個人情報処理方針

OPEN PORTAL Co., Ltd. (“Company”, “we”, or other cases of pronoun for we) legally processes and securely manages personal information in accordance with Personal Information Protection Act and other Relevant Laws. This is done to safeguard freedoms and rights of the Users of our Services. To inform Users about how their personal information is processed, and the standards applied, and to facilitate the swift resolution of any concerns, we have formulated and made public this privacy policy (“Privacy Policy”). 

Any revisions to the Privacy Policy will be communicated through website notifications or individual notices. 

Any capitalized terms used but not defined herein, shall have the meaning ascribed under OPEN PORTAL WEBSITE Terms of Use.

Article 1. (Purpose of Processing Personal Information) 

We process personal information for the following purposes: 

1.  Member registration and management

For the purpose of confirming the Member's intention to join, identifying and authenticating the Member's identity, maintaining and managing membership, and providing various notices and notifications. 

2.    Provision of Services

3.    Marketing (sending advertising information for commercial purposes)

For the purpose of sending advertising emails

4.    User support and communication

Article 2. (Processing and Retention Period of Personal Information) 

In principle, the Company destroys the personal information of the information subject without delay upon withdrawal of membership. However, if separate consent is obtained from the information subject for the personal information retention period, or if the retention period is prescribed by laws and regulations, the personal information is safely stored during the period.

1.    where separate consent is obtained from the information subject

-      Personal information from Application: Until withdrawal of membership

-      Personal information from User inquiries: 6 months from the date of receipt of the inquiry

2.    where retention period is prescribed by law

n  Act on The Consumer Protection in Electronic Commerce

-      Records on contract or subscription withdrawal: 5 years

-      Records of consumer complaints or dispute handling: 3 years

-      Records on display/advertising: 6 months

n  Protection of Communications Secrets Act

-      Computer communication, internet log data, and access point tracking data: 3 months

-      Subscriber telecommunication date, start and end period, other party's subscriber number, frequency of use, and originating base station location tracking data: 12 months (but 6 months for data related to intercity and local telephone services)

n  Electronic Financial Transactions Act

-      Records of electronic financial transactions: 5 years

Article 3. (Personal Information Processed)

We process the following personal information: 

1.  Member registration and management, service provision

-      Required items: ID, password, name, contact information, email, consent to receive emails, classification of participants, name of company/organization/activity, field of current activity, field of interest

-      Optional items: Activity method, activity country, desired activity country, desired exhibition, intention to participate in overseas exhibition, intention to participate in BTB event

2.    Marketing (sending advertising information for commercial purposes)

-      Required: Name, email, consent to receive emails

3.    Support and communication for inquiries

-      Required: Name, contact number, email, inquiry content

-      Optional: Country information

Article 4. (Outsourcing of Personal Information Processing)

The Company does not entrust the processing of personal information to a third party. 

Article 5. (Procedures and methods of destruction of personal information)

The Company shall destroy personal information within business hours when it becomes unnecessary, such as when the personal information retention period has expired, or the purpose of processing has been achieved. If the personal information retention period agreed to by the information subject has elapsed or the purpose of processing has been achieved, but the personal information must still be retained in accordance with other laws and regulations, the personal information shall be transferred to a separate DB (database)  or preserved in a different storage location.

The procedures and methods for destroying personal information are as follows 

1.   Destruction procedure: The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the personal information protection officer of the Company.

2.  Destruction method: The Company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.

3.  Exceptions to destruction: In case of ongoing investigations for violation of relevant laws and regulations.

Article 6. (Rights and obligations of the information subject and legal representative and how to exercise them) 

The information subject may withdraw consent to the collection and use of personal information at any time through a request (in writing, e-mail, FAX) to the company, and may request to view, correct, delete, or suspend the processing of personal information. However, the exercise of rights may be restricted if there are restrictions under laws and regulations.

You can exercise your rights through an agent, such as the legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 to the "Notice on Personal Information Processing Methods".  

The Company shall verify whether the person making the request for access, correction, deletion, or suspension of processing in accordance with the rights of the information subject is the person or a legitimate representative.

Article 7. (Measures to ensure the safety of personal information)

The Company takes the following measures to ensure the safety of personal information.  

-      Administrative measures: Regular employee training

-      Technical measures: managing access rights to personal information processing systems, installing access control systems, encrypting key personal information, and installing and updating security programs.

-      Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 8. (Installation, operation and rejection of devices that automatically collect personal information)

The Company does not use 'cookies' that store and retrieve the usage information of the information subject from time to time. 

Article 9. (Matters concerning the collection, use, provision and rejection of behavioral information)

The Company does not collect, use, or provide behavioral information for online customized advertisements. 

Article 10. (Personal Information Protection Officer)

The Company takes the following measures to ensure the safety of personal information.  

-      Administrative measures: Regular employee training

-      Technical measures: managing access rights to personal information processing systems, installing access control systems, encrypting key personal information, and installing and updating security programs.

-      Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 11. (Receipt and processing of requests for access to personal information) 

The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the following departments. The Company will endeavor to promptly process the information subject's request for access to personal information. 

‣ Department for receiving and processing requests for access to personal information  

-      Name: Yeseul Lee

-      e-mail: yeseul.lee@openportalexpo.com

Article 12. (Remedies for infringement of rights and interests)

The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Personal Information Infringement Reporting Center, etc. in order to receive relief due to personal information infringement. In addition, please contact the following organizations to report or consult about other personal information infringement.  

-      Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

-      Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)

-      Supreme Public Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)

-      National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)