Korea Defense Industry Association(hereinafter referred to as the “KDIA”) has and releases the following management policies in compliance with the Personal Information Protection Act 30 in order to protect users’ personal information and interests, and to handle user complaints efficiently.
Article 1 (The Purpose of Managing Personal Information)
① KDIA manages personal information for the following purposes. The managed personal data shall not be used for any purpose other than the following and when the purpose is changed, KDIA will do required actions such as receiving separate agreement in accordance with Personal Information Protection Act 18.
1. Membership Registration and Management
Personal information shall be managed for the purpose of user authentication, personal identification, management of quality for membership, and delivery of notices, etc.
Article 2 (Items of Personal Information to be Managed) KDIA manages following items of personal informations.
① Processing items of K-offset Membership Registration and Management
· ID, company name(Korean · English), tel.(Office), fax number, company address(Korean · English), name(Korean · English), position(Korean · English), department(Korean · English), tel.(Mobile), e-mail address.
② Following items of personal informations can be collected and automatically created through use of K-offset service.
· IP address, service use history, visiting record.
③ When KDIA collects information other than above personal information, it should be managed after separate agreement regarding additional collection of personal information.
Article 3 (Period for which Personal Information is Managed and Held)
① KDIA processes and collects items of personal information within the period for which personal information is managed and held under the law or the period which has been agreed when the personal information is collected from the data subject.
② Each period for which personal information is managed and held is as follows.
1. K-offset Membership Registration and Management : Until the withdrawal of K-offset website. If it is applied to following reasons, however, the period may end until the reasons are terminated.
A. Under investigation about infringement of relevant law, the period may end until the investigation is completed.
B. If there is claim-obligation relationship according to use of K-offset website, until the relationship is settled up completely.
2. Authentication Information of Membership Registration in K-offset website. : Until the completion of identification.
3. Offset Information : Until the rejection of e-mail receiving from KDIA.
Article 4 (Personal Information Provided to Third Party)
① KDIA, without the prior consent of users, shall not manage the user’s personal information for any purpose In principle, other than intended ones, nor provide them to any third party: However, Following subparagraphs may be allowed.
1. Foreign companies that KDIA has approved registration of K-offset.
2. Where special provisions exist in law or it is inevitable to observe legal obligations;
3. Where it deems necessary explicitly for the protection, from impending danger, of life, body or economic profits of a data subject or a third party in case that the data subject or his/her legal representative is not in a position to express intention, or prior consent cannot be obtained owing to unknown addresses.
4. Where personal information is provided in a manner keeping a specific individual unidentifiable necessarily for the purposes of statistics and academic research, etc.
Article 5 (Entrustment of Personal Information Management)
① For the smooth processing of personal information, KDIA is outsourcing personal information processing as follows.
1. Outsourcee : Jener System
2. Outsourced work : Maintenance of website
3. Period for which Personal Information is Managed and Held : Until the termination of outsourcing contract. (2020. 03)
② Signing up the outsourcing contact, pursuant to Article 26 of Personal Inforamtion Protection Act, KDIA specifies the responsibilities such as prevention of personal information processing for other purposes than the outsourced purpose, technical and managerial safeguards, limitation to outsourcing of outsourcees, control and supervision of outsourcees in the contract documents and supervises whether outsourcees are managing the personal information safely.
Article 6 (The Rights and Responsibilities of the Subject of Information and Methods of Exercising Rights)
① A subject of information may exercise the following rights of personal information protection at any time towards KDIA.
1. To make a request for inspection of his/her personal information
2. To make a request for correction of errors, if necessary
3. To make a request for deletion
4. To make a request for suspension of management
② The exercise of the rights pursuant to Clause 1 shall be implemented through submitting a hand-written document by attached document file, sending an e-mail or a fax, etc. Then KDIA shall take necessary measures immediately.
③ When the subject of information makes a request for either correction or deletion of errors of personal information, KDIA shall not use or provide the corresponding personal information until the correction or deletion process is completed.
④ The exercise of the rights pursuant to Clause 1 shall be conducted by his/her legal representative of the subject of information or a person who holds a delegation of authority. Provided, however that it is necessary to submit a power of attorney by attached document file.
⑤ Data subject shall not infringe himself/herself who are processed by KDIA or others’ personal information or privacy through violation of personal information protection act or other related statutes.
Article 7 (Destruction of Personal information)
① In principle, KDIA shall destroy the personal information immediately when retention period is terminated or management purpose of personal information is achieved.
② Where the retention of such personal information is mandatory by other statutes nevertheless period of the personal information which is agreed by data subject is expired or attainment of the purpose of processing the personal information, the personal information files shall be stored and managed separately from other personal information.
③ Methods, procedures and periods of destroying personal information are as follows.
1. Destruction Procedure
KDIA selects the personal information that reason of destruction occurs and destroys it with acceptance of KDIA’s personal information protection officer.
2. Destruction Method
A. Personal information printed on paper shall be shred or incinerated.
B. Electronic file form of information shall be permanently deleted beyond recoverability through technical.
Article 8 (Measures to Ensure Safety of Personal Information)
KDIA takes security measures for securing safety of personal informations.
1. Management measures : Minimizing the numbers of managing employees of personal information and educating them.
2. Technical measures : Limited access to personal information processing system, installation of limited control system, and encryption of personal information.
3. Physical measures : Access control to data processing department
Article 9 (Personal Information Protection Officer)
① KDIA appoints personal information protection officers as described below who are in charge of the personal information management to help deal with complaints from the subjects of information and remedy against injury.
Chief personal information protection officer
Name : Tae-hwa JEONG
Department : Planning and Management Division
Tel.(Office) : 02-3270-6021
Position : Managing Director
E-Mail : firstname.lastname@example.org
Personal information protection officer
Name : Sang-Jun LEE
Department : Security Team
Tel.(Office) : 02-3270-6016
Positon : Manager
E-mail : email@example.com
② Data subject may ask for protection of personal information that occurs during use of K-offset service, complaints from the subjects of information and remedy against injury to personal information protection officer or department. KDIA will reply and processes inquiries from data subject immediately.
Article 10 (Claim for access of personal information)
Data subject may request an access of personal information in accordance with Article 35 of the Korean Personal Information Protection Act to person in charge below. KDIA will make an effort that data subject’s claim for access of personal information is to be processed quickly.
Person in charge of reception and processing claim for access of personal information.
Name : Ji-young LEE
Department : Export Support Team
Tel.(Office) : 02-3270-6083
Position : Manager
E-mail : firstname.lastname@example.org
Name : Jaekyung KIM
Department : Export Support Team
Tel.(Office) : 02-3270-6084
Position : Staff
E-mail : email@example.com
Article 11 (Governing Law)
You shall agree that all matters relating to your access to or use of the Service, including all disputes, will be governed by Korean laws therein without regard to its conflicts of laws provisions.
Article 12 (Remedies for Rights and Interests Infringement )
A. Data subjects may inquire the remedy and consultation for the infringement of personal information to the following institutions.
< Following institutions are seperate entities different than KDIA. Please contact following institutions where complaints handling and the result of remedies for the infringement that KDIA offers are not satisfied or need to receive additional support. >
▶ Privacy Call Center (under the Korea Internet & Security Agency):
Responsibilities : report against the infringement of personal information, and consultation request
Website : http://privacy.kisa.or.kr
Telephone number : 118 (without area code)
Address : Privacy Call Center, Korea Internet & Security Agency, 135, Jungdae-ro, Songpa-gu, Seoul, Republic of Korea
▶ Personal Information Dispute Mediation Committee
Responsibilities : Application for personal information dispute mediation, collective dispute mediation (settlements in civil cases)
Website : https://www.kopico.go.kr
Telephone number : 118 (without area code)
Address : Personal Information Dispute Mediation Committee, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea
▶ Cybercrime Investigation Division, Supreme Prosecutors’ Office :
02-3480-4555 ( www.spo.go.kr )
▶ Cybercrime Investigation Division, National Police Agency :
1566-0112 ( www.netan.go.kr )
Article 13 (The Changes of Personal Information Policy)
Enforcement date of this policy is 11th. Sep. 2018.