The Korea National Enterprise for Clinical Trials (KoNECT) adheres to the following policy in order to safeguard and preserve the privacy of our visitors as well as to settle visitors' complaints. KoNECT will announce any revisions made to the privacy policy through the noticeboard on our website.

Article 1. For the purpose of processing personal data

KoNECT processes personal information for purposes such as verifying visitors in order to provide more useful services, personal identification, prevention of abuse and unauthorized use, record keeping for dispute mediation, complaint settlement, and delivery of notifications, etc. The processed personal data will not be used for purposes other than providing these services to our visitors. KoNECT will seek informed consent from visitors in the event that revisions are made to our data processing activities.

Article 2. Regarding items of personal data to be processed

In order to provide enhanced service to our visitors, KoNECT collects and processes personal information in relation to our visitors as detailed:

1. Items for collection: name, email address, and contact details

2. Method of collection: via our web site, phone and/or fax, and email

Article 3. Duration of retention and processing of visitors' personal data

Visitor's personal information is to be discarded after the purpose of personal data processing is achieved. However, records involving complaints or dispute settlements will be archived for 3 years according to the "Consumer Protection in Electronic Commerce Act, etc." in the Republic of Korea.

Article 4. Rights and responsibilities as the original owner of information

Our visitors can exercise the following rights as owners of personal data.

1. Request to browse, modify, and withdraw personal data of the visitors themselves or their children under the age of 14.

2. Request to modify and delete errors in personal information

3. KoNECT will take immediate measures in response to visitors' requests to the operator on duty through writing, phone call, or email regarding browsing, modifying, withdrawing and deleting personal information.

4. When a visitor requests modification or deletion of personal information, KoNECT will cease to use or provide corresponding information until the requested actions are fully completed.

5. KoNECT processes personal data that are withdrawn or deleted upon visitors' request, according to the ‘Article 3: Period during which visitors' personal data is retained and processed.'

Article 5. Discarding personal data

KoNECT adheres to the principle of discarding personal data without delay when data processing has been completed. The procedure, timeline, and method of discarding is as follows:

1. Procedure for discarding personal data When data entries by the visitors are processed and used for KoNECT's purposes, they will be discarded either immediately or following archiving in a separate database for a certain period of time following relevant rules and laws. The personal data archived in the separate database are not used for other purposes unless permitted by the laws of the Republic of Korea.

2. Timeline for discarding personal data When the period for personal information retention expires, such data is to be discarded within 5 days following the date of expiry. When personal information is no longer needed, in cases such as when data collection has been completed, services are discontinued, or related projects are completed, personal information is to be discarded with 5 days from the date on which the data are recognized as unneeded.

3. Method for discarding personal data The information is stored as electronic files protected using technical methods that prevent external access to the recorded materials. Information printed on paper is discarded by shredding.

Article 6. Safety assurance measures for privacy preservation

KoNECT enacts technical, managerial and physical measures to assure safety, in accordance with ‘Article 29' of the "Personal Information Protection Act" of the Republic of Korea.

1. Establishment and execution of KoNECT bylaws KoNECT has established and follows bylaws in order to safeguard and preserve the privacy of our visitors.

2. Encryption of personal information Personal information of all visitors is encrypted. Passwords to the visitors' accounts are also encrypted, and are known only to the visitors themselves. Reinforced security functions are implemented to protect

3. Limited access to personal information KoNECT takes measures required to limit access to personal information, through authorizing and de-authorizing access to the database system in which personal information is processed. Unauthorized access from external sources is limited through a firewall system.

4. Use of a locking system for document security KoNECT archives documents and auxiliary storage devices that carry personal information in a secure area with a locking system.

Article 7. Operator in charge of safeguarding privacy

KoNECT designates operators on duty to safeguard privacy, whose responsibilities are to protect our visitors' privacy and settle complaints on privacy issues.

Operator in charge of privacy protection

Department: Secretariat

Name/Position: Sonu Baik / Secretary General

Phone: +82-2-398-5015

Email: sonubaik@konect.or.kr

Administrative staff in charge of privacy protection

Department: Clinical Information

Name/Position: Moonil Hwang / Section Chief

Phone: +82-2-398-5023

Email: hmi@konect.or.kr

Article 8. Revision of the privacy policy

This privacy policy is to be active from the date of enforcement. In cases where revision, addition, deletion or modification of this policy is required, KoNECT will announce the changes on the noticeboard of our website, 7 days prior to enforcement of the new policy.

Article 9. Recourse for infringement on rights and interests

The owners of personal information can contact the Personal Information Dispute Mediation Committee, National Internet Development Agency of Korea Privacy Complaint Center to apply for consultation addressing potential infringements of rights and interests regarding privacy.

1. Personal Information Dispute Mediation Committee: +82-118

2. Committee for Information Security and Logo Certification: +82-2-580-0533, +82-2-580-0534

3. Department of Cyber Crime Investigation, Supreme Prosecutors' Office: +82-2-3480-3573

4. Cyber Terror Response Center, National Police Agency: +82-2-1566-0112

○ This policy is in effect as of December 27, 2011.

■ Purpose of Personal Information Collection and Usage

Provision of membership service, personal identification, confirmation of member registration, delivery of notices, website satisfaction survey, etc.

Required information : Email (login ID), password, name, mobile phone number, date of birth, gender, affiliation, nationality, Yes or No to receiving email

Optional information : Address, form of business organization, division/department, job title, job category, work experience, degree, major

■ Retention Period of Personal Information

Any personal information is used limitedly only for the period of provision of the Service from the point of time of membership and personal information of relevant User will be destructed without delay when: the Member request for withdrawal of membership; the Member withdraws his or her consent to collection and use of personal information provided by him/her; or the purpose of collection or use of such personal information is achieved or the period of retention or use thereof expires.

However, if Member fails to consent to collection or use of personal information, Member will not be able to receive the information service provided by KoNECT.

In order to provide the Service smoothly, KoNECT collects additional information as well as basic information and such additional information will not be collected when the Member does not consent to utilization of such information in providing Service and no disadvantage in using the Service will arise from such non-consent as prescribed in Article 22 (4) of the Personal Information Protection Act.

- Additional information : address, form of business organization, division/department, job title, job category, work experience, degree, major