All personal information that Korea Kent Foreign School ((the “KKFS”) handles is collected, retained, and processed under relevant statutes or with the consent of each person whose information becomes subject to this Policy. KKFS has established the following privacy policy to protect users’ rights and interests and to resolve any complaints regarding personal information of our users.
The collected information will not be processed for any other purposes.
- • KKFS provides services under the condition that the user has agreed to these regulations. If the user agrees to these regulations, this policy will be applicable when KKFS provides services and users use services.
- • KKFS may, if deemed necessary, make additions or modify services In the event of additions, deletions, or modifications to the Privacy Policy due to the enactment or amendment of laws, changes in government policy, changes in KKFS’ internal policy, or changes in security technology, the reason for and details of a change in the Privacy Policy will be announced on the KKFS website at least seven days before such change. Should the user disagree with modified services, the user may terminate their account. If the user continues to use the services after the modifications, KKFS will consider the user to have consented to the modifications.
- • Matters not stated in this regulation shall be in accordance with the Telecommunications Business Act; Korea Internet Safety Commission Regulations and Code of Ethics; Copyright law and Computer Programs Protection Act and other related regulations.
Article 1. Purpose of Processing Personal Information
KKFS processes personal information for the purpose stated below.
- 1. Management of student records, ID card or certificate issuance, processing admissions/withdrawal/transfer applications and requests, sports and afterschool activities programs management, supporting school events, alumni relations, and school development.
- 2. Accounts on classroom digital learning and assessments services.
- 3. Access to student academic information by parents, school bulk email, and short message service for school operations and dissemination of information, activity registration.
- 4. Management of student health records, book loan/return, and student billing.
- 5. Management of school bus riders.
- 6. Control of vehicle entry to KKFS.
- 7. Prevention of unauthorized charges by third parties, and lunch account monitoring.
- 8. Prevention of unauthorized charges by third parties, and lunch account monitoring.
- 9. Supporting virtual education, facilitating student/parent and school communication, archiving audio/visual of school activities and events, child protection, school safety review, law enforcement investigations.
Article 2. Process and Retain Personal Information
KKFS processes and holds personal information within the period of possession and use of personal information that has been agreed upon when consenting to collecting personal information from the data subject according to laws and regulations.
Retained by | Purpose | Basis of Retention | Collected information | Period of retention |
---|---|---|---|---|
School Administration | Management of student records | Article 25 of the Elementary and Secondary Education Act, Article 21 of Enforcement Rules of the Elementary and Secondary Education Act, Article 3 of the Rules on the Preparation and Management of School Life Records. |
Student ID number, photo, students’ personal information (name, birth date, gender, nationality, resident or alien registration data & image, address), parents’ and immediate family’s information (name, occupation and workplace, contact information, nationality, special notes, passport data & image, education history), and student records. * Sensitive personal information: Nationality, special note including health, physical, and physiological information, and behavioral characteristics. * Personally identifiable information: resident or alien registration number, and passport number. |
Permanent |
Education Technology | Accounts on classroom digital learning and assessments services. | Annual consent by information holder (user) | Student ID number, photo, and personal details (name, gender, parents’ name and email, minimal birth date if required for age verification, student records). | Graduation or end of school year in case of withdrawal. |
Student/Parent academic & activity portals and communication services | Access to student academic information by parents, school bulk email and short message service for school operations and dissemination of information, activity registration. | Article 23, Paragraph 3 Framework Act on Education, Annual consent by information holder (user) | Student ID number, student/parent name, parent phone, member type (student/parent), and mail address. | 2 years after member withdrawal |
Student Healthcare Services | Management of student health records | Article 9 of Regulations on student medical test, Article 14 of Guidelines on electronic process & management | Student ID number, personal details (name, date of birth, gender, name of parent/guardian, address, emergency contacts), student health information (previous medical history, current medical issues, medications in use), records of vaccination, and records of medical checkup. * Sensitive personal information: student health information (previous medical history, current medical issues, medications in use), records of vaccination, records of medical checkup. |
Permanent |
Library Services | Management of book loan/return | Article 38 of the Libraries Act | Student ID number, grade, class, student name, barcode number, contact number, list of book loans, photo, address, email address, parent phone number and email. | 6 months after graduation/withdrawal |
Student Transportation Services | Management of school bus riders | Consent by information holder (user) | Student ID number, grade, student name, contact number of students, parent name, contact number, student’s address | Student ID number, grade, student name, contact number of students, parent name, contact number, student’s address |
Vehicle Entry | control of vehicle entry to KKFS | Article 25, Paragraph 1 of the Personal Information Protection Act, Consent by information holder (user) | Parent/Student name, contact number, vehicle information (plate number, make/model) | 6 months after graduation or the current school year in cases of withdrawal. |
CCTV | Prevention of unauthorized access by third parties, school health and safety review, law enforcement investigations | Article 25, Paragraph 1 of the Personal Information Protection Act, Consent by information holder (user) | Video footage | Up to 6 months after date of recording |
Video Meetings, Chats, and Activity Recordings | Supporting virtual education, facilitating student/parent and school communication, archiving audio/visual of school activities and events, child protection, school safety review, law enforcement investigations. | Consent by information holder (user) | Audio/Video footage of online meetings/classes and school activities which may include the active speakers/performers and the gallery of attending participants or audience, chat transcripts, individual names, and email addresses. | Up to 30 days after the date of recording for individual and class online meeting audio/video footage and transcripts. Name and email up to 6 months after graduation or end of school year in case of withdrawal. Permanent storage of archived audio/video footage from school activities and events. |
Article 3. Provide Personal Information to a Third Party
- 1. The use or provision of personal information at KKFS should be limited to the minimum extent to perform its duties, and should not be provided to other organizations or others for purposes other than holding personal information files unless otherwise specified below that information is used or provided to a third party.
- 2. KKFS provides personal information to third parties as follows under Article 17 and 18 of the Personal Information Protection Act, with the consent of the information holder and according to the provisions of the laws.
- 3. Data held or processed overseas is done in accordance with article 39-12 of the PIPA.
Third party | Purpose | Legal grounds | Details of personal information | Period of retention |
---|---|---|---|---|
Cafeteria vendors J&J, Crave | Prevention of unauthorized charges by third parties, and lunch account monitoring. | Consent by information holder (user) | Student ID number, grade, student name, student photo, and student fingerprint data (no image) in SFES/SFBS/SFMS). * Sensitive personal information: Student fingerprint data (no image) |
3 months after graduation or end of school year in case of withdrawal |
Article 4. Matters concerning Outsourced Processing of Personal Information
KKFS outsources the processing of our user’s personal information for the following purposes below. KKFS retains ownership of the data and as such our period of retention follows over user consent terms.
Organization | Details of outsourcing | Period of retention |
---|---|---|
Google Workspace Cloud service accounts | Graduation or end of school year in case of withdrawal. | |
NWEA | Student Assessments (MAP) | Permanent |
Article 5. Right and Responsibility of Information Subject and Exercise Method
As a user, one can exercise the following rights under Article 4 of the Personal Information Protection Act:
- 1. Request to browse personal information
- 2. Request to suspend processing or rectify and suspend incorrect information
- 3. Request to delete personal information from the School’s database
- 4. Determine whether or not to consent as well as the scope of consent regarding the processing of such personal information
If any user or his/her legal representative or a person who has been authorized to act on behalf of the user (a person who has submitted a power of attorney in accordance with the attached Form 11 to the Enforcement Decree of the PIPA) requests to access, rectify or delete his/her personal information to KKFS via email or phone call, KKFS will process the request and confirm the completion thereof within 10 days. Meanwhile, the request for access to or suspension of processing of a user’s personal information may be limited under Articles 35(5) and 37(2) of the PIPA.
Article 6. Termination of Personal Information
- 1. In principle, KKFS terminates personal information immediately when the purpose of processing personal information has been achieved.
- 2. The procedure and method of personal information termination are as follows.
- 3. Termination Procedure
- • Personal information (or personal information files) that need to be terminated should follow the internal termination procedures after establishing a termination plan. This should be conducted after obtaining approval from the person in charge of the personal information.
- 4. Termination Method
- • Personal information in KKFS processed electronic files is destroyed by a technical method that cannot reproduce the record.
- • Personal information printed on paper is shredded with a shredder or destroyed through incineration.
- • Personal information held and processed by third parties is removed according to contract terms and legal requirements of the data processor’s host country.
Article 7. User’s responsibility for information security
- 1. From the moment the applicant completes the application process, the user is responsible to keep one’s account information undisclosed. Users are solely responsible for any consequences with regard to use of personal ID and password.
- 2. Users are solely responsible for safe keeping of their ID, passwords and other related information. Detection of any suspicious usage must be reported to KKFS immediately. The user is solely responsible for any consequences resulting from failure to report.
- 3. The user is to ensure to completely logout of apps on shared devices and stop sync accounts when done with personal devices. KKFS will not be held responsible for any losses or damages caused by a third party accessing information due to the users’ failure to logout completely.
Article 8. Our actions to ensure the safety of personal information
- 1. Security Audit and Cybersecurity Testing
- KKFS utilizes third-party professional service providers to conduct cybersecurity audits and regular network penetration testing to promote the safe handling and storage of personal information.
- 2. Minimization of personal information handlers
- Account based controls are implemented to control the visibility of personal information to only the necessary and relevant personnel.
- 3. Access control to personal information and restrictions on access rights
- KKFS utilizes third-party professional service providers to conduct cybersecurity audits and regular network penetration testing to promote the safe handling and storage of personal information.
- 4. Storage of physical records and prevention of forgery and falsification
- Physical records containing personal information are safely stored by the relevant school section to prevent forgery, falsification, theft, or loss.
- 5. Encryption of personal information
- KKFS strives to ensure that stored unique identification information is encrypted and securely managed . In addition, separate security functions such as using protocols for encrypting important data during transmission are applied.
- 6. Technical measures against hacking, etc.
- In order to prevent leakage and damage of personal information caused by hacking or computer viruses, KKFS will install multi-factor security programs and regularly update server and anti-virus software.
- 7. Access control for unauthorized persons
- The physical storage place of the personal information is in a separated area and access is controlled by smart locks and monitored via CCTV.
Article 9. Matters concerning the installation and operation of devices that automatically collect personal information and the denial thereof
KKFS installs and operates a device that automatically collects personal information such as cookies that frequently store and locate user information. A cookie is a small text file sent to a user’s web browser from the server used to operate the KKFS website and is stored on the user’s computer hard disk drive.
A user reserves the right to choose whether to install a cookie. Therefore, a user may use settings or internet options of a web browser to select one of the following options: (i) allowing all cookies, (ii) checking each time a cookie is saved, or (iii) rejecting all cookies from being saved.
How to choose whether to install a cookie (in a web browser): (i) click “Tools” tab at the top of the web browser, (ii) access “Internet Options” or “Settings” tab, and (iii) change your option in the “Personal Information” tab.
However, if a user refuses to install cookies, there may be difficulties in providing our service.
Article 10. How to protect infringement of rights and interests
Please contact the individuals/departments above regarding issues relating to personal information and privacy. The following organization outside of KKFS, is available to assist users. If users have any questions or complaints and feel that their inquiry has not been handled properly by KKFS, users may request assistance to the organization below.
- 1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- 2. Privacy Complaint Center: (without area code) 118 (privacy.kisa.or.kr)
- 3. Public Prosecutor’s Office Cyber Crime Division: (without area code) 1301 (http://www.spo.go.kr)
- 4. Cyber Terror Response Center: (without area code) 182 (acyberbureau.police.go.kr)
Article 11. Policy update
This policy was revised on August 12, 2024, and if there is any addition, deletion, or revision of the contents due to changes in laws, policies, or security technologies, the reason and contents of the change will be announced on the school’s website at least 7 days before implementation.
• Date of announcement: August 12, 2024 / Date of enforcement: August 13, 2024
Video Equipment Operation/Management Policy
Article 1. The basis and purpose of installation of the video information processing device
KKFS installs and operates security cameras for the following purposes in accordance with Article 25, Paragraph 1 of the Personal Information Protection Act.
- 1. Prevention of unauthorized access by third parties
- 2. School safety and fire prevention
- 3. Law enforcement investigations
- 4. Collection and analysis of traffic information
Article 2. The number of installations, location, and security camera observing area
The current status of the security cameras operated by the school is as follows.
- 1. Number of installations: 40
- 2. Installation Location: Campus and building entrances, parking lots, playgrounds, roads, rooftops, pathways, lobbies, cafeterias, corridors, stairwells
- 3. Recording time: 24 hours
- 4. Processing method: Real-time recording by magnetic device (no sound recording function)
- 5. Storage Location: Server Room, and IT Office (Backup copies)
- 6. Retention period: Up to 6 months (this may be less depending on storage capacity)
Article 3. Manager and access authority
In order to protect personal video information processing equipment safely and deal with related requests, the video information processing equipment manager and access authority are designated and operated.
• Manager: Hwang, Sung Koo, 02-2201-1646
Article 4. Viewing personal video information of a user
In the event that the individuals request to the Sectional Office, or video information manager, in writing to view or confirm the existence of the personal video information, KKFS will take necessary actions without delay according to legal and internal procedures. However, KKFS can reject the request, such as viewing or deleting personal video information, and notify the user within 10 days of the reason(s) for rejection which may include.
- 1. In case of serious impact on criminal investigations, maintenance of arraignment, and trial.
- 2. In case it is technically difficult to delete video information of a specific user only.
- 3. In case there is a high possibility that other people’s rights and interests may be infringed.
- 4. If there are other valid reasons for rejecting the request.
Article 6. Policy update
This policy was revised on August 12, 2024, and if there is any addition, deletion, or revision of the contents due to changes in laws, policies, or security technologies, the reason and contents of the change will be announced on the school’s website at least 7 days before implementation.
• Date of announcement: August 12, 2024 / Date of enforcement: August 13, 2024
Article 5. Measures to secure safety
KKFS safely manages the video information through physically/technically restricted access controls, encrypted transport, etc. The KKFS Guard office where personal video information is monitored and played is designated as a restricted area and access is restricted to those who are authorized to access it. In addition, to prevent forgery and falsification of personal video information, KKFS records and manages the date, time, which video feeds were accessed, purpose of viewing, related School Section, admin approver, and the viewing date, time and audience.