ABSCH Genetic Resources Information Center

Article 1 (Purpose of Processing Personal Information)

The Center processes a minimum amount of personal information for the following purposes:

To see the Personal Information File Register, please click download. Download

For more details on the Center’s disclosure of Personal Information File Registration Items, please go to the MOIS (Ministry of the Interior and Safety) Personal Data Protection Laws in Korea website (www.privacy.go.kr) → Civil Affairs on Personal Information → Request for Access to Personal Information, etc. → Personal Information File List, and enter “National Institute of Biological Resources” in the Institute Name field and use the search menu. Personal information will not be used for other purposes than those specified herein, and in the case that the purposes of the use are changed, we will notify you of the change in advance and obtain your consent.

Article 2 (Processed Personal Information Items)

The Center collects a minimum amount of personal information to a necessary extent and obtains your consent to the collection. Personal information items collected are as follows:

• 1. Mandatory personal information items for membership registration: Name, ID, password, country, telephone number, address, email address
• 2. Mandatory personal information items for report submission: Name, address, telephone number, email, date of birth
• 3. Identity verification papers if you cannot or do not agree to the common use of administrative information

Article 3 (Processing of Personal Information and Its Retention Period)

service is closed, the website user’s personal information is deleted, provided, however, that the following information will be preserved for the specified reasons until the specified time as follows:

• 1. Membership information
  • Ground for the collection: “in the case of obtaining consent of the information owner,” Clause 1, Article 15 of the Personal Information Protection Act (“where the consent is obtained from a data subject”)
  • Retention period: Five (5) days after declaring the intention of membership withdrawal
• 2. Reporter information
  • Grounds for the collection: Article 9 Clause 1, and Article 15 Clause 1 of the Act on Access to and Use of Genetic Resources and Sharing of Benefits; Article 4 Clause 1 and Article 6 of the Enforcement Decree of the said Act
  • Retention period: Until the relevant service is closed
• 3. Identity verification papers if you cannot or do not agree to the common use of administrative information
  • Grounds for the collection: Article 9 of the Act on Access to and Use of Genetic Resources and Sharing of Benefits; Article 4 of the Enforcement Decree of the said Act
  • Retention period: Until the relevant service is closed

Article 4 (Provision of Personal Information to a Third Party)

The Center processes your personal information only for the purposes specified in Article 1 (Purpose of Processing Personal Information) and will not engage in processing the information for other purposes and providing it to a third party without your prior consent, except if specified otherwise in applicable laws or when a case is applicable to Article 18-② of the Personal Information Protection Act, for example, criminal investigation.

Article 5 (Entrustment of Personal Information Processing)

The Center entrusts the processing of personal information for work efficiency.
※ To see Current Status of Entrusted Personal Information Processing, please click download. Download
When concluding an entrustment contract, the Center stipulates in the agreement or other applicable documents, pursuant to Article 25 of the Personal Information Protection Act, the terms and conditions on various matters including the prohibition of processing personal information for other purposes than those for conducting the entrusted work; technical and administrative protection measures; restriction of re-entrustment; management and supervision of the entrustment company; and liabilities including damages, and the Center also checks whether the entrustment company processes personal information in a safe and secure manner.If the content of the entrusted work or the entrustment company is changed, we will notify you of the change in this Privacy Policy without delay.

Article 6 (Information Owner’s Rights and Obligations and Exercising Thereof)

The information owner (a legal representative in the case of a person under the age of 14) may exercise the following personal information related rights:

• 1. To request the access to personal information;
• 2. To request the correction of an error (if any);
• 3. To request the deletion of personal information; and
• 4. To request the suspension of personal information processing.

You can exercise the rights by filling in the Form No.8 annexed to the Enforcement Regulations of the Personal Information Protection Act and submitting it to us via mail, email, or fax, and upon receipt of the Form, we will take necessary action without delay.
In the case that you request correction or deletion of an error in your personal information, we will not use or provide your personal information until the error is completely corrected or deleted as requested.
The rights may be exercised through a legal representative or a delegator of the information owner. In this case, a power of attorney shall be prepared in accordance with Form No.11 annexed to the Enforcement Regulations of the Personal Information Protection Act and shall be submitted to us.
Request for access to personal information and request for suspension of processing personal information may restrict rights of the information owner in accordance with Article 35 Clause 5 and Article 37 Clause 2 of the Personal Information Protection Act.
Request for the correction and/or deletion of personal information may not be accepted if the personal information is required to be collected by other applicable laws.
Requests for the access, correction and/or deletion, and suspension of processing in respect to the rights of the information owner involve identity verification to check whether the request is made by the applicant himself/herself or his/her duly authorized representative.

※ [Annexed Form No. 8, Enforcement Decree of the Personal Information Protection Act] Download a Request for Access to, Correction/Deletion of, Suspension of Processing Personal Information Download
※ [Annexed Form No. 11, Enforcement Decree of the Personal Information Protection Act] Download a Power of Attorney Download

Article 7 (Destroying of Personal Information)

The Center will immediately destroy personal information when the personal information is no longer necessary, for example when its retention period expires or the purpose of the processing is fulfilled.In the case that the personal information must be preserved by other applicable laws although the retention period agreed upon by the information owner expires or the processing purposes are fulfilled, the personal information will be transferred to separate database (DB) or a different archive.

Article 8 (Measures for Keeping Personal Information Secure)

The Center takes technical, managerial, and physical measures as follows to keep personal information safe and secure in accordance with Article 29 of the Personal Information Protection Act.

• 1. Appointment of a minimum number of personal information controllers and training and education therefor
  • We designate a minimum number of personal information controllers and offer them relevant training and education on a regular basis.
• 2. Restricted access to personal information
  • We control access to personal information by granting, changing, and cancelling the rights to access to the database system which processes personal information, and prevent unauthorized external access using a firewall system and a detection system, and when the personal information controller accesses the personal information processing system outside of the center, he/she uses Government Virtual Private Network (GVPN). In addition, we record the granting, changing, or cancelling of rights and retain the records for at least three (3) years.
• 3. Storage of access records and prevention of forgery
  • We store your records of accessing the personal information processing system for at least six (6) months and control the access records not to be tampered with, stolen, or lost.
• 4. Encryption of personal information
  • Your personal information is encrypted for storage and management. In addition, a separate security feature is applied to important data, for example, being encrypted when stored and transferred.
• 5. Technical measures in preparation for hacking
  • We install a security program(s) and check and update it on a regular basis to prevent a breach of or damage to personal information incurred by hacking or a computer virus, and we also install a system in the area restricted from outside to monitor and block hacking attacks or viruses technically and physically.
• 6. Restricted access of unauthorized persons
  • The personal information system, which stores personal information, is placed in a separate physical storage room and we have established access control procedures and operate them.

Article 9 (Remedies for Infringement on Rights and Interests)

The information owner may ask the following institutes questions for damage relief, consultation, etc. with regard to the infringement of personal information.

• 1. Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency, KISA) : (without an area code) 118(http://privacy.kisa.or.kr)
• 2. Personal Information Infringement Reporting Center (operated by Korea Internet & Security Agency, KISA) http://privacy.kisa.or.kr: (without an area code) 118(http://privacy.kisa.or.kr)
• 3. Cybercrime Investigation Division, Supreme Prosecutors’ Office: 02-3480-3582(http://www.spo.go.kr)
• 4. Cyber Terror Response Center, National Police Agency: 1566-0112(http://www.netan.go.kr)

In connection with requests made under the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Erasure of Personal Information), and Article 37 (Suspension, etc. of Processing of Personal Information), a person whose rights or interests are infringed by the head of a public institute’s act or negligence may claim for an administrative appeal in accordance with the Administrative Appeals Act.

Refer to a list of responsible officers/departments and their telephone numbers provided by the Central Administrative Appeals Commission (http://www.simpan.go.kr)

Article 10 (Personal Information Manager)

The Center has appointed a personal information manager and a hands-on staff to protect personal information and deal with related issues. Their contact information is as follows:

The information owner may ask the personal information protection department any questions about personal information protection, complaint processing, damage relief, and other related issues. We will respond to your questions and requests as soon as possible.

Article 11 (Amendment of Privacy Policy)

This Privacy Policy comes into effect on August 18, 2018. If any content of this Privacy Policy is added, deleted, or revised, the amended version will supersede the preceding version with the amendment date specified.