The Article 1 (Purpose of Personal Information Management) 1. KINTEX manages personal information for following purpose. Management of personal information won’t be used for any purposes other than the following purposes and will take necessary measures such as obtaining separate consent, etc according to the Article 18 of Personal Information Protection Act in case the purpose of usage is altered.
2. KINTEX, the purpose of the personal information file management to be registered and disclosed in accordance with the Article 32 of the Personal Information Protection Act is specified as follows.
The Article 2 (Personal Information Management and Retention Period) KINTEX shall, in principle, manage the personal information of the owner of information within the scope specified for the purpose of collection and usage, and except for the following cases, will not manage beyond the scope of its original purpose or not provide to a third party without the prior consent of the owner of information.
1. KINTEX manages and retains personal information within the period of retaining or using personal information in accordance with the article and the Act or during the period of using personal information consented from owner of information when to collect personal information.
2. The management and retention period of each of personal information is specified as follows.
The Article 3 (Providing Personal Information to a Third Party) KINTEX shall, in principle, manage the personal information of the owner of information within the scope specified for the purpose of collection and usage, and except for the following cases, will not manage beyond the scope of its original purpose or not provide to a third party without the prior consent of the owner of information.
1. The case to obtain separate consent from owner of information
2. The case special articles are prescribed in the Act and the Articles.
3. As the case where owner of information or legal representative is unable to give the declaration of his/her consent or is unable to obtain prior consent due to unknown address, the case clearly admitted to be necessary for the benefit of owner of information or third party's imminent life, body, property
4. As the case necessary for statistical writing and academic research purposes, the case to provide personal information in a form that can’t identify a specific individual
5. As the case the personal information is used for intended purposes other than the purpose or if not provided to a third party, the duties stipulated by other Act cannot be performed, the case to pass through deliberation and resolution of the protection committee
6. The case to be necessary to provide to foreign governments or international organizations for performing treaties or other international agreements
7. The case to be necessary for investigating crimes, and filing and maintaining the prosecution
8. The case to be necessary to perform the court’s trial
9. The case to be necessary to execute punishment as well as custody, probation
The Article 4 (Entrustment of Personal Information Management) 1. KINTEX has entrusted personal information management as below for a seamless personal information management.
2. KINTEX has been storing the content of contract to clearly prescribe to comply with Personal Information Protection Act, to prohibit providing personal information to a third party as well as liability, etc when KINTEX sign on the entrustment contract, and will inform through the notice as well as Personal Information Protection Policy when the company is altered.
The Article 5 (Matters on Rights and Responsibilities of Owner of Information and Methods of the Usage) 1. The owner of information (the legal representative can exercise the right under 14 years of age) can exercise the right of personal information protection of following each subparagraph at any time.
- Request to access personal information
- If there is an error, request correction
- Request to delete
- Request to suspend management
2. The execution of right under Paragraph 1 may be made in writing, e-mail, or fax (FAX) after completing Attached Form 8 of the Enforcement Rules of the Personal Information Protection Act, and the institution will take measures without delay.
3. When owner of information has requested correction or deletion of personal information, it will not be use or provided that year personal information until the correction or deletion is completed.
4. The execution of right under Paragraph 1 may be done through the legal representative of owner of information or the agent, etc such as the person who has been delegated. In this case, he/she must submit a power of attorney according to Attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
5. The request of the personal information access and suspension of management of, the right of owner of information may be restricted by the Personal Information Protection Act Article 35 Paragraph 5, Article 37 Paragraph 2.
6. Requests for the correction and deletion of personal information cannot be requested to be deleted if the personal information is specified as to be collected object in the other Act and Articles.
7. We verify whether the person to request for access, correction, deletion, suspension, etc according to the owner of information’s right, is the person himself or a legitimate representative.
- Present identity card to identify yourself (identity card, driver's license, passport, etc.)
- In case of a representative, present your identity card and a power of attorney to identify your representative
- Request to delete
- [Personal Information Protection Act Enforcement Rules, Attachment No. 8] Requesting letter for Personal Information (Access, Correction, Deletion, Suspension of Management)
- [Enforcement Rules of Personal Information Protection Act Attachment 11] Power of Attorney
- Request to suspend management
- Request to suspend management
- Request to suspend management
8. Requests for access, correction, deletion, and suspension of personal information management will be processed in the following procedure.
The Article 6 (Procedures and Methods of Personal Information Destruction) 1. KINTEX will, in principle, destroy personal information without delay when the purpose of personal information management is achieved. However, when it is necessary to preserve it in accordance with other Acts, this is not the case. The procedures, deadlines and methods of destruction are specified as follows.
A. Destruction procedure
Unnecessary personal information and personal information files are managed under the responsibilities of personal information manager according to the internal policy procedure as follows.
- Destruction of personal information
Personal information that has passed the retention period will be destroyed without delay from the end date
- When the personal information file becomes unnecessary such as the purpose of personal information file management being achieved, abolition of service, or the end of the business, the personal information file is destroyed without delay from the date when personal information management is recognized as unnecessary.
B. How to destroy
1) Electronic forms of information use technological methods that cannot reproduce the records.
2) Personal information printed on paper is shredded by shredder or destroyed by incineration.
The Article 7 (Measures to Ensure the Safety of Personal Information) KINTEX, pursuant to Article 29 of the「Personal Information Protection Act」, takes the technical, administrative and physical measures necessary for ensuring safety as follows.
1. Minimization and training of personal information managers We have designated and minimized the person in charge of personal information management and implemented measures to manage personal information.
2. Controlled and restricted access to personal information We take necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that manages personal information, and also control unauthorized access from outside by using an intrusion prevention system.
3. Storing access records We have designated and minimized the person in charge of personal information management and implemented measures to manage personal information.
4. Encryption of personal information The user’s personal information is encrypted and stored and managed. In addition, important data use separate security function such as using to be encrypted, etc when to store and transmit.
5. Security program installation and periodic inspection · update KINTEX installs and is periodically updated and inspected a security program to prevent personal information from being divulged or damaged by hacking or computer viruses.
6. Access control to unauthorized persons The physical storage place of the personal information system that stored personal information is separately set up, and access control procedures are formulated and operated accordingly
The Article 8 (Personal Information Access Request) 1. The owner of information can request to access personal information pursuant to Personal Information Protection Act to the following department. KINTEX will endeavor to promptly handle owner of information’s request to access personal information.
The department of reception and handling of request to access personal information
Name of department: Exhibition team 2
Contact person: Sunwoo Lee, Assistant Manager
Contact point: Tel. 031-995-8209 / Email. email@example.com
The Article 9 (Matters on the Installation and Operation of Automatic Collection Device of Personal Information and Rejection thereof) KINTEX can use cookie which stores user’s information and detect them at any time (COOKIE, automatic collection device of personal information such as internet access information file, etc). A cookie, as a small amount of information that a server to be used to run an institution's website sends to a user's browser, is also stored on the user's computer's hard disk. When a user accesses a website, the institution’s computer can read the contents of the cookie on the user's browser and detect user’s additional information in your computer, and can provide the service without further input such as the name of the contact, and others. Cookies identify your computer but do not personally identify yourself. In addition, the user has the option of installing cookies. As a result, by that the user can install the options in the web browser, the user accept all cookies, or check each time when a cookie is saved, or refuse to save all cookies. However, when you refuse to install cookies, you might turn to be uncomfortable with using the web and to have difficulty in using some services that require login.
(Example of how to install) 1. Internet Explorer : Tools menu at the top of web browser ▷ Internet options ▷ Personal information ▷ Cookie blocking level installation
2. Chrome : Installation menu on the right side of Web browser ▷ Advanced installation display at the bottom of the screen ▷ Contents installing button of personal information ▷ Cookie blocking level installation