The Korean Psychological Association (hereinafter referred to as "Association") puts great emphasis on protection of personal information of users, and is making every effort to allow the users to use the service of the Association with their personal information provided on-line to the Association protected at the same time. Accordingly, the Association complies with the personal information protection regulations of the related laws which information and communication service providers have to observe such as the Protection of Communications Act, the Telecommunications Business Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and the Personal Information Protection Policy established by the Ministry of Information and Communication. Through the Personal Information Protection Policy, the Association informs the users for what purpose and in what way the personal information provided by the users is used, and what actions are taken for protection of personal information. The Association is taking an action to enable the users to easily find the Personal Information Protection Policy at all times by putting it on the first screen of the Web Site.

The Personal Information Protection Policy of the Association may change frequently due to change in the laws or guidelines of the government or in the internal policy of the Association, and, for this, the Association has established the procedures required for continuous improvement of the Personal Information Protection Policy. And, when the Personal Information Protection Policy is revised, the Association announces it through the notices of the Association 7 days prior to the enforcement of the revised Personal Information Protection Policy, and enables the users to easily identify the revisions by giving version numbers and revision dates.

The Personal Information Protection Policy of the Association contains the following contents:

1. Agreement on collection of personal information
2. Purpose of collection and use of personal information
3. Items of personal information collected by the Association and the collection method
4. Retention and use period of the personal information collected by the Association
5. Sharing and provision of the personal information collected by the Association
6. Matters related to management of the user's own personal information (reading, correction, deletion, etc.)
7. Matters related to operation of cookies
8. Technical/administrative measures related to personal information
9. Entrusted processing of personal information
10. Convergence of opinions related to personal information and matters related to settlement of complaints
11. Department, name and contact information of the manager and the person of the Association in charge of management of personal information
12. Guide for the customer center of the Association
13. Duty of notification

The Association shall arrange a procedure for the user to click either the 「Agree」 button or the 「Cancel」 button in relation to the content of the Personal Information Protection Policy or the Terms of Use of the Association, and the user shall be considered having agreed on collection of personal information if the 「Agree」 button is clicked.

"Personal Information" means the information about an existing person, who can be identified using the matters contained in the information such as name, mobile phone number, etc. (including the information which can be used to identify a specific individual being easily combined with some other information even though the information alone cannot be used to identify the specific individual).

Most of services provided by academic societies can be used at all times without separately registering the user. But, the Association is collecting personal information of the users in order to provide services of more improved quality including the services tailored to the users through Member Service and so on (the log-in based Service being provided now or is planned to be provided in the future).

The Association shall not disclose the personal information of any user without the prior consent of the user, and the information collected is used as follows:

First, more useful services can be developed on the basis of the personal information provided by the users. The Association can more efficiently decide the priority of the services to be newly developed or the contents to be expanded based on the personal information provided by the existing users to the Association, and can reasonably select and provide the contents to be required by the users.

Second, most of various information and services provided by the Association are free of charge. The Association is inserting advertisements in order to provide such free services, and is able to convey the advertisements and contents adequately in each service and menu based on accurate personal information of users, which will eventually have a value as another piece of information the Association gives to the users. The Association shall only receive the advertisements from the advertisers and shows each advertisement to the type of users the advertiser wants to target at, and shall never show or provide personal information of users to the advertisers.

Third, the purpose of collection by collected information is as follows:

• Name, ID, password, mobile phone number, and question and answer for identification: Personal identification for settlement of civil complains related to use of the Service, identification of the actual user, and provision of age-limited services
• E-mail address and telephone number: Notification, securement of communication route for confirmation of user's intention, settlement of complaints, etc., and guidance of the latest information such as new services, new products or events
• Address and telephone number: Securement of accurate destination when sending a bill or shipping an article
• Address: For demographic analysis
• Mobile phone number: Securement of information in preparation for checking of the previous admission record or actual user, and loss of the log-in information
• Other selective items: Data required for provision of the services tailored to individuals
• IP Address, and visit dates: Prevention of illegal use by faulty members and unauthorized use
• Telephone number (telephone, and mobile phone), the existing ID, and password: Checking of intention to join, and limitation on admission and the number of admissions

The Association is receiving the information essential for provision of service on the web when the user becomes a member in order to use Member Service. The information the user is asked to essentially provide when becoming a member is e-mail address, mobile phone number, etc. Also, the items the user can selectively provide for provision of good quality service include telephone number, etc.

Also, the Association may selectively request the members to enter personal information for statistical analysis or provision of a giveaway during a survey or an event within the Association. However, the Association shall not collect sensitive information (ethnic group and race, thought and creed, hometown and domicile of origin, political disposition and criminal record, health condition and sex life, etc.) which may infringe basic human right of the user, and, if such information is required to be inevitably collected, a prior consent of the user shall be obtained without fail. And, the information entered shall not be used for anything other than the purposes made clear to the users in advance and shall not be flowed out in any events.

The advertisers who insert advertisements in the Web Site of the Association or the Web Sites linked to various directories such as search may also collect personal information of users for identification of individuals. We inform you that this "Personal Information Protection Policy of the Association" does not apply to the act of collecting personal information by the Web Sites linked to that of the Association.

The personal information of a user shall be continuously retained by the Association and used for the Service while the user is using the Service provided by the Association as a Member of the Association. However, if the personal information is deleted or corrected by the Member in person in accordance with the procedures and method explained in Paragraph e above, "Matters related to management of the user's own personal information (reading, correction, deletion, etc.)", or if the Member has requested for cancellation of the membership, the information shall be fully deleted from the disk by an irreproducible method, and shall be treated in a way it is impossible to read or use it later.

And, the personal information collected for a temporary purpose as described in Paragraph c, "Items of personal information collected by the Association and the collection method" (survey, event, personal identification, etc.), shall be treated in the same way it is impossible to reproduce it later after the purpose has been achieved.

Your personal information shall be destroyed as follows in principle when the purpose the personal information is collected or provided is achieved. And, if the information is required to be preserved pursuant to the provisions of the related laws such as the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., the Association shall keep the member information for a specific period of time decided by the related law. In this case, the Association shall use the preserved information only for the purpose of preservation, and the period of preservation is as follows:

• Records related to contracts and withdrawal of subscription: 5 years
• Records related to payment and supply of goods, etc.: 5 years
• Records related to consumer complaints or settlements of disputes: 3 years

The Association shall safely handle personal information of valuable Members, and destroy personal information using the following methods in order to prevent outflow:

• Personal information printed on a paper is destroyed by pulverizing or burning it.
• Personal information saved in the form of an electronic file shall be deleted using a technical method which does not allow reproduction.

The Association uses personal information of users within the limit notified in Paragraph b, "Purpose of collection and use of personal information", and shall not use it out of the limit without obtaining prior consents of users and shall not disclose personal information of users to outside in principle. However, the followings shall be exceptions:

• When the users have agreed on the disclosure in advance;
• When it is needed for settlement of the Service charge;
• When the Member has violated the Terms of Use of the Association posted on the Web Site, or other terms of use or operation principles of other member services;
• When there are sufficient grounds for the judgment that a Member is causing mental or physical damage to another person using the Association and the personal information should be disclosed to take a legal action against the Member;
• When it is presumed to be required by the law in good faith (ex.: if it is requested by a government/investigation agency in due course pursuant to the related law);
• When the information is provided to an advertiser, a subcontractor or a research institute for compilation of statistics, academic research, or market survey in the form specific individuals are unidentifiable;
• When the personal information required for settlement of a civil complaint is provided to a specialized company that operates a customer center described in Paragraph i for settlement of a complaint or an inquiry (civil affair) related to use of the Service; or
• When the information is provided to a company contracted to carry out an event or a giveaway winner selection service after getting a prior consent of the Members with the type, purpose and period of use of the information are specified. (The detailed content related to entrustment is provided in the "Guide for Customer Center of the Association".)

And the Association may share personal information of users for development of new technology or provision of better service. In this case too, the Association shall take the process of obtaining the consents of the users after notifying them what institutions or organizations will share personal information of users, what information is required, and until when and how the information will be protected and managed, and shall not arbitrarily collect additional information or share the information if not agreed on by the users.

Personal information of users shall not be provided to the individuals or companies that request the Association to insert an advertisement for or transmit it to a certain gender or age group or other group of specific conditions, and shall be provided only in the form where specific individuals are not identifiable even when it is required for statistic processing, an academic research or a market survey.

A user can inquire about or correct his/her own personal information registered in the Association or request for cancellation of the membership as well using the Web Site of the Association at all times.

Each user should go through the procedure of checking the intention to become a member in order to create an initial ID using one of the methods selected among SMS, telephone, and official authentication. Later, when an additional ID is created, the intention to become a member can be checked using also the password of the existing ID. Also, the user can activate 'prohibition of additional ID creation', and deactivate it if an ID is additionally needed.

Users can inquire about or correct their own personal information in the member management menu of the Association Web Site after logging into the site using the ID and password, and all the input items except the ID and the name can be corrected. Also, if the password is forgotten, the user can click "Find Password" below the member log-in menu and input the basic checking items and SMS certification number as guided by the customer center, when a temporary password is notified or the password can be immediately changed.

To cancel the membership, the Member can select items and input answers to the questions as guided by the Web Site after clicking "Customer Center" on the Web Site of the Association and selecting "Cancel Membership", and then select "Complete Cancellation", when the application shall be processed based on the inputs after checking the identity of the user.

Though users may cancel the membership or withdraw the use subscription in relation to the Member ID of the Association, it does not make the users unable to use all the services but some of the services only for which log-in is required. The Association processes the personal information cancelled or deleted by the request of the user as provided in the "Retention and use period of the personal information collected by the Association" in a way it cannot be read or used for any other purpose.

The Association uses cookie method to stably provide customized services tailored to users.

When users use the Member Services and the services of the Association after connecting to and logging in the Web Site of the Association, generation of cookie is allowed. Though a cookie identifies the browser of the user, it does not personally identify the user.

The Association has established the following technical measures in order to secure safety lest personal information of users should be lost, stolen, leaked, falsified, or damaged:

The communication information between the user browser and the server is encrypted using SSL, a security solution which makes the information leaked through hacking during communication unable to be made out.

Personal information of users is thoroughly protected through encryption of the passwords. The password of a Member ID of the Association is known only by the Member and the personal information can be checked and changed only by the Member himself/herself who knows the password. Accordingly, users should not inform their passwords to any other person. For this, the Association recommends users, basically, to log out the site and close the web browser after completing use of the Service on a PC. Such a procedure is more required when the PC is shared with other persons or after using the Service in a public place (academic society, school, library, Internet game room, etc.).

The Association is making its best efforts to prevent personal information of users from flowing out or being damaged by hacking or a computer virus. The data is frequently backed up in preparation for damage of personal information; personal information or data is prevented from flowing out or being damaged using the latest vaccine program; and transmission of personal information on the network is made safe through encrypted communication using SSL certification. And unauthorized access from outside is controlled using a firewall, and the Association is making every effort to equip the system with all other possible technical devices in order to secure systematical security.

The Association is limiting the person who can handle the works related to personal information to the worker in charge, for which a separate password is given and periodically renewed, and is emphasizing observance of the Personal Information Protection Policy of the Association at all times through frequent education of the worker in charge. And the Association checks the implementation status of the Personal Information Protection Policy of the Association and whether the worker in charge is observing it or not through the in-house organization exclusively in charge of personal information, and is making efforts to immediately correct and rectify the problem, if any.

However, the Association shall take no responsibility for the problems caused by outflow of personal information such as ID, password, resident registration number, etc. resulting from carelessness of the user or a problem on the Internet.

The Association may entrust processing of users' personal information to a specialized outside company for improvement of Service. When entrusting processing of personal information to an outside company, the fact shall be notified to users in advance. Also, the entrustment contract shall clearly specify observance of the instructions given by the service provider in relation to personal information protection, secrecy in the personal information, prohibition of the information from being provided to a third party, and the liabilities when an accident occurs. The content of the relevant contract shall be kept in writing or electronically.

The Association is converging opinions of users in relation to protection of personal information, and has arranged all the procedures and methods for settlement of complaints. Users can make complaints through telephone or e-mail referring to Paragraph k, "Department, name and contact information of the manager and the person of the Association in charge of management of personal information" described below, for which the Association shall provide prompt and sufficient answers.

Or, settlement of complaints can be also applied for to the following organizations installed and operated by the government:

• Personal Information Infringement Report Center (http://www.cyberprivacy.or.kr, telephone no: 1336)
• Personal Information Dispute Mediation Committee (http://www.kopico.or.kr, telephone no.: 1336)
• Information Protection Mark Certification Committee (http://www.privacymark.or.kr, telephone no.: 82-2-580-0533)
• National Police Agency (http://www.police.go.kr)

The Association is making its best efforts to enable users to safely use helpful information. The worker in charge of management of personal information takes the responsibility when an accident occurs contrary to the matters notified to users in relation to protection of personal information.

The responsibility to maintain security for the password of the ID related to the personal information of a user lies with the relevant user himself/herself. As the Association shall never directly ask a user any question about the password in whatever way, users are requested to be particularly careful not to allow the password to flow out to a third party. More attention should be paid in particular when the user is connected to the site in a public place as described in Paragraph h, "Technical/administrative measures related to personal information". The Association has appointed the manager and the worker in charge of personal information management who gather opinions on personal information and settle complaints, and their contact information is as follows:

Manager in charge of personal information

• Name: Cho, Young Il
• Organization/Position: Korean Psychological Association / Information Director
• Telephone No.: 82-2-567-0102
• E-MAIL : kpa@kpsy.or.kr

Worker in charge of personal information

• Name: Cho, Young Il
• Organization/Position: Korean Psychological Association / Information Director
• Telephone No.: 82-2-567-0102
• E-MAIL : kpa@kpsy.or.kr

The Association is currently operating a customer center for settlement of civil complaints of customers. The operation status and contact information of the customer center are as follows:

• Working hours: 09:00 ~ 17:00
• Telephone no.: 82-2-567-0102
• Fax: 82-2-738-0105
• Registered mail: Thukseom-ro1-gil 25,Seongding-gu,Seoul, Korea
• Other inquiries: 82-2-567-0102

Should you need any other consultation on personal information, please contact the Personal Information Infringement Report Center operated by KISA (Korea Internet and Security Agency, telephone no.: 1336).

When any content of the current Personal Information Protection Policy is to be added, deleted or corrected, it will be announced 7 days prior to the revision at the latest through 'Notices' of the Web Site.

Announcement date: Dec. 26, 2012

Enforcement date: Dec. 26. 2012