Korean Information Certificate Authority Inc. (hereinafter the “Company” or “KICA”) established the following Privacy Policy to protect the personal information, rights and interests of its users, and handles their complaints in accordance with the Act on Promotion of Information and Communication Network Utilization and Information Protection and the Personal Data Protection Act.
Korean Information Certificate Authority Inc. (hereinafter the “Company” or “KICA”) established the following Privacy Policy to protect the personal information, rights and interests of its users, and handles their complaints in accordance with the Act on Promotion of Information and Communication Network Utilization and Information Protection and the Personal Data Protection Act.
1. Collection of personal informationKICA collects only the minimum amount of personal information to provider service with the consent of its users, and use it solely for the purposes for which it was provided.(1) Personal information items to be collectedService | Type | Items to be collected | Purpose of collection |
---|---|---|---|
Individual members and service | Required | name, email, password | Create account, customer support, service offer |
Optional | photo, mobile phone no. | ||
Corporate members | Required | company name, business reg. no., POC, phone no., email, password | Identification for issuing signature certificates |
Identification | Required | name, mobile phone no., date of birth, gender, CI (connection information) | |
Charging for service | Required | [Mobile phone payment] name, telecommunication service provider, mobile phone no., date of birth, gender, nationality, code (payment information key), User ID [Credit card payment] name, credit card no., payment pass code |
Purchase of service and payment ※Payment information is only stored by the payment service provider. We do not store or manage any such information. |
Service inquiry | Required | company name, user (name), phone no., email | Answer questions |
Marketing | Optional | name, email | Notifying promotional offers and events |
a. Creating and managing web accountsPersonal information is processed for the purpose of membership sign-up confirmation, identification and authentication of users regarding the service offered, membership management and maintenance, prevention of abuse, notifications, grievance handling, and record-keeping for dispute resolution.
b. Complaint handlingPersonal information is processed for the purpose of identification of persons who raised complaints, and fact finding and investigation as well as notification of results.
c. Product or service offeringPersonal information is processed for the purpose of providing services, contents, and customized services.
d. Marketing and advertisementPersonal information is processed for the purpose of providing marketing information, opportunities to participate in marketing events, and collect statistical data including frequency of access and service usage.
3. Processing and retention of personal informationKICA destroys personal information immediately once the purposes for its collection and use have been fulfilled.
a. In general: 90 days after the date of membership termination - Personal information is destroyed 90 days after the date of collection to prevent abuse.
b. Required by laws: destroying personal information of users who have not used the service for at least 1 year - The users are notified 30 days in advance.
c. Retention under applicable laws- e-Commerce Consumer Protection Act
Contract or subscription-related information: retained for 5 years
Payment and product supply-related information: retained for 5 years
Consumer complaint or dispute resolution related information: retained for 3 years
- Electronic Financial Transactions Ac
Electronic financial transactions related information: retained for 5 years
- Communication Privacy Act
Login information: 3 months
※ If required by law, personal information is stored in a separate database or table that is secure from external access.
Personal information stored in files is permanently deleted in such a way that cannot recovered while other media including records, hardcopies and documents are destroyed beyond recovery.
(1) What is a cookie?① KICA uses cookies that store and retrieve customer’s information to provide personalized and customized services.
② A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
When the user visits the website, the server uses the cookie to maintain the settings and provide customized services.
③ Cookies do not collect personally identifiable information automatically or actively, and the user can refuse the storage of cookies or delete them at any time.
(2) Purpose of using cookiesCookies are used to provide optimized and personalized services to the user by maintaining login status, changing username, keeping record of page access history, consent of minor’s legal guardian, and shipping information of products.
(3) Installation/operation of cookies and their refusal① The user can choose whether to install cookies or not. The user can set an option in their web browser to allow all cookies, check each time a cookie is stored, or disable it. However, if a cookie is disabled, certain services may not be available to use.
② Cookies can be enabled or disabled on a browser (Internet Explorer) as follows
- [Tools] > [Internet Options] > Privacy > [Settings]
Service provider | Service | Period of retention and use |
---|---|---|
Daou Data Co., Ltd. | Service fee payment | Affiliation period |
NICE Information Service | Mobile phone identification | Affiliation period |
KTNET | E-revenue stamp attachment | Affiliation period |
KICA does not disclose or leak personal information to a third party without the consent of its owner.
However, if required by government agencies or the Information and Communication Ethics Committee, or for investigation or payment settlement under the applicable laws,
information may be provided without consent in such a way that the individual cannot be identified.
KICA protects the rights of users as follows
a. The users may access or update their personal information or withdraw their consent in the following menu, in writing, by email or fax - Access/update: Login to signOK > Settings > My Settings > Basic Information
- Withdrawal of consent to collection/use: Login to signOK > Settings > My Settings > Basic Information > Close Account
b. The Company responds to the users’ request immediately and notifies them of the results.
c. The personal information that is subject to collection under other applicable laws cannot be deleted and the reason is notified.
8. Security measuresKICA takes the following security measures for the users’ personal information
(1) Establishment and implementation of internal control plansThe Company establishes and implements internal control plans under the “Standards of Personal Information Security Measures”.
(2) Minimum access to personal information and trainingThe Company ensures minimum access to personal information and conducts training on a regular basis.
(3) Restriction of access to personal informationThe Company controls access to personal information by granting, modifying and denying access to the database system that processes personal information, and controls unauthorized access using an intrusion blocking/prevention system.
(4) Keeping record of access and prevention of modificationThe Company keeps the record of access to the personal information processing system (weblog, summary etc.) for at least 6 months.
(5) Encryption of personal informationPersonal information is encrypted for storage and management. We also take additional security measures on important data such as encryption when storing and transferring it.
(6) Technical measures against hackingThe Company installs and updates security software on a regular basis to protect personal information from hacking and viruses,
and implements physical and technological protection and monitors systems to prevent unauthorized access.
(7) Controlling unauthorized accessThe Company keeps the personal information system that stores personal information in a physically secure location and establishes and implements access control procedures.
9. Revision of the Privacy PolicyThe users can view the contents of this Privacy Policy on the website. It is advisable to check it on a regular basis as it is subject to change under new laws and regulations, or for the purpose of improving the quality of service.
In this case, KICA announces such revisions on the website.
The users may resolve disputes or request consultation to the following agencies
Privacy Violation Report Center (http://privacy.kisa.or.kr / (without area code) 118)
Personal Information Dispute Mediation Committee (https://www.kopico.go.kr / (without area code)1833-6972)
Supreme Prosecutors' Office Cyber Crime Investigation Unit (http://www.spo.go.kr / 82-2-3480-3573)
Police Cyber Bureau (http://cyberbureau.police.go.kr / (without area code) 182)
If you have any questions or inquiries regarding personal information, please send an email to the following persons or department.
[Person in charge of protecting personal information]
Name: Gap-sang Kwon
Unit: Director of Certification Technology Center
Contact: 82-2-360-3027
Address: 5F, C, 242, Pangyo-ro, Bundang-gu, Seongnam-si, Gyeonggi (Pangyo Digital Center, Sampyeong-dong), 13487, Republic of Korea
Email: privacy@signgate.com
[Privacy Management Department]
Unit: Service Operation Team 1
Contact: 82-2-360-3027
Email: privacy@signgate.com
[Personal Information Access Request]
Unit: Service Sales Team
POC: Jae-hyeon Kwon, Team Manager
Contact: 82-2-360-3073
Email: jhkwon@signgate.com
KICA posts any change in the Privacy Policy on the website at least 7 days prior to such change.
Date of notice: June 20, 2019
Date of effect: June 27, 2019