-
- No.1 Market Share
- 3,000,000 Certificates/year
43% Market Share
-
- PKI Experience
- Since 1999
-
- Global References
- 20 countries
over the world
Korea Information Certificate Authority Inc. (hereinafter “KICA”) abides by relevant laws such as the Electronic Signature Act, Personal Information Protection Act, etc. for the protection of personal information submitted by the customer to the public certification service and other services (provided by KICA such as security server certification service, domain registration agency service, mobile key services, transaction certification service, etc.), and hereby notifies that the Privacy Policy has been established and executed as follow.
KICA collects the personal information listed hereinafter when a customer is going to use the public certification service and may also request additional information from the customer
KICA collects and uses the following personal information to provide bid information service:
Service home page (including the bulletin board, etc.), document submitted by the customer who visited KICA, a registration agency institution, etc.
Service homepage (including bulletin board, etc.), document submitted to KICA, etc.
KICA processes collected personal information for the following purposes.
Service provision, purchasing and payment of charges, delivery of information required tor use the service, etc.
Personal verification of customer, personal identification, prevention of delinquent use by corrupt customers and prevention of unauthorized use, age verification, civil affair processing such as complaint processing, customer response and consultation, delivery of notification, etc.
Provision of advertising information for an event, etc., publicity and marketing of the public certification service and other services, use for connection frequency or statistics of customer’s service usage, etc.
① KICA uses cookies that can store and retrieve personal information of customer to provide services tailored to and customized for an individual.
② A cookie is a small text file sent from a website server to a user‘s web browser and stored in the hard disc of the user‘s computer. Every time the user loads the website, the website server reads the cookie information saved in the user‘s hard disc, maintains the user‘s configuration setup and provides tailored service.
③ Cookies do not collect person identifiable information automatically/dynamically and a user may refuse to save cookies or delete cookies at any time.
Cookies are used to provide service tailored to a user by identifying the user’s login status, change of ID, records of website visit, a legal representative’s approval for a minor, shipping information of an ordered product, etc.
① A user may or may not install a cookie. That is, a user can allow all cookies by setting up options in the web browser or configure the browser to require the user’s confirmation everytime a cooke is saved, or refuse the saving of all cookies. In the event a user refuses the saving of cookies, the user may encounter difficulties to use part of the services of the website that requires a user login.
② How a user can allow cookies (in the case of Internet Explorer) is provided below. In the [Tools] menu, select [Internet option]Click [personal information] tab Configure whether or not to allow cookies in the [personal information handling level]
KICA may share the customer’s personal information with business partners or cooperative companies to provide better services, but it will pass by the member consent request procedure after informing them of the purpose, content, reason, etc., and is the information is not shared when the subscriber does not consent. Also, it passes by separate consent request procedures when the provision of personal information exceeds the previous consent’s scope. In case the provision of personal information is subsequently cancelled, KICA requests the relevant company to delete the corresponding personal information.
KICA provides SG Service Co. Ltd., KICA’s customer satisfaction center, to survey customer satisfaction by optimizing customer consultation work relating to the public certification service. It may cause difficulty in public certificate fee payment, unless consent for the provision of personal information has been obtained, and it may cause inconvenience in using the service as the consultant is not able to verify the customer’s personal information when counseling. Also, public certificate renewal and event information services cannot be provided, which may result in criminal exposure. Receivers Purpose Information provision Retention and use period SG Service, the KICA Customer Satisfaction Center Customer response work such as customer consultant, telemarketing, etc. All information collected for the public certification service Partnership term Koscom, KFTC, CrossCert, Ktnet Emergency deletion when illegal issuance, abuse, etc. is reported Name, resident registration number, DN information, etc. Immediate deletion if not a KICA customer Terminate public certificate validity and store for 10 years if a KICA customer
KICA notifies the following list of personal information provided by SG Service Co. Ltd. partnership work for KICA’s public certificate, customer consultation, marketing, etc. registration agency work for customer consent. Customers can refuse the provision of personal information, but mobile key services using information, event information, event winning information, etc. services cannot be provided for those customers.
Receivers Purpose Information provision Retention and use period SG Service, the KICA Customer Satisfaction Center Customer response work such as consultation, etc. Mobile #, Mobile communication company name Service use period Mobile communication companies (SKT, KTF, LGT) Verification of mobile phone owners Resident registration number, Mobile # Service use period
KICA notifies the following list of personal information required to issue certificates under the relevant laws for customer consent. If the customer does not consent to the provision of personal information they cannot obtain membership, certificate issuance and renewal services, and any other additional services.
A. Company names: Korea Internet & Security Agency, VeriSign, Comodo, Thawte, and Inicis
B. Purpose: Provision of certificate issuance information
C. Information Provision: All information provided by the owner and person-in-charge of certification (Refer to the personal information collection)
D. Retention and use period
It is being retained for the duration of the effective period for the customer’s certificate’s use and is automatically deleted upon termination.
KICA notifies the following list of personal information for domain registration in accordance with the relevant laws for customer consent. If a customer does not consent, they cannot receive membership subscription, registration and domain extension services nor any other additional services.
A. Company names: Korea Internet & Security Agency, VeriSign, PIR, ASIA, and Inicis
B. Purpose: Provision of the information for domain registration
C. Providing information: All information provided by the owner and management person-in-charge of the domain
D. Retention and use period
It is retained for the duration of the customer’s certificate’s effective use period and is automatically deleted upon termination.
KICA provides personal information as provided below with a customer’s consent to register and manage certified email addresses. A customer may not agree to the offering of personal information, but if so, the customer is denied the certified email address service.
a. Business name: National IT Industry Promotion Agency (NIPA)
b. Purpose: information offering for certified email address registration and management
c. Provided information: name, business registration number, address, email address
d. Preservation and usage period: personal information is preserved until the validity of a customer’s certified email address registration period expires and thereafter, discarded automatically
To provide public certification services and to improve customer access and convenience, KICA has signed a consignment agreement with 3rd party businesses for registration agency work to secure face-to-face confirmation windows for public certificate issuing. The face-to-face confirmation windows (registration agency institutions) visited by customers are therefore commissioned to collect and manage customer information before dispatch to KICA. Registration agency institutions do not use or store the customer information for any other purpose than those for public certificate registration agency work unless the customer has expressly consented to this or it is defined in other laws. To consult KICA registration agency institutions, click here.
Go to consult registration agency institutions ? Click here!
In addition, personal information is consigned as provided below to confirm a person’s identity at the time of offering the public certification service
Receiver | Purpose | Offered information | Preservation and usage period |
---|---|---|---|
Korea Credit Bureau | confirm identify | name, date of birth, gender, mobile phone number, telecommunication company | alliance period |
Dream Security Co., Ltd | confirm identify | name, date of birth, gender, mobile phone number, telecommunication company | alliance period |
In the case of international domains, KICA consigns the personal information data of a registrant to a foreign escrow company for preservation pursuant to the agreement with ICANN. The consignment of personal information is intended to protect a registrant’s rights and interests in preparation for an bankruptcy of an international domain registration company and the personal information is not used for profit-taking.
KICA consigns personal information as below to provide certified email address service (#mail).
Receiver | Purpose | Offered information | Preservation and usage period |
---|---|---|---|
Korea Credit Bureau | confirm identify | name, date of birth, gender, mobile phone number, telecommunication company | alliance period |
Dream Security Co., Ltd | confirm identify | name, date of birth, gender, mobile phone number, telecommunication company | alliance period |
Daou Technology Inc. | payment for service usage | name, resident registration number, credit card number, account number, mobile phone number, telecommunication company | alliance period |
KICA consigns personal information as provided below to provide bid information service.
Receiver | Purpose | Offered information | Preservation and usage period |
---|---|---|---|
Hankook Gunsul | provide bid information service | entire personal information | alliance period |
KICA is doing its utmost to protect customer personal information. It strictly observes the individual’s authority for personal information, and their personal information can be read and corrected at any time on the homepage menu. In accordance the Electronic Signature Act (Article 22 of the Electronic Signature Act), the customer’s public certificate and records of its termination and deletion must be stored safely for 10 years from the public certificate’s expiry date.
KICA is doing its utmost to protect customer personal information. It strictly observes the individual’s authority for personal information, and their personal information can be read and corrected at any time on the homepage menu. The customer can withdraw their consent for the use of personal information by KICA, when cancelling membership achieved through the application menu.
KICA immediately deletes corresponding information at the end of the 10 year retention period. The deletion procedure and method are as follows.
A. Deletion procedure: Documents submitted by the customer to use the service are deleted after being retained for 10 years from the public certificate’s expiry date under the Electronic Signature Act.
B. Deletion method: Documents such as applications stored in a physical area are destroyed using a shredder, etc. by an authorized person in a controlled area. Personal information stored as an electronic file is deleted using a technical method that makes it impossible to restore the record.
KICA immediately deletes the corresponding information in principle when the purpose of collecting and using the personal information has been achieved. The deletion procedure and method are as follows.
The information provided by the customer for membership subscription, etc. is moved to a separate DB (to a separate file, in case of paper) when its purpose has been achieved, and deleted after having been stored for a certain period of time (refer to the retention and use period) according to internal policy and any other relevant legal information protection measures. The personal information moved to the separate DB is not used for any other purposes unless it is legally required.
The personal information saved as an electronic file is deleted using a technical method making it impossible to cannot restore the record.
KICA uses a firewall (invasion quarantine system) to block the theft, leak, forgery, deformation of personal information by cracking (malicious hacking) and so on. The firewall is installed on each server to track illegal invasions. We also regularly back up the customer’s personal information to prepare against any possible accidents.
KICA does its utmost to take technical and administrative measures to prevent customers’ personal information from leaking. The subscriber can access their personal information using their password and can modify their own personal information using the membership ID and password. Therefore, the customer must ensure that this password is not revealed to other persons. The customer is liable for membership ID, password, and personal information leaks. Therefore, KICA does not take any responsibility unless there is liability attributable. To protect the membership ID and password, when using in the public areas such as an internet cafe or when sharing the computer with other persons, pay particular attention to not revealing personal information by always log out after using the service and close the browser window that has been used. Also, create an ID and password by combining characters and digits, and change the password frequently to prevent accidental leaking of ID and password. KICA uses a firewall (invasion quarantine system) to block the theft, leak, forgery, deformation of personal information by cracking (malicious hacking) and so on. The firewall is installed on each server to track illegal invasions 24 hours a day. We regularly back up the subscriber’s personal information to prepare against any possible accidents. In addition, KICA has minimized and controls staff handling personal information, and takes corrective actions immediately when any problem is found.
The subscriber or legal representative (for children under 14) can inquire about and correct the subscriber’s personal information or request the service’s cancellation. Inquiries about or correction of personal information can be performed using the ‘Correct subscriber information’ menu. When contacting the person-in-charge of personal information management to cancel the service by letter, telephone, or email, we will immediately process the cancellation request after processing the personal identification procedure.
The contents of this Privacy Policy can be read at any time on the homepage and as they may be amended according to the changing in relative laws or for the provision of better service, visit the homepage periodically to check the contents. When the Privacy Policy is amended, KICA notifies it on the each service’s homepage.
Personal information inquiries should be sent to the following contact points and we will respond promptly.
[Service information phone numbers]
When the Privacy Policy contents are amended, KICA notifies it on its homepage at least 7 days prior to the amendment’s execution.