Privacy Policy


The personal information collected, retained and managed by RISS International is in compliance with the applicable regulatory Acts of the Republic of Korea. In particular, the Personal Information Protection Act addresses general norms for the processing of personal information. RISS International shall handle personal information, in a timely and seamless manner, in compliance with the Personal Information Protection Act to protect the privacy of users.

Further, RISS International respects the rights and benefits of its users, such as viewing, correcting, deleting and suspending the processing of personal information, as stipulated in the Personal Information Protection Act. Users have the right to file an administrative appeal based on the Administrative Appeals Act.

The following personal information processing policy of RISS International is established to protect personal information and process any complaints/inquiries related with personal user information in compliance with Article 30 of the Personal Information Protection Act.

Article 1 (Purpose of personal information processing)

(1) RISS International manages personal information for the following purposes:

  1. (Service Provision) RISS International processes personal information for the purpose of providing services such as content delivery and document delivery;
  2. (Membership Management) RISS International processes personal information for the purpose of personal identification, prevention of unauthorized use by unauthorized members, prevention of unauthorized use, confirmation of registration, preserving records for dispute settlement, and handling of complaints/inquiries in an effective and timely manner through communication; and
  3. (Service Improvement) RISS International processes personal information for the purpose of the improvement, statistical analysis, promotion and dissemination of information regarding of its services.

(2) RISS International shall process and disclose personal information for the purpose of membership registration and management, and the processing of items related to civil affairs and the improvement of services in compliance with Article 32 of the Personal Information Protection Act.

(3) If RISS International is required to use personal information for any other purpose than described above, additional consent of users shall be requested in compliance with Article 18 of the Personal Information Protection, Act.



Article 2 (Processing and retention period of personal information)

RISS International processes and retains its user’s personal information until membership withdrawal.



Article 3 (Providing personal information to a third party)

RISS International does not process or provide personal information to a third party for other purposes without the user’s prior consent, with the exception of the following cases;

  1. When RISS International obtains a separate consent from the user;
  2. When there is a special regulation specified under other laws;
  3. When RISS International is believed to be necessary for the clear benefit for its user’s life, health, and/or property, and when prior consent is unobtainable due to such reasons as the inability of the individual or his/her legal representative to express his/her intent or to find out the whereabouts of the individual or his/her legal representative;
  4. When personal information is provided with anonymity for the purpose of statistical analysis or academic research;
  5. When personal information is listed as crucial data, based on the deliberation of the personal information protection committee, to perform certain activities in compliance with other laws, unless such information is made available for exceptional causes or to a third party;
  6. When personal information is required by related foreign governments or international organizations in compliance with international treaties/agreements;
  7. When personal information is required for criminal investigation and/or prosecution;
  8. When personal information is required for court hearings; or
  9. When personal information is required for the execution of court rulings such as imprisonment or protective custody.


Article 4 (Consignment of the personal information processing)

For efficient processing, operation and maintenance of personal information of RISS International is contracted to Futurenuri, Inc.


Address: #1102, Byuksan Digital Valley 70, Gyeongin-ro 71-gil, Yeongdeungpo-gu, Seoul 07286, Republic of Korea



Article 5 (Rights and duties of the user and ways to exercise them)

(1) The user shall exercise the following rights related to registered personal information at any time:

  1. Request for his/her personal information;
  2. Request for correction of errors of his/her personal information;
  3. Request for deletion of his/her personal information; and
  4. Request for suspension of the processing of his/her personal information

(2) The user shall exercise his/her rights on the statement above by submitting Form 8 of Enforcement Ordinance of the Personal Information Protection Act via mail, e-mail or fax. Upon receipt of the user request, RISS International shall respond in a timely and seamless manner.

(3) Upon the user request for correction or deletion of his/her personal information, RISS International shall hold or refrain from providing personal information until such modification or deletion is completed.

(4) The user shall present his/her legal representative or agent to exercise the rights on the statement above by submitting Form 11 of Enforcement Ordinance of the Personal Information Protection Act.

(5) The user request for viewing and suspending the process and inspection of personal information may be limited in compliance with article 35 paragraph 5 and article 37 paragraph 2 of the Personal Information Protection Act.

(6) If stipulated in another law that the specific personal information is to be collected, the user cannot request to delete the information.

(7) When there is a request to view, revise/delete and/or suspend processing of personal information, RISS International shall verify the identification of the individual or legal representative.

  1. Personal requests can be verified with an identification card such as certificate of resident registration, driver's license, passport, etc.
  2. [Form 8] Request for viewing, correction, deletion and suspension of processing personal information
  3. [Form 11] Power of Attorney


Article 6 (Items for processing personal information)

RISS International shall process the following personal information items:

  1. (Required) Name, URL, Address, Country, Library, Library Type, Department, Title, Telephone number, e-mail, Fax number, Primary IP address, Password, ILS Unicode support, ILS name, Authentication(IP only, URL only, or both); and
  2. (Optional) Library URL, Enrollment of Korean Studies and related research field, KJAE(Korean Journal Articles Expanded)


Article 7 (Procedures and methods of deleting personal information)

RISS International shall delete personal information without any unreasonable delay if its purpose of processing the personal information is achieved. However, this does not apply to personal information that needs to be preserved in compliance with other laws. The procedures, terms and methods of deleting/destroying personal information are as follows:

(1) (Procedures) Unnecessary personal information and personal information files are handled by a person in charge of the personal information in accordance with the following internal policy:

  1. RISS International destroys personal information that has passed the retention period without unreasonable delay from the end date;
  2. RISS International destroys, without unreasonable delay, the personal information that has become unnecessary due to either the completion of necessary processing, abolition of relevant services or the termination of business, on the day when the processing of personal information is recognized as unnecessary; and
  3. The personal information in any electronic format shall be destroyed in an unreproducible state by using technical methods. Additionally, hard copied personal information shall be shredded or incinerated.


Article 8 (Measures to ensure the safety of personal information)

RISS International, pursuant to Article 29 of the Personal Information Protection Act, provides technical, administrative and physical measures necessary for securing safety as follows:

  1. RISS International designates and minimizes the number of person in charge of personal information, and implements measures to secure personal information management.
  2. RISS International takes necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that processes personal information.
  3. RISS International also controls and prevents unauthorized external access by using an intrusion prevention system.
  4. RISS International, with the use of security systems, stores and manages access records (web logs, summary information, etc.) to the personal information processing system for at least 6 months in order to prevent forgery, theft and loss.
  5. RISS International encrypts, stores and manages its user's personal information. RISS International also implements separate security measures such as encryption of important data when storing or transferring.
  6. RISS International installs and periodically updates the computer security programs to protect personal information from leakages and damages caused by hacking or computer virus.
  7. RISS International separately sets up physical storage of personal information system, and establishes and operates access control procedures.

Article 9 (Points of contact for RISS International's personal information protection)

RISS International designates duties for personal information protection and handling users’ complaints/inquiries as follows.

    • Director for Personal Information Protection: Kweon Sungho, Education Information Security Division, Tel. +82-53-714-0234
    • Manager for Personal Information Protection: Jang Sanghyun, Academic Research Information Division, Tel : +82-53-714-373
    • Staff for Personal Information Protection: Pang Jeannie, Academic Research Information Service Section, riss_international@riss.kr Tel : +82-53-714-0227, Fax : +82-53-714-0194

Article 10 (Request to view on personal information)

(1) RISS International shall respond without unreasonable delay to a user’s request of viewing personal information.

    • Contact: Pang Jeannie, Academic Research Information Service Section, riss_international@riss.kr, Tel: +82-53-714-0227, Fax: +82-53-714-0194

(2) The user may also request for access to his/her personal information on the portal of ‘Personal Data Protection Laws in Korea’ (www.privacy.go.kr) run by the Ministry of the Interior and Safety.



Article 11 (Remedial measures for infringement on rights and interests)

(1) The user may appeal for damage relief related to personal information infringement and may receive consultation from the institutions listed below.

  • Personal Information Infringement Report Center (run by the Korea Internet & Security Agency)
    • Duties: Consultation on personal information infringement reports
    • Website : http://privacy.kisa.or.kr
    • Tel: 118 (without area code)
    • Address: Korea Internet & Security Agency (KISA) 9 Jinheung-gil, Naju, Jeollanam-do 58324, Republic of Korea

  • Personal Information Dispute Mediation Committee (run by the Personal Information Protection Commission)
    • Duties: Mediating and making settlements of both individual and collective personal information disputes (civil resolution)
    • Website : http://www.kopico.go.kr
    • Tel: 118 (without area code)
    • Address: 4th floor, Central Government Complex 209, Sejong-daero, Jongno-gu, Seoul 03171, Republic of Korea

(2) The user reserves the right to request administrative judgment in accordance with the Administrative Appeals Act for any infringement on rights and interests caused by nonfeasance or measures taken for the request of users for inspection, modification, deletion or suspension of processing personal information.

Article 12 (Amendment to the personal information processing policy)

(1) The policy shall take effect on March 5, 2019.

(2) See below for previous regulations.

Close