Collection and Use of Personal Information
- Collection and Use of Personal Information
The School collects personal information for the following purposes. The School does not use the personal information for any purpose other than that set forth herein. However, the School shall ask for consent beforehand if the purposes change.
- Admission Support and Education Management: Personal information is collected for the purposes in relation to applicant review for admission, admission work, learning development, research, health, field trip, sports activity, library, and all other education management provided by the School; as well as administrative tasks such as verification of self, personal identification, prevention of unqualified or unauthorized student admission, age verification, other record keeping for students.
- Providing Various Services: Personal information is collected for the purposes in relation to providing services such as School introduction and announcement, providing educational contents, issuing of certificates, and admission related information.
- Utilizing as School Material: Personal information such as photo and video are collected for the purposes of providing educational content and the creation of marketing materials for the School.
- Duration of Collection and Retention of Personal Information
As a general rule, once the purposes of collection and use of the personal information are achieved, it is without delay destroyed. However, the personal information may be retained under the School rule or other law and the relevant regulation of the law will be followed.
- Provision and Sharing of Personal Information to or with a Third Party
As a general rule, the School collects personal information within the boundaries stipulated by law and will not collect additional information outside the original boundaries or provide the information to any third party without consent, except as set out below.
- If a consent was received in advance to provide and share the information to the third party;
- If the information is required or requested by law or competent authority;
- If the personal information is needed to perform the services under contract and for financial and/or technical reason it is extremely difficult to receive the usual consent; or
- If the personal information is changed so that it is impossible to identify a particular individual.
- Outsourcing of Processing of Personal Information
As a general rule, the School does not outsource any processing of personal information to others without the student and/or parent’s consent. However, the School is outsourcing the personal information for the purpose of providing services such as bus, meal, tuition payment, and etc. as below.
|Outsourced Tasks||Third-party Service Providers||Duration of Retention and Use|
|Bus||DongYeong Tour||Either until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.|
|School Cafeteria||W Catering||Either until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.|
ID Card Issuance
|ADT||Either until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.|
|Acting as an agent for payment receipt||Korea Exchange Bank (KEB)|
|ManageBac OpenApply||Faria Systems LLC|
|Travel Agency||Adventure Korea|
|Library Management System||Follett|
|International Schools’ Assessment||Australian Council for Educational Research|
|MAP Assessments||Northwest Evaluation Association|
|IB Testing Board||International Baccalaureate|
|Educational Accreditation||WASC and CIS|
When contracted for outsourcing, the School will abide by the Personal Information Protection Act to generate a written document regarding responsibilities of management and compensation for damages such as the boundary and purpose of the outsourcing work performance, prohibition of collecting personal information beyond the given boundary, technical/managerial protection action, re-outsourcing restriction, safety securing action, and examination of current personal information management condition; the School educates and manages the third-party service providers to securely manage the personal information.
- The Rights, Responsibilities, and Methods of Action of the Owner of Information
As the owner of personal information, the students and parents can exert the following rights.
- Request to access its personal information
According to the Personal Information Protection Act Article 35, you may request to access personal information files. However, upon the request to access personal information, the access may be restricted under the Article 35-5 of the law. We may refuse to satisfy your request:
- If the access is prohibited by any law or regulation;
- If there is apprehension that life/body of any other person may be harmed or that the property and other interest of any other person may be unjustly infringed upon;
- Request to modify/remove personal information
You may request modification or removal of your personal information file(s) to the School under the Personal Information Protection Act Article 36. However, your request may be restricted if your personal information is required to be kept in storage pursuant to applicable law or regulation.
- If the modification/removal is prohibited by any law or regulation;
- If the handling of personal information is inevitable to perform obligations in compliance with applicable law or regulation; or
- If, without handling the personal information, it is impossible to perform a contract with the customer (such as a contract for provision of service), where the customer has not expressly made it clear that he/she intends to terminate the contract.
- Destruction of Personal Information
As a general rule, once the purposes of collection and use of the personal information are achieved, the School destroys your personal information without delay. The following are the process, duration, and method of destruction.
- Process of Destruction
Once the purposes of information entered by the user are achieved, the information will be transferred to a different database (hard copy information will be transferred to a different file). The information will then be either kept on file for a certain period of time prescribed in internal policies or applicable laws or be destroyed without delay. The personal information, which was transferred to a different database, will not be used for any other purposes unless required by law.
- Duration of Destruction
Once the personal information retention period expires, the personal information of the user will be destroyed within five (5) days of the retention expiration date. When the retention of personal information become no longer necessary due to achievement of personal information collection purposes, discontinuance of relevant service, closure of business, etc., the personal information will be destroyed within five (5) days of the date that the personal information is recognized to be unnecessary.
- Method of Destruction
Information in the form of electronic file will be destroyed by technical means making the records non reproducible. Personal information printed on paper will be destroyed by shredding or incinerating the paper documents.
- Safeguards to Protect Personal Information
Under the Article 29 of the Personal Information Protection Act, the school takes the following technical/managerial as well as physical safeguards to ensure security of your personal information.
- Minimization and Training of Employees who handle Personal Information: The School designates and limits the number of employees who handle personal information to manage the personal information.
- Establishment and Enforcement of Internal Management Plan: In order to securely collect personal information, the School establishes and enforces the internal management plan.
- Technical Anti-hacking Measures: To prevent leak and/or damage of your personal information as a result of intrusion to our information such as hacking, computer virus, etc., the School operates intrusion detection firewall systems, performs periodic update/inspection, and installs systems in the areas where the outsiders have no access to monitor and block them technically and physically.
- Encryption of Personal Information: The School grants, modifies, and cancels the access authority of the database system that collects personal information. We also block unauthorized access from the outside using the firewall system.
- Restriction of Unauthorized Access: The School stores personal information in a physically separated space and restricts its access.
- Filming of CCTV
The School installs signboards regarding CCTV so the owner of personal information can easily recognize the CCTV installed and managed by the School under the Personal Information Protection Act.
Collection and Use of Personal Information
Frequently Asked Questions
- Why do I have to complete and submit this form?
To comply with Korean Personal Information Protection Act (PIPA) Law
- How often do I have to complete this form?
Once a year
- Can I change my privacy setting in the future?
- What are the repercussions that might occur if I don’t agree to your Collection and Use of Personal Information?
The school’s ability to communicate with parents and provide services will be greatly hindered.
- Who do I contact if I have any questions?
Initial point of contact:
BIFS’ PIPA Officer is Mr. Kevin Baker, Head of School.
- What information is used by third-party service providers?
|Outsourced Tasks||Third-party Service Providers||Information Used|
|Bus||DongYeong Tour||Student residence information, Parents contact information|
|School Cafeteria||W Catering||Student name|
ID Card Issuance
|ADT||Student name and photo, Parents’ car registration number and contact information|
|Acting as an agent for payment receipt||Korea Exchange Bank (KEB)||Student name|
|ManageBac OpenApply||Faria Systems LLC||Student demographic and academic information, Parents’ contact information|
|Travel Agency||Adventure Korea||Student demographic and passport information|
|Library Management System||Follett|
|Student demographic information and photo|
|International Schools’ Assessment||Australian Council for Educational Research||Student demographic and academic information|
|MAP Assessments||Northwest Evaluation Association||Student demographic and academic information|
|IB Testing Board||International Baccalaureate||Student demographic and academic information|
|Educational Accreditation||WASC and CIS||Student demographic and academic information|
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
If at any time you would like to unsubscribe from receiving future emails, you can email us at
and we will promptly remove you from ALL correspondence.
Busan, Busan 46081