Privacy Policy
All personal information handled by Integrated R&D Information Sytem (hereinafter referred to as “IRIS”) is collected, retained and processed based on relevant laws such as the Personal Information Protection Act or with the consent of the information subject. IRIS is operated by the Korea Institute of Science and Technology Planning and Evaluation (IRIS Operation Group) from the S&TInformation Analysis Division of the Performance Evaluation Policy Bureau of the Ministry of Science and ICT. In accordance with the Personal Information Protection Act, the personal information and rights of users are protected and personal information and In order to smoothly handle user complaints, we have the following handling policy. If IRIS revises its personal information processing policy, it will notify you through website notices (or individual notices). In addition, IRIS establishes and operates the following 『Personal Information Processing Policy』 in accordance with the provisions of Article 30 (1) of the 「Personal Information Protection Act」 and Article 31 (2) of the Enforcement Decree of the same Act.
| [Indication of processing of key personal information(Labeling)] | ||
|---|---|---|
 Collection of general personal information ※Please check the main text of the personal information processing policy for details. |
 Purpose of processing personal information |
 Retention period of personal information |
 Provision of personal information |
 Processing consignment |
 Measures to ensure the safety of personal information |
1. Purpose of processing personal information 
IRIS processes personal information to manage and operate national research and development programs and provide services.
2. Processing and retention period 
The purpose of processing, retention period, and items of personal information processed for personal information files registered and disclosed by IRIS in accordance with Article 32 of the Personal Information Protection Act are as follows. Personal information file details
The personal information files that IRIS registers and discloses in accordance with Article 32 of the Personal Information Protection Act are as follows.
| Name of personal information file | Personal information items | Collection method | Basis for retention | Retention period | ||
|---|---|---|---|---|---|---|
| Required items | Optional items | Automatically collected items (required) | ||||
| Membership registration information DB | Member personnel ID (automatically generated), name (Korean/English), CI (linkage information), DI (duplicate subscription confirmation information on site), ID, password, email, gender, date of birth, mobile phone number, affiliation type, Affiliation, nationality | Position, address classification (domestic/overseas), basic address, department name, office phone number, office fax number, (affiliated) institution address classification (domestic/international), (affiliated) institution address, newsletter reception status | Device information such as connection IP information, certificate information, LAN card unique number, etc. | Homepage | Consent of information subject | Request from the information subject (when withdrawing membership or until the 2-year re-consent period) |
| Researcher information DB | Member personnel ID (automatically generated), user ID, nationality, name (Korean/English), date of birth, password, gender, mobile phone number, email, CI code, DI code, national researcher number, affiliation type, affiliated institution | Home number, address classification (domestic/international), basic address, (affiliated) institution address classification (domestic/international), (affiliated) institution address, office phone number, office fax number, newsletter receipt, photo, self-introduction Details, ISNI, ORCID, name of last university, year of last graduation, degree category, country of acquisition, last degree registration number, name of work (activity) institution, name of work (activity) department, work (activity) period (start date, end date), main author ㅣCorresponding authorㅣCo-author (including national researcher number), certificate of qualification, country of acquisition, unique qualification number, name of qualification granting institution | Website, linkage with representative Specialized Institutions | Article 19 of the National Research, Development and Innovation Act and consent of the information subject | Semi-permanent | |
| Evaluator DB | Member personnel ID (automatically generated), login ID, nationality, name (Korean/English), date of birth, password, gender, mobile phone number, e-mail address, CI, DI value, national researcher number | College name, work contact information (address, phone number, fax number), home phone number, photo, self-introduction, ISNI, name of university acquired, year of acquisition, classification of academic background, country of acquisition, degree acquisition number, employment ( Activity) name of institution, name of department working (activity), start/end date of work (activity), main authorㅣcorresponding authorㅣco-author (including national researcher number, certificate of qualification, country of acquisition, unique qualification number, name of qualification granting institution, name of appointing institution) , evaluation committee name, appointment start/end date | Website, linkage with representative Specialized Institutions | Article 19 of the National Research, Development and Innovation Act and consent of the information subject | Semi-permanent | |
| Participating researcher DB | Member personnel ID (automatically generated), login ID, nationality, name (Korean/English), date of birth, password, gender, mobile phone number, e-mail address, CI, DI value, national researcher number | Workplace contact information (address, phone number, fax number), home phone number, affiliated institution, academic background, career, patent/paper performance, national research and development program performance information | Website, linkage with representative Specialized Institutions | Article 19 of the National Research, Development and Innovation Act and consent of the information subject | Semi-permanent | |
| Project selecting evaluator DB | Resident registration number, account number, bank name, account holder, mobile phone number, email | - | - | Homepage | Article 21 (Other Income), Article 127 (Withholding Tax Obligation), Article 164 (Submission of Payment Statement) of the Income Tax Act | 5 years |
3. Provision of personal information to third parties 
IRIS provides personal information to third parties only in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law. However, personal information of general members is not provided to third parties.
IRIS processes the personal information of the information subject within the scope specified for the purpose of collection and use, and does not process it beyond the scope of the original purpose or provide it to a third party without the prior consent of the information subject, except in the following cases.
ka. Provision of personal information
Personal information provision status to third partiesThe personal information files that IRIS registers and discloses in accordance with Article 32 of the Personal Information Protection Act are as follows.
| Organizations provision | Purpose of provision | Items provided | Retention/use period |
|---|---|---|---|
| Korea Institute of Science and Technology Information (NTIS) | National research and development program research and development information management and operation | Name (Korean/English), gender, date of birth, domestic/foreigner classification, national researcher number, workplace, mobile phone number, email | Semi-permanent |
| National research and development programs sanctions information management and operation | Name (Korean/English), gender, date of birth, domestic/foreigner classification, national researcher number | ||
| Management and operation of national research and development programs evaluator information (based on evaluators attending the evaluation committee) | Year and month of assignment evaluation participation, name (Korean/English), date of birth and gender, name of affiliated organization, title of position, assignment evaluation result evaluation stage code | ||
| National Research Facilities and Equipment Promotion Center (NFEC) | National research facility equipment management and operation | Name (Korean/English), gender, national researcher number, workplace, mobile phone number, email | Semi-permanent |
| National Research Foundation of Korea (ezBaro) | Execution of research and development expenses | Name (Korean/English), date of birth, gender, amount, national researcher number, project to be performed, performing organization | Semi-permanent |
| Korea Evaluation and Management of Industrial Technology (RCMS) | Execution of research and development expenses | Name (Korean/English), date of birth, gender, amount, national researcher number, project to be performed, performing organization | Semi-permanent |
| Central administrative agencies | Management and operation of national research and development programs research and development information, sanctions information, and evaluator information | Name (Korean/English), gender, national researcher number, workplace, mobile phone number, email, achievement information, evaluator information | Semi-permanent |
| Specialized Institutions* | Use of selected evaluators | Name of affiliated organization, deliberation allowance, resident registration number, account number, date and time of consent for personal information collection | 5 years |
| Utilize unique system for information on personnel participating in the task | Name (Korean/English), national researcher number, date of birth, gender, affiliated institution, department, school, major, degree, email, contact information (mobile phone, telephone, fax, address), CI | Delete monthly | |
| Research outcomes management and distribution organization** | Verification of national research and development progrmas outcomes | Project information, research and development institution, name of research director, outcomes information | Semi-permanent |
| Nice Evaluation Information Co., Ltd. | Providing identity verification service | Name, gender, date of birth, mobile phone number | Semi-permanent |
| EbizN System Co., Ltd. | Text and notification talk service | Mobile number | Semi-permanent |
* Among institutions designated as specialized institutions under Article 22 of the National Research, Development and Innovation Act, organizations that operate national research and development projects through the IRIS system
** An institution designated as an institution dedicated to the management and distribution of research outcomes pursuant to Article 26 (1) of the Act on Performance Evaluation and Performance Management of National Research and Development Programs, etc.
1) List of Specialized Institutions
| 1 | Commercialization Promotion Agency for R&D Outcomes | 16 | Korea Health Industry Development Institute |
| 2 | Korea Institute of Police Technology | 17 | Korea Institute for Advancement of Technology |
| 3 | National Research Institute of Cultural Heritage | 18 | Korea Evaluation Institute Of Industrial Technology |
| 4 | National Disaster Management Research Institute | 19 | Korea Institute of Energy Technology Evaluation and Planning |
| 5 | Korea Agency for Infrastructure Technology Advancement | 20 | National Research Foundation |
| 6 | Korea Institute of Planning and Evaluation for Technology in Food, Aggriculture, and Forestry | 21 | Korea Foundation of Nuclear Safety |
| 7 | Rural Development Administration | 22 | Korea Atomic Energy Research Institute |
| 8 | Korea Fund for Regenerative Medicine | 23 | Korea Internet & Security Agency |
| 9 | Korea Medical Device Development Fund | 24 | Korea Forestry Promotion Institute |
| 10 | National Institute of Food and Drug Safety Evaluation | 25 | Korea Creative Content Agency |
| 11 | Korea Drug Development Fund | 26 | Korea Carbon Industry Promotion Agency |
| 12 | Institution of Information & Communications Technology Planning & Evaluation | 27 | Korea Environmental Industry & Technology Institute |
| 13 | Korea Technology and Information Promotion Agency for SMEs | 28 | Korea Institute of Marine Science & Technology Promotion |
| 14 | Korea Meteorological Institute | 29 | Innovative Small Modular Reactor Development Agency |
| 15 | Korea Agriculture Technology Promotion Agency |
2) List of institutions dedicated to management and distribution of research outcomes
| 1 | National Institute of Agricultural Sciences | 8 | Korea Copyright Commission |
| 2 | National IT Industry Promotion Agency | 9 | Korea Information and Communication Technology Association |
| 3 | Korea Institute of Science & Technology Evaluation and Planning | 10 | Korea Patent Strategy Development Institute |
| 4 | Korea Institute of Science and Technology Information (NTIS) | 11 | Korea Research Institute of Standards and Science |
| 5 | Korea Basic Science Institute | 12 | Korean Standards Association |
| 6 | Korea Institute for Advancement of Technology | 13 | Korea Research Institute of Chemical Technology |
| 7 | Korea Research Institute of Bioscience and Biotechnology |
- 1) When the consent of the information subject is obtained
※ When using linked information through IRIS, separate consent from the information subject is required.
- 2) When there are special provisions in the law or when it is unavoidable to comply with legal obligations.
※ When information is provided to a national agency for joint use of national researcher information and evaluator information, the status of personal information provision is announced on the website.
- 3) In cases where it is unavoidable for public institutions to perform their duties as prescribed by laws, etc.
- 4) When it is necessary to carry out a contract concluded with the information subject or take action at the request of the information subject in the process of concluding a contract.
- 5) When it is clearly deemed necessary for the urgent benefit of life, body, or property of the information subject or a third party.
- 6) When it is necessary to achieve the legitimate interests of the personal information processor and clearly takes precedence over the rights of the information subject. In this case, if it is significantly related to the legitimate interests of the personal information processor and does not exceed a reasonable scope.
- 7) In case of urgent need for public safety and well-being, such as public health
4. Entrustment of personal information processing 
In principle, IRIS does not entrust the processing of personal information to others without the consent of the information subject. However, to ensure smooth business processing, we entrust personal information processing as follows.
Ka. Personal information consignment processing agency and consignment details in IRIS are as follows.
| Organization consignment | Consignment work details | Contact | Personal information details |
|---|---|---|---|
| NanalSMI Co., Ltd. | IRIS system maintenance/repair | 042-866-8149 | See personal information file details |
| DST International Co., Ltd. | IRIS infrastructure maintenance/repair | 043-750-2781 | |
| Korea Information Technology Corporation | PMO | 02-3471-7771 | |
| Call For You Co., Ltd. | IRIS call center operation | 070-8228-1057 |
Na. IRIS, in accordance with Article 26 of the Personal Information Protection Act, includes in its outsourcing contracts the prohibition of processing personal information beyond the intended scope of the outsourcing task, the implementation of technical and administrative safeguards, restrictions on re-outsourcing, and liability, all of which are documented and retained in the contract. Furthermore, IRIS conducts training and supervision to ensure that the entrusted party processes personal information securely.
Da. If there are any changes to the content of the entrusted tasks or the entrusted party, we will promptly disclose such changes through this Privacy Policy.
5. Information Subject Rights, Duties, and Methods of Exercising Them 
Information subjects have the right to exercise their privacy-related rights, including accessing, correcting, deleting, or suspending the processing of their personal information at any time with respect to IRIS. The exercise of these rights can be done by following the format provided in Attachment No. 8 of the 'Guidelines on Personal Information Processing Methods' through written requests, electronic mail, facsimile transmission (FAX), or by personally visiting IRIS after undergoing a verification procedure
Ka. Information subject’s identity verification procedure
- 1) If the information subject is the person, submit an ID card to prove the person’s identity.
- 2) If you are the legal representative of the information subject, submit documents proving your legal representative.
- 3) A person who has been delegated by the information subject must submit a power of attorney and the agent's ID card in accordance with the form attached to the 「Notice on Personal Information Processing Methods」 No. 11.
Na. Request to view personal information
You may request to view your personal information files held by IRIS in accordance with Article 35 (view of personal information) of the Personal Information Protection Act. However, when requesting to view personal information, viewing may be restricted pursuant to Article 35 (4) of the Act.
- 1) When viewing is prohibited or restricted by law
- 2) When there is a risk of harming the life or body of another person or unfairly infringing on another person's property or other interests.
- 3) If it causes significant disruption to public institutions in carrying out their duties under any of the following items:
- ① Affairs related to tax imposition, collection or refund
- ② Affairs related to performance evaluation or selection of students at each level of school under the Elementary and Secondary Education Act and the Higher Education Act, lifelong education facilities under the Lifelong Education Act, and higher education institutions established under other laws.
- ③ Affairs related to examinations and qualifications regarding academic background, skills, and employment
- ④ Work related to ongoing evaluation or judgment regarding calculation of compensation and benefits, etc.
- ⑤ Work related to audits and investigations in progress in accordance with other laws
Da. Request for correction/deletion of personal information
Personal information files held by IRIS may be requested for correction or deletion in accordance with Article 36 (Correction/Deletion of Personal Information) of the Personal Information Protection Act. However, if the personal information is specified as the subject of collection in other laws, deletion of such information cannot be requested. If the information subject requests correction or deletion of errors in personal information, the personal information will not be used or provided until correction or deletion is completed.
La. Request to suspend processing of personal information
You may request suspension of processing of personal information files held by IRIS in accordance with Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act. However, when requesting suspension of processing of personal information, the request for suspension of processing may be rejected pursuant to Article 37 (2) of the Act.
- 1) When viewing is prohibited or restricted by law
- 2) When there is a risk of harming the life or body of another person or unfairly infringing on another person's property or other interests.
- 3) If public institutions do not process personal information, they cannot perform their duties prescribed by other laws.
- 4) In cases where it is difficult to fulfill the contract, such as not being able to provide the service agreed upon with the information subject if personal information is not processed, and the information subject does not clearly indicate his/her intention to terminate the contract
Ma. Personal information viewing, correction/deletion, and processing suspension procedures
- 1) Requests for viewing, correction, deletion, and suspension of processing of personal information are processed through the procedures below.
- Search personal information file list → 열람청구(열람청구) → 청구 주체 확인 및 개인정보 열람 범위 확인 → 개인정보 열람 제한사항 확인 → [열람결정 통지(허용/제한/연기) → 열람] / [열람결정 통지(거부)]
- 정정·삭제, 처리정지 청구 → 청구 주체 확인 및 개인정보 정정·삭제, 처리정지 범위 확인 → 개인정보 정정·삭제, 처리정지 제한사항 확인 → [정정·삭제, 처리정지 결과통지] / [정정 삭제, 처리정지 제한사항 통지(거절,타 법령 관련사항 등)]
- 2) How to request access to personal information, etc.
- ① Complete the personal information access request form and submit it to IRIS.
- ② When writing a request, please confirm and enter the personal information file name and processing department name you wish to view through the personal information protection manager below.
- ③ ID card must be presented to confirm the claimant.
- ④ If applying through an agent, submit the agent’s ID card and power of attorney.
6. Items of personal information processed 
The personal information items in the personal information file registered and disclosed by IRIS in accordance with Article 32 of the Personal Information Protection Act are as follows. Personal information file details
7. Personal information destruction procedures and methods 
"Ka. IRIS destroys the personal information without delay when the personal information becomes unnecessary, such as when the personal information retention period has passed or the processing purpose has been achieved. However, the personal information retention period consented to by the information subject has expired or the purpose of processing has expired. Even though this has been achieved, if personal information must continue to be preserved in accordance with other laws, the personal information (or personal information file) will be transferred to a separate database (DB) or stored in a different storage location."
Na. If personal information is destroyed, we will disclose it without delay through this personal information processing policy or notice.
- 1) Destruction Procedure Select the personal information (or personal information file) that is the cause for destruction, and destroy the personal information (or personal information file) with the approval of IRIS’s personal information protection manager.
- 2) Destruction method
- ① Personal information recorded and stored in the form of electronic files is destroyed so that the records cannot be reproduced.
- ② Personal information printed on paper is destroyed by shredding or incineration.
8. Measures to ensure the safety of personal information 
IRIS is taking the following measures to ensure the safety of personal information in accordance with Article 29 of the Personal Information Protection Act.
Ka. administrative action
- 1) Establishment and implementation of internal management plan
To safely handle personal information, we are establishing and implementing an internal management plan that includes the following.
- ① Matters pertaining to the designation of a personal information protection officer
- ② Matters pertaining to the roles and responsibilities of the personal information protection officer and personal information handler
- ③ Matters concerning measures necessary to ensure the safety of personal information
- ④ Matters related to training for personal information handlers
- ⑤ Other matters necessary to protect personal information
Na. Technical Measures
- 1) Restriction of Access to Personal Information and Management of Access Rights
Access rights to the database systems that process personal information are granted, modified, and revoked differentially to the minimum extent required for performing tasks. Intrusion prevention systems are used to control unauthorized external access. In the event of personnel changes due to retirement or other reasons, the access rights to the personal information processing system are promptly modified or revoked. The granting, modification, or revocation of permissions is recorded, and these records are retained for three years. Access rights to the personal information processing system are differentially granted to personnel based on the minimum requirements for performing tasks.
- 2) Encryption of Personal Information
Certain personal information such as passwords and resident registration numbers are stored and managed in an encrypted form to ensure that only the individual concerned can access them. Important data is encrypted, and file-locking features are used for file and data transmission.
- 3) Retention of Access Records and Prevention of Tampering
Access records for the personal information processing system are retained and managed for a minimum of six months. These records are securely stored to prevent tampering, theft, or loss.
- 4) Minimization and Education of Personal Information Handlers
We implement measures to minimize the number of individuals handling personal information by designating specific handlers. This helps manage personal information securely.
- 5) Regular Internal Audits
We conduct regular internal audits (at least once a year) to ensure the security of personal information handling.
- 6) Technical Measures for Prevention of Hacking and Other Threats (Installation and Operation of Security Programs)
To prevent unauthorized access, hacking, computer viruses, and data breaches, we install security programs and perform regular updates and checks. Access to controlled areas from external sources is monitored and blocked using both technical and physical measures.
Da. Physical Measures
- 1) Access Control for Unauthorized Personnel
A separate physical storage location is designated for the storage of personal information. Access control procedures have been established and are in operation to regulate access to this physical storage location.
9. Matters on installation/operation and refusal of automatic personal information collection devices 
Ka. Automatic Collection and Storage of Information
- 1) During the process of using the IRIS website, the following information may be collected and stored automatically.
- IP Address, Cookies, URLs of previously visited websites when accessing the IRIS website, browsing history, browser type, and operating system, among others.
- 2) The information automatically collected and stored as mentioned above will be used to provide users with better services, perform statistical analysis for the improvement and enhancement of the website, and facilitate smooth communication between users and the website.
Na. Users have the option to control the installation of cookies.
- 1) Therefore, users can either allow all cookies, require confirmation each time a cookie is stored, or refuse the storage of all cookies by configuring the options in their web browser. However, if the storage of cookies is refused, some IRIS services that require login may be challenging to use.
- 2) Here is how to set your preferences for allowing or disallowing cookie installation.
- ① For Microsoft Edge
☞Browser Settings>Cookies and Site Permissions
- ② For Chrome
☞ Settings menu on the upper-right of the web browser > Display advanced settings at the bottom of the screen > Content settings button under Privacy > Cookies
- ① For Microsoft Edge
10. Personal Data Protection and Management Officer 
IRIS designates an officer responsible for personal data protection and related matters (Personal Information Protection Act Article 31, Paragraph 1).
Personal Data Protection Officer
IRIS has designated a personal data protection officer, and inquiries related to the protection of personal information for data subjects, as well as matters concerning data breaches and remedies, can be directed to the personal data protection officer and the relevant department.
| Category | Department in charge | manager | contact |
|---|---|---|---|
| Personal information protection officer | Management Planning Division | Kim Hyun-min | 043-750-2349 |
| Personal information protection manager | General Affairs IT Department | Kwon Jang-Ho | 043-750-2435 |
| Personal information protection officer | General Affairs IT Department | Kim Ki-hoon | 043-750-2549 |
Person in charge of personal information file management
IRIS has designated a person in charge of personal information protection files, and the person in charge is as follows.
| Category | Department in charge | manager | contact |
|---|---|---|---|
| Personal information file management manager | Standardization Planning Center | Park Yong-cheol | 042-866-8101 |
| Person in charge of personal information file management | Standardization Planning Center | Gong Chang-hoon | 042-866-8112 |
※For the disclosure of other Personal Information Files registered by the Planning and Evaluation Service, please utilize the menu 'Personal Information File List Search' through the Personal Information Protection Comprehensive Support Portal of the Personal Information Protection Commission (www.privacy.go.kr) under the 'Personal Information Complaints' section.
11. Methods for Remedying Rights Infringement 
Data subjects can apply for dispute resolution or counseling with the Personal Information Dispute Resolution Commission and the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, among other institutions, in order to seek remedies for personal information breaches. For other complaints and consultations related to personal information breaches, please contact the following organizations.
※ ※ The following organizations are independent entities from IRIS. If you are not satisfied with IRIS's internal handling of personal information complaints and remedies, or if you require more detailed assistance, please contact the following:
1) Personal Information Breach Reporting Center: 118 (no area code needed), (http://privacy.kisa.or.kr)
2) Personal Information Dispute Resolution Commission: 1833-6972, (www.kopico.go.kr)
3) Cyber Investigation Department of the Supreme Prosecutors' Office: 1301 (no area code needed), cid@spo.go.kr (spo.go.kr)
4) Cybercrime Reporting System: 182 (no area code needed), (https://ecrm.police.go.kr/minwon/main)
Individuals who have suffered an infringement of their rights or interests due to actions taken by the head of a public institution or abuse of authority in response to requests for access, correction, deletion, or processing suspension of personal information have the right to file an administrative appeal as provided by the Administrative Litigation Act.
※ For more information about administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).
12. The criteria for determining additional use or provision of personal information without the consent of the information subject 
The criteria for determining additional use or provision without the consent of the information subject are as follows.
A. Whether it is relevant to the original purpose of collection
B. Whether there is a foreseeability of further use or provision of personal information in light of the circumstances or practices in which personal information was collected or processed, respectively
C. Whether it unfairly infringes on the interests of the information subject
D. Whether necessary measures were taken to ensure safety, such as pseudonymization or encryption
13. Result of the diagnosis of personal information management level 
In order to safely manage the personal information of information subjects, KISTEP receives the "Diagnosis of Personal Information Management Level of Public Institutions" conducted by the Personal Information Protection Commission every year in accordance with Article 11 of the Personal Information Protection Act, and received an 'S' grade in the Personal Information Management Level Diagnosis Evaluation in 2022.