Yonsei University Global Leaders College (hereinafter referred to as “us”, “we”, or “our”) Privacy Policy

Following Article 30 of the Personal Information Protection Act, we establish and disclose the privacy policy as follows

to protect the security of the providers’ personal information and handle related issues quickly and smoothly.

Article 1. Purpose of collecting personal information

WE process personal information only with the consent of the provider and in accordance with the law. The personal information

being collected is not used for any purpose other than those mentioned below, and if the purpose of collection changes, necessary

measures will be implemented, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection

Act.

The purpose of collecting personal information files registered and disclosed by us under Article 32 of the Personal Information

Protection Act is as follows.

ㆍManagement of Undergraduate Students

1. Operated on the Basis of: Article 4 of the Enforcement Decree of the Higher Education Act (School Rules) and Article 73 of the

Enforcement Decree of the same Act (Processing Unique Identification Information) / Management of university academic affairs.

2. Purpose of Collection: Managing university academic affairs

3. Period of Possession: semi-permanent

ㆍManagement of Graduated Students

1. Operated on the Basis of: Article 4 of the Enforcement Decree of the Higher Education Act (School Rules) and Article 73 of the

Enforcement Decree of the same Act (processing of unique identification information) / University graduation work management

2. Purpose of Collection: Managing tasks related to graduated students

3. Period of Possession: semi-permanent

※Other personal information files of Yonsei University’s Global Leaders College can be viewed in the portal (www.privacy.go.kr) →

“개인정보민원” → “개인정보열람 등 요구“ → key in “연세대학교” (Yonsei University) in the “institution name” section

Article 2. Processing and retention period of personal information

① We process and retain personal information for a period designated by the law or the period agreed upon when collecting the

personal information from the information subject.

② The processing and retention period of each piece of personal information is as specified in Article 1 Personal Information File Status.

Article 3. Items of personal information processed

The personal information collected by us processes only the minimum personal information required for the performance of the relevant tasks or regulations. The personal information handled by us is as specified in the status of Article 1 personal information file.

ㆍManagement of Undergraduate Students

Personal information recorded in the personal information file: Student ID, name, gender, year, affiliation/major, resident registration number, contact number, cell phone, e-mail, address, relevant information of non-Korean citizens (including alien registration number, passport number), contact, guardian information, transfer management (academic change)

ㆍManagement of Graduated Students

Personal information recorded in the personal information file: Student ID, name, gender, grade, affiliation/major, date of admission, affiliation, contact number, cell phone, e-mail, address, previous acquisition credit, course registration credit, semester, major, certificate number, degree number

Article 4. Matters concerning the provision of personal information to third parties

①Personal information collected by us is used only for the purposes specified in Article 1, and it is not provided to third parties.

②WE may use personal information or provide it to other institutions for other purposes than holding personal information files in the following cases. However, except when it is deemed that there is a risk of unfairly infringing the rights and interests of the information provider or a third party.

ㆍTo provide to a foreign government or international organization for the implementation of treaties or other international agreements.

ㆍTo provide data for statistics and academic research in a form in which the provider is unidentifiable.

ㆍTo provide it to a third party in case when the provider or its legal representative is unable to provide their consent due, confirmed that the provision of information will benefit the provider.

ㆍTo assist the investigation of a crime and the filing and maintenance of a prosecution when necessary

ㆍTo assist the proceedings of the court’s judicial affairs when necessary

ㆍWhere it is approved after deliberation by the Personal Information Protection Committee under Article 7 (1) of the Personal Information Protection Act

Article 5. Matters concerning the entrustment of personal information processing

① We do not entrust personal information.

In accordance with Article 26 of the Personal Information Protection Act, we will specify in documents such as contracts the prohibition of personal information processing, technical and administrative protection measures, re-entrustment restrictions, management and supervision of trustees, and whether the trustee handles personal information safely in the case of having a contract of entrustment.

② If we sign an entrustment contract, we will disclose the details of the host company, the details of the entrusted work, personal information items, and the retention and usage period through this personal information processing policy.

Article 6. Matters concerning the rights, obligations, and methods of exercise of the information provider

①The information provider (referring to a legal representative if he/she is under the age of 14) may exercise the following rights related to the protection of personal information at any time:

1. Request to view personal information

2. Request correction in case of errors, etc.

3. Request for deletion

4. Request for discontinuation of information processing

②The exercise of rights under paragraph (1) shall be the “personal information (view, correction, deletion, suspension of processing) attached below. You can fill it out according to its format through written, e-mail, or fax.

▶ [Attachment 1] Request for personal information (view, correction, deletion, suspension of processing)

③If the data provider requests correction or deletion of errors in personal information, etc., the personal information shall not be used or provided until the processing is completed. In this case, if the wrong personal information is used or provided, we will correct it without delay.

④The exercise of the right under paragraph (1) may be conducted through an agent, such as a legal representative of the data provider or a person delegated. In this case, you must submit the ‘Delegation Letter’ attached below.

▶ [Attachment 2] Power of attorney.

⑤Requests for suspension of personal information access and processing may be restricted by Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.

⑥A request for correction or deletion of personal information is not allowed if the personal information is specified as a target for collection under other laws and regulations.

⑦Make sure it is you or a legitimate agent who made the request for viewing, correction or deletion, or suspension of processing according to the right of the data provider

1.Identification will be conducted through ID (identification) card, driver’s licenses, passports, etc. or by verifying public certificates, etc.

2. If requested through an agent, their legitimacy is confirmed with the submission of a power of attorney and a certificate of seal impression or a copy of his/her identification certificate, driver’s license, passport, etc.

⑧If the provider requests for view, correction, deletion, and discontinuation of personal information, we process the request and notify the provider with the results within 10 days from the day receiving the request form. If the information provider’s access is delayed or rejected for reasons specified in the Personal Information Protection Act, the reason for postponement or rejection and the guidelines for the provider to make objections are sent as a notice of personal information (view, partial access, postponement, refusal) and if the personal information is refused without justifiable reason, an objection may be filed with the person in charge.

⑨Personal information deleted at the request of the information subject shall be processed according to the procedure and method of destroying personal information under Article 9.

Article 7. Department that receives and processes personal information requests.

①The information provider may request the following departments to view personal information pursuant to Article 35 of the Personal Information Protection Act:

ㆍBachelor’s Degree students

Reception processing department: Global Leaders College Administration Team

Phone number: +82-2-2123-3213

ㆍGraduated students

Reception processing department: Global Leaders College Administration Team

Phone number: +82-2-2123-3213

②In addition to the reception processing department under paragraph (1), the information provider can also request personal information access through the “Comprehensive Support Portal for Personal Information Protection” (www.privacy.go.kr) of the Ministry of Public Administration and Security.

▶ The Ministry of Public Administration and Security’s comprehensive personal information protection portal → personal information complaints → requests for personal information access (real name authentication through public IPIN is required)

Article 8. Matters concerning the installation, operation, and rejection of automatic personal information collection devices

Our website does not use (cookie) that stores and loads usage information from time to time to provide individual customized services to users.

Article 9. Matters concerning the deletion of personal information

①In principle, we delete the personal information without delay once the purpose is achieved.

②If personal information is kept after the period of retention or the purpose of processing it has been achieved, the personal information (or personal information file) shall be moved to a separate database (DB) or stored in a different place, and the grounds for preservation shall be published on the website.

③The procedures and methods for deleting personal information are as follows.

1.Deletion procedure

Unnecessary personal information and personal information files are handled as follows in accordance with internal guidelines and procedures under the responsibility of the personal information protection manager.

▷Deletion of personal information

Personal information of which the retention period has elapsed shall be deleted without delay from the end date.

▷Deletion of personal information

If the personal information file becomes unnecessary after achieving the purpose of processing the personal information file or ending the relevant work, it shall be destroyed without delay from the date when it is deemed unnecessary.

2.Method of deletion

▷Electronic forms of personal information use technical methods that do not allow records to be tracked back.

▷Personal information printed on paper is shredded or destroyed through incineration.

Article 10. Matters concerning measures to secure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, we take technical, administrative, and physical measures necessary to secure the safety of personal information as follows.

1. Establishment and implementation of internal management plan

An internal management plan is established and implemented for the secure processing of personal information.

2. Minimization and Education of Personal Information Handlers

The person in charge of handling personal information is designated and managed only by necessary personnel, and education is provided for the information to be managed securely.

3. Restricting access to personal information

Necessary measures are taken to control access to personal information by granting, changing, or canceling access to the database system that processes personal information, and unauthorized access from outside is controlled using the intrusion prevention system.

4. Storage of access records and prevention of forgery

The records of accessing the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent forgery, theft, or loss of access records.

5. Encryption of personal information

The unique identification information and password of the data subject are encrypted and managed. In addition, important data is encrypted for storage and transmission, and other security features are applied.

6. Technical countermeasures against hacking and other issues

In order to prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed, regularly updated and inspected, and systems are installed in areas with controlled access from the outside, technically and physically monitored and blocked.

7. Access control of unauthorized persons

We set up and operate access control procedures for the personal information system where personal information is stored separately.

Article 11. Contact information of the persons in charge of personal information protection

①Yonsei University Global Leaders College is responsible for personal information processing, and designates the person in charge of personal information protection as follows to handle complaints and remedy damages related to personal information processing.

1. Director of Personal Information Protection Agency at Yonsei University Global Leaders College

Name: Lim Yun-mook

Position: Head of Global Leaders College

Contact : +82-2-2123-3218 / yunmook@yonsei.ac.kr

2. Person in charge of personal information protection at Yonsei University Global Leaders College

Department Name: Global Leaders College Administration Team

The person in charge: Kim Moon-hee, head of the administrative team.

Contact : +82-2-2123-3211 / moony202@yonsei.ac.kr

② For all personal information protection inquiries, complaints, and damage relief that occurred while using our website service, please contact our personal information protection agency manager and institution manager.

Article 12. Method of remedy for infringement of the rights and interests of the data subject

①In order to address personal information infringement, the information provider may apply for dispute resolution, consultation, etc. to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency’s Personal Information Infringement Report Center.

②The institution below is a separate institution from Yonsei University, and if you are not satisfied with Yonsei University’s own personal information complaint handling and the outcome of addressing damages, or if you need more detailed help, please contact us.

▶Personal Information Dispute Mediation Committee: +82-1833-6972 (http://www.kopico.go.kr/)

▶Personal Information Infringement Report Center: +82-118 (http://privacy.kisa.or.kr/)

▶Cyber Investigation Division of the Supreme Prosecutors’ Office: +82-1301 (http://www.spo.go.kr/)

▶National Police Agency Cybersecurity Bureau: +82-182 (http://cyberbureau.police.go.kr/

Article 13. Matters concerning changes in personal information processing policies

①This personal information processing policy will be applied from January 18, 2019, and if there is an addition, deletion, or correction of changes in accordance with laws and policies, we will inform you through the notice on the website 7 days before the change takes effect.

②You can check the previous personal information processing policy below.

▶ 2012. 02. 08 ~ 2019. 01. 17 (View application)