Terms of Service
Thank you for visiting KOTRA web sites. KOTRA is committed to respecting the privacy of users and providing a safe, secure user experience in accordance with the Act on the Protection of Personal Information Maintained by Public Agencies and Basic Guidelines on Personal Information Protection by Public Agencies. This Privacy Statement sets forth the usage policies and practices that apply to the following web sites operated by KOTRA (hereinafter referred to as the KOTRA web sites), and all of the KOTRA web sites will be subject to the privacy polices mentioned in this statement, unless otherwise indicated.
Automatic Data Collection The following information will be automatically collected and saved, when a user accesses the KOTRA web sites. Internet server domain and IP addresses passed through to get to the KOTRA web sites Type of browser and OS Date of visit, etc The information gathered and saved online will be used on statistical analyses for the purpose of improving the KOTRA web sites to provide better services to users and to facilitate communication between users and the web sites, provided that such information may be submitted to the authorities under legal provisions.
Collection of Information via E-Mail and Web Services The following information will be automatically collected and saved, when a user accesses the KOTRA web sites. You may express your opinions by mail, phone calls, or online web services. However, you should keep in mind the following: Your information may be shared by other people and used as a source of development and implementation of related polices. Your information may be shared by other public agencies or submitted, if necessary.
A controller is responsible for the collection and processing of your personal data in accordance with the General Data Protection Regulation (GDPR) as well as further applicable data protection laws. Please find your controller and its contact information here, depending on where you are.
2. Data protection officer
We have appointed a Data Protection Officer in accordance with Art. 37 of the GDPR. If there is anything you are unsure about regarding this Policy or our data protection of your personal data, feel free to contact our Data Protection Officer by emailing email@example.com at any time.
3. How we collect your personal data
We generally collect your personal data directly from you, when, for example, you submit an inquiry, attend events or seminars, use or engage in our services or provide us with your contacts. From time to time, we may gain access to your business contact details via recognized business data providers or an official website of your organization. We may also receive your contact details through our primary contacts at your organization if they think you may benefit from our services. As we work closely with other organizations, public agencies or governments of South Korea, we may also receive information about you from them. When you visit our website, computer and technology information (e.g. browser type, IP address, unique device ID, etc.) is automatically collected via your browsers.
4. What type of personal data we have
5. How we process your personal data
As KOTRA is a public agency of South Korea, we process personal data for a number of different purposes that arise from our missions to contribute to the development of the national economy through global business support activities. We may process your personal data for the following purposes: To contact you or communicate with you concerning our services or business administration To respond to your requests, inquiries or concerns regarding our services To provide international business matchmaking services which may include supporting the business trip and setting up meetings for foreign and Korean companies To research the foreign market and publish a report to introduce leading companies in foreign markets to domestic companies To facilitate the exhibitions, conventions or events and to provide you with information and services associated with the events To contact you with regard to business opportunities which we believe might interest you To send you our newsletter or information at irregular intervals to inform you about news on our services as well as on the services of our affiliated companies To send you surveys with the purpose of requesting your feedback about our events (We send surveys to all event participants instead of specific persons. Participation in surveys is voluntary, not mandatory.) To pay a bill or compensation to you For visitors to our website The information collected automatically when you visit our website will be processed for the following purposes: To ensure our website stays securely by preventing, detecting, mitigating and investigating fraud and security breaches To ensure the performance of our website To ensure that the content of our website is presented in the most effective manner for you and your computer The provision of your personal data will generally be voluntary and there is no statutory nor contractual obligation to provide your personal data. We generally do not contractually require the provision of your personal data but note that in any event, non-provision of personal data might exclude you from using some of our services or parts thereof. Our services are not intended for use by children. Under applicable national laws, we do not knowingly collect personal data from users who are considered children. According to our User Agreement, children are not permitted to use our services.
6. Legal basis for the processing of personal data
Where KOTRA is processing personal data for the performance of its functions, the primary legal bases under the GDPR are as follows: Where the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art. 6 (1) (b) of the GDPR. (i.e. when you register for our services, responding to your request about our services); Where the processing is necessary for the legitimate interests pursued by KOTRA or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in accordance with Art. 6 (1) (f) of the GDPR. (i.e. sending thank you letters or surveys after the event, preventing or detecting security issues); Where we have obtained a data subject’s consent to the processing in accordance with Art. 6 (1) (a) of the GDPR. (i.e. sending the newsletters); Where the processing is necessary to comply with legal obligations in accordance with Art. 6 (1) (c) of the GDPR.
7. How we share your personal data with others
We do not sell or disclose your personal data to third parties for their marketing or advertising purposes without your consent. We only disclose your personal data when it is necessary for the purposes mentioned in this Policy or when we have obtained your consent.
Third party service providers may access to your personal data on a need to know basis for the purpose of providing services on behalf of us. They cannot do anything with your personal data without our permission. They will not share your personal data with any organization apart from us, nor will they keep your personal data for longer than the period we instruct.
When necessary, we share your personal data with the following data processors and recipients as far as necessary for the purposes described in this Policy:
- KOTRA headquarters in Korea
- Other business partners, investors, and Korean companies
- Sponsors, co-organizers and attendees of our events
- External service providers who facilitate or support our events
- External operators of our websites and applications
- External parties such as translators, consulting firms and law firms in connection with our services
- Travel agencies or hotels in connection with supporting your business trips
- Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
- Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us.
8. International transfers of personal data
As KOTRA is a public agency of South Korea, your personal data may be transferred to South Korea for the purposes mentioned in this Policy. As South Korea has not sought nor received “adequacy decision” from the European Commission, we use Standard Contractual Clauses adopted by the European Commission to provide appropriate safeguards for the transfer of your personal data. Given the nature of KOTRA’s missions and functions, we may also disclose your personal data to recipients overseas. To ensure an adequate level of data protection when transferring your personal data from the European Economic Area (EEA) to third countries (outside the EEA), we will only transfer your personal data on the basis of an adequacy decision or appropriate safeguards such as Standard Contractual Clauses adopted by the European Commission. Upon request, we will provide you with a copy of the relevant information.
We have implemented technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure of personal data. We restrict access to your personal data to those who need to know that information to provide benefits or services to you. In addition, we train our employees to help them be well aware of risks associated with data security and confidentiality.
11. Data retention
We strive to keep our processing activities with respect to your personal data as limited as possible. Your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements. In case of consent, your personal data will be at the latest deleted without undue delay after the withdrawal of such consent.
12. Your rights
You have the rights, at any time: without giving reasons according to Art. 15 of the GDPR to obtain information about your data stored with us. With the exception of any connection fees charged by your provider, you will not incur any costs as a result of the inquiry; to have the data rectified in accordance with Art. 16 of the GDPR; to have the data erased in accordance with Art. 17 of the GDPR; to obtain from the controller restriction of processing in accordance with Art. 18 of the GDPR; to object to the processing for sending the newsletter according to Art. 21 (2) of the GDPR; to object to other forms of processing of your personal data in accordance with Art. 21 (1) of the GDPR; to withdraw any consent to the collection and use of data given to us at any time, without affecting the lawfulness of processing based on consent before its withdrawal in accordance with Art. 7 (3) of the GDPR; to receive your personal data in a machine-readable format and to transmit them to another person responsible in accordance with Art. 20 of the GDPR;
If you would like to exercise any of these rights, you can contact the Data Protection Officer or Data Protection Manager responsible for your region. You can find the contact information of our Data Protection Managers and Data Protection Officer here. No cost will be charged for any response to acceptable requests. If for some reasons the request is denied, we will provide an explanation as to why the request has been denied. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes for the period we hold your data. We take any complaints we receive from you very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We also welcome any suggestions for improving our procedures. We ask that you first submit any such complaints directly to the Data Protection Officer or Data Protection Manager in your country. If you aren't satisfied with our response or have concerns about how we process your personal data, you have the right to lodge a complaint with the appropriate data protection authority in your region.