Privacy Policy of Korea Customs Service
The Korea Customs Service (hereinafter referred to as “KCS”) establishes and discloses the following Privacy Policy to protect the personal information of data subjects and handle related complaints swiftly and smoothly pursuant to Article 30 of the Personal Information Protection Act.
A Table of Contents
Article 1 (The Purposes for which Personal Information is Processed)
① The KCS processes the minimum amount of personal information required to provide public services, handle civil complaints, and perform the related work.
② Details regarding the purposes for which the KCS processes personal information may be found on the personal information protection portal (www.privacy.go.kr) of Personal Information Protection Commission.
1. Go to the website( www.privacy.go.kr )
2. Click ‘Service for individuals’ ⇒ ‘Requests for Access, etc.’ ⇒ ‘Search a list of personal information files’
3. Enter ‘Korea Customs Service’ in the Agency Name field
A list of personal information files operated by Korea Customs Service
Article 2 (The Period for Processing and Retaining Personal Information)
① The KCS shall process and retain personal information within the retention and use period pursuant to statutes and regulations or the period consented by the data subject at the time of collection.
1. Below are the personal information files processed by KCS with consent of the data subject:
2. The personal information that does not fall under the above paragraph shall be collected and used in accordance with statutes or regulations including the Customs Act, and the relevant details may be found on the link for a list of personal information files below:
A list of personal information files operated by Korea Customs Service
② Details regarding the types of personal information processed by the KCS and their retention periods may be found on the personal information protection portal (www.privacy.go.kr) of the Personal Information Protection Commission.
Article 3 (Provision of Personal Information to a Third Party)
① The KCS shall provide personal information to a third party only when cases fall under the Article 17 and 18 of Personal Information Protection Act including consent with the data subject and special provisions existing in statutes:
- 「 * Article 17 of the Personal Information Protection Act 」
- 1. Where consent is obtained from a data subject;
- 2. Where the personal information is provided within the scope of purposes for which it is collected pursuant to Articles 15 (1) 2, 3, and 5 through 7.
- 「 * Article 18 of the Personal Information Protection Act 」
- 1. Where a separate consent is obtained from data subject;
- 2. Where special provisions exist in other statutes;
- 3. Where it is deemed manifestly necessary for the protection, from imminent danger, of life, bodily and property interests of a data subject or a third party as a data subject or a legal representative cannot express his or her intention or it is impossible to obtain its prior consent because of “address unknown”;
- 4. Deleted;
- 5. Where it is impossible to perform the work under its jurisdiction as provided in other statutes, unless the personal information controller repurposes personal information or provides it to a third party, and it is subject to the deliberation and resolution by the Commission;
- 6. Where it is necessary to provide personal information to a foreign government or international organization to perform a treaty or other international convention;
- 7. Where it is necessary for the investigation of a crime, institution and maintenance of a prosecution;
- 8. Where it is necessary for a court to proceed with trial-related work;
- 9. Where it is necessary for the enforcement of punishment, probation and custody;
- 10. Where it is urgently necessary for the public safety and security, public health, etc.
② The KCS provides the personal information to the third party as follows:
1. Go to the website www.privacy.go.kr
2. Click ‘Service for individuals’ ⇒ ‘Requests for Access, etc.’ ⇒ ‘Search a list of personal information files’
3. Enter ‘Korea Customs Service’ in the Agency Name field and click the ‘Search’ button
4. Download the excel file (Personal_Information_List.xlsx) and refer to the item ‘Personal Information Controller if the Personal Information is Provided Routinely or Repetitively’
Article 4 (Entrusting Personal Information Processing)
① The KCS entrusts the processing of personal information to external service providers to facilitate the work as follows :
| Entrusted Work | Person Entrusted | Details of the Entrusted Work |
|---|---|---|
| 1. Operation of UNI-PASS (KCS’s electronic Customs clearance system) | KCITS | Operation of UNI-PASS (exports and imports clearance system included) and its Technical Support Center |
| 2. Maintenance of UNI-PASS | KCNET Co., Ltd | Maintenance of UNI-PASS |
| 3. Telephone Counseling Service from the Customs Customer Service Center | KTCS Co., Ltd | Telephone Counseling Service for all customs administration fields of the KCS |
| 4. Maintenance of the Internal Information System | IWAVE Co., Ltd | Work related to the maintenance of the Internal Information System |
| 5. Maintenance of Data Analysis System | DATAWORLD Co., Ltd | Work related to the maintenance of the Data Analysis System |
| 6. Maintenance of Homepage System | KCNET Co., Ltd | Work related to the maintenance of Homepage System |
| 7. Maintenance of PC/Security/Network | INOSOLUTECH Co., Ltd | Work related to the maintenance of PC/Security/Network |
| 8. Maintenance of Big Data Platform | KCNET Co., Ltd | Maintenance of Big Data Platform |
| 9. Maintenance of Traveler Information System | LEADIT Co., Ltd | Maintenance of an integrated Traveler Information System |
| 10. A Project to build a Clearance Platform for E-Commerce | SAMSUNG SDS Co., Ltd | Building a Clearance Platform for E-Commerce |
② In accordance with Article 26 of the Personal Information Protection Act, the KCS shall stipulate in a document including contract the terms such as prohibition of processing for purposes other than the entrusted work, technical and administrative safeguards, restriction on re-entrustment, management and supervision of the person entrusted, and liabilities including compensation for damages.
③ Any changes to the contents of the entrusted work or person entrusted will be disclosed without delay through this privacy policy.
Article 5 (The Rights and Obligations of a Data Subject and Legal Representative and How to Exercise such Rights)
① A data subject may exercise the following rights regarding personal information retained by the KCS at any time:
1. Access to Personal Information
- A data subject may request to access to personal information files retained by the KCS pursuant to Article 35 (Access to Personal Information) of the Personal Information Protection Act. Provided, That request to access to personal information may be limited pursuant to the Article 35 (4).
2. Correction or Erasure of Personal Information
- A data subject may request a correction or erasure of the personal information files retained by the KCS pursuant to Article 36 (Correction or Erasure of Personal Information) of the Personal Information Protection Act. Provided, That erasure is not permitted where the said personal information shall be collected by other statutes or regulations.
3. Suspension of Processing of Personal Information
- A data subject may request a suspension of processing of the personal information files retained by the KCS pursuant to Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act. Provided, That request may be denied by the personal information controller pursuant to Article 37 (2) of the Same Act.
Procedure and Method for Raising an Objection
4. Procedure and Method for Raising an Objection
- A data subject may prepare a written objection to file an objection against a manager in the department in charge if there is any grievance or objection for the measures taken regarding access to personal information, correction and erasure, and suspension of processing of personal information.
② You may exercise the rights under the paragraph 1 on the portal of Personal Information Protection Commission or directly to the division in charge of the KCS as follows:
- 1) ‘Personal Information Portal’ of the Personal Information Protection Commission
- Comprehensive Personal Information Protection Portal (www.privacy.go.kr) → Service for Individuals → The Exercise of Rights of Data Subjects → Requests for Access, etc. (I-PIN or identity verification process via mobile phone is required)
- 2) The Division in Charge
- ICT and Data Management Division (Manager : Lee Doo-nam)
- Contact Information : Tel) +82 042-481-7703, Email) dlenska@korea.kr, FAX) 042-481-7779
③ In case that a data subject requests correction or erasure due to errors, the KCS shall not use or provide personal information until the matter is resolved.
④ The rights may be exercised through a representative including his or her legal representative or a delegated person of data subject. In this case, a Power Of Attorney (POA) shall be submitted according to appendix No.11 form of Public Notice on the Method of Processing Personal Information.
⑤ The KCS may contact a person who requests for access, etc., including request for, correction and erasure, and suspension of processing according to the rights of data subject to verify whether a person who makes the request is the person in question or a delegated person. If the verification is denied or it is impossible to get in touch with, the requests for access, etc. may be declined.
Article 6 (Installation and Operation of an Automatic Collection Tool for Personal Information and the Denial thereof)
① The following personal information may be automatically generated and collected in the process of using Internet service :
- IP address, cookies, service usage records, visit records, and records of improper use, etc.
a. An automatic collection through cookies may be rejected by adjusting browser settings. Note that the rejection may affect service availability.
b. To block cookies, select ”Tools” on the upper side of web browser → "Settings" → Setting the option on the menu of "Cookies and Site Permission".
Article 7 (Destruction of Personal Information)
① The KCS shall destroy personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, and attainment of the purpose of processing the personal information, etc.
② Provided, That this shall not apply where the retention of such personal information is mandatory by other statutes or regulations. In this case, the relevant personal information or personal information files shall be stored and managed in a separate database (DB) or another place.
③ The process and method of destroying personal information are as follows :
1. Destruction Process
The KCS shall establish a destruction plan before destroying the personal information (or personal information files). The personal information controller shall select the personal information (or personal information files) that needs to be destroyed for reasons and get approval from a privacy officer before destroying it.
2. Destruction Method
The KCS shall destroy the personal information that is recorded and stored in electronic files in a way that can not be re-generated and the information on paper documents shall be shredded or incinerated.
Article 8 (Measures to Ensure Safety of Personal Information)
① The KCS shall take the following measures to ensure safety of personal information:
1. Minimizing the Number of Employees Handling Personal Information and Training
- We designate and manage an employee handling personal information as many as it is necessary and conduct a training for safe management.
2. Restriction on Access to Personal Information
- We are implementing necessary measures such as granting, altering, erasing of the authorization to access the system handling personal information to control access the information, and an Intrusion Prevention System is utilized to control unauthorized external access.
3. Preserving Access Records
- We preserve and manage access records in the system handling personal information for over one year (two years if the information of more than 50,000 people is handled OR Personally Identifiable Information or sensitive information is included)
4. Encryption of Personal Information
- Personal information is being safely stored and managed through encryption, etc. In addition, we use separate security functions such as using an important data after encryption to store and transmit it.
5. Installation of Security Program and its Periodic Inspection and Updates
- We install a security program and regularly inspect and update it to ensure that personal information should not be divulged and damaged by hacking and computer viruses, etc.
6. Control of Access on an Unauthorized Person
- A physical location for the system storing and handling personal information is separately secured and we establish and operate the relevant procedures to control access.
7. Conducting a Regular Inspection
- We conduct a regular inspection of the status and practices for personal information protection and management including affiliated organization(s) to ensure safety related to the information processing.
8. Establishment and Implementation of an Internal Management Plan
- We establish and implement an internal management plan for the safe handling of personal information.
Article 9 (Privacy Officers of Personal Information)
① The KCS shall designate a privacy officer who has general supervision and control of the work related to processing personal information, handling grievances of the relevant data subject and remedying damages as follows:
The person in charge
- Name : Ha Yoo-jung
- Title : Director of Information and Data Policy
- Position : Senior Executive in general service
- e-mail : retty95@korea.kr
The division in charge
- Partname : ICT and Data Management Division
- The person in charge : Lee Doo-nam
- Contact information : Tel) 042-481-7703, e-mail) dlenska@korea.kr, FAX) 042-481-7979
② A data subject may inquire of the division above all matters regarding protection of personal information, handling grievances and remedying damages while using the service (or project) provided by the KCS. The personal information controller shall handle and reply to the inquiry of data subject without delay.
Article 10 (Measures to Remedy the Breach of the Rights and Interests)
① A data subject shall inquire of the following institutions damage relief for the breach on personal information and consultation, etc. It is possible to inquire of the institutions separate from the KCS if the handling grievances and damage relief of the personal information controller are not satisfactory or a more detailed help is needed.
- 1. Personal Information Infringement Report Center (KISA) : Call 118 (with a area code) (https://privacy.kisa.or.kr)
- 2. Personal Information Dispute Mediation Committee : Call 1833-6972 (without a area code) (https://www.kopico.go.kr)
- 3. Cyber Investigation Division of Supreme Prosecutor’s Office : Call 1301 (without a area code) (http://www.spo.go.kr)
- 4. Electronic Cybercrime Report & Management System of Korean National Police Agency : Call 182 (without a area code) (https://ecrm.police.go.kr)
② For the request by the provisions of the Article 35 (Access to Personal Information), 36 (Correction or Erasure of Personal Information), 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, a person whose rights and interests are damaged by the dispositions of a head of public institution or omission may request an administrative appeals pursuant to the Administrative Appeals Act.
Central Administrative Appeals Commission : Call 110 (without area code) (www.simpan.go.kr)
Article 11 (Standard on Additional Use and Provision of Personal Information)
① The KCS shall not use or provide personal information beyond the original purpose for which it was collected. However, the KCS may additionally use or provide the collected personal information pursuant to Article 15 (3) and Article 17 (4) of the Personal Information Protection Act while ensuring that it does not unfairly infringe on the interests of data subject by considering the standards specified in Article 14 (2) of the Enforcement Decree of the Personal Information Protection Act:
-
- 「 Article 14 (2) of the Enforcement Decree of the Personal Information Protection Act 」
- 1. Whether it is reasonably related to the original purpose for which the personal information was collected;
- 2. Whether additional use or provision of personal information is foreseeable in light of the circumstances under which the personal information was collected and processing practices;
- 3. Whether additional use or provision of personal information does not unfairly infringe on the interests of the data subject;
- 4. Whether the measures required to ensure safety such as pseudonymization or encryption have been taken.
Article 12 (Installation and Operation of Fixed Visual Data Processing Devices)① In accordance with Article 25 and Article 25-2 of the Personal Information Protection Act, the KCS shall establish a “policy to operate and manage fixed visual data processing devices” as follows.
② You can find the policy above of affiliated institutions in their websites.
Article 13 (Change of the Privacy Policy)This Privacy Policy shall begin to apply from September 00, 2025.
Change of the Privacy Policy Change of the Privacy Policy
Previous Privacy Policy Download File Comparison Table of New and Old Provisions of the Privacy Policy 2025. 09. 24~ Current Privacy Policy -
ADDENDUM
Article 1 (Amendment to the Privacy Policy)
① The privacy officer may swiftly change and process for the following cases with its authority:
1. Change of the person entrusted for the processing of personal information in the Article 4 (1)
2. Change of the privacy officer prescribed from the Article 9 to 11
3. Reflection of a simple change in the current status which does not affect the purpose and contents of the text
