Privacy Statement
Informa Markets BN Co., Ltd. (hereinafter referred to as Informa Markets) is the organizer of the International Security Exhibition & Conference (hereinafter referred to as "SECON"; www.seconexpo.com) and e-Government Information Security Solution Fair(hereinafter referred to as "eGISEC"; www.egisec.org). In accordance with Article 30 of the Personal Information Protection Act, Informa Markets BN has established and published this privacy statement in order to protect personal data and to handle related issues effectively. Informa Markets shall be hereinafter referred to as "SECON & eGISEC".
Article 1 (Purpose of Personal Data Processing)
"SECON & eGISEC" shall process the personal data for the following purposes. The processed personal data shall not be used for the purposes other than the following. If there is a change to any of the following purposes, "SECON & eGISEC" shall take necessary measures, such as obtaining additional consent from the data subject in accordance with Article 18 of the Personal Information Protection Act.
1. Application for pre-registration
Personal data shall be used for purposes such as processing visitor applications, personal authentication and identification for provision of services, visitor management, personal authentication pursuant to the Internet real-name system, preventing illegal use of services, and notifications of all sorts.
Personal data shall be processed for discovering new service elements and improving existing services such as demographic analysis, analysis of service visits and usage records, exhibition statistics, and provision of customized services based on fields of interests.
Personal data shall be processed for such purposes as development of new services (products), provision of customized services, provision of information on events and advertisement, and of opportunity for participation.
2. Application for participation
Personal data shall be processed in accordance with
Exhibition Terms and Conditions.
3. Exhibition and participation inquiries
Personal data shall be processed for such purposes as identifying inquirers, verifying inquiries, contact and notification for fact-finding, and notifying processed results.
| Name of personal data file |
Operating grounds |
Purpose of processing data |
| SECON Visitor Pre-Registration |
Consent from data subjects |
Personal identification/authentication for visiting the exhibition, and provision of advertising information |
| SECON Exhibitor Application |
Consent from data subjects |
Contract for participation, installation of exhibition booths and products, and various service provisions |
| Exhibition and participation inquiries |
Consent from data subjects |
Identifying inquirers, verifying and processing inquiries |
Article 2 (Retention and Usage Period of Personal Data)
(1) "SECON & eGISEC" shall process and retain personal data within the retention and usage period in accordance with the relevant statutes or within the retention and usage period of personal data agreed upon collecting personal data from data subjects.
(2) The retention and usage period of personal data shall be as follows:
1. Personal data related to the provision of services shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
2. Personal data related to marketing and advertisement shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
3. Personal data collected via on-site registration shall be retained and used in the same way as the personal data processed for visitor application.
- Grounds for retaining personal data: Consent from data subjects
Article 3 (Provision of Personal Data to a Third Party)
(1) "SECON & eGISEC" shall process personal data of data subjects within the scope specified in Article 1 (Purpose of Personal Data Processing), providing personal data to the third party only when it meets the provisions of Articles 17 and 18 of the Personal Information Protection Act; the provisions include consent from the data subjects and existence of special provisions in other laws.
(2) "SECON & eGISEC" shall provide personal data to the third party as follows:
Checking the appropriate checkbox on the provision of personal data to a third party, applicable to both online pre-registration and onsite registration, acts as a statement of consent to the provision of personal data by a data subject.
Scanning the visitor's personal barcode on the exhibitors' barcode reader (for product consultations and event participation), is an implied consent which provides authority to handle and transfer the visitor's personal data to the third party.
- The recipient of personal data: Exhibitors (
)
- The recipient of personal data: Exhibitors (enter the company names of all exhibitors)
- Purpose for which the recipient collects and uses personal data: Development of new services (products), provision of customized services, provision of information on events and advertisement, and of opportunity for participation
- Items to be provided: Gender, name, e-mail, company name, zip code, company address, department, position, company phone number, mobile phone number, industry, business nature, and fields of interest
- The period during which the recipient retains and uses personal data: One (1) year from the date personal data is provided
Article 4 (Outsourcing of Personal Data)
(1) For a seamless processing of personal data, it shall be outsourced as follows.
| Outsourcee |
Tasks to be outsourced |
Personal data retention & usage period |
| Welltec |
Visitor identification and issuance of badges |
Until the end of the exhibition or termination of outsourcing contract |
| Informa Group |
Visitor pre-registration, application for participation in the exhibition and various services, data storage, and service operation |
One (1) year from the date personal data is provided |
(2) When signing an outsourcing contract, "SECON & eGISEC" shall specify the followings in the contract and other relevant documents: Prevention of personal data processing for the purposes other than the outsourced purpose, technical and managerial safeguards of personal data, limitation on re-outsourcing, control and supervision over outsourcees, and compensation and responsibilities. And "SECON & eGISEC" shall supervise whether outsourcees process personal data safely.
(3) If there is any change in the tasks to be outsourced, "SECON & eGISEC" will notify the change via this Privacy Statement without delay.
Article 5 (Overseas Transfer of Personal Data)
"SECON & eGISEC" outsources storage of data and operation of services to "Informa Group" as follows. "Informa Markets" is the parent company of the organizer, protects personal data in accordance with the same information protection policy as that of "SECON & eGISEC", and carries out its duties under strict supervision of "SECON & eGISEC".
| Outsourcee |
Informa Group |
| Tasks to be outsourced |
Pre-registration, application for participation, various services, data storage, and service operation of the exhibition |
|
| Personal data items to be transferred |
1. Visitor pre-registration
Gender, name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interests, purpose of visit, English name, and company name in English, job function, annual purchasing budget, and purchasing responsibility
2. Application for participation
Company name, company website, company address, name of the person in charge, department in charge, position, phone number, fax number, mobile phone number, e-mail, name of the person in charge of tax invoice, department in charge, position, phone number, fax number, business nature, purpose of visit, key exhibits, exhibit details, booth application, and participation fee
|
| Outsourcing schedule and method |
Transmission via network from a remote site immediately after online application |
| Data transfer destination country |
Hong Kong |
| Retention period |
One (1) year |
| Person in charge of data management |
global@seconexpo.com |
Article 6 (Rights and Obligations of Data Subjects and Methods for Exercise of Rights)
(1) Data subjects may exercise the following rights concerning protection of personal data over "SECON & eGISEC".
1. Request access to personal data
2. Request amendments
3. Request deletion
4. Request suspension of processing
(2) Exercising rights in accordance with Paragraph (1) of this Article may be done pursuant to attached Form 8 of Public Notification concerning the methods for processing personal data (Public Notification of the Personal Information Protection Commission no. 2020-7) via letter, e-mail, or fax and "SECON & eGISEC" shall take necessary measures for exercising the rights without delay.
(3) If a data subject makes a request for amendment or deletion of an error in his/her personal data, "SECON & eGISEC" shall not use or provide such personal data until the amendment or the deletion is made.
(4) Exercising rights in accordance with Paragraph (1) may be done via a legal representative of a data subject, a person entrusted with exercising the rights, or an agent. In this case, a letter of authorization shall be submitted in accordance with attached Form 11 of Public Notification concerning the methods for processing personal data (Public Notification of the Personal Information Protection Commission no. 2020-7).
Article 7 (Personal Data Items to be Processed)
"SECON & eGISEC" processes the following personal data items.
1. Application for pre-registration
Of the items to be collected, industry, business nature, fields of interests, and purpose of visit shall only be used for visitor statistics and providing match-making services for participating companies and buyers in accordance with Article 18 of the Personal Information Protection Act.
- Required items: Gender, name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interests, and purpose of visit, job function, annual purchasing budget, and purchasing responsibility
- Optional items: English name and company name in English
- Methods for collection: Online and onsite registration
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
2. Application for participation
- Required items: Company name, company website, company address, name of the person in charge, department in charge, position, phone number, fax number, mobile phone number, and e-mail
- Optional items: Name of the person in charge of tax invoice, department in charge, position, phone number, fax number, business nature, purpose of visit, key exhibits, exhibit details, booth application, and participation fee
- Methods for collection: Online, e-mail, and fax
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
3. Exhibition and participation inquiries
- Required items: Inquiry category, title, name, position, company name, e-mail, mobile phone, and details of inquiry
- Methods for collection: Online
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
Article 8 (Destroying Personal Data)
(1) In principle, "SECON & eGISEC" shall destroy personal data without delay when the purpose of processing the data is fulfilled.
(2) The procedures and methods for destroying personal data shall be as follows:
1. Procedures for destroying personal data
"SECON & eGISEC" shall select the personal data that has the grounds for being destroyed and then destroy the data after obtaining approval from the privacy officer at "SECON & eGISEC".
2. Methods for destroying personal data
"SECON & eGISEC" shall destroy the personal data recorded and stored in an electronic file by making the file unable to be opened and the personal data recorded and stored in paper with a paper shredder or by burning the paper.
Article 9 (Ensuring the Safety of Personal Data)
"SECON & eGISEC" takes technical, managerial, and physical measures required to ensure the safety of personal data in accordance with Article 29 of the Personal Information Protection Act.
1. Establishment and implementation of an internal management plan
"SECON & eGISEC" is establishing and implementing an internal management plan for safe processing of personal data.
2. Technical measures against hacking, etc.
"SECON & eGISEC" installed security programs to prevent personal data from being divulged or damaged by hacking or computer viruses and has updated the system on a regular basis for examination. "SECON & eGISEC" installed the system in an area where access is restricted from the outside, and has monitored and blocked the system technically and physically.
3. Restricting access to personal data
"SECON & eGISEC" has taken necessary measures to restrict access to personal data by granting, changing, and denying the right to access to the database system which processes personal data and has restricted unauthorized access to the system from the outside with its intrusion prevention system.
4. Restricting entry by an unauthorized person
"SECON & eGISEC" has a separate physical area where personal data is stored. Entry to the area is restricted under the procedures established and implemented by "SECON."
Article 10 (Privacy Officer)
(1) "SECON & eGISEC" has designated a privacy officer who takes charge of personal data processing. The officer handles data subjects' grievances and remedial compensation in relation to personal data processing.
Privacy officer
Name: Choi So-young
Position: CEO
Phone: +82-2-719-6933
Fax: +82-2-715-8245
E-mail:
sychoi@boannews.com
Department in charge of personal data protection
Person in charge: James Lee / Position: Team Manager
Phone: +82-2-6715-5400
Fax: +82-2-432-5885
E-mail:
jameshj.lee@informa.com
(2) A data subject may inquire to the privacy officer and department in charge of personal data protection at "SECON & eGISEC" on personal data protection, grievances handling, and remedial compensation arising from using the services (businesses) of "SECON & eGISEC". "SECON & eGISEC" shall answer and handle the inquiries of the data subject without delay.
Article 11 (Remedy against Infringement upon Rights)
A data subject may inquire the following institutions about remedy against infringement upon the rights of the data subject and consultation.
[The following institutions are independent from "SECON & eGISEC". If you are not satisfied with "SECON & eGISEC"'s handling of grievances about personal data and the results of its remedy or if you need more detailed help, feel free to contact any of the followings.]
- Personal Information Infringement Report Center (privacy.kisa.or.kr / phone number: 118 (without area code))
- Cybercrime Investigation Division of the Supreme Prosecutors' Office (www.spo.go.kr / phone number: 1301 (without area code))
- Cyber Safety Bureau of the Korean National Police Agency (cyberbureau.police.go.kr / phone number: 182 (without area code))
Article 12 (Changes in Privacy Statement)
(1) This Privacy Statement shall be effective from 1 August 2023.
(2) You can check any of the previous statements below.
- Effective until 31 July 2024.
