Privacy Statements
PRIVACY POLICY
Table of Contents
Article 2 Processing Period and Retention Period of Personal Information Article 3 Personal Information Trustee Article 4 Rights of Data Subjects and Matters on Method to Exercise such Rights Article 5 Items of Personal Information Processed Article 6 Procedure and Method of Personal Information Destruction Article 7 Measures to Secure the Safety of Personal Information Article 8 Personal Information Protection Manager / DPO Article 9 Particulars Concerning Cross-Border Transfer of Personal Information Article 10 Remedy for Infringement of Rights and Interests Article 11 Particulars Concerning Installation, Operation and Rejection of Devices Automatically Collecting Personal Information Article 12 Amendment |
<Recitals>
All personal information KOTRA deals with are collected, stored and processed pursuant to applicable laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Act on the Regulation of Terms and Conditions, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
In accordance with the provisions set out under the above-mentioned applicable laws and regulations, KOTRA protects the rights of data subject, including, without limitation, right to be informed, right of access by the data subject, right to rectification, right to be forgotten, right to restriction of processing, right to data portability, and right to object.
KOTRA shall establish and disclose the Privacy Policy pursuant to Article 30 (5) of GDPR, Article 30 of the Personal Information Protection Act, and Article 27-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and designate the Data Protection Officer (DPO) pursuant to Article 37 (1) of GDPR and the Privacy Officer pursuant to Article 31 of the Personal Information Protection Act and Article 27 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. |
Article 1 Purpose of Personal Information Processing
KOTRA collects personal information to the extent they are necessary for purposes such as providing services and dealing with complaints.
KOTRA’s purpose for processing personal information is as follows:
No. |
Name of Personal Information File |
Grounds for Operation |
Processing Purpose |
1 |
Information of Business Participant (Domestic Member) |
Consent from data subject |
Membership subscription, provision of services (posting product information, consultation, inquiries on export assistance) and providing the necessary customer assistance |
2 |
Information of Business Participant (Overseas Member) |
Consent from data subject [Article 6.1.(a) of GDPR] |
Membership subscription, provision of services (inquiry on product information and consultation) and providing the necessary customer assistance |
Article 2 Processing Period and Retention Period of Personal Information
KOTRA shall process and retain personal information within the retention and use period, which has been consented to at the time personal information was collected from the data subject, to the extent it is permitted under applicable laws and regulations.
Processing period and retention period of personal information are as follows:
No. |
Name of Personal Information File |
Grounds for Operation |
Retention Period |
Legal Grounds |
1 |
Information of Business Participant (Domestic Member) |
Consent from data subject |
5 years |
The Korean Standard Personal Information Protection Guidelines Schedule 1 (Personal information file that is subject to civil/criminal or administrative liability or statute of limitation for a period of at least three (3) years but less than five (5) years, or having continuous value as evidential material under applicable laws and regulations) |
2 |
Information of Business Participant (Overseas Member) |
Consent from data subject |
|
Article 3 Personal Information Outsourcee
KOTRA outsources the task of processing of personal information to the following outsourcee for smooth processing of personal information:
No. |
Outsourced Task |
Name of Outsourcee |
1 |
Operation and maintenance of website |
FORBIZKOREA Co., Ltd. |
KOTRA sets out clear terms on the compliance with laws and regulations concerning matters, such as personal information protection, prohibition on providing personal information to third parties, responsibilities and obligations, etc. when executing entrustment contracts as well as keeps such contracts on file. In the event there is a change of the trustee, KOTRA shall notify the data subjects of such change by way of public notice and this Privacy Policy.
Article 4 Rights of Data Subjects and Method to Exercise Rights
A data subject may exercise any of the following rights at any times:
Right to be informed about processing of personal information: The data subject may request KOTRA to provide information KOTRA has obtained pursuant to Article 13 of GDPR (or, in the case of domestic members, pursuant to Article 22 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.) when personal information was collected from the data subject.
Right to access: The data subject may request for access to information concerning the status on processing of the data subject’s personal information pursuant to Article 15 of GDPR (or, in the case of domestic members, pursuant to Article 30 (2) of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.).
Right to rectification: The data subject may request KOTRA to rectify any inaccurate personal information concerning him or her without undue delay.
Right to be forgotten (right to erasure): The data subject may request KOTRA to erase personal information concerning him or her without undue delay, if any of the requirements under Article 17 GDPR is satisfied. However, if personal information collected by KOTRA are information that are essentially needed to provide services to the data subject, the data subject’s right may be limited, and in such case, KOTRA shall explain the relevant reason thereof to the data subject.
Right to restriction of processing: The data subject may request for restriction of procession if any of the requirements under Article 18 of GDPR is satisfied.
Right to data portability: The data subject has the right to receive his/her personal information or to transmit such data to another controller, if the requirements under Article 20 of GDPR are satisfied.
Right to object: The data subject has the right to object to the processing of personal information concerning him or her, if the requirements under Article 21 of GDPR are satisfied.
KOTRA shall not apply personal information of the data subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly has significant effect on him or her.
When receiving a request under Paragraph (1) above, KOTRA shall, without undue delay, provide the data subject information concerning the measures carried in accordance with the request. However, the period to provide such information may be extended by two (2) months, in consideration of the complexity of the request and the number of times the request has been made. KOTRA shall inform the data subject about the extension of period and grounds for delay within one (1) month after the request has been filed.
KOTRA may check whether the person making the request under Paragraph (1) is the data subject himself or herself, or the authorized representative of the data subject.
In the event KOTRA fails to carry out measures in response to any request under Paragraph (1), KOTRA shall notify the data subject about the delay, reason for failing to carry out measures within one (1) month after the request was filed and on how the data subject can file a complaint with the supervisory agency and receive judiciary relief.
Except for instances where the request under Paragraph (1) is clearly groundless or excessive, KOTRA shall not charge any fee concerning such requests.
Article 5 Items of Personal Information Processed
KOTRA processes the following items of personal information:
No. |
Name of Personal Information File |
Items of Personal Information |
1 |
Information of Business Participant (Domestic Member) |
Required: Account name, password, information of person in charge (name, address, mobile phone number, email address), CI, DI
Optional: Name (English), office contact information, others (position, team name, fax number) |
2 |
Information of Business Participant (Overseas Member) |
Required: Account name, password, name of country, name, address, office address, telephone number (mobile phone number, office number), email address |
Cookie information, IP address, service usage records, connection logs, etc. may be created automatically and collected in accordance with Article 11 of this Privacy Policy in the process of using the service.
Article 6 Procedure and Method of Personal Information Destruction
In principle, KOTRA destroys personal information without delay once the purpose for processing personal information is achieved. However, personal information is not destroyed if they need to be preserved under other laws.
The procedure, period and method of destruction are as follows:
Destruction procedure
Destruction of personal information
Personal information of which their retention period has been expired is destroyed without delay.
Destruction of personal information files
If personal information files are no longer needed due to achieving the purpose for processing such personal information files, revocation of relevant service, or end of business, such personal information files are destroyed without delay from the day personal information are acknowledged no longer necessary to be processed.
Method of Destruction
Information in electronic format is destroyed by using a technique that does not allow reproduction of such records.
Information printed on paper is destroyed by using a shredder or by way of incineration.
Article 7 Measures to Secure the Safety of Personal Information
KOTRA takes the following technical, managerial and physical measures necessary to secure safety of personal information pursuant to Article 29 of the Personal Information Protection Act and the Standards of Safety Measures for Personal Information (Ministry of Interior and Safety Notification No. 2019-47):
Minimization of officers responsible for personal information handling, and educationKOTRA implements measures to manage personal information by designating and minimizing officers in charge of personal information handling.
Restriction to access to personal information
KOTRA takes measures necessary to restrict access to personal information through the grant, change and cancellation of authorization to have access to the database system which is designed to process personal information, and controls unauthorized access by utilizing firewall systems.
Storage of access recordsKOTRA stores and manages access records of the personal information processing system (e.g., web logs, summaries, etc.) for at least six (6) months.
Personal information encryptionUsers’ personal information is encrypted for storage and management. Further, KOTRA utilizes additional security features such as encrypting important data for storage and transmission.
Installation and periodical monitoring and update of security programsKOTRA installs security programs and updates and monitors them on a periodic basis in order to prevent personal information from being disclosed and damaged by hacking or computer viruses.
Restriction to unauthorized persons’ access to premisesKOTRA installs a physical separate storage place for the personal information system in which personal information is stored, and develops and operates a procedure to restrict access to such places.
Article 8 Personal Information Protection Manager / DPO
KOTRA designates the Data Protection Officer (DPO) and officers in charge of the protection of personal information by area in order to protect personal information and to deal with personal information related complaints as follows:
Title |
Department |
Name |
Contact information |
Data Protection Officer (DPO) |
Trade Foundation Division |
Ryu Jae-Won, Director |
Tel.: + 82-2-3460-7400 |
Manager in charge of personal information protection |
Digital Innovation Office |
Jeon Chun-Wu, Manager |
Tel.: + 82-2-3460-7094 |
Officer in charge of personal information protection |
Information Security Team |
Cho Eun-Jin, Manager |
Tel.: + 82-2-3460-7175 Fax: +82-2-3460-7918 Email: eunjin@kotra.or.kr |
Officer in charge of personal information protection by area |
Big Data Team |
Cho Han Ha-Na |
Tel.: + 82-2-3460-7459 Email: onlyone@kotra.or.kr |
Article 9 Particulars Concerning Cross-Border Transfer of Personal Information
KOTRA may transfer personal information on its overseas members to officers serving for KOTRA in the host country of such members in order to provide services set forth in this Privacy Policy or the Terms and Conditions of Homepage Use.
In this case, personal information shall be transferred only for the purpose of assisting consultation with such overseas members about the exportation of goods, and KOTRA will endeavor to store and transmit personal information on data subjects in a secure manner.
Article 10 Remedy for Infringement of Rights and Interests
A data subject may make an inquiry to the following organizations as for remedy against damage and consultation about the infringement of personal information.
<The following organizations are organizations irrelevant to KOTRA. When you are not satisfied with KOTRA’s dealing with complaints and remedy provided for damage caused in relation to personal information or if you need more help, please consult with the following organizations.>
▶ Personal Information Infringement Report Center (operated by KISA)
- Services: Acceptance of personal information infringement reports and consultation
- URL: privacy.kisa.or.kr
- Telephone: 118
- Address: Personal Information Infringement Report Center, 3rd Floor (301-2 Bitgaram-dong) 9 Jinheung-gil, Naju-si, Jeollanam-do
▶ Personal Information Dispute Mediation Committee
- Services: Acceptance of applications for mediation of disputes about personal information and mediation of class disputes (through civil resolution)
- URL: www.kopico.go.kr
- Telephone: 1833-6972
- Address: Personal Information Dispute Mediation Committee, 4th Floor, Seoul Government Complex, 209 Sejongdae-ro, Jongro-gu, Seoul, 03171 Korea
▶ Cyber Investigation Office of the Supreme Prosecutors’ Office: 1301 (www.spo.go.kr, cid@spo.go.kr)
▶ Cyber Security Bureau of the Nation Police Agency: 182 (cyberbureau.police.go.kr)
In addition, a person of which rights or interests are infringed by a decision or omission made or committed by a head of a public agency with regard to a data subject’s request for access to, correction and deletion of personal information and the suspension of personal information processing is entitled to filing for an administrative trial in accordance with the Administrative Appeals Act.
- URL: www.simpan.go.kr
- Telephone: 110
- Address: Central Administrative Appeal Committee, 7-2dong, Sejoing Government Complex, 20 Doum5-ro, Sejong Metropolitan Autonomous City, 30102 Korea
Article 11 Particulars Concerning Installation, Operation and Rejection of Devices Automatically Collecting Personal Information
KOTRA may use cookies that are designed to store and search information on users from time to time. Cookies are a small amount of information sent to a user's browser by the server used to operate an entity’s website, and are also stored on the hard disk of the user's computer. When the user accesses the website, the entity’s computer can read the contents of the cookies in the user's browser, find the user's additional information in the computer, and provide the service without additional input of information such as the user’s name. KOTRA collects cookies to prepare statistics based on the user's specific page visit records and the number of visitors. KOTRA separately obtains prior consent from the users regarding the cookie collection. Cookies identify the user’s computer, but do not personally identify the user. In addition, the user has a right to opt in or out of cookies. Therefore, the user can choose to refuse to collect cookies in the cookie collection consent pop-up window. The user may allow all cookies by setting options in the web browser, check whenever a cookie is stored, or refuse to store all cookies. However, if the user opts out of cookies, the use of the website becomes inconvenient and the user may have difficulty in using some services that require log-in.
▶ Examples
1. If the user uses Internet Explorer,
- Click the menus in the following order: the tool bar on the top of the web browser ▷ Internet option ▷ Personal information ▷ Cookie blocking level setting
2. If the user uses Chrome,
- Click the menus in the following order: the setting menu on the right top of the web browser ▷ Advanced setting on the bottom of the display ▷ Personal information contents setting ▷ Cookie blocking level setting
Article 12 Amendment
KOTRA will publicly notify the users of the reasons and contents of changes in this Privacy Policy on the website or via email, if necessary, when this Privacy Policy is subject to addition, deletion or modification due to the enactment of or amendment to legislation, or changes in government guidelines or KOTRA’s internal policies.
Additional Clauses
This Policy shall be implemented from June 22, 2020.