Invest KOREA

1. Purpose of Collection and Use of Personal Information

• ① KOTRA collects the minimum personal information to provide services, handle complaints and manage business affairs.
• ② Personal information collected by KOTRA will be used on customer satisfaction evaluation and statistical analyses to provide better services and secure communication route for customers.

2. Period of Maintaining Collected Personal Information

• ① You need to register on the Invest KOREA website if you want to post any content on the website or receive periodic newsletters. Invest KOREA collects the following personal information upon approval by its members.
  • Essential Items to be entered : ID, password, name(Korean or English), business, company name, title, address, country, ZIP code, telephone number, e-mail address
  • Optional items to be entered : Fax number
• ② Personal information collected when registering on the KOTRA website shall be retained until a member deletes his/her account. However, such information can be retained after the member deleted his/her account in compliance with relevant laws. Personal information collected by KOTRA by other means shall be treated and retained for a certain period of time that is determined separately.

3. Provision of Personal Information to Third Parties

• >here KOTRA has obtained the consent of a subject of information Where special provisions exist in any other Act
• Where it is deemed obviously necessary for physical safety and property interests of a subject of information or a third person when the subject of information or his/her legal representative cannot give prior consent as he/she is unable to express his/her intention or by reason of his/her unidentified address, etc.
• Where personal information is necessary for compiling statistics, or scientific research purposes, etc., and the personal information is provided in a form by which a specific individual cannot be identified
• Where using personal information for any purpose other than the intended purpose or a failure to provide a third person with such information makes it impossible to perform affairs provided for in any other Act, and this has undergone deliberation and resolution by the Protection Committee
• Where it is necessary for providing a foreign government or international organization with personal information in order to implement a treaty or any other international agreement
• Where it is necessary for investigating a crime, and instituting and sustaining a public prosecution
• Where it is necessary for a court to perform its judicial affairs
• Where it is necessary for executing a punishment, care and custody or protective disposition

4. Entrustment of Personal Information Management

• ① A subject of information has the following rights in connection with the management of his/her personal information.
  A right to request an inspection of his/her personal information: A subject of information may request an inspection of his/her personal information in compliance with Article 35 of the Personal Information Protection Act. However, in any of the following cases, such request can be rejected as provided by Acts.
  • 1) Where an inspection is prohibited or restricted by Acts
  • 2) Where it is apprehended that any third person’s life and body may be harmed, or any third person’s property and other interests may be infringed on
  • 3) Where a public institution causes any inconvenience while carrying out any of the following affairs;
    • (i) Affairs concerning the imposition, collection or refund of taxes
    • (ii) Affairs concerning tests of academic ability, functions and employment, and qualification evaluation
    • (iii) Affairs concerning an assessment or decision in progress in connection with the calculation, etc. of compensation or benefits
    • (iv) Affairs concerning an audit and an investigation in progress under other Acts.
  Correction or deletion of personal information: A subject of information may request to correct or delete his/her personal information in compliance with Article 36 of the Personal Information Protection Act. However, if other Acts stipulates the particular personal information be collected, the subject of information shall not request the deletion thereof.
  Suspension from managing personal information: A subject of information may request to suspend managing his/her personal information in compliance with Act 37 of the Personal Information Protection Act. However, such request can be rejected in compliance with Article 37 (2) of the Personal Information Protection Act.
  • 1) Where there exists special provisions in any Act or it is inevitable to comply with statutory obligations
  • 2) Where it is apprehended that any third person’s life and body may be harmed, or any third person’s property and other interests may be infringed on
  • 3) Where a public institution is unable to carry out its affairs stipulated by or under other Acts unless it manages the personal information
  • 4) Where it is impractical to perform a contract, such as a failure to provide a subject of information with stipulated services unless the personal information manager manages the personal information, and the subject of information fails to clearly express his/her intention to terminate the contract
  Methods and Procedures of Inspection, Correction, Deletion and Suspension of Personal Information Management
  • 1) Procedures of inspection, correction, deletion and suspension of the personal information are as follows :
  • 2) Methods of exercising rights: A subject of information can apply for inspection, correction, deletion and suspension of his/her personal information on the Privacy Information Protectio n Portal (www.privacy.go.kr)
    • A subject of information can inspect his/her personal information by carrying out the following procedures: ▷ Access the Privacy Information Protection Portal (www.privacy.go.kr) ▷ Click on Personal Information Affairs ▷ Click on Request for Inspecting the Personal Information ▷ Type “Korea Trade-Investment Promotion Agency” in the personal information file.
      * [Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Request for Inspection, Correction, Deletion and Suspension of Personal Information
• ② A subject of information may exercise his/her rights in accordance with Article 38 (1) of the Personal Information Protection Act by submitting the document as provided by Annex 8 of the Enforcement Ordinance of the Personal Information Protection Act via mail, e-mail or fax, and KOTRA shall respond to the request without delay.
  * [Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Request for Inspection, Correction, Deletion and Suspension of Personal Information
• ③ If a subject of information request to correct or delete his/her personal information, KOTRA shall not use or provide the personal information of the subject of information until such correction or deletion is completed.
• ④ A subject of information may present his/her legal representative or agent to exercise his/her rights as provided by Article 38 (1) of the Personal Information Protection Act. In such case, the subject of information is required to submit the power of attorney as provided by Annex 11 of the Enforcement Ordinance of the Personal Information Protection Act.
  * [Annex 11. Enforcement Ordinance of the Personal Information Protection Act] Request for Inspection, Correction, Deletion and Suspension of Personal Information

5. Destruction of Personal Information

• 1. Procedure: After its management purpose is achieved, the personal information shall be destroyed without delay or be transferred and preserved for a specific period of time before it is destroyed pursuant to any other Act or subordinate statute.
• 2. Term and methods: When personal information becomes unnecessary as its holding period expires, its management purpose is achieved and by any other ground, such personal information shall be destroyed without delay. Electronic data shall be destroyed by using technical methods to make it impossible to restore such data. Paper documents that contain the personal information shall be shredded or incinerated.

6. Measures to Secure Safety of Personal Information

• 1. Minimum Number of Personal Information Management Personnel and Training
  KOTRA shall authorize the minimum number of personnel to manage the personal information and provide training and education for such personnel to manage the personal information with care.
• 2. Restricted Access to Personal Information
  KOTRA shall implement necessary measures such as empowerment, change and cancellation of access authorities to the personal information data systems in order to strictly restrict access to such personal information. KOTRA shall also operate firewall systems to deny any unauthorized external access.
• 3. Access Records Management
  ormation data system (weblog data, summarized information, etc.) for at least six months.
• 4. Personal Information Data Encryption
  KOTRA shall take measures, such as encryption, etc. which are necessary for securing safety of the personal information. For the data of importance, KOTRA implements special security measures such as encrypted data transfer and storage.
• 5. Installation and periodic updates of computer security programs
  KOTRA shall install and inspect computer security programs in order to prevent the personal information from loss, theft, leakage, alternation or corruption.
• 6. Physical Access Control Against Unauthorized Personnel
  KOTRA shall operate a separate physical storage facility for its personal information data systems, and set up and manage access control policies and procedures.
• 7. Establishment and Implement of Internal Control Plan
  KOTRA shall establish and implement an internal control plan to secure safety of the personal information.

7. Remedies for Infringement on Rights and Interests

8. Report of Privacy Infringement and KOTRA Privacy Protection Officer

9. Amendment to Personal Information Protection Policy

• 2012. 02. 01 ~ 2014. 03. 26 Guidelines