Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

 

Collection and Use of Personal Information

  1. Collection and Use of Personal Information

The School collects personal information for the following purposes. The School does not use the personal information for any purpose other than that set forth herein. However, the School shall ask for consent beforehand if the purposes change.

  1. Admission Support and Education Management: Personal information is collected for the purposes in relation to applicant review for admission, admission work, learning development, research, health, field trip, sports activity, library, and all other education management provided by the School; as well as administrative tasks such as verification of self, personal identification, prevention of unqualified or unauthorized student admission, age verification, other record keeping for students.
  2. Providing Various Services: Personal information is collected for the purposes in relation to providing services such as School introduction and announcement, providing educational contents, issuing of certificates, and admission related information.
  3. Utilizing as School Material: Personal information such as photo and video are collected for the purposes of providing educational content and the creation of marketing materials for the School.
  1. Duration of Collection and Retention of Personal Information

As a general rule, once the purposes of collection and use of the personal information are achieved, it is without delay destroyed. However, the personal information may be retained under the School rule or other law and the relevant regulation of the law will be followed.

  1. Provision and Sharing of Personal Information to or with a Third Party

As a general rule, the School collects personal information within the boundaries stipulated by law and will not collect additional information outside the original boundaries or provide the information to any third party without consent, except as set out below.

  • If a consent was received in advance to provide and share the information to the third party;
  • If the information is required or requested by law or competent authority;
  • If the personal information is needed to perform the services under contract and for financial and/or technical reason it is extremely difficult to receive the usual consent; or
  • If the personal information is changed so that it is impossible to identify a particular individual.
  1. Outsourcing of Processing of Personal Information

As a general rule, the School does not outsource any processing of personal information to others without the student and/or parent’s consent. However, the School is outsourcing the personal information for the purpose of providing services such as bus, meal, tuition payment, and etc. as below.

Outsourced TasksThird-party Service ProvidersDuration of Retention and Use
BusDongYeong TourEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
School CafeteriaW CateringEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
Security

ID Card Issuance

ADTEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
Acting as an agent for payment receiptKorea Exchange Bank (KEB)Either until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
ManageBac OpenApplyFaria Systems LLCEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
Travel AgencyAdventure KoreaEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
Library Management SystemFollett

Cengage Learning

Either until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
International Schools’ AssessmentAustralian Council for Educational ResearchEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
MAP AssessmentsNorthwest Evaluation AssociationEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
IB Testing BoardInternational BaccalaureateEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.
Educational AccreditationWASC and CISEither until the completion of the purpose of collection or the expiry of the duration of outsourcing service contract.

When contracted for outsourcing, the School will abide by the Personal Information Protection Act to generate a written document regarding responsibilities of management and compensation for damages such as the boundary and purpose of the outsourcing work performance, prohibition of collecting personal information beyond the given boundary, technical/managerial protection action, re-outsourcing restriction, safety securing action, and examination of current personal information management condition; the School educates and manages the third-party service providers to securely manage the personal information.

  1. The Rights, Responsibilities, and Methods of Action of the Owner of Information

As the owner of personal information, the students and parents can exert the following rights.

  1. Request to access its personal information

According to the Personal Information Protection Act Article 35, you may request to access personal information files. However, upon the request to access personal information, the access may be restricted under the Article 35-5 of the law. We may refuse to satisfy your request:

  • If the access is prohibited by any law or regulation;
  • If there is apprehension that life/body of any other person may be harmed or that the property and other interest of any other person may be unjustly infringed upon;
  1. Request to modify/remove personal information

You may request modification or removal of your personal information file(s) to the School under the Personal Information Protection Act Article 36. However, your request may be restricted if your personal information is required to be kept in storage pursuant to applicable law or regulation.

  • If the modification/removal is prohibited by any law or regulation;
  • If the handling of personal information is inevitable to perform obligations in compliance with applicable law or regulation; or
  • If, without handling the personal information, it is impossible to perform a contract with the customer (such as a contract for provision of service), where the customer has not expressly made it clear that he/she intends to terminate the contract.
  1. Destruction of Personal Information

As a general rule, once the purposes of collection and use of the personal information are achieved, the School destroys your personal information without delay. The following are the process, duration, and method of destruction.

  • Process of Destruction

Once the purposes of information entered by the user are achieved, the information will be transferred to a different database (hard copy information will be transferred to a different file). The information will then be either kept on file for a certain period of time prescribed in internal policies or applicable laws or be destroyed without delay. The personal information, which was transferred to a different database, will not be used for any other purposes unless required by law.

  • Duration of Destruction

Once the personal information retention period expires, the personal information of the user will be destroyed within five (5) days of the retention expiration date. When the retention of personal information become no longer necessary due to achievement of personal information collection purposes, discontinuance of relevant service, closure of business, etc., the personal information will be destroyed within five (5) days of the date that the personal information is recognized to be unnecessary.

  • Method of Destruction

Information in the form of electronic file will be destroyed by technical means making the records non reproducible. Personal information printed on paper will be destroyed by shredding or incinerating the paper documents.

  1. Safeguards to Protect Personal Information

Under the Article 29 of the Personal Information Protection Act, the school takes the following technical/managerial as well as physical safeguards to ensure security of your personal information.

  1. Minimization and Training of Employees who handle Personal Information: The School designates and limits the number of employees who handle personal information to manage the personal information.
  2. Establishment and Enforcement of Internal Management Plan: In order to securely collect personal information, the School establishes and enforces the internal management plan.
  3. Technical Anti-hacking Measures: To prevent leak and/or damage of your personal information as a result of intrusion to our information such as hacking, computer virus, etc., the School operates intrusion detection firewall systems, performs periodic update/inspection, and installs systems in the areas where the outsiders have no access to monitor and block them technically and physically.
  4. Encryption of Personal Information: The School grants, modifies, and cancels the access authority of the database system that collects personal information. We also block unauthorized access from the outside using the firewall system.
  5. Restriction of Unauthorized Access: The School stores personal information in a physically separated space and restricts its access.
  1. Filming of CCTV

The School installs signboards regarding CCTV so the owner of personal information can easily recognize the CCTV installed and managed by the School under the Personal Information Protection Act.

Collection and Use of Personal Information

Frequently Asked Questions

  1. Why do I have to complete and submit this form?

To comply with Korean Personal Information Protection Act (PIPA) Law

  1. How often do I have to complete this form?

Once a year

  1. Can I change my privacy setting in the future?

Yes.

  1. What are the repercussions that might occur if I don’t agree to your Collection and Use of Personal Information?

The school’s ability to communicate with parents and provide services will be greatly hindered.

  1. Who do I contact if I have any questions?

Initial point of contact:

BIFS’ PIPA Officer is Mr. Kevin Baker, Head of School.

  1. What information is used by third-party service providers?
Outsourced TasksThird-party Service ProvidersInformation Used
BusDongYeong TourStudent residence information, Parents contact information
School CafeteriaW CateringStudent name
Security

ID Card Issuance

ADTStudent name and photo, Parents’ car registration number and contact information
Acting as an agent for payment receiptKorea Exchange Bank (KEB)Student name
ManageBac OpenApplyFaria Systems LLCStudent demographic and academic information, Parents’ contact information
Travel AgencyAdventure KoreaStudent demographic and passport information
Library Management SystemFollett

Cengage Learning

Student demographic information and photo
International Schools’ AssessmentAustralian Council for Educational ResearchStudent demographic and academic information
MAP AssessmentsNorthwest Evaluation AssociationStudent demographic and academic information
IB Testing BoardInternational BaccalaureateStudent demographic and academic information
Educational AccreditationWASC and CISStudent demographic and academic information

 

What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, social security number or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, respond to a survey, fill out a form or enter information on our site.

 

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

      To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
      To improve our website in order to better serve you.
      To allow us to better service you in responding to your customer service requests.
      To ask for ratings and reviews of services or products
      To follow up with them after correspondence (live chat, email or phone inquiries)

 

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
For your convenience we may store your credit card information longer than 30 days in order to expedite future orders, and to automate the billing process.

 

Do we use ‘cookies’?
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We use cookies to:
      Help remember and process the items in the shopping cart.
      Understand and save user’s preferences for future visits.
      Keep track of advertisements.
      Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.It won’t affect the user’s experience that make your site experience more efficient and may not function properly.

 

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

 

Third-party links
We do not include or offer third-party products or services on our website.

 

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Google AdSense Advertising on our website.
Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.
We have implemented the following:
      Remarketing with Google AdSense
      Google Display Network Impression Reporting
      Demographics and Interests Reporting
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

 

California Online Privacy Protection Act

 

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes:
      On our Privacy Policy Page
Can change your personal information:
      By emailing us
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we allow third-party behavioral tracking

 

COPPA (Children Online Privacy Protection Act)

 

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

 

Fair Information Practices

 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
      Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

 

CAN SPAM Act

 

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:
      Send information, respond to inquiries, and/or other requests or questions
      Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
      Not use false or misleading subjects or email addresses.
      Identify the message as an advertisement in some reasonable way.
      Include the physical address of our business or site headquarters.
      Monitor third-party email marketing services for compliance, if one is used.
      Honor opt-out/unsubscribe requests quickly.
      Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at
      Follow the instructions at the bottom of each email.

and we will promptly remove you from ALL correspondence.



Contacting Us

 

If there are any questions regarding this privacy policy, you may contact us using the information below.

bifskorea.org
50 Gijang-daero, Gijang-eup, Gijang-gun,

Busan, Busan 46081

South Korea
it@bifskorea.org
+82 51 742 3332
Last Edited on 2017-02-23