PRIVACY POLICY (Korea Basel Forum)

Korea Basel Forum (hereinafter referred to as “CORPORATION”) will comply with the privacy laws/regulations that must be followed by IT & Communication service providers, such as the PERSONAL INFORMATION PROTECTION, ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC (hereinafter referred to as ‘INFORMATION AND COMMUNICATIONS ACT’) and other domestic regulations related to the protection of personal information. We will always do our best to protect the rights and interests of our users by setting a strict privacy policy according to the relevant laws & regulations.

The meaning of terms that are used in this PRIVACY POLICY shall be in accordance with the relevant statutes and the CORPORATION’s TERMS OF SERVICE. Other matters that are NOT prescribed within the documents above shall be in accordance with general commercial practices.

1. Types of Personal Information Collected + Methods Used for Collecting Personal Information

2. Purpose of the Collection & Usage of Personal Information

3. Provision & Consignment of Personal Information

4. Retention & Usage Period of Personal Information

5. Destruction & Deletion of Personal Information

6. Rights of the Users

7. Operation of ‘Cookies’

8. Rights & Obligations of Users

9. Technical/Administrative Measures Used for Protecting Personal Information

10. Contact Information of the Person in Charge of Personal Information Protection

11. Other

12. Duty of Disclosure

 
1. Types of Personal Information Collected + Methods Used for Collecting Personal Information

A. Collected Personal Information (Items)

Whenever a user decides to sign up to our service, the corporation shall collect various types of personal information necessary for providing the service to the user.

1) When signing up via e-mail, types of personal information such as ‘E-mail Address’, ‘Password’, and ‘Mobile Phone No.’ shall be collected. (NECESSARY)

2) When signing up via an external service, ‘account-related Information & information that are agreed to be provided by the user’ (provided from the external service) and ‘Mobile Phone No.’ shall be collected. (NECESSARY)

3) When registering as a member after signing up, information that can be found in the business card, such as ‘Business Card Image’, ‘Name’, ‘Mobile Phone No.’, ‘E-mail Address & Information (Company Name, Position, Office Address, Company Phone No.)’ etc., and information that the user has directly registered, information related to the relationship between the user and other members/contacts, profile photo information, etc., shall be collected. (OPTIONAL)

4) Types of information such as ‘Name’, ‘E-mail Address’, ‘Phone No.’ shall be collected when the user makes an inquiry (or consults) through our customer center. (OPTIONAL)

5) Environmental information (i.e., OS version, terminal information, etc.) and information that are generated during the usage process (i.e., usage type & frequency, etc.) shall be collected while the user uses our service.

6) When using a paid service, the user’s mobile phone number and account information (bank name, name of account holder, account number) and shall be collected depending on the payment method selected by the user.

7) Types of information such as ‘IP Address’, ‘Cookies’, ‘Device Information’, ‘Date of Access/Visit’, ‘Service Usage History (Log)’, ‘Fraudulent Use History (Log)’, etc., shall be generated and collected.

8) Collection of additional personal information may occur when a user applies to an event or a prize. When this occurs, we will inform the user at the time of generation/collection of personal information about the ‘items of personal information collected, purpose of collection & usage of personal information, retention & usage period of personal information’ to receive his/her approval.
B. Methods Used for the Collection of Personal Information

The corporation collects the users’ personal information using the following methods:

1) If a user directly enters their personal information (which they have agreed to allow the corporation to collect) during the sign-up & service usage process, that information shall be collected.

2) When a user log-in to our service via external services/platforms such as Google, Apple, Facebook, KakaoTalk, etc., we will collect the personal information from that external service/platform AFTER receiving approval from the user. 

3) Personal information of the user (i.e., name, e-mail, phone number, etc.) can be collected when the user consults at our customer center.

4) Generated information such as device information, etc., can be automatically generated and collected when the user attempts to use our service via PC web and mobile web/app.

5) Personal information may be provided by an external company/organization that are affiliated with the company. In such cases, such information shall be provided to the company after obtaining consent from the user on the provision of their personal information. (PERSONAL INFORMATION PROTECTION ACT)

2. Purpose of the Collection & Usage of Personal Information

The company shall use personal information of the users only for member management, service provision, development & improvement of services (including PC Web, Mobile App/Web).

1) The user’s personal information shall be used to check the user’s willingness of subscription according to service use, member identification, secure smooth paths for communication, introduce new information & deliver notifications, make service visits, and analyze usage records/history, etc.

2) The user’s personal information shall be used to provide services for members that allows them to register & manage business cards and contact information.

3) The business card & contact information registered by the users shall be used for the provision of a contact/network management service based on member information.

4) The business card & contact information registered by the users shall be used for the provision of a customized service that focuses on the formation of a relationship/network through detailed analysis of personal interests and personal connections between members.

5) The user’s personal information shall be used to provide services, discover new services, and improve existing services.

6) The user’s personal information shall be used for making payments based on the provision of paid services, delivery of goods & services, etc.

7) The user’s personal information shall be used for the provision of customized services (and ad campaigns) based on a detailed analysis of service usage history, access frequency, etc.

8) In addition to the provision of services (including ad campaigns), the user’s personal information shall also be used for discovering new service elements (i.e. demographic analysis, provision of customized services, etc.) and improving existing services.

9) The user’s personal information shall be used to protect our members while maintaining a normal operation of services by preventing fraudulent/abnormal use of the service (i.e., banning users who violates relevant statutes/laws or the Terms of Service, preventing acts that interfere with the smooth operation of the service, etc.). It is also used for various purposes such as the prevention of account theft, delivery of major notices (i.e., revision of Terms of Services, revision of Privacy Policy, etc.) preservation of records for dispute settlement, handling of customer inquiries, etc.

10) The user’s personal information shall be used for marketing and promotion purposes such as sending event-related information, delivery of prizes, etc. 

3. Provision and Consignment of Personal Information

The company shall not provide the user’s personal information to third parties or external institutions without the prior consent of the user. Provided, if a member directly agreed to the provision of their personal information to third parties or any other external parties/institutions while using the service, the company shall provide their his/her personal information only when the company is in a situation where it is obliged to provide the user’s information under the relevant laws/statutes.

A. Provision of Personal Information to Third Parties

1) When the user has agreed in advance

2) When there is a special provision in the current law, or when there is a request from an investigative agency for investigation purposes, according to the procedures & methods prescribed in the current law

 
4. Retention & Usage Period of Personal Information

In principle, the company shall destroy the users’ personal information immediately whenever he/she decides to withdraw his/her membership

However, if the company has obtained separate consent from the user regarding the retention of his/her personal information, or if the current law/statute imposes an obligation to store the information for a certain period of time, the users’ personal information shall be kept safely during that period.

1) Retention of Personal Information according to Internal Policy

- Any records related to the fraudulent use of the service shall be kept for one (1) year to prevent future fraudulent use.

2) Retention of Personal Information under Relevant Statutes

- Records on the Signing/Withdrawal of Contracts/Subscriptions, etc.: 
5 Years (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records of Payment & Supply of Goods/Services/etc.: 
5 Years (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records on Visits (Website): 
3 Months (Protection of Communications Secrets Act)

 
5. Destruction & Deletion of Personal Information

When destroying the personal information of the users, we destroy it in a way that it cannot be restored. In addition, any types of information that are required to be preserved by the current laws/statutes are also destroyed in a way that it cannot be restored immediately after the expiration of the retention period.

In the case of information that are stored in the form of an electronic file, we destroy/delete them safely using a technical method that prevents the recovery & reproduction of such data. In the case of paper documents, we destroy them by using a shredder or an incinerator.

The company separately stores and manages the personal information of inactive users who have not used our service for at least 1 year. However, this does not apply if the validity period of the user’s personal information is set to ‘until the user withdraws from the service.

6. Rights of the Users

A. Users can view or modify their personal information at any time after logging in to the website by selecting the ‘My Business Card’ menu or the ‘Settings’ menu.

B. Users may withdraw his/her consent on the collection/usage of their personal information at any time

C. Whenever a user requests correction of an error in his/her personal information, his/her personal information shall not be used or provided until the correction process is completed. In addition, if the ‘wrong’ personal information is already provided to a third party or an external institution, the company shall notify the third party of the results of the correction process without any delay, making sure that the correction of the user’s personal information can be made without any issues.

 
7. Operation of Cookies

What is a Cookie? A ‘cookie’ is a special text file that is created & sent to the user’s storage device whenever he/she connects to the website. Cookies are sent in a form that can only be read from the website’s server and are stored in the lower directory of the browser used by each individual user. In cases where ‘cookies’ cannot be used, such as mobile apps, a similar technology that perform similar functions to cookies (such as ad identifiers, etc.) can be used.

A. Purpose of Cookies

The information collected via cookies shall follow ‘Section 1. Types of Personal Information Collected + Methods Used for Collecting Personal Information,’ and shall not be used for purposes other than the purposes of ‘Section 2. Purpose of the Collection & Usage of Personal Information.

B. Approving/Rejecting the use of Cookies

The user has the option to choose whether they will allow/disallow the use of cookies. At the ‘Option’ tab of your web browser, you can choose whether to allow all cookies, allow cookies with consent, or to block all cookies. However, if you choose to disallow the use/storage of cookies, some services that require logging in may not be available.

8. Rights & Obligations of Users

All members have the right to have their personal information protected, and the obligation to NOT breach into the personal information of other users. Make sure to not leak your personal information and be careful not to damage the personal information of others, including their postings.

The responsibility for accidents that are caused by inaccurate information entered by the user rests with the user himself/herself. The user is obliged to prevent unexpected accidents/damage by accurately entering his/her personal information and updating them on a regular basis.

If a member fails to fulfill his/her responsibility and causes any damage to the personal information and dignity of other members, he/she may be punished according to the relevant laws such as the 『Personal Information Protection Act』, 『Act on Promotion of Information and Communications Network Utilization and Information Protection, etc』, etc.

 
9. Technical/Administrative Measures Used for Protecting Personal Information

The company is implementing the following technical/administrative measures to ensure that the user’s personal information is not lost, stolen, leaked, tampered with, or damaged throughout the process of processing the users’ personal information.

A. Measures to prevent hacking

The company is always doing its best to prevent the leakage or damage of the users’ personal information due to hackers or computer viruses. The company is currently using various measures to protect the users’ personal information/data, and is also utilizing advanced communication technologies (i.e., cryptography, etc.) to enable safe transmission of personal information within the network. Also, the company is using a dedicated intrusion prevention system to detect, control, and prohibit unauthorized access from external sources.
 
B. Minimizing the Number of Employees Handling Personal Information & Training Programs

The company has minimized the number of employees who have access to the user’s information. A separate password is given to the employee(s), and the password is updated on a regular basis. Also, the company is emphasizing the importance of following a strict personal information processing procedure/policy through frequent training.
 
C. Operation of a Dedicated Personal Information Protection Department

Through a dedicated department that specializes in the monitoring/handling of personal information/privacy, the company is making the best effort to ensure that the employees who are in charge of handling personal information are following internal policies/regulations and correct the problem immediately whenever an issue occurs. However, the company shall NOT be held responsible for any problems caused by the leakage of the users’ personal information due to the negligence, carelessness of the individual user, or any reasons that are NOT considered as an intentional or serious negligence of the company.

10. Contact Information of the Person in Charge of Personal Information Protection

All complaints related to the user’s personal information (arising from the use of the company’s services) may be reported to the person/department in charge of personal information protection. The company shall respond ASAP to your complaints/claims.

Personal Information Protection Officer 

Name : Seung-Whee Rhee

Affiliation : Korea Basel Forum

Position : President

Phone No. : +82-31-249-9736

E-mail : swrhee@kyonggi.ac.kr

If you have any questions about your personal information or wish to report any issues related to personal information breach, please contact the following agencies.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / Call 118)
- Supreme Prosecutor’s Office > Cyber Investigation Division (www.spo.go.kr / Call 1301)
- National Police Agency > Cyber Security Guard (www.police.go.kr/www/security/cyber.jsp / Call 182)

 
11. Other

We inform you that this document (Privacy Policy) shall not be applied to other services, such as the websites. 

12. Duty of Disclosure

If there are any changes (modification, deletion, etc.) in the current personal information policy, it will be announced on the website (https://www.baselforum.or.kr) or on the ‘Notice’ tab within the service, at least seven days before the effective date. However, if any significant changes occur regarding the user’s right, the notice shall be made at least 30 days in advance, and if necessary, the user’s consent may be obtained to make the change.
Public Announcement Date : 2021. 09. 01.
Effective Date : 2021. 09. 01.

Tel. : +82-31-249-9736
R304, Research Center, 154-42, Gwanggyosan-ro, Yeongtong-gu, Suwon-si, Gyeonggi-do, Republic of Korea
(President Seung-Whee Rhee)
Business Registration Number : 135-82-16084
Copyright. Korea Basel Forum All rights reserved.