본문으로 바로가기

Privacy Policy

1. Collection and retention of personal information

a. Collection and retention of personal information by the National Museum of Modern and Contemporary Art, Korea (hereinafter “MMCA,” “we,” “us” or “our”) are compliant with statutory provisions and only made upon prior consent of the data subject (hereinafter “data subject,” “user,” “you,” or “your”). Statutory provisions authorize MMCA to collect and retain personal information files as followings:

Planning & General Management Department
Planning & General Management Dept. (File name, Data, Purpose of retention, Legal basis, Retention period)
File name “MMCA website user”
Data E-mail, Password, Name, Date of birth, Address, Phone number, Mobile phone number
Purpose of retention Exhibition and learning program booking & booking confirmation
Learning program survey (incl. customer satisfaction survey for assessing an executive agency operations)
Mailing service (Paid-up member, Residency, Webzine, and Exhibition, learning & event newsletter etc.)
Notice and sending of event gifts
Legal basis Data subject’s prior consent
Retention period 2 years or your account deletion whichever comes first
Conservation & Art Bank Department
Conservation & Art Bank Dept. (File name, Data, Purpose of retention, Legal basis, Retention period)
File name Art Bank website user
Data User ID, E-mail, Password, Name, Date of birth, Address, Phone number, Mobile phone number
Purpose of retention Art Bank & Government Art Bank competition review, Purchased artwork rental & sales, Art Bank competition event communications
Legal basis Data subject’s prior consent
Retention period Permanent (for selected applicants), Semi-permanent (for non-selected applicants)
PR & Customer Service Department
PR & Customer Service Department (File name, Data, Purpose of retention, Legal basis, Retention period)
File name Volunteer list
Data Name, Address, Phone number, Mobile phone number, E-mail, Date of Birth
Purpose of retention Volunteer management
Legal basis Data subject’s prior consent
Retention period Period only for volunteer participation
PR & Customer Service Department (File name, Data, Purpose of retention, Legal basis, Retention period)
File name MMCA Friends member
Data Name, E-mail, Mobile phone number
Purpose of retention MMCA Friends service operations (reward point, SMS etc.)
Legal basis Data subject’s prior consent
Retention period 2 years or your account deletion whichever comes first
※For your access to MMCA personal information files, please visit at www.privacy.go.kr (Personal Information Protection Commission of the Ministry of the Interior and Safety), and browse as follows: Petition → Request for personal information → Personal information files search.

b. Personal information automatically collected and stored when using websites

  • ·Your personal information automatically collected and retained for your service usage pattern analysis and better website browsing experiences includes:
  • - your internet service domain name, website address you have visited before visiting our website and date & time of your previous visits; and
  • - name of browser and operating system you use when you visit our websites.

c. Personal information retained by statutory requirements

  • · We retain your personal information for a specific period of time as required by applicable statutory requirements. In such event, we retrieve and use your personal information only for the purpose specified in respective laws and regulations.

d. Access to personal information files

Access to personal information files (Retention (Control) Organization, Personal Information File, Contact (TEL (FAX), E-mail, Postal Address)
Retention (Control) Organization Personal Information File Contact
TEL (FAX) E-mail Postal Address
Planning & General Management Department MMCA website user +82-2-3701-9819 (+82-2-3701-9829) lethe11@korea.kr MMCA Seoul, 30 Samcheong-ro (Sogyeok-dong), Jongno-gu, Seoul, 03062, Korea
Conservation & Art Bank Department Art Bank website user +82-2-2188-6083 (+82-2-2188-6128)
PR & Customer Service Department Volunteer list +82-2-3701-9535 (+82-2-3701-9539)
MMCA Friends member +82-2-3701-9528 (+82-2-3701-9539)
· We process your personal information in a legally permitted and appropriate manner to protect your privacy. However, a part of your personal information may be disclosed to or shared with a third party to the extend permitted by the applicable laws and regulations.
2. Use and sharing of personal information

a. Sharing of your personal information with third parties

  • · Even if we share your personal information with a third party, such party has no right to disclose your personal information unless explicitly agreed by us.
  • · Your personal information we are permitted to share with third parties under the applicable laws and regulations includes:
    Sharing of your personal information with third parties (File name, Third party, Purpose, Data, Period of retention & use)
    File name Third party Purpose Data Period of retention & use
    Volunteer list Gwacheon Volunteer Center Volunteer contribution records Name, Date of birth, Activities, Service hours Removed immediately after completion of data entry into 1365 system
    Learning program attendee list Ministry of Interior and Safety (incl. pollster) Customer satisfaction survey (incl. Executive Agency Evaluation) Name, Mobile phone number Removed immediately after completion of a survey
  • · Personal information we collect, retain, use, disclose or share with third parties are subject to prior notice and your explicit consent except otherwise required by laws or regulations.

b. Entrusting of your personal information

  • · In a case we entrust your personal information to public entities or private entities pursuant to Article 26 (Limited processing of entrusted personal information) of the Personal Information Protection Act, we set out limitations and procedures of such entrusting and ensure that the entrusted entities use the same level of care that we use for protecting your personal information. In addition to that, we conduct inspections to verify how your personal information is being protected at third party’s premises
  • · Your personal information we are permitted to entrust to third parties under the applicable laws and regulations includes:
    Outsourcing (Third party, Data, Purpose, Use & retention period)
    Third party Data Purpose Use & Retention Period
    EDS Korea E-mail, Password, Name, Date of Birth, Address, Telephone number, Mobile phone number Website service & maintenance Removed upon termination of an outsourcing agreement
    PCN E-mail, Password, Name, Date of Birth, Address, Telephone number, Mobile phone number Art Bank website service & maintenance Removed upon termination of an outsourcing agreement
    NETCOM E-mail, Password, Name, Mobile phone number MMCA Friends service & maintenance Removed upon termination of an outsourcing agreement
    TUNESYSTEM Member DB Website hardware & software maintenance Removed upon termination of an outsourcing agreement
    uFORUS E-mail, Name, Mobile phone number Booking system operation 1 month

c. Limited use and sharing of personal information Use and sharing of your personal information we collect and retain are subject to privacy laws and regulations.

  • · Article 18 (Limited use and sharing of personal information) of the Personal Information Protection Act allows us to use or share your personal information with third parties if such use or sharing is
    1. 1. explicit agreed by the data subject
    2. 2. specifically required by other laws or regulations
    3. 3. necessary to protect the data subject or any third party who is in eminent life-threatening danger, physical harm or property loss while obtaining a prior consent is unavailable because such data subject or his/her legal agent is incapable of expressing its own intention to agree or disagree, or we are unable to contact such data subject or his/her legal agent due to unknown address
    4. 4. used for statistical survey and academic research as long as personal information is anonymized
    5. 5. unavoidable as executing statutory obligations require use or sharing of personal information other than specified herein; provided however that such use or sharing is permitted to the extent that is reviewed and approved by the Privacy Protection Commission
    6. 6. required to be disclosed to a foreign government or international institution for the purpose of executing any treaty or inter-governmental agreement
    7. 7. necessary for criminal investigation or filing and/or sustainment of a public prosecution
    8. 8. necessary for judicial proceeding
    9. 9. necessary for probationary and/or protectionary order execution
3. Disposal of personal information

Your personal information will be removed, deleted, or destructed immediately upon the purpose of collection and use is attained. Removal, deletion, or destruction procedures and methods are as follows:

a. Procedures of removal, deletion, or destruction

  • · Personal information you have submitted for accessing to our services including signing-up will be removed, deleted, or destructed after their respective purposes are realized and their respective retention periods as required by applicable laws and regulations and/or our privacy policy (see the period of retention and use) expires.
  • · Your personal information retained by us will not be used for any purpose other than specified herein, except otherwise required by laws and regulations.

b. Methods of removal, deletion, or destruction

  • · Personal information contained in printed media will be destroyed either by a paper shredder or fire pit.
  • · Personal information contained in digital media will be removed, deleted, or destroyed in such manner that no data can be recovered.
4. Data subject’s rights

「Chapter 5 (Ensuring data subject’s rights) of the Personal Information Protection Act specifies that in respect with his or her personal information, the data subject shall be entitled to:

  1. 1. access to his or her personal information
  2. 2. correction or deletion of his or her personal information
  3. 3. suspension of processing of his or her personal information
  4. 4. exercise of his or her statutory rights
  5. 5. claim for damages
5. Access to, correction, deletion, and suspended processing of personal information files

The data subject is entitled to request an access to, correction and deletion, and suspended processing of his or her personal information we retain pursuant to Article 35 (Access to personal information), Article 36 (Correction and deletion of personal information), and Article 37 (Suspended processing of personal information) of the Personal Information Protection Act.

Access to, correction, deletion, and suspended processing of personal information files (Personal information controller, Request process)
Personal information controller MMCA Planning & General Management Department (Data processing office)
Request process Submit a request in writing, or visit at www.privacy.go.kr (Personal Information Protection Commission of the Ministry of the Interior and Safety), and browse as follows: Petition → Request for personal information (i-PIN required for verifying your identification)

a. Access to personal information

  • · You have the right to access to your personal information files we retain pursuant to the Personal Information Protection Act and other privacy regulations. Access procedures are as follows: Access to personal information procedure
  • · Your access to personal information files may be denied pursuant to the fourth paragraph of Article 35 (Access to personal information) of the Personal Information Protection Act, if such access is:
    1. 1. prohibited or restricted by the applicable laws and regulations
    2. 2. likely to cause life-threatening danger, physical harm, property loss, or injury of legitimate interests of another person
    3. 3. causes interrupted execution of government agency’s administrative operations including
    1. a. imposition, collection or return of tax.
    2. b. scoring or admission evaluation at a school established under the Mandatory Education Act and the Higher Education Act, at a lifelong learning center established under the Life-long Learning Act, or at a higher educational institution established under other laws.
    3. c. academic achievement & skill testing and employment, or qualification review.
    4. d. evaluation or consideration relating to application either a compensation or benefit.
    5. e. audit or inspection activities carried out under other laws and regulations.

b. correction, deletion, and suspended processing of personal information.

  • · After accessing to your personal information files, you may request the personal information processor to correct, delete, or suspend processing of your personal information; provided however that your deletion request may not be acceptable if your personal information is subject to mandatory collection & retention under other laws and regulation. Correction, deletion or suspended processing procedures are as follows: Correction, deletion or suspended processing procedures
  • · “Access, Correction, Deletion or Suspended Processing of Personal Information” [Form No. 8, Enforcement Decree of the Personal Information Protection Act]Download
  • · Letter of attorney [Form No. 11, Enforcement Decree of the Personal Information Protection Act]Download
6. Privacy violation report

When you are using our website services, if you find any violation or damage resulting from collection, use, sharing, entrusting of your personal information which is not subject to such collection, use, sharing, entrusting under the applicable laws, or collected, used, shared, entrusted without your prior consent, or if you have reasonable cause to believe that your personal information is breached or your right as the data subject is violated, you can report such violation to competent authorities as follows:

Privacy violation procedures
7. Technical and managerial protection measures

We employ technical and managerial measures to protect your personal information from any loss, theft, leakage, falsification, or damage. Our measures include:

a. Password encryption

  • · Your password we retain and control is fully encrypted and only known to you. Editing your profile including password change is only made by you.

b. Countermeasures against potential attacks including hacking

  • · We use our best efforts to protect your personal information from potential cyber attacks including hacking and virus. In this regard, your personal information is subject a regular back and being protected by the latest anti-virus software which can prevent any leakage or damage of your personal information while we retain. Cryptographic communication between our database and that of third parties realizes safe and secured transferring of your personal information. We employee an advanced firewall system, denying any unauthorized access. We allocate our available resources to acquire and operate the most advanced cyber security assets.

c. Minimization and training of employees handing personal information

  • · We permit only our employees to access to your personal information to the extent they need, and undertake additional measures to limit their access to your personal information by assigning them separate passcode which is subject to a regular update. In addition to that, we provide them data security training, including MMCA Privacy Policy.

d. Privacy protection organization

  • · We exert our best efforts to ensure that MMCA Privacy Policy is fully observed and followed, and undertake necessary corrective actions to address any found problems. However, we assume no liability for any and all losses and damages arising out of, or relating to breach of your personal information including your user ID or password due to internet service provider’s faults or your own negligence.
8. Remedies for privacy violations

In the event of privacy violations, you as the data subject may seek for remedies, including consultations. If you are not satisfied with our privacy protection measures or remedies for breach of privacy, you can seek assistance from other government authorities as follows:

Privacy Violation Complaint Center: Report a privacy violation case, including consultation

  • - Website: privacy.kisa.or.kr (TEL: 118)
  • - Address: Privacy Violation Complaint Center, 135 Jungdae-ro, Songpa-gu, Seoul 138-950

Privacy Arbitration Board: File an individual or collective privacy-related arbitration under the Civil Code

  • - Website: www.kopico.go.kr (TEL: +82-2-1833-6972)
  • - Address: 4F, Government Complex Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul 03171

Public Prosecutors’ Office Cybercrime Investigation Group: Call +82-2-3480-3573 or visit at www.spo.go.kr

National Police Agency Cyber Bureau: Call 1566-0112 or visit at www.netan.go.kr

9. Operation and control of closed-circuit television systems

We have and operate closed-circuit television systems as follows:

  • · Purpose and legal basis of closed-circuit television system installations
  • - Security, safety and fire-prevention of MMCA facilities
  • - Protection of collections from theft, and (if any) evidence collection
  • · Units, locations and surveillance range
    Units, locations and surveillance range (Location, Unit, Surveillance Range)
    Location Units Surveillance Range
    MMCA Seoul 223 Entire premises
    MMCA Gwacheon 120
    MMCA Deoksugung 26
    MMCA Cheongju 180 Entire premises
    MMCA Residency Goyang 14
    MMCA Residency Changdong 13
    Total 576
  • · Controller, Operating Department and Operator
    Controller, Operating Department and Operator (Location, Operating Department, Controller, Operator)
    Location Operating Department Controller Operator
    MMCA Seoul Administration Support Department Manager of Administration Support Department CCTV control room operators
    MMCA Gwacheon Administration Support Department Manager of Administration Support Department CCTV control room operators
    MMCA Deoksugung Modern Art Team Leader of Modern Art Team CCTV control room operators
    MMCA Cheongju Collection Storage Control Team Leader of Collection Storage Control Team CCTV control room operators
    MMCA Residency Art Policy Department Manager of Art Policy Department CCTV control room operators
  • · Surveillance hours, and retention period, retention place and disposal of footages
  • - Surveillance hours: 24 hours a day
  • - Footage retention period: 90 days
  • - Footage retention place
    Footage retention place (Location, Retention place)
    Location Retention place
    MMCA Seoul CCTV control room
    MMCA Gwacheon CCTV control room
    MMCA Deoksugung CCTV control room
    MMCA Cheongju CCTV control room
    MMCA Residency CCTV control room
  • - Disposal of footages: We strictly control and log use, sharing, destruction of, and access to CCTV footages only within permitted purposes, and footages contained in digital media are destroyed in such manner that no data can be recovered (in case of printed media, destroyed either by a paper shredder or fire pit) upon their statutory retention period expires.
  • · Footage retention place and access to footages
  • - Access to footages: You as the data subject may request a CCTV data controller to disclose CCTV footages containing your personal information.
  • - Retention place
    Retention place (Location, Retention place)
    Location Retention place
    MMCA Seoul CCTV control room
    MMCA Gwacheon CCTV control room
    MMCA Deoksugung CCTV control room
    MMCA Cheongju CCTV control room
    MMCA Residency CCTV control room
  • · Data subject’s request to access to CCTV footages: You must submit a request in writing and your access to CCTV footages will be permitted only when such CCTV footages contain an actual image of you and such access is necessary to protect you from any eminent life-threatening danger, physical harm or property loss.
  • · Technical, managerial and physical measures to protect CCTV footages: Our internal procedures to control and restrict access to CCTV footages include secure data storage and data communication technologies, processing history log, anti-forgery and falsification measures, physical anti-breaking facilities and locking devices.
10. Privacy Officer and Security Manager

· MMCA Chief Privacy Officer: Ahn Mi-Ran, Manager of Planning & General Management Dept.

  • Phone: (02)3701-9810
  • E-mail: silktree@korea.kr
  • Address: Planning & Administration Management Dept. MMCA, 30 Samcheong-ro (Sogyeok-dong), Jongno-gu, Seoul, 03062, Korea

· MMCA Personal Information Security Manager: Jeong Ji-Eun

  • Phone: +82 2 3701 9819
  • E-mail: lethe11@korea.kr
  • FAX: +82 2 3701 9829
  • Address: Planning & General Management Dept. MMCA, 30 Samcheong-ro (Sogyeok-dong), Jongno-gu, Seoul, 03062, Korea
11. Changes to this policy
  • · This Privacy Policy becomes effective on August 6, 2021.
  • · see our previous Privacy Policy: