Gwangandaegyo Bridge

Privacy Policy

Guidelines for Handling Personal Information

Busan Metropolitan City (hereinafter, the “City”) has established a personal information processing and handling policy as follows, (the “Policy”) in accordance with The Personal Information Protection Act, Article 30, to protect the rights and interests of the users of the City’s services and to handle any problems that the users may face in respect to their personal information.

Article 1 (Purposes of Handling Personal Information)

① The City shall collect and retain personal information for the following purposes: public administrative services, handling civil affairs, and jurisdictional performance

② Your personal information processed by the City will not be used for any purpose other than the purposes specified herein, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.

Article 2 (Period for Handling and Retaining Personal Information)

① The City handles and retains personal information during the period permitted by law or agreed on by the data subject upon collection of his/her personal information

② Period for handling and retaining personal information by Busan Metropolitan City: View Personal Information File

※ For more details about items registered in the personal information files of the City, please access the personal information protection portal of the Ministry of the Interior and Safety at → click “Personal information inquiries” → click “Request access to personal information” → and use “Search the list of personal information files” menu → Search for “Busan Metropolitan City” (Only in Korean)

Article 3 (Itemization of Personal Information)

① The City collects and processes the minimum amount of personal information necessary to attain the purpose of the collection and retention of personal information.

② The following information may be automatically generated and collected in the process of using the service or handling personal information:
- IP address, cookies, MAC address, access details, service access log, error log, device information, etc.

③ The City shall collect personal information under applicable laws and regulations and by the consent procedure according to the Personal Information Handling Policy. The City shall record the following personal information items under Article 32 of the Personal Information Protection Act: View personal information files (Only in Korean)

Article 4 (Provision of Personal Information to a Third Party)

The City does not provide personal information collected and retained thereby, to any third party without the relevant user’s consent, except in the following cases:

1. Where additional consent is obtained from the data subject;

2. Where special provisions exist in other laws;

3. Where it deems necessary, explicitly for protection from impending danger, of life, body or economic profits of the data subject or third party in cases where the data subject or his/her legal representative is not in a position to express intention, or prior consent cannot be obtained owing to unknown addresses;

4. Where personal information is provided in a manner that keeps a specific individual unidentifiable necessarily for the purposes of statistics and academic research, etc.;

5. Where it is impossible to perform the duties under its jurisdiction as provided for in any Act unless the personal information controller uses personal information for other purposes than the intended one, or provides it to a third party, and it is subject to the deliberation and resolution of the Commission;

6. Where it is necessary to provide personal information to a foreign government or international organization to perform a treaty or other international convention;

7. Where it is necessary for the investigation of a crime, indictment and prosecution;

8. Where it is necessary for the court to proceed with a case;

9. Where it is necessary for punishment, and enforcement of care and custody.

Article 4-2 (Additional Use and Provision of Personal Information)

The city shall use or provide personal information collected without the consent of the data subject in the following cases in accordance with Article 14-2 of the enforcement decree of the Personal Information Protection Act.

1. Where it is reasonably related to the original purpose for which the personal information was collected;

2. Where additional use or provision of personal information is foreseeable in light of the circumstances under which the personal information was collected and processing practices;

3. Where additional use or provision of personal information does not unfairly infringe on the interests of the data subject;

4. Where the measures required to ensure security such as pseudonymization or encryption have been taken.

Article 5 (Outsourcing of Handling Personal Information)

① When the City signs an outsourcing contract, the City stipulates the prohibition of personal information processing for purposes other than agreed upon purposes, technical and administrative protective measures, purpose and scope of the work outsourced, restriction of re-outsourcing, control and supervision over the outsourcing provider, and matters on responsibilities, such as damage compensation in documentation, such as a contract, and also monitor whether the outsourcing provider processes personal information safely.

② The City outsources part of the service as below to provide and enhance its services and to ensure safe management of personal information.
View the state of outsourced personal information (Only in Korean)

Article 6 (Measures to Secure Safety of Personal Information)

The City takes the following technical, administrative and physical measures needed to ensure the safety of personal information.

1. Establish and implement an internal management plan to safely handle personal information.

2. Restriction of access rights to personal information

3. Establish and implement preventive measures against unauthorized access and infringements over information and communication networks

4. Use of encryption when transmitting or storing personally identifiable information, password, bio-information over information and communication networks

5. Storage of Access Records and Prevention of Forging or Falsifying Logs
The City stores and manages records of access to personal information systems for at least 6 months and uses security programs to prevent such access of records from being forged or falsified, stolen or lost. Includes regular internal audits

6. Installation and updating of security programs.

7. Use of Locking Device to Secure Documents
The City keeps documents and storage devices in a safe place where locking devices are installed.

8. Control of Unauthorized Access
The City has a storage location where personal information is physically stored, and establishes and implements a process of controlling access to such places.

9. Prepare disaster preparedness and response plan and inspect regularly to protect personal information processing system

10. When any personal information becomes no longer necessary, including through expiration of the retention period or fulfillment of its purposes, the City shall operate to secure the permanent disposal of personal information.

Article 7 (Automatic Collection, Operation and Refusal of Personal Information)

① The City uses cookies to store information on users to provide personalized and customized services to users.

② Cookies are small text files that are placed on your computer by websites that your visit

1. Purpose of using cookies: The website uses some cookies to provide optimized information to users, by finding out the type of access and use of our website by users, popular search words, whether secure socket layers are used, as well as for editing of news, size of users etc.

2. Most browsers allow you to refuse to accept cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and Selecting, “Block all cookies” using the sliding selector.

3. If you block cookies, you may not be able to use certain features on the website.

4. Cookies are automatically cancelled when closing the browser, or logging out.

Article 8 (Destruction/disposal of Personal Information)

① When any of the personal information becomes no longer necessary, including through expiration of the retention period or fulfillment of its purposes, the City will dispose of such personal information without delay.

② Although the retention period has expired or its purposes are achieved, if the personal information is subject to be preserved under other laws, it will be stored in a separate database (DB).

③ The process and methods of disposal of personal information are as follows:

1. Disposal Process
The City identifies personal information that needs to be destroyed, and after obtaining approval of the City’s Chief Privacy Officer, destroys such information.

2. Disposal Method
Information in electronic form will be destroyed using technical tools so as to make sure that such information will not be reproduced.
Information in paper form will be destroyed by shredding it with a paper shredder or incinerated.

Article 9 (The rights and obligations of data subjects and legal representatives, and how to exercise the rights)

① As the subject of the personal information, a user is entitled to request access to their personal information, correction of any errors, deletion of information, suspension of his/her own personal information processing with the City.

② The rights referred to in paragraph 1 above may be exercised by completing Form 8 of the Enforcement Rule of the Personal Information Protection Act and submitting to the City as a hard copy or by email or facsimile. The City will immediately take action upon receipt of such request.

③ The rights referred to in pragraph 1 above may be exercised by a legal agent or an authorized representative or the user themselves. In such a case, power of attorney as provided in Form 11 of the Enforcement Regulation of the Personal Information Protection Act must be submitted to the City.

④ Where a user requests permission to inspect his/her personal information or requests the City to suspend handling personal information, his/her rights may be limited in the following cases under Article 35 (4) or 37 (2) of the Personal Information Protection Act.

⑤ No user may request the City to delete his/her personal information where such personal information is clearly specified as information subject to collection under any statute.

⑥ Upon receipt of a request to inspect, correct, or delete personal information or a request to suspend handling personal information, the City will verify whether the requesting person is the actual user or his/her legitimate representative.

Article 10 (Request to Review Personal Information)

① Users as data subjects may contact the following division to request for a review of their personal information. The City will do its best to handle such requests as promptly as possible.

Division for Application: General Civil Affairs Division
Phone: (051)888-1481~5 (One-stop Service)
Division in Charge: Division retaining personal information file

② The information provider may ask for access to personal information via the website of the personal information protection portal of the Ministry of the Interior and Safety (, in addition to filing the request to the responsible department, etc. as stated in paragraph 1 above.

▶ Access the personal information protection portal of the Ministry of the Interior and Safety → Go to “Personal information inquiries” → Click “Demand access to personal information” (real-name verification required through Internet personal identification number) (Only in Korean)

Article 11 (Remedy for Infringement of Rights and Interests of Users)

①A user may inquire at the following institutes regarding remedy of damages arising from infringement of personal information, if not fully satisfied with the service of the City in handling complaints related to personal information.

▶ Personal Information Infringement Notification Center (operated by Korea Internet & Security Agency)

  • What they do: Take reports on infringement of personal information and provide counseling services in relation thereto
  • Website:
  • Phone: 118 (without area code)

▶ Personal Information Dispute Mediation Committee

  • What they do: Receive applications for mediation of personal information-related disputes and mediate such disputes (civil resolution)
  • Website:
  • Phone: 1833-6972 (without area code)

▶Cybercrime Investigation Department of the Supreme Prosecutors’ Office: 02-3480-3573 (

▶Korean National Police Agency Cyber Bureau: 182 (

Article 12 (Chief Privacy Officer)

In order to ensure the legality of personal information and the appropriateness of procedures to protect citizens’ rights and interests, and to properly perform public services, the Busan Metropolitan City appoints one of its personnel as the officer in charge of protecting personal information as follows: for any questions or inquiry about personal information retained by the Busan Metropolitan City and the policy on the protection of personal information, please do not hesitate to contact us by any of the following means:

Article 12 (Chief Privacy Officer) : Name and Divison, Info
Name and Divison Info
Chief Privacy Officer Kim Bongcheol, Director General of Administrative Management Bureau Tel. 051-888-2381
Fax. 051-888-2359
Person in Charge of Handling Personal Information
  • Jung Yu-mi, Information Policy Division
  • Mun Jong-hun, Information Policy Division

Article 13 (Amending Privacy Policy)