Privacy Policy

Korean Information Certificate Authority Inc. (hereinafter the “Company” or “KICA”) established the following Privacy Policy to protect the personal information, rights and interests of its users, and handles their complaints in accordance with the Act on Promotion of Information and Communication Network Utilization and Information Protection and the Personal Data Protection Act.

Ver 2019.06.27

Korean Information Certificate Authority Inc. (hereinafter the “Company” or “KICA”) established the following Privacy Policy to protect the personal information, rights and interests of its users, and handles their complaints in accordance with the Act on Promotion of Information and Communication Network Utilization and Information Protection and the Personal Data Protection Act.

1. Collection of personal informationKICA collects only the minimum amount of personal information to provider service with the consent of its users, and use it solely for the purposes for which it was provided.(1) Personal information items to be collected
Service Type Items to be collected Purpose of collection
Individual members and service Required name, email, password Create account, customer support, service offer
Optional photo, mobile phone no.
Corporate members Required company name, business reg. no., POC, phone no., email, password Identification for issuing signature certificates
Identification Required name, mobile phone no., date of birth, gender, CI (connection information)  
Charging for service Required [Mobile phone payment]
name, telecommunication service provider, mobile phone no., date of birth, gender, nationality,
code (payment information key), User ID
[Credit card payment]
name, credit card no., payment pass code
Purchase of service and payment
※Payment information is only stored by the payment service provider. We do not store or manage any such information.
Service inquiry Required company name, user (name), phone no., email Answer questions
Marketing Optional name, email Notifying promotional offers and events
(2) Method of collectionService website (including message boards)2. Purpose of processing personal information

a. Creating and managing web accountsPersonal information is processed for the purpose of membership sign-up confirmation, identification and authentication of users regarding the service offered, membership management and maintenance, prevention of abuse, notifications, grievance handling, and record-keeping for dispute resolution.

b. Complaint handlingPersonal information is processed for the purpose of identification of persons who raised complaints, and fact finding and investigation as well as notification of results.

c. Product or service offeringPersonal information is processed for the purpose of providing services, contents, and customized services.

d. Marketing and advertisementPersonal information is processed for the purpose of providing marketing information, opportunities to participate in marketing events, and collect statistical data including frequency of access and service usage.

3. Processing and retention of personal information

KICA destroys personal information immediately once the purposes for its collection and use have been fulfilled.

a. In general: 90 days after the date of membership termination - Personal information is destroyed 90 days after the date of collection to prevent abuse.

b. Required by laws: destroying personal information of users who have not used the service for at least 1 year - The users are notified 30 days in advance.

c. Retention under applicable laws- e-Commerce Consumer Protection Act
Contract or subscription-related information: retained for 5 years
Payment and product supply-related information: retained for 5 years
Consumer complaint or dispute resolution related information: retained for 3 years

- Electronic Financial Transactions Ac
Electronic financial transactions related information: retained for 5 years

- Communication Privacy Act
Login information: 3 months

※ If required by law, personal information is stored in a separate database or table that is secure from external access.
Personal information stored in files is permanently deleted in such a way that cannot recovered while other media including records, hardcopies and documents are destroyed beyond recovery.

4. Installation/operation of automatic personal information collecting device (cookie) and its refusal

(1) What is a cookie?① KICA uses cookies that store and retrieve customer’s information to provide personalized and customized services.
② A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
When the user visits the website, the server uses the cookie to maintain the settings and provide customized services.
③ Cookies do not collect personally identifiable information automatically or actively, and the user can refuse the storage of cookies or delete them at any time.

(2) Purpose of using cookiesCookies are used to provide optimized and personalized services to the user by maintaining login status, changing username, keeping record of page access history, consent of minor’s legal guardian, and shipping information of products.

(3) Installation/operation of cookies and their refusal① The user can choose whether to install cookies or not. The user can set an option in their web browser to allow all cookies, check each time a cookie is stored, or disable it. However, if a cookie is disabled, certain services may not be available to use.
② Cookies can be enabled or disabled on a browser (Internet Explorer) as follows
- [Tools] > [Internet Options] > Privacy > [Settings]

5. Outsourcing the processing of personal information
Service provider Service Period of retention and use
Daou Data Co., Ltd. Service fee payment Affiliation period
NICE Information Service Mobile phone identification Affiliation period
KTNET E-revenue stamp attachment Affiliation period
6. Disclosure of personal information to third party

KICA does not disclose or leak personal information to a third party without the consent of its owner.
However, if required by government agencies or the Information and Communication Ethics Committee, or for investigation or payment settlement under the applicable laws,
information may be provided without consent in such a way that the individual cannot be identified.

7. Rights of the user and its legal representative, and how to exercise them

KICA protects the rights of users as follows

a. The users may access or update their personal information or withdraw their consent in the following menu, in writing, by email or fax - Access/update: Login to signOK > Settings > My Settings > Basic Information
- Withdrawal of consent to collection/use: Login to signOK > Settings > My Settings > Basic Information > Close Account

b. The Company responds to the users’ request immediately and notifies them of the results.

c. The personal information that is subject to collection under other applicable laws cannot be deleted and the reason is notified.

8. Security measures

KICA takes the following security measures for the users’ personal information

(1) Establishment and implementation of internal control plansThe Company establishes and implements internal control plans under the “Standards of Personal Information Security Measures”.

(2) Minimum access to personal information and trainingThe Company ensures minimum access to personal information and conducts training on a regular basis.

(3) Restriction of access to personal informationThe Company controls access to personal information by granting, modifying and denying access to the database system that processes personal information, and controls unauthorized access using an intrusion blocking/prevention system.

(4) Keeping record of access and prevention of modificationThe Company keeps the record of access to the personal information processing system (weblog, summary etc.) for at least 6 months.

(5) Encryption of personal informationPersonal information is encrypted for storage and management. We also take additional security measures on important data such as encryption when storing and transferring it.

(6) Technical measures against hackingThe Company installs and updates security software on a regular basis to protect personal information from hacking and viruses,
and implements physical and technological protection and monitors systems to prevent unauthorized access.

(7) Controlling unauthorized accessThe Company keeps the personal information system that stores personal information in a physically secure location and establishes and implements access control procedures.

9. Revision of the Privacy Policy

The users can view the contents of this Privacy Policy on the website. It is advisable to check it on a regular basis as it is subject to change under new laws and regulations, or for the purpose of improving the quality of service.
In this case, KICA announces such revisions on the website.

10. Reporting violations of rights

The users may resolve disputes or request consultation to the following agencies
Privacy Violation Report Center ( / (without area code) 118)
Personal Information Dispute Mediation Committee ( / (without area code)1833-6972)
Supreme Prosecutors' Office Cyber Crime Investigation Unit ( / 82-2-3480-3573)
Police Cyber Bureau ( / (without area code) 182)

11. Person in charge

If you have any questions or inquiries regarding personal information, please send an email to the following persons or department.

[Person in charge of protecting personal information]
Name: Gap-sang Kwon
Unit: Director of Certification Technology Center
Contact: 82-2-360-3027
Address: 5F, C, 242, Pangyo-ro, Bundang-gu, Seongnam-si, Gyeonggi (Pangyo Digital Center, Sampyeong-dong), 13487, Republic of Korea

[Privacy Management Department]
Unit: Service Operation Team 1
Contact: 82-2-360-3027

[Personal Information Access Request]
Unit: Service Sales Team
POC: Jae-hyeon Kwon, Team Manager
Contact: 82-2-360-3073

12. Notice obligation

KICA posts any change in the Privacy Policy on the website at least 7 days prior to such change.

Date of notice: June 20, 2019
Date of effect: June 27, 2019