protection Act: contractors are expressly forbidden from handling personal information in a manner that does specifically conform to contractual processing obgliations; contractors must take all measures necessary to ensure the technological and physical integrity of personal information; contracts are to contain clauses which hold contractors liable for any damages or compensation; contractors are not to subcontract any processing tasks without explicit consent; contractors are to make every effort to ensure the safe processing of all personal information.
3. ③ this Privacy Policy is to be updated without delay upon any amendments to the Policy, or in the event that KIET outsources data processing tasks to a firm or firm(s) other than the those listed below.

Article 4: The rights and duties of data subjects, and the exercising of the rights thereof

1. ① Data subjects are granted the following rights, which may be exercised at any time:
   • a) The right to access, peruse, and review any personal information collected by KIET
   • b) The right to correct, edit or alter any incorrect peronsal information collected by KIET
   • c) The right to delete, erase or otherwise expunge any personal information collected by KIET
   • d) The right to halt the processing of any personal information collected by KIET
2. ② The data subject may exercise the rights specified in Article 4 by preparing a request in writing, delivered via post, e-mail or FAX, in a manner consistent with the form outlined in Annex 8 of the Enforcement Guidelines of the Personal Information Protection Act. KIET is to respond without delay to such requests to satisfy the clauses of Article 41, Paragraph 2 of the Personal Information Act Implementation Decree.
3. ③ In the event that the data subject exercises the right to correct, edit or alter personal information held by KIET, the processing of that information is to be suspended until any corrections or alterations are completed as requested.
4. ④ The rights of data subjects as outlined in Article 4 Paragraph 1 of this Privacy Policy may be exercised by a legal representative of the data subject. To do so, a document granting Power of Attorney to a legal representative must be filed via post, e-mail or fax in a manner consistent with Annex 11 of the Enforcement Guidlines of the Personal Information Protection Act.
5. ⑤ The right of the data subject to access personal data as described in Article 4, Paragraph 1, Subparagraph 1a of this Privacy Policy is not unlimited, being subject to the restrictions stipulated in Article 35, Pargraph 4 and Article 37, Pargraph 2 of the Personal Information Protection Act.
6. ⑥ Requests to delete, correct or alter personal information may be denied if the collection and/or processing of the personal information in question is mandated by law.
7. ⑦ KIET reserves the right to verify the identity of any individual that has exercised the right to edit, alter or delete the personal information of a data subject on behalf of a data subject. Only the data subject or an authorized legal representative granted power of attorney is authorized to exercise the rights stipulated above.

Article 5: Permanent deletion of personal information

1. ① As a matter of principle, KIET is to permanently and irrevocably delete any personal information for which the specified retention period has lapsed, or any personal information for which retention and storage is deemed unnecessary.
2. ② In the event that the law demands the continued retention of some personal information despite the data retention period having lapsed or the purposes for the the collection and processing of said data having been fulfilled, the data in question shall be stored in a separate and secure database or physical location.
3. ③ Personal information designated for permanent deletion is to be expunged in the following manner:
   1. 1. KIET is to carry out the personal deletion of personal information for which the retention period has passed or for which the purposes for collecting and storing such data have met fulfilled in a systematic manner that follows a predetermined process. For personal information for which the retention period has lapsed, KIET is to permanently delete and/or expunge the data within five (5) working days from the final day of the retention period. For personal information for which retention has become unecessary or redundant, which includes personal formation collected and processed for purposes that have been fulfilled, personal information collected and/or processed for the performance of services that have been terminated, and personal information collected and/or processed for the conduct of projects that have concluded, KIET is permanently delete and/or expunge this information within five (5) working days after this information has been deemed nonessential.
   2. 2. KIET is to permanently and irrecovably delete personal information scheduled for expunction. Any personal data permanently deleted must be made unrecoverable and unreproducable; this includes personal information stored in both electronic and/or physical formats. Personal information for which physical records exist is to be destroyed via shredding or incineration.

Article 6: Ensuring the security and integrity of personal information

KIET is to take all necessary measures to ensure the technological, physical and operational security and integrity of all personal information collected through its home page and stored on its servers (kiet.re.kr) in accordance with Article 29 of the Personal Information Protection Act. These measures are described in detail as follows.

1. ① KIET employees tasked with managing personal information shall be trained in appropriate procedures, the number of employees with access to personal information shall be minimized to only essential personnel, and only employees explicitly tasked with handling personal information are to be authorized to do so.
2. ② KIET shall formulate and an internal procedure for the secure processing of personal information, and in processing personal information, is to do so in a manner consistent with the provisions of the internal procedure.
3. ③ Upon registration at the KIET home page (kiet.re.kr), login credentials (passwords) are encrypted before being stored on secure KIET servers; KIET cannot decrypt this information. All other personal information designated for storage or transmission is encrypted or otherwise locked to prevent unauthorized access.
4. ④ Anti-virus and anti-hacking programs are installed on all KIET servers to prevent leaks of personal information through hacks or viral attacks. Physical and virtual access to servers upon which personal information is stored is restricted to only essential personnel; regular checks and reviews are conducted to ensure the continued security and integrity of data.
5. ⑤ Access to the database in which personal information is collated and stored is granted only on a need-to-know, one-time basis; external access is forbidden and blocking software is installed to prevent malicious attacks on the database from external sources.
6. ⑥ KIET maintains and continually updates a record of connections made to the database in which personal information is stored and collected is maintained; a record of every connection made to the database is stored for no less than six (6) months. The database server is equipped with security features to protect against unauthorized uplication, falsification and erasure of data.
7. ⑦ Physical records and documents containing personal information are are stored in secure media with mechanisms in place to prevent unauthorized access.
8. ⑧ KIET utilizes an Access Control System (ACS) to prevent unauthorized persons from accessing secure storage locations. Procedures are in place and strictly followed to prevent individuals without express access privileges from entry into storage facilities.

Article 7: Cookie policy

1. ① The KIET home page (kiet.re.kr) uses cookies to better customize the end-user experience
2. ② Cookies are pieces of information stored on the end-user's device that external servers have access to in specific instances
   1. 1.KIET utilizes cookies to optimize the user experience on KIET's home page. These cookies contain information on the end-user's web and search history as well as specific security permissions granted to KIET
   2. 2.Users of KIET's home page (kiet.re.kr) may refuse to accept cookies by changing browser security settings. It is not necessary to accept cookies to access KIET's home page
   3. 3.KIET cannot offer customized home page services to users that refuse to accept KIET cookies

Article 8: Redress of violations

Data subjects are encouraged to contact the organizations listed below for assistance in seeking redress for any perceived violation of the rights and interests outlined in the Privacy Policy. KIET is not affiliated with any of these organizations. ※ 아래의 기관은 산업연구원과는 별개의 기관으로서, 홈페이지의 자체적인 개인정보 불만 처리, 피해구제 결과에 만족하지 못하거나 좀더 자세한 도움이 필요하시면 문의하여 주시기 바랍니다.

Visit the Personal Information Infringement Report Center operated by Korea Internet & Security Agency (KISA)	- Undertaking : Infringements of personal information, apply for consultation/arbitration - Homepage : privacy.kisa.or.kr - TEL : ( without area code) 118
Visit the Personal Information Dispute Mediation Committee.	- Undertaking : Personal information dispute mediation application, collective dispute mediation (civil settlement) - Homepage : www.kopico.go.kr - TEL : ( without area code) 1833-6972
The national Supreme Prosecutor's Office (roughly equivalent to the U.S. Attorney General's office) has a cyber investigation unit.	- Homepage : www.spo.go.kr - TEL : ( without area code) 1301
Visit the National Police Agency Cyber Bureau at	- TEL : ( without area code) 182

Article 9: The individuals responsible for protecting your data at KIET

1. ① KIET has appointed specialists to oversee the collection and processing of data subjects' personal information, respond to and process claims, and assist in resolving disputes and pursuing settelements.

   Division	Department	Officer	Phone	E-mail
   Personal Information Protection Officer	Center for Planning and Coordination	Chunkon KIM	044-287-3156	ceekay@kiet.re.kr
   Privacy Officer	Knowledge Information Division	Taehwan KIM	044-287-3243	thkim@kiet.re.kr
   Personal information handler	Public Relations & International Cooperation Division	Jeenyoung KIM	044-287-3247	jykim@kiet.re.kr

2. ② Data subjects may contact any of these specialists at any time for inquiries and/or claims with regards to KIET's collection, handling, and/or processing of personal information; a KIET specialist will respond without delay.

Article 10: Requesting access to personal information

1. ① Data subjects may request access to their personal information at any time, in accordance with Article 35 of the Personal Information Protection Act. Relevant contact information is listed below.

   Division	Department	Officer	Phone	E-mail
   KIET newsletter and home page	Public Relations & International Cooperation Division	Jeenyoung KIM	044-287-3247	jykim@kiet.re.kr
   Fixed distribution department	Knowledge Information Office	Inah HWANG	044-287-3215	kirin@kiet.re.kr

2. ② Data subjects may also request access to personal information collected by KIET through the government privacy portal at privacy.go.kr.

Article 11: Amendments to the Privacy Policy

1. ① This Privacy Policy is in force as of November 18, 2020. Users will be notified of any changes to the policy on the KIET home page no fewer than seven (7) days before changes go into effect.
2. ② Previous versions of the Privacy Policy may be viewed below.
   • - 2012. 03. 13. ~ 2014. 12. 31.
   • - 2015. 01. 01. ~ 2017. 05. 09.
   • - 2017. 05. 10. ~ 2019. 01. 10.
   • - 2019. 01. 11. ~ 2019. 12. 15.
   • - 2019. 12. 16. ~ 2020. 06. 30.
   • - 2020. 07. 01. ~ 2020. 11. 17.