본문으로 바로가기

2015.06.08 ~ 2016.11.21 Privacy Policy

1. Collection and retention of personal information

a. Collection and retention of personal information by the National Museum of Modern and Contemporary Art, Korea (hereinafter “MMCA,” “we,” “us” or “our”) are compliant with statutory provisions and only made upon prior consent of the data subject (hereinafter “data subject,” “user,” “you,” or “your”). Statutory provisions authorize MMCA to collect and retain personal information files as followings:

Planning & General Management Department
Planning & General Management Dept. (File name, Data, Purpose of retention, Legal basis, Retention period)
File name “MMCA website user”
Data E-mail, Password, Name, Date of birth, Address, Phone number, Mobile phone number
Purpose of retention Exhibition and learing program booking
booking confirmation mailing service(Paid-up member, Regidency, Webzine, and Exhibition, learning & event newsletter etc.)
Notice and sending of event gifts
Legal basis Data subject’s prior consent
Retention period Permanent(for selected applicants)
3 years(for non-selected applicants, or your account deletion whichever comes first)
Education & Culture Department
개인정보파일명, 주요 항목, 보유 목적, 보유 근거, 보유 기간 항목으로 구성된 고객지원개발팀 개인정보 수집 항목에 관한 테이블
File name Internship Completion list
Data Name, Address, Phone number ,Mobile phone number, E-mail, Date of Birth
Purpose of retention Internship management
Legal basis Enforcement Decree of The Museum And Art Gallery Support act Article 3
Retention period Permanent
Education & Culture Department (File name, Data, Purpose of retention, Legal basis, Retention period)
File name Volunteer list
Data Name, Address, Phone number, Mobile phone number, E-mail, Date of Birth
Purpose of retention Volunteer management
Legal basis Data subject’s prior consent
Retention period Period only for volunteer participation
※For your access to MMCA personal information files, please visit at www.privacy.go.kr (Personal Information Protection Commission of the Ministry of the Interior and Safety), and browse as follows: Petition → Request for personal information → Personal information files search.

b. Personal information automatically collected and stored when using websites

  • ·Your personal information automatically collected and retained for your service usage pattern analysis and better website browsing experiences includes:
  • - your internet service domain name, website address you have visited before visiting our website and date & time of your previous visits; and
  • - name of browser and operating system you use when you visit our websites.

c. Personal information retained by statutory requirements

  • · We retain your personal information for a specific period of time as required by applicable statutory requirements. In such event, we retrieve and use your personal information only for the purpose specified in respective laws and regulations.

d. Access to personal information files

Access to personal information files (Retention (Control) Organization, Personal Information File, Contact (TEL (FAX), E-mail, Postal Address)
Retention (Control) Organization Personal Information File Contact
Planning & General Management Department MMCA website user 02-2188-6101 (fx.02-2188-6161) chobg@korea.kr Gwangyeong-ro, Gwacheon-si, Gyeonggi-do 13829, Republic of Korea, MMCA Gwacheon
Education & Culture Department Internship Completion list +82-2-2188-6130 (+82-2-2188-6130)
Volulteer list +82-2-2188-6130 (+82-2-2188-6130)
· We process your personal information in a legally permitted and appropriate manner to protect your privacy. However, a part of your personal information may be disclosed to or shared with a third party to the extend permitted by the applicable laws and regulations.
2. Use and sharing of personal information

a. Sharing of your personal information with third parties

  • · Even if we share your personal information with a third party, such party has no right to disclose your personal information unless explicitly agreed by us.
  • · Your personal information we are permitted to share with third parties under the applicable laws and regulations includes:
    Sharing of your personal information with third parties (File name, Third party, Purpose, Data, Period of retention & use)
    File name Third party Purpose Data Period of retention & use
    Volunteer list Gwacheon Volunteer Center Volunteer contribution records Name, Date of birth, Activities, Service hours Removed immediately after completion of data entry into 1365 system
  • · Personal information we collect, retain, use, disclose or share with third parties are subject to prior notice and your explicit consent except otherwise required by laws or regulations.

b. Entrusting of your personal information

  • · In a case we entrust your personal information to public entities or private entities pursuant to Article 26 (Limited processing of entrusted personal information) of the Personal Information Protection Act, we set out limitations and procedures of such entrusting and ensure that the entrusted entities use the same level of care that we use for protecting your personal information. In addition to that, we conduct inspections to verify how your personal information is being protected at third party’s premises
  • · Your personal information we are permitted to entrust to third parties under the applicable laws and regulations includes:

c. Limited use and sharing of personal information Use and sharing of your personal information we collect and retain are subject to privacy laws and regulations.

  • · Article 18 (Limited use and sharing of personal information) of the Personal Information Protection Act allows us to use or share your personal information with third parties if such use or sharing is
    1. 1. explicit agreed by the data subject
    2. 2. specifically required by other laws or regulations
    3. 3. necessary to protect the data subject or any third party who is in eminent life-threatening danger, physical harm or property loss while obtaining a prior consent is unavailable because such data subject or his/her legal agent is incapable of expressing its own intention to agree or disagree, or we are unable to contact such data subject or his/her legal agent due to unknown address
    4. 4. used for statistical survey and academic research as long as personal information is anonymized
    5. 5. unavoidable as executing statutory obligations require use or sharing of personal information other than specified herein; provided however that such use or sharing is permitted to the extent that is reviewed and approved by the Privacy Protection Commission
    6. 6. required to be disclosed to a foreign government or international institution for the purpose of executing any treaty or inter-governmental agreement
    7. 7. necessary for criminal investigation or filing and/or sustainment of a public prosecution
    8. 8. necessary for judicial proceeding
    9. 9. necessary for probationary and/or protectionary order execution
3. Disposal of personal information

Your personal information will be removed, deleted, or destructed immediately upon the purpose of collection and use is attained. Removal, deletion, or destruction procedures and methods are as follows:

a. Procedures of removal, deletion, or destruction

  • · Personal information you have submitted for accessing to our services including signing-up will be removed, deleted, or destructed after their respective purposes are realized and their respective retention periods as required by applicable laws and regulations and/or our privacy policy (see the period of retention and use) expires.
  • · Your personal information retained by us will not be used for any purpose other than specified herein, except otherwise required by laws and regulations.

b. Methods of removal, deletion, or destruction

  • · Personal information contained in printed media will be destroyed either by a paper shredder or fire pit.
  • · Personal information contained in digital media will be removed, deleted, or destroyed in such manner that no data can be recovered.
4. Data subject’s rights

「Chapter 5 (Ensuring data subject’s rights) of the Personal Information Protection Act specifies that in respect with his or her personal information, the data subject shall be entitled to:

  1. 1. access to his or her personal information
  2. 2. correction or deletion of his or her personal information
  3. 3. suspension of processing of his or her personal information
  4. 4. exercise of his or her statutory rights
  5. 5. claim for damages
5. Access to, correction, deletion, and suspended processing of personal information files

The data subject is entitled to request an access to, correction and deletion, and suspended processing of his or her personal information we retain pursuant to Article 35 (Access to personal information), Article 36 (Correction and deletion of personal information), and Article 37 (Suspended processing of personal information) of the Personal Information Protection Act.

Access to, correction, deletion, and suspended processing of personal information files (Personal information controller, Request process)
Personal information controller MMCA Planning & General Management Department (Data processing office)
Request process Submit a request in writing, or visit at www.privacy.go.kr (Personal Information Protection Commission of the Ministry of the Interior and Safety), and browse as follows: Petition → Request for personal information (i-PIN required for verifying your identification)

a. Access to personal information

  • · You have the right to access to your personal information files we retain pursuant to the Personal Information Protection Act and other privacy regulations. Access procedures are as follows: Access to personal information procedure
  • · Your access to personal information files may be denied pursuant to the fourth paragraph of Article 35 (Access to personal information) of the Personal Information Protection Act, if such access is:
    1. 1. prohibited or restricted by the applicable laws and regulations
    2. 2. likely to cause life-threatening danger, physical harm, property loss, or injury of legitimate interests of another person
    3. 3. causes interrupted execution of government agency’s administrative operations including
    1. a. imposition, collection or return of tax.
    2. b. scoring or admission evaluation at a school established under the Mandatory Education Act and the Higher Education Act, at a lifelong learning center established under the Life-long Learning Act, or at a higher educational institution established under other laws.
    3. c. academic achievement & skill testing and employment, or qualification review.
    4. d. evaluation or consideration relating to application either a compensation or benefit.
    5. e. audit or inspection activities carried out under other laws and regulations.

b. correction, deletion, and suspended processing of personal information.

  • · After accessing to your personal information files, you may request the personal information processor to correct, delete, or suspend processing of your personal information; provided however that your deletion request may not be acceptable if your personal information is subject to mandatory collection & retention under other laws and regulation. Correction, deletion or suspended processing procedures are as follows: Correction, deletion or suspended processing procedures
  • · “Access, Correction, Deletion or Suspended Processing of Personal Information” [Form No. 8, Enforcement Decree of the Personal Information Protection Act]Download
  • · Letter of attorney [Form No. 11, Enforcement Decree of the Personal Information Protection Act]Download
6. Privacy violation report

When you are using our website services, if you find any violation or damage resulting from collection, use, sharing, entrusting of your personal information which is not subject to such collection, use, sharing, entrusting under the applicable laws, or collected, used, shared, entrusted without your prior consent, or if you have reasonable cause to believe that your personal information is breached or your right as the data subject is violated, you can report such violation to competent authorities as follows:

Privacy violation procedures
7. Technical and managerial protection measures

We employ technical and managerial measures to protect your personal information from any loss, theft, leakage, falsification, or damage. Our measures include:

a. Password encryption

  • · Your password we retain and control is fully encrypted and only known to you. Editing your profile including password change is only made by you.

b. Countermeasures against potential attacks including hacking

  • · We use our best efforts to protect your personal information from potential cyber attacks including hacking and virus. In this regard, your personal information is subject a regular back and being protected by the latest anti-virus software which can prevent any leakage or damage of your personal information while we retain. Cryptographic communication between our database and that of third parties realizes safe and secured transferring of your personal information. We employee an advanced firewall system, denying any unauthorized access. We allocate our available resources to acquire and operate the most advanced cyber security assets.

c. Minimization and training of employees handing personal information

  • · We permit only our employees to access to your personal information to the extent they need, and undertake additional measures to limit their access to your personal information by assigning them separate passcode which is subject to a regular update. In addition to that, we provide them data security training, including MMCA Privacy Policy.

d. Privacy protection organization

  • · We exert our best efforts to ensure that MMCA Privacy Policy is fully observed and followed, and undertake necessary corrective actions to address any found problems. However, we assume no liability for any and all losses and damages arising out of, or relating to breach of your personal information including your user ID or password due to internet service provider’s faults or your own negligence.
8. Remedies for privacy violations

In the event of privacy violations, you as the data subject may seek for remedies, including consultations. If you are not satisfied with our privacy protection measures or remedies for breach of privacy, you can seek assistance from other government authorities as follows:

Privacy Violation Complaint Center: Report a privacy violation case, including consultation

  • - Website: privacy.kisa.or.kr (TEL: 118)
  • - Address: Privacy Violation Complaint Center, 135 Jungdae-ro, Songpa-gu, Seoul 138-950

Privacy Arbitration Board: File an individual or collective privacy-related arbitration under the Civil Code

  • - Website: www.kopico.go.kr (TEL: +82-2-1833-6972)
  • - Address: 4F, Government Complex Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul 03171

Public Prosecutors’ Office Cybercrime Investigation Group: Call +82-2-3480-3573 or visit at www.spo.go.kr

National Police Agency Cyber Bureau: Call 1566-0112 or visit at www.netan.go.kr

9. Privacy Officer and Security Manager

· MMCA Chief Privacy Officer: Yoon nam-soon, Manager of Planning & General Management Dept.

  • Phone: (02)2188-6102
  • E-mail: buruki@korea.kr
  • Address: Planning and Operation Group, Gwangyeong-ro, Gwacheon-si, Gyeonggi-do 13829, Republic of Korea

· MMCA Personal Information Security Manager: Jo bong-kyun

  • Phone: (02)2188-6102
  • E-mail: chobg@korea.kr
  • FAX: (02)2188-6161
  • Address: MMCA Planning & General Management Department (Data processing office), Gwangyeong-ro, Gwacheon-si, Gyeonggi-do 13829, Republic of Korea
  • Or you can report to the following infringement of the personal information reporting center operated by the Ministry of Public Administration and Security according to Article 62 of Enforcement Decree of The Personal Information Protection Act.
  • Korea Internet & Security Agency Personal Informaation Infringement Report Center(http://kisa.or.kr, Tel : 118)
10. Changes to this policy
  • · This Privacy Policy becomes effective on June 8, 2015.