The Korea Information Certificate Authority Inc. (hereinafter referred to as “KICA”) hereby confirms its compliance with the Digital Signature Act, Personal Information Protection Act, as well as other relevant laws and regulations in order to protect personal information supplied by customers for the provision of secure server authentication services. It establishes and discloses the enforcement of the following Privacy Policy.
1. Personal Information to be collected and method of collection.KICA collects the following personal information from customers looking to use its secure server authentication services. If other additional information is required, KICA may request the customers for the corresponding information separately.
Service website (including notice boards, etc.), documents submitted to KICA, etc.
KICA uses personal information for the following purposes.
Providing of services, payment of purchases and charges, delivery of required information in using its services, etc.
Providing necessary information for renewal and use of SSL services, handling 1:1 inquiry, delivering announcements, and preventing unauthorized and fraudulent use.
Delivery of promotional information for SSL marketing and participation in events, and utilization of statistics for member service usage.
KICA shall retain and use a member’s personal information from the date a member subscribes to the service and throughout the duration KICA services are rendered to the member. If a customer cancels its membership, if the customer withdraws its consent that allows KICA to collect and use the member’s personal information, if KICA has fulfilled its purpose of collecting and using the information, if the collection and usage period expires, or if the business is terminated, KICA shall dispose the corresponding personal information without delay. However, personal information may be retained for a certain period if it is required for the settlement of service fees, litigations or disputes, etc. Moreover, if personal information must be retained under relevant laws and regulations, including the Commercial Act, Framework Act on National Taxes, Protection of Communications Secrets Act, and the Act on the Consumer Protection in Electronic Commerce, etc., the company shall retain the information for the set period of time stipulated under the corresponding legislation. In such case, KICA may use the information exclusively for the purposes, and the retention period shall be as follows:
Cookies are used to keep users logged into websites they previously visited, update IDs, record visited pages, check whether a legal guardian consented the use of minors, check delivery information of additional products, etc. and provide customers with optimized, convenient services.
KICA shall not provide or leak personal information of customers without the consent of its members. However, if the information is required to respond to a request from a government institution pursuant to relevant laws and regulations, if the information is required for the investigation of a crime, if the information is required at the request of the Korea Internet Safety Commission, or if the information is required to settle fee payments, KICA may process the data and eliminate all personal identification markers, then provide the information without the consent of its members. KICA may share the personal information of customers with affiliated companies and vendors to improve service quality. In such case, it shall notify its members with the target information, details, and grounds for providing the information and acquire their consent. If the member declines, KICA cannot share the information. Moreover, if KICA needs to share personal information beyond the scope that was originally agreed upon with its customers, it shall acquire the consent of members separately. If a user wishes to cancel his/her consent to provide personal information, the user can notify KICA and KICA will request the corresponding company to delete the corresponding personal information.
KICA provides personal information as follows with the consent of its customers for the purpose of issuing secure server certificates. Customers may choose to decline the provision of personal information. In such case, however, the customers will not be able to sign up for membership, issue certificates, renew certificates, or access additional KICA’s services.
Company name | purpose | Items to be provided | Period of retention and use of recipient |
---|---|---|---|
SECTIGO | Sectigo certificate issuance and service provision | Information of the person in charge (Name, Contact Number, E-mail) | Upon certificate expiration |
Identity verification of Sectigo certificate applicants | Name, copy of applicant's identification, applicant's photograph | Upon certificate expiration |
For the provision of secure server authentication services, Korea Information Certificate Authority discloses personal information to third parties outside the country as follows:
Country | Company Name | Contact Information | Purpose of transferring Personal Information | Information to be transferred | Date and method of transfer | Retention and usage period of personal information |
---|---|---|---|---|---|---|
USA | SECTIGO | Name: Eric Staudinger Email: eric.staudinger@sectigo.com | Transfer of information for certificate issuance | Information of the person incharge (Name, Phone Number, E-mail) Name, copy of applicant's identification, applicant's photograph |
When applying for issuance, register in the SECTIGO system | Upon certificate expiration |
Korea Information Certificate Authority entrusts personal information for the improvement of services, and, in accordance with relevant laws, stipulates necessary provisions in outsourcing contracts to ensure the secure management of personal information. The details of the company's personal information outsourcing organization and the content of the entrusted tasks are as follows.
Recipient of outsourcing company | Content of outsourcing task | Retention and usage period of personal information |
---|---|---|
Pay Pal | Service fee payment | Affiliation period |
KICA shall do its utmost to protect the personal information of its customers. KICA respects the rights of each individual user over his/her own personal information, therefore allows each user to access, update, delete personal information at any time using the menus available on its website. If a user wishes to terminate his/her membership, the user may do so using the [Request] menu and withdraw his/her consent to KICA over the use of personal information.
9. Disposal of personal information.In principle, KICA shall immediately destroy all collected personal information and used once it fulfills the purpose of collecting and using the information. The disposal protocol and method are as follows:
KICA implements the following protective measure to safely manage customers’ personal information.
A member or legal representative may view or correct personal information pertaining to himself/herself or a minor under the age of 14, or request to terminate a service at any time. A user may view or correct his/her information or the information of a minor under the age of 14 from the [Member Information Update] menu. To terminate a service, a member may contact the person-in-charge of personal information via phone or e-mail. The person-in-charge shall process the termination request without delay upon confirming the identity of the requesting entity.
12. Amendments to the Privacy PolicyThis Privacy Policy can be accessed at any time on the website. It may be amended in response to amendments made to relevant laws and regulations, or to provide better services. Please visit the website regularly and check for updates. When KICA amends its Privacy Policy, it shall disclose all details on the website for each service it provides. 13. Remedies for infringement of rights
A user may request the resolution of conflicts or counseling at the following organizations for remedies against infringements on personal information rights.
No. | Remedy institution for rights infringement | URL | Contact Number |
---|---|---|---|
1 | Korea Internet and Security Agency Personal Data Protection Center | privacy.kisa.or.kr | (No area code) 118 |
2 | Personal Information Dispute Mediation Committee | www.kopico.go.kr | 1833-6972 |
3 | Supreme Prosecutors’ Office Cyber Crimes Investigation Department | www.spo.go.kr | (No area code) 1301 |
4 | National Police Agency Cyber Bureau | ecrm.cyber.go.kr | (No area code) 182 |
Korea Information Certificate Authority takes overall responsibility for tasks related to the processing of personal information and, in order to address complaints and provide remedies for data subjects related to the processing of personal information, has designated a Data Protection Officer as follows :
The data subject can inquire about all matters related to the protection of personal information, complaints, and remedies arising from the use of the company's services (or business) to the personal information protection manager and the relevant department. The company will promptly respond to and handle inquiries from the data subject.
15. Department handling requests for access to personal informationThe subject of information can request access to personal information from the department below. Korea Information Certificate Authority will make efforts to promptly process the subject's request for access to personal information.
If any amendment occurs to its Privacy Policy, KICA shall disclose the details at least 7 days before the enforcement of such amendments on its website.
Please enter your road address and building number, or dong/ri and lot number.
(E.g.: Yeonji-dong 219-2, Sejong-daero 110)
Please enter your road address and building number, or dong/ri and lot number. |