The Korea Information Certificate Authority Inc. (hereinafter referred to as “KICA”) hereby confirms its compliance with the Digital Signature Act, Personal Information Protection Act, as well as other relevant laws and regulations in order to protect personal information supplied by customers for the provision of secure server authentication services. It establishes and discloses the enforcement of the following Privacy Policy.
1. Personal Information to be collected and method of collectionKICA collects the following personal information from customers looking to use its secure server authentication services. If other additional information is required, KICA may request the customers for the corresponding information separately.
Service website (including notice boards, etc.), documents submitted to KICA, etc.
KICA uses the personal information for the following purposes.
Providing of services, payment of purchases and charges, delivery of required information in using its services, etc.
Providing of services, payment of purchases and charges, delivery of required information in using its services, etc.
Providing of services, payment of purchases and charges, delivery of required information in using its services, etc.
KICA shall retain and use a member’s personal information from the date a member subscribes to the service and throughout the duration KICA services are rendered to the member. If a customer cancels its membership, if the customer withdraws its consent that allows KICA to collect and use the member’s personal information, if KICA has fulfilled its purpose of collecting and using the information, if the collection and usage period expires, or if the business is terminated, KICA shall dispose the corresponding personal information without delay. However, personal information may be retained for a certain period if it is required for the settlement of service fees, litigations or disputes, etc. Moreover, if personal information must be retained under relevant laws and regulations, including the Commercial Act, Framework Act on National Taxes, Protection of Communications Secrets Act, and the Act on the Consumer Protection in Electronic Commerce, etc., the company shall retain the information for the set period of time stipulated under the corresponding legislation. In such case, KICA may use the information exclusively for the purposes, and the retention period shall be as follows:
Cookies are used to keep users logged into websites they previously visited, update IDs, record visited pages, check whether a legal guardian consented the use of minors, check delivery information of additional products, etc. and provide customers with optimized, convenient services.
KICA shall not provide or leak personal information of customers without the consent of its members. However, if the information is required to respond to a request from a government institution pursuant to relevant laws and regulations, if the information is required for the investigation of a crime, if the information is required at the request of the Korea Internet Safety Commission, or if the information is required to settle fee payments, KICA may process the data and eliminate all personal identification markers, then provide the information without the consent of its members. KICA may share the personal information of customers with affiliated companies and vendors to improve service quality. In such case, it shall notify its members with the target information, details, and grounds for providing the information and acquire their consent. If the member declines, KICA cannot share the information. Moreover, if KICA needs to share personal information beyond the scope that was originally agreed upon with its customers, it shall acquire the consent of members separately. If a user wishes to cancel his/her consent to provide personal information, the user can notify KICA and KICA will request the corresponding company to delete the corresponding personal information.
KICA provides personal information as follows with the consent of its customers for the purpose of issuing secure server certificates. Customers may choose to decline the provision of personal information. In such case, however, the customers will not be able to sign up for membership, issue certificates, renew certificates, or access additional KICA’s services.
KICA commissions personal information to enhance service quality. When it enters into a commission contract, it complies with all requirements stipulated under relevant laws and regulations to ensure that personal information can be kept safely. Personal information commissioned by the company, the commissioned organization, commissioned duties are as follows.
Receiving Entity | Description of Commisioned work | Retention and Usage period |
---|---|---|
Daou Data Corp | Service fee payment | Affiliation period |
KICA shall do its utmost to protect the personal information of its customers. KICA respects the rights of each individual user over his/her own personal information, therefore allows each user to access, update, delete personal information at any time using the menus available on its website. If a user wishes to terminate his/her membership, the user may do so using the [Request] menu and withdraw his/her consent to KICA over the use of personal information.
8. Disposal of personal informationIn principle, KICA shall immediately destroy all collected personal information and used once it fulfills the purpose of collecting and using the information. The disposal protocol and method are as follows:
KICA implements the following protective measure to safely manage customers’ personal information.
The company establishes and implements an internal management plan in accordance with the ‘standards for securing safety of personal information’
The designation of personal information is minimized and regular training is provided
Access to personal information is controlled by granting, changing, or canceling access to the database system that processes personal information, and unauthorized access from the outside is controlled using an intrusion blocking system and an intrusion prevention system.
Records of accessing the personal information processing system (web log, summary information, etc.) have been stored and managed for at least 6 months.
Customer’s personal information is encrypted, saved and managed. Additionally, separate security features is used for important data by the encryption when storing and transmitting.
To prevent personal information leakage and damage caused by hacking or computer viruses, the company installs security programs, periodically renews and inspects, and installs systems in areas where access is restricted from the outside, monitors and blocks them technically and physically.
There is a separate physical storage place for personal information systems that store personal information, and access control procedures are established and operated.
A member or legal representative may view or correct personal information pertaining to himself/herself or a minor under the age of 14, or request to terminate a service at any time. A user may view or correct his/her information or the information of a minor under the age of 14 from the [Member Information Update] menu. To terminate a service, a member may contact the person-in-charge of personal information via phone or e-mail. The person-in-charge shall process the termination request without delay upon confirming the identity of the requesting entity.
11. Amendments to the Privacy PolicyThis Privacy Policy can be accessed at any time on the website. It may be amended in response to amendments made to relevant laws and regulations, or to provide better services. Please visit the website regularly and check for updates. When KICA amends its Privacy Policy, it shall disclose all details on the website for each service it provides.
12. Remedies against the infringement on rights and interests
A user may request the resolution of conflicts or counseling at the following organizations for remedies against infringements on personal information rights.
- Korea Internet and Security Agency Personal Data Protection Center (privacy.kisa.or.kr/(no area code) 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr/02-2100-2499)
- Supreme Prosecutors’ Office Cyber Crimes Investigation Department (www.spo.go.kr / 02-3480-2000)
- National Police Agency Cyber Bureau: (Cyberbureau.police.go.kr/(no area code) 182))
Inquires related to personal information will be answered when the e-mail is sent to the address below.
Name : Jaejung Kim
Division : Department of Information Protection
Tel : (02)360-3210
Address : Korea Information Certificate Authority Inc., 5F, C-dong, 242, Pangyo-ro, Bundang-gu, Seongnam-si, Gyeonggi-do (463-400)
E-mail address : jjkim@signgate.com
- Secure Server Authentication Service (SSL) : 02-360-3065
If any amendment occurs to its Privacy Policy, KICA shall disclose the details at least 7 days before the enforcement of such amendments on its website.
Please enter your road address and building number, or dong/ri and lot number.
(E.g.: Yeonji-dong 219-2, Sejong-daero 110)
Please enter your road address and building number, or dong/ri and lot number. |