Privacy

home Corporate Member Privacy

Article 1. Objective of Personal Information Usage

Personal information from subscribers shall be collected and used as below purposes for KOSCOM’s Datafeed Subscriber Administration System (hereinafter “DSAS”). Should there be any changes in usage purpose, necessary actions such as receiving separate agreement will be taken according to the Privacy Act under Korean law.

  1. ① Subscription & Administration
    • Personal information will be used to verify one’s intent for subscribing DSAS membership, to identify (authenticate) a serviced member, and to maintain a member’s subscription.
  2. ② Services
    • Personal information will be used for purpose of providing DSAS service such as signing up for data feed service (and related services) and providing announcements related to market data usage.
  3. ③ Marketing
    • Personal information will be used when new securities market opens or new information product is released.

Article 2. Collected Personal Information Type & Collection Method

KOSCOM will collect limited personal information from subscribers for the purpose of providing DSAS services. The following sub categories of this article stipulate the specific types of personal information that are collected for this service and its methods for collecting such information.

  1. ① Collected Personal Information
    • Required Items: name of corporate, name of person in charge, address, telephone number, email address Optional Item: secondary email address.
  2. ② Collection Method
    • Personal information is collected upon receiving the subscriber’s consent via DSAS website.

Article 3. Use of Personal Information & Retention Period

DSAS will only use and maintain personal information that has been released (and approved) by the information owner (or personal information permitted by local regulations/legislations) where its retention period is restricted to the service period.

  1. ① Processing Period & Retention
    • The processing of any personal information and its retention period shall be until the termination of DSAS membership.

Article 4. Providing Personal Information to 3rd Parties

Use of personal information shall be limited within the scope stated in Article 1(“Objective of Personal Information Usage”), and such information shall only be provided to third parties in instances relative to the owner’s consent or in events protected by Article 17 and Article 18 of Korea’s Privacy Act. Otherwise, a specific scope of personal information shall be provided to the following institution(s):

  1. ① Recipient Parties
    • Korea Exchange (“KRX”) , Korean Finance Investment Association (“KOFIA”).
  2. ② Purpose
    • Personal information shall be collected with the purpose of operating duties relative to the maintenance of the securities market such as providing announcements regarding market data usage etc.
  3. ③ Information Type
    • Name of corporate, name of personal in charge, address, telephone number, email address.
  4. ④ Retention Period
    • Personal information shall be kept during the period of the service agreement made between DSAS and the DSAS member.

Article 5. Subscriber’s Rights, Obligations & Relative Methods of Execution

All DSAS members are entitled to execute the following rights as owners of personal information:

  1. ① Private Information Owner’s Rights
    • Owners of private information (provided for DSAS service purposes) may execute their rights to private information in regards of the below instances:
    • 1. Requesting the review of any submitted private information.
    • 2. Correcting any errors with the owner’s private information.
  2. ② DSAS Obligations
    • DSAS will follow up on any requests, relative to Article 5.1, made by the owner without delay upon receiving the Request Form #8 (under Execution Rules of the Privacy Act) via written form (regular mail), electronic mail, fax etc.

Article 6. Disposal of Personal Information

DSAS will dispose of any personal information that has survived after the service period or served its purpose without delay. The method, timing and procedure in destroying such personal information are stipulated in the below sub articles.

  1. ① Disposal Procedure
    • DSAS will first identify any personal information required of disposal and then receive approval from the head of private information for final disposal.
  2. ② Disposal Period
    • On principle, the owner’s personal information shall be destroyed within 5 days after the agreed retention period. Personal information can also be destroyed should the owner’s personal information has served its purpose, in the event of DSAS seizes to provide service, in the event of business termination or if the owner’s personal information is deemed unnecessary in terms of servicing DSAS operations.
  3. ③ Disposal Method
    • Personal information in the form of electronic file(s) shall be destroyed irretrievably with technical expertise and any personal information in the form of paper shall be shredded and burned.

Article 7. Safety Measures for Personal Information

DSAS carries the following safety measures to ensure the safety of maintaining personal information according to Article 29 of the Privacy Act.

  1. ① Administrative Measures
    • Limiting Operating Staff: DSAS will limit the number DSAS operators and authorized personnel (relative DSAS services) that have access to personal information.
    • Perform Regular Internal Audit: DSAS will perform internal audits on a biannual basis to ensure the safety in handling private information according to the Personal Information Privacy Act.
    • Internal Management Plan: DSAS has established an internal administrative policy and plan in order to safely handle private information.
  2. ② Technical Measures
    • Encryption of Personal Information
    • - Information owner’s password is stored and controlled in encrypted from. Only oneself shall know the password. We use security features such as encryption or security feature for file transition of sensitive data.
    • Preventive Measures Against Hacking
    • - In order to prevent any leakage or damage of private information due to hacking events or computer virus, DSAS installed and regularly updates a security program and placed the critical system within a controlled environment which technically and physically controls unauthorized access.
    • Access Restriction
    • - The database system that handles private information is controlled by managing, changing or canceling leveled access rights. Moreover, DSAS controls unauthorized external access through an anti-intrusion system.
    • Document Security
    • - Any documents or media storage devices containing personal information are stored in a physically locked area.
  3. ③ Physical Measures
    • Access Control for Unauthorized Personnel
    • - The physical storage area storing private information is physically segregated which operates according to an established access control procedure.
 

Article 8. Private Information Personnel in Charge

DSAS has designated a dedicated personnel that assumes the overall responsibilities in handling private information such as processing private information, handling the private information owner’s complaints and damage control.

  1. ① Chief Director of Privacy Protection
    • Limiting Scope of Private Information Handlers
    • - A defined set of employees shall have authorization to handle the owner’s personal information.
    • Young-kwon, Yoo (Department Manager)
    • Koscom Corporation / Capital Market Business Dept.
    • Tel : +82-2-767-7500
    • Email : youngkos1@koscom.co.kr
  2. ② Privacy Protection Officer
    • Mi-Hee, Kwon (Manager)
    • Koscom Corporation / Capital Market Business Dept.
    • Tel : +82-2-767-8643
    • Email : marketdata@koscom.co.kr
  3. ③ Service
    • The owner of private information may, at all times, inquire all matters regarding private information, handling the private information owner’s complaints or damage control to Koscom’s head of private information or its staff. Koscom Corporation ensures that any inquiries or requests will be processed without delay.
  4. ④ Personal Information Institutions
    • For other consultations or dispute resolution about personal information infringe, please contact organizations below.
    • - Privacy complaint center : Tel +82-118 (http://privacy.kisa.or.kr)
    • - Personal information dispute mediation committee : Tel +82-118 (http://privacy.kisa.or.kr)
    • - Supreme prosecutors’ office internet criminal investigation center : Tel +82-2-3480-3576 (http://spo.go.kr)
    • - Police agency cyber terror response center : Tel +82-1566-0112 (http://netan.go.kr)

Article 9. Amendment of privacy policy

This DSAS Privacy Policy commences from the launching date of DSAS website. In event of any changes (addition, erasure or amendments) of modified policy shall be announced seven(7) days prior notice before the effective date of modified policy.
Announced : 28 July, 2016
Commenced : 28 July, 2016


TOP