The British Council ('www.britishcouncil.kr, hereinafter,the “Council”) has established the personal information management policy as follows (the “Policy”) in accordance with the Personal Information Protection Act and Act on Promotion of Information and Communication Network Utilisation and Information Protection to protect the rights and interests of the users of the Council’s services and to handle any problems that the users may face in respect of their personal information.

Any amendment of this Policy will be publicly announced by a posting on the website of the Council.

This Policy will come into effect on April 9 2013 (the “Effective Date”) and the content was last updated on 17 November 2017.

 

 1. Purpose of Personal Information Management

The Council processes user’s personal information for the following purposes. Processed information will not be used for any purposes other than for the following purposes. The Council will seek prior consent of the persons who are the subject of the personal information (the “Users”) before any change to the intended use is implemented. 

A. Membership Registration and Management for the Council’s Language School’s Student Portal, UK Alumni Association and E-newsletters

The Council processes personal information for the following purposes:

  • To confirm the User’s intention to be a registered member;
  • To identify or certify User identity in relation to its provision of membership services;
  • To maintain or manage membership status;
  • To verify User identification to comply with the real-name identification policy;
  • To prevent unauthorized use of service;
  • To acquire consent of a legal agent if the User is under the age of 14;
  • To give public announcement or notice;
  • To handle customer complaints; and
  • To keep records for dispute resolution purposes.   

B. Complaint Handling

The Council processes personal information for the following purposes:

  • To verify the complaining person’s identification;
  • To review complaints;
  • To contact or notify the complaining persons to investigate the cause of the complaints; and
  • To notify complaint review results.

C. Provision of Goods and Services

The Council processes personal information for the following purposes:

  • To deliver goods;
  • To provide services (including exams services);
  • To send invoices;
  • To provide content or customised service;
  • To verify User’s identification;
  • To verify User’s age;
  • To accept payment or settle the fees; and
  • To prevent any illegal use of other’s name. 

D. Marketing and Advertisement

The Council processes personal information for the following purposes:

  • To develop new services/products and provide customised services;
  • To provide any event-related or advertising information;
  • To offer opportunity to participate in events;
  • To provide services based on the demographic characteristics;
  • To publish advertisements;
  • To confirm service validity; 
  • To check access frequencies; or 
  • To compile statistics regarding Users’ use of the Council’s services.

2. Personal Information Processing and Retention Period

A. The Council processes and retains personal information during the period permitted by law or agreed by the subject of the information upon collection of his/her personal information.

B. Personal information processing and retention periods are as follows:

(1) Membership Registration and Management for the Council’s Language School’s Student Portal, UK Alumni Association and E-newsletters

The Council processes and retains personal information for the purpose of “Membership Registration and Management for the Council’s Language School’s Student Portal, UK Alumni Association and E-newsletters” until User withdraws his/her membership for language institute, UK alumni association or e-newsletter.

However, if retention of any of the above information is required by law, the Council shall process and retain such information during the required period in accordance with the law. 

(2) Handling Complaints

The Council processes and retains personal information for the purpose of “Complaint Handling” for 5 years from the date on which User gives consent to collect or use of his/her personal information for the said purpose. However, if the User withdraws his/her consent before the expiration of the 5 year period, the User’s personal information will be promptly destroyed. 

However, if retention of any of the above information is required by law, the Council shall process and retain such information during the required period in accordance with the law.

(3) Provision of Goods and Services

The Council processes and retains personal information for the purpose of “Provision of Goods and Services” for 5 years from the date on which User gives consent to collect or use of his/her personal information for the said purpose. However, if the User withdraws his/her consent before the expiration of the 5 year period, the User’s personal information will be promptly destroyed.

However, if retention of any of the above information is required by law, the Council shall process and retain such information during the required period in accordance with the law.

(4) Marketing and Advertisement

The Council processes and retains personal information for the purpose of “Marketing and Advertisement” for 2 years from the date on which User gives consent to collect or use of his/her personal information for the said purpose. However, if the User withdraws his/her consent before the expiration of the 2 year period, his/her personal information will be promptly destroyed.

However, if retention of any of the above information is required by law, the Council shall process and retain such information during the required period in accordance with the law.

(5) Despite the User’s withdrawal of consent, his/her person information may continue to be processed and retained in accordance with applicable laws, including but not limited to the following: 

(a) Act on Consumer Protection in Electronic Commerce, Etc. 

  • ž Record of advertisement: 6 months
  • ž Record of cancellation of contracts or offers to enter into contract: 5 years
  • ž Record of payment and provision of goods and services: 5 years
  • ž Records of customer complaints and dispute settlement: 3 years 

(b) Commercial Code

  • ž Account books and other important documents relating to business: 10 years
  • ž Sales statements and other similar documents: 5 years

(c) Framework Act on National Taxes

  • ž Account books and documentary evidence related to all transactions: 5 years

(d) Any other applicable laws

3. Provision of Personal Information to Third Party

A. The Council provides personal information to a third party only when it is permitted by the Personal Information Protection Act; for example, where User gives consent or provision of personal information is expressly allowed under applicable laws.     

B. The Council provides personal information to the following entities: 

(1) The British Embassy in Korea

  • žPersonal information is provided to: The British Embassy in Korea 
  • žPersonal information provided: name, gender, name of workplace and department, job title    
  • žIntended use of the personal information: To inform the User of public diplomacy activities and events of the British Embassy in Korea
  • žPeriod of retention and use of the personal information: Until User withdraws his/her consent

(2) Partner Institutes for Exams Services

  • ž Personal information is provided to: Cambridge English Language Assessment, and IELTS recognition bodies (educational institutions in and outside Korea and institutions which handle immigration affairs including embassies and UK Government including immigration offices)
  • ž Personal information provided: Name, date of birth, photo, native language, nationality, occupational cluster, level of education, fingerprint, passport number and test results, voice and video recordings of IELTS applicants
  • ž Intended use of the personal information: To check test results and personal identification, and to prevent any illegal use of other’s name 
  • ž Period of retention and use of the personal information: 3 years

4. Entrustment of Personal Information Processing

A. The Council entrusts certain affairs related to personal information processing as follows in order to smoothly handle such matters:

(1) IELTS

  • Entrusted Party: Jinhak Apply Corp.
  • žEntrusted Affairs: Processing purchases and fee settlement, member identification for use of membership service, complaint handling and notice announcement 

(2) English Language School

  • žEntrusted Party: CREATIVE LOUNGE
  • žEntrusted Affairs: Maintenance and management of the websites for booking level tests of the English language school

(3) Events booking

  • žEntrusted Party: CREATIVE LOUNGE, Bookeo
  • žEntrusted Affairs: Maintenance and management of the websites for booking events  

(4) SMS

  • žEntrusted Party: Wisecan Co., Ltd. (owner of www.sms17.com site), LG Uplus
  • Entrusted Affairs: Sending SMS   

(5) Online market research

  • Entrusted Party: SurveyMonkey (owner of www.surveymonkey.com site)
  • Entrusted Affairs: Conducting online market research   

B. When entering into an entrustment agreement, the Council specifies the following matters in the agreement or in any written form in accordance with Article 26 of the Personal Information Protection Act so that the Council can make sure that the entrusted party handles personal information with safety: 

  • žProhibiting the entrusted party from processing personal information for any purpose other than for the performance of the entrusted affairs;
  • žTechnical and administrative measures to protect personal information;
  • žRestricting re-entrustment of personal information processing;
  • žMatters related to managing/supervising the entrusted party;
  • žLiabilities of the entrusted party, including damage compensation. 

C. Any change of the entrusted party or content of the entrusted affairs will be immediately disclosed through this Policy.  

5. Rights of the Users and Method to Exercising such Rights

As the subject of the personal information, User may exercise the following rights:

A. User may at any time exercise the following rights against the Council in order to protect his/her personal information:

(1) Right to have access to personal information;
(2) Right to request correction of any error; 
(3) Right to request deletion of information; 
(4) Right to request discontinuance of personal information processing.

B. The rights referred to in Paragraph A above may be exercised by completing Form 8 of the Enforcement Regulation of the Personal Information Protection Act and submitting to the Council as hard copy, or by email or facsimile. The Council will immediately take action upon receipt of such request.

C. In case User requests correction or deletion of any error in his/her personal information, the Council will not use or provide the concerned information until such correction or deletion is completed. 

D. The rights referred to in Paragraph A above may be exercised by a legal agent or an authorized representative of the User. In such a case, power of attorney as provided in Form 11 of the Enforcement Regulation of the Personal Information Protection Act must be submitted to the British Council. 

6. Types of Personal Information Collected and Method of Collecting Personal Information

Types of Personal Information Collected 

The Council processes the following types of personal information, which are essential for the provision of its services.

A. Registration and Management for the English Language School’s Student Portal 

  • žRequired Items: Name, date of birth, email address and telephone number
  • žOptional Items: Home address and gender

B. Membership Registration and Management for E-newsletter 

  • žRequired Items: Name and email address

B-1. Membership Registration and Management for E-newsletter for UK/Korea 2017-18

  • Required Items: Name, email address and mobile phone number

C. Membership Registration and Management for UK University Alumni Association 

  • žRequired Items: Name, gender, date of birth, address, email address, telephone number, name of UK university the User graduated from, degree, academic major, major department, graduation year and list of scholarships received
  • Optional Items: Name of workplace, department and job title

D. Complaint Handling

  • žRequired Items: Name and email address
  • žOptional Items: Telephone number 

E. Provision of Goods and Services

1) IELTS

  • žRequired Items: Name and date of birth, photo, gender, intended use of IELTS results, native language, nationality, occupational cluster, level of education, fingerprint, ID, password, address, telephone number, email address, IELTS test results, and passport copy (voice and video recordings of applicants only for IETLS for UKVI)

2) Other tests including TKT and university exams

  • Required Items: Name, date of birth, telephone number and email address

3) Training programmes for teachers (as designated training institute pursuant to the Regulations on Training for Teachers) 

  • Required Items: Name, address, telephone number, email address, name of school and list of training programmes completed

4) UK education qualification confirmation service

  • Required Items: Name, date of birth, gender, telephone number and email address

5) Level test for the English Language School

  • Required Items: Name, year of birth, telephone number, email address

6) Events and cultural projects participants

  • Required Items: Name, telephone number, email address, password
    # Age, workplace and career history might be additionally collected depending on the nature of the project and selection criteria. 

F. Marketing and Advertisement

  • žRequired Items: Name, gender, age, address, telephone number and email address

G. Use of Cookies 

1) Cookies embedded in the Council website

During the use of the online services of the Council, the following personal information may be automatically created and collected using cookies embedded in the Council’s website.

  •  IP address, name of the User’s workplace, web address, location of the User (city and country)

2) Cookies by third party platforms and sites

To support our content publication, we sometimes embed photos and video content from websites such as You Tube and Flickr. As a result, when the User visits a page with content from these external websites, the User may be presented with cookies from these websites. The Council does not control the dissemination of these cookies.

3) Google Advertising Services

The Council may use vendors, such as Google, to display targeted British Council advertising on external internet sites based on Users’ past visits to this website.

4) Turning Off Cookies and Google Advertising Services

User may block cookies by activating the setting on the browser that allows you to refuse the setting of all or some cookies. Below are links to the 'Help' pages of major browsers which explain how you can do this. However, if you use your browser settings to block all cookies or essential cookies, you may not be able to access all or parts of our website or any other websites that you visit. 

Internet Explorer | Firefox | Chrome | Safari | Opera | Blackberry | Safari iOS | Windows Mobile 

User can also opt-out of Google Analytics for Display Advertising and customize Google Display Network advertisements using Google Ads Preferences Manager, and opt-out from Google Analytics visits tracking using free browser add-on.

Method of Collecting Personal Information 

  • Membership sign up, event booking or exam application through the Council’s homepage, paper, telephone, fax, or e-mail
  • Automatic collection, such as through cookies

7. Disposal of Personal Information

When any of the personal information becomes no longer necessary, including by expiration of the retention period or fulfilment of its purposes, the Council disposes of such personal information without delay. 

The process, timing and method of disposal of personal information are as follows:

A. Disposal Process 

The Council identifies personal information that needs to be destroyed, and after obtaining approval of the Council’s personal information manager, destroys such information. 

In case the personal information should be preserved according to applicable laws, the Council will store such information in a separate database (in case of personal information in paper form, the Council will record such information in a separate document) and preserve it for the required period of time in accordance with applicable law and the Council’s internal policies, and will dispose of it after the required period elapses. In such a case, the personal information preserved will not be used except in strict adherence to the relevant law. 

B. Disposal Timing 

The personal information will be destroyed within 5 days after the occurrence of any event causing such disposal.  

C. Disposal Method

Information in electronic form will be destroyed using technical tools so as to make sure that such information will not be reproduced.

Information in paper form will be destroyed by shredding it with a paper shredder or incinerated. 

8. Measures to Secure Safety of Personal Information 

The Council takes the following technical, administrative and physical measures necessary to protect personal information in accordance with the Personal Information Protection Act:

A. Minimize Number of Staff Processing Personal Information; Training 

The Council appoints a minimum number of staff for processing personal information and gives permission to handle personal information only to such staff.

B. Regular Internal Audits

The Council conducts internal audits periodically (on a quarterly basis) in order to secure the safety of personal information. 

C. Establish and Implement Internal Management Plan

The Council establishes and implements internal management plan to handle personal information with safety. 

D. Encryption of Personal information

User passwords are stored and managed in an encrypted form so that only the concerned User can know them. In addition, important data are stored and transmitted in an encrypted form, and/or secured by the file locking function. 

E. Technological Measures to Prevent Hacking

The Council installs security programs in order to prevent leakage or damage of personal information caused by computer hacking or virus, and renews and checks the system regularly. In addition, the information system is located where access from outside is controlled and monitored through technical and physical means. 

F. Limited Access to Personal Information

The Council takes measures to control access to personal information by controlling authorization to access personal information database systems, and prevents unauthorized access from outside using intrusion prevention system. 

G. Storage of Access Records and Prevention of Forging or Falsifying Logs

The Council stores and manages records of access to personal information systems for at least 6 months and uses security programs to prevent such access records from being forged or falsified, stolen or lost.

H. Use of Locking Device to Secure Documents 

The Council keeps documents and storage device in a safe place where locking devices are installed.

I. Control of Unauthorized Access 

The Council has a storage place where personal information is physically stored, and establishes and implements a process of controlling access to such place.  

9. Personal Information Protection Manager 

A. The Council appoints a personal information protection manager who is responsible for all affairs relating to personal information processing, and handling complaints raised by the Users and remedy of damages incurred in relation to personal information processing. 

▶ Personal Information Protection Manager 

  • Name: Martin John Fryer 
  • Position: Director
  • Title: Representative of the British Council 
  • Contact Personal Information Management Division: 
  • Tel: 02-3702-0601, privacy@britishcouncil.or.kr, Fax: 02-3702-0660

▶ Personal Information Management Division

  • Name of Division: Marketing & Communications
  • Person in Charge: Yoomie Goh
  • Contact Personal Information Management Division: 
  • Tel: 02-3702-0601, privacy@britishcouncil.or.kr, Fax: 02-3702-0660

B. User may direct all personal information related questions or complaints to the Personal Information Manager and the Management Division. The Council will promptly respond to such enquiries. 

10. Request to Review Personal Information  

User may request the following division to allow review of his/her personal information in accordance with Article 35 of the Personal Information Protection Act. The Council will do its best to handle such requests as promptly as possible. 

▶ Division in Charge 

  • Name of Division: Administrative Division
  • Person in Charge: Juyoung Park
  • Contact: Tel: 02-3702-0601, privacy@britishcouncil.or.kr, Fax: 02-3702-0660

11. Remedy for Infringement on Rights and Interests of Users

User may inquire at the following institutions regarding remedy of damages arising from infringement of personal information, if not fully satisfied with the service of the Council in handling complaints related to personal information.   

▶ Personal Information Protection Centre (operated by Korea Internet & Security Agency) 

  • What they do: Take reports on infringement of personal information and provide counselling services in relation thereto 
  • Website: privacy.kisa.or.kr 
  • Phone: 118 (without area code)
  • Address: Personal Information Protection Centre, Korea Internet & Security Agency, 135 Joongdae-ro, Songpa-gu, Seoul 138-950, Korea 

▶ Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency) 

  • žWhat they do: Receive applications for mediation of personal information-related disputes and to mediate such disputes (civil resolution) 
  • Website: privacy.kisa.or.kr  
  • Phone: 118 (without area code)
  • Address: Personal Information Protection Centre, Korea Internet & Security Agency, 135 Joongdae-ro, Songpa-gu, Seoul 138-950, Korea 

▶ Cybercrime Investigation Department of the Supreme Prosecutors’ Office: 02-3480-3582(www.spo.go.kr)
▶ Korean National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)

12. Installation and Operation of Image Data Processing Equipment 

The Council installs and operates image data processing equipment as follows: 

A. Purpose of installing image data processing equipment: Provide security for clients and facilities and assure gate security

B. Number of equipment installed, location and scope of recording:

  • Number of equipment installed: 4 CCTV cameras in the City Hall, Eulji-ro and Mok-dong Centres respectively and 3 CCTV cameras in the Seocho and Gangnam Centres respectively
  • Location of installation: The City Hall, Eulji-ro, Mok-dong, Seocho and Gangnam Centres of the British Council 
  • Scope of recording: Cameras have been installed to monitor places where security must be reinforced in the City Hall, Eulji-ro, Mok-dong, Seocho and Gangnam Centres

C. Manager, division and person authorized to have access to image data: Eunji Shin for the City Hall Centre, Juhyun Lee for the Euljiro Centre, Jihyun Choi for the Mok-dong Centre, Ji-hyeok Kim for the Seocho Centre and Jeongeun Lee for the Gangnam Centre, British Council Korea

D. Recording hours, retention period, storage place and management  

  • žRecording hours: 24 hours non-stop recording   
  • Retention period: 1 month from the recording date  
  • Storage place and management: Recording data are stored in separate hard disk drives, and kept and managed in the offices in the City Hall, Eulji-ro, Mok-dong, Seocho and Gangnam Centres

E. Access to image data and place: Image data may be viewed using the hard disk drives and the monitors installed in the offices of the City Hall, Eulji-ro, Mok-dong, Seocho and Gangnam Centres for such image data.

F. Measures to deal with the request of the subject of information for inspection of image data: A form of request for inspection of image data or request for checking the existence of data must be submitted. In such a case, an inspection of image data may be allowed only if the person requesting it has been recorded as the subject of such recording, or it is deemed obviously necessary for his/her physical safety and property interests.  

G. Entrustment of Image Data Processing Equipment Installation and Management: The Council entrusts this matter as follows:

  • Entrusted party: ADT Caps
  • Person in charge: Mr Kim, Bumsoo
  • Contact details: + 82 (0)10 8297 7747 / ADT caps +82 1588 6400

H. Technical, administrative and physical measures to protect image data: The Council keeps hard disk drives for storing image data installed in the offices of the Seocho and Gangnam Centres, and obtains technical and administrative advices from ADT Caps, the security service provider. If no space left on the hard disk drive, the data will be automatically destroyed in order of their recorded time beginning from the oldest data.

13. Others

The details of the personal information management policy related to IELTS exam can be found on the IELTS registration site, https://reg.britishcouncil.kr

14. Changes in the Personal Information Management Policy and Notification

A. This Policy will take effect from the Effective Date, and any changes, deletion or correction of the policies herein will be announced 7 days prior to the date on which such changes will take effect. 
B. You may view or download previous versions of this Policy below.

15. British Council Headquarters' Data Protection Policy

If you want information about our Headquarters' policy on Data Protection, please see our corporate website.