|
Article 8
|
The following items should be told precisely to the Party by a government agency or non-government agency, in accordance with Article 15 or Article 19:
- the name of the government agency or the non-government agency;
- purpose of collection;
- classification of the personal information;
- time period, area, target and way of the use of personal information;
- rights of the Party and ways to exercise them as prescribed in Article 3;
- the influence on his rights and interests while the Party chooses not to provide his personal information;
The following situations may be exempted from the notice prescribed in the preceding Paragraph:
- when in accordance with law;
- when the collection of personal information is necessary for the government agency to perform its official duties or the non government agency to fulfill the legal obligation;
- when the notice will impair the government agency in performing its official duties;
- when the notice will impair public interests.
- when the Party should have known the content of the notification already;
- when the collection of personal information is for non-profit purposes and clearly does not cause any detriment to the Party.
|
|
Article 9
|
Government or non-government agencies shall, before processing or using the personal data collected in accordance with Article 15 or 19 which was not provided by the data subject, inform the data subject of their source of data and other information specified in subparagraphs 1 through 5, paragraph 1 of the preceding article.
The obligation to inform as prescribed in the preceding paragraph may be exempt under any of the following circumstances:
1. under any of the circumstances provided in paragraph 2 of the preceding article;
2. where the personal data has been manifestly made public by the data subject or publicized legally;
3. where it is unable to inform the data subject or his/her legal representative;
4. where it is necessary for statistics gathering or academic research in pursuit of public interests, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject; or
5. where the personal data is collected by mass communication enterprises for the purpose of news reporting for the benefit of public interests.
The obligation to inform as prescribed in paragraph 1 may be performed at the time of the first use of the personal data towards the data subject.
|
|
Article 10
|
Upon the request of the Party, the government agency or non-government agency should reply to the inquiry, offer for a review or provide duplications on the personal information collected, except the followings:
- when the national security, diplomatic and military secrets, the macro-economic interests or other major national interests may be harmed;
- when the performance of official duties may be interfered with; and
- when the major interests of the collecting agency or a third person may be affected.
|
|
Article 11
|
The government agency or the non-government agency should ensure the accuracy of personal information, and correct or supplement it, ex officio or upon the request of the Party.
In the event of a dispute regarding the accuracy of personal information, its processing or use shall be ceased voluntarily or upon the request of the Party, unless the processing or use is either necessary for the performance of an official duty or fulfillment of a legal obligation, or agreed to by the Party in writing, and the dispute has been recorded.
The information collected should be deleted, discontinued to process or use, ex officio or upon the request of the Party when the specific purpose no longer exists or time period expires. However, the preceding sentence may not be applicable when it is necessary for the performance of an official duty or fulfillment of a legal obligation and has been recorded, or when it is agreed by the Party in writing.
The information collected should be deleted, discontinued to process or use, ex officio or upon the request of the Party in the cases where a violation of this Law occurred during collecting, processing or using that information.
In the cases where the government agency or the non-government agency should be attributed to of not correcting or supplementing personal information, persons to whom the personal information was provided should be notified after correction or supplement.
|
|
Article 12
|
When the personal information is stolen, disclosed, altered or infringed in other ways due to the violation of this Law, the government agency or non-government agency should notify the Party after an inspection.
|
|
Article 13
|
Where a request is made by the Party to the government agency or the non-government agency pursuant to Article 10, it should be determined within fifteen days. It may be extended to a time period of no longer than fifteen days when necessary and the Party should be notified of that in writing.
Where a request is made by the Party to the government agency or the non-government agency pursuant to Article 11, it should be determined within thirty days. It may be extended to a time period of no longer than thirty days when necessary and the Party should be notified of that in writing.
|
|
Article 20
|
Except for the personal data specified in paragraph 1 of Article 6, non-government agencies shall use personal data only within the necessary scope of the specific purpose of collection; the use of personal data for another purpose shall be only on any of the following bases:
1. where it is expressly required by law;
2. where it is necessary for furthering public interests;
3. where it is to prevent harm to the life, body, freedom, or property of the data subject;
4. where it is to prevent material harm to the rights and interests of others;
5. where it is necessary for statistics gathering or academic research by a government agency or an academic institution for public interests; provided that such data, as provided by the data provider or disclosed by the data collector, may not lead to the identification of a specific data subject;
6. where consent has been given by the data subject; or
7. where it is for the data subject's rights and interests.
When a non-government agency uses personal data for marketing purpose pursuant to the preceding paragraph, upon the data subject's objection to such use, the agency shall cease using the data subject's personal data for marketing.
Non-government agencies, when using the data subject’s personal data for marketing purpose for the first time, shall provide the data subject the ways that he/she can object to such use, and the agency shall pay for the fees therefrom.
|
|
Article 27
|
Non-government agencies in possession of personal data files shall implement proper security measures to prevent the personal data from being stolen, altered, damaged, destroyed or disclosed.
The central government authorities in charge of the industries concerned may designate and order certain non-government agencies to establish a security and maintenance plan for the protection of personal data files and rules on disposing personal data following a business termination.
Matters such as standards on setting forth the aforementioned plans and disposal regulations shall be expressly established by the central government authority in charge of the industry concerned.
|