Informa Markets BN Co., Ltd. (hereinafter referred to as Informa Markets) is the organizer of the International Security Exhibition & Conference (hereinafter referred to as “SECON”; www.seconexpo.com) and e-Government Information Security Solution Fair(hereinafter referred to as “eGISEC”; www.egisec.org). In accordance with Article 30 of the Personal Information Protection Act, Informa Markets BN has established and published this privacy statement in order to protect personal data and to handle related issues effectively. Informa Markets shall be hereinafter referred to as “SECON & eGISEC”.
We take the privacy and protection of data and information seriously and are committed to handling the personal information of all those we engage with, whether customers, suppliers, colleagues or any other community, responsibly and in a way that meets the legal requirements of the countries in which we operate.
As part of using SECON & eGISEC’s products and services, browsing our websites and contacting the business, data and information is collected. This Privacy Policy sets out SECON & eGISEC’s approach to safeguarding and maintaining the privacy of that personal information, and explains what data is collected, how it is used, the legal basis for its use, and the rights individuals have over that data.
Article 1 (Purpose of Personal Data Processing)
“SECON & eGISEC” shall process the personal data for the following purposes. The processed personal data shall not be used for the purposes other than the following. If there is a change to any of the following purposes, “SECON & eGISEC” shall take necessary measures, such as obtaining additional consent from the data subject in accordance with Article 18 of the Personal Information Protection Act.
1. Where required, we rely on your valid consent to process your personal data, otherwise we may rely on our contractual or other legal obligations.
1) Product enquires, sales and administration
As part of a purchase, product enquiry, request for information and for account administration, we collect information such as your name, country, job title, company information, postal address, e-mail address, telephone number as well as details about your company and business role.
If you have made an enquiry about us or our products or services, either online, face to face or over the phone, we will use your personal information to respond to the enquiry or to take other steps at your request, before you enter into a contract. For example, we collect the e-mail addresses and additional contact details of those who send e-mails to request information. Where a sales representative speaks to you over the phone, the calls may be recorded for training and monitoring purposes only. In the latter case, you will be informed, and specific technical measures will be applied to minimize the processing of your personal data (e.g. ID information will be deleted to the possible extent).
If you have registered for or purchased a product or service, including on a trial basis, your personal information will be used to provide that product or service, communicate about it and handle payments, as is necessary for the performance of the contract entered into.
For purchases, payment information including credit/debit card number/bank details and billing addresses are also collected. Where payment card processors are used to facilitate payment card transactions on our website, your data will be collected and used according to that data controllers’ privacy policy. We take steps to ensure that any payment services provider we use will provide a high standard of privacy and security controls.
If your personal information is relevant to certain products and is freely available through public sources, such as on a website related to your work or profession, we may use this personal information to promote our products, as part of our legitimate interests as a commercial organisation and to the extent allowed by law.
2) Event and exhibition management
If you have agreed to participate in one of our events as a speaker, sponsor, exhibitor, buyer or visitor, personal information is used in connection with the organisation of the event, to handle payments or for other purposes, as is necessary for performing the contract entered into. We will also use your personal information to maintain our databases, assess your qualities as a speaker or sponsor/exhibitor/buyer, promote events and encourage further engagement at our events, as part of the legitimate interests we have as a commercial organisation.
In order to access the event’s matchmaking platform, a personal picture is required to complete the exhibitor/buyer profile.
In addition, we sometimes take photos and videos at our events, which may feature visitors, speakers, sponsors or exhibitors. Where photos and videos are taken that feature you as a visitor, speaker, sponsor or exhibitor, we may use those photos and videos for promotional purposes on our channels, such as our website or social accounts (legal bases: consent or controller’s legitimate interest, according to applicable laws).
3) Marketing
We will use your personal information to send you newsletters, offers or other marketing e-mails to keep you up to date with our news, events and products and services that may be of interest. Depending on the nature of your interaction with us and the laws of the country where you live, you may have actively given your consent for this by opting in, or we may be entitled to rely on your implied consent or our legitimate interests.
The opportunity to opt out of future marketing e-mails will be provided on every marketing email and we will provide information on how to opt out when your personal information is collected. You have the right to amend your marketing preferences at any time.
To make a request to amend your details/preferences, please send an e-mail to or write to us at: GroupDPO@informa.com.
4) Customer and prospects management (including analytics and product management)
We may use your personal information, combined with publicly available data and your demographic data, to deliver products and services, to choose relevant offers that may be of interest to you, to improve our existing products and services, and to develop new products and services, as part of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require.
We may also use your data in advertising campaigns on Social Media platforms such as Linked In, Instagram and Facebook in order to provide information about upcoming events/new products and to ensure that you only receive relevant advertising about our products and services.
5) Analytics – websites, emails and database (including location data)
We may combine visitor session information, or other information collected through tracking technologies with personally identifiable information, to understand and measure your online experiences and determine what products, promotions and services are likely to be of interest.
Technical methods are also used in HTML e-mails, for purposes including: (i) to determine whether recipients have opened or forwarded e-mails and/or clicked on links in those e-mails, (ii) to customise the display of banner advertisements and other messages after closing an e-mail, and (iii) to determine whether a visitor has made an enquiry or a purchase in response to a particular e-mail.
6) Bulletin boards or chat areas
When you disclose personal information on any public bulletin board or chat areas of this website, or any other website used as a result of use of this website, such personal information can be collected and used by anyone who views that board or area. This may result in unsolicited messages from other participants or other parties, which we are not responsible for.
Where you engage on our customer enquiry chat areas, we will use any information provided to help recommend our products and services and/or assist with confirming any order you wish to place.
7) Automated decision-making (including profiling)
We use algorithm-based technologies to personalise dynamic web content based on your stated and/or inferred interests. We carry out general profiling such as segmentation, non-automated and automated decision-making based on profiling for the purpose of providing you with a more relevant experience and for the purposes of our legitimate interests as a commercial organisation or on the basis of your consent if applicable laws so require. Solely automated decision making is never used in any way that produces a legal or similarly significant effect. This automated decision-making is never based on sensitive personal data and we make efforts to ensure any profiling is non-discriminatory.
Depending on the laws of the country where you live, you may have rights related to our decision. For example, if you live in the European Union, you may have the right not to be subject to automated decision-making unless specific exceptions apply, or you may have the right to insist on human intervention in the process, express your point of view or contest the decision. If you wish to exercise any such right, please contact us via one of the methods set out in the ‘Privacy Officer’ section below. In some cases, we may have the right to continue with our decision, in accordance with applicable laws. This will be explained if it is the case. Otherwise, we will respond to your request as promptly as reasonably possible.
8) Compliance with our legal obligations
To ensure compliance with international trade sanction laws and regulations, we screen customers, vendors and other business partners against US, OFAC, BIS, UN, EU, UK and other applicable sanctions lists. Should any screening checks flag an issue where we cannot continue in a contract or other interaction with a customer, vendor or other business partner, they will always be informed.
2. Application for pre-registration
Personal data shall be used for purposes such as processing visitor applications, personal authentication and identification for provision of services, visitor management, personal authentication pursuant to the Internet real-name system, preventing illegal use of services, and notifications of all sorts.
Personal data shall be processed for discovering new service elements and improving existing services such as demographic analysis, analysis of service visits and usage records, exhibition statistics, and provision of customized services based on fields of interests.
Personal data shall be processed for such purposes as development of new services (products), provision of customized services, provision of information on events and advertisement, and of opportunity for participation.
3. Application for participation
Personal data shall be processed in accordance with
Exhibition Terms and Conditions.
4. Exhibition and participation inquiries
Personal data shall be processed for such purposes as identifying inquirers, verifying inquiries, contact and notification for fact-finding, and notifying processed results.
Name of personal data file |
Operating grounds |
Purpose of processing data |
Visitor Pre-Registration |
Consent from data subjects |
Personal identification/authentication for visiting the exhibition, and provision of advertising information |
Exhibitor Application |
Consent from data subjects |
Contract for participation, installation of exhibition booths and products, and various service provisions |
Exhibition and participation inquiries |
Consent from data subjects |
Identifying inquirers, verifying and processing inquiries |
Article 2 (Retention and Usage Period of Personal Data)
1. “SECON & eGISEC” shall process and retain personal data within the retention and usage period in accordance with the relevant statutes or within the retention and usage period of personal data agreed upon collecting personal data from data subjects.
2. The retention and usage period of personal data shall be as follows:
1) Personal data related to the provision of services shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
2) Personal data related to marketing and advertisement shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
3) Personal data collected via on-site registration shall be retained and used in the same way as the personal data processed for visitor application.
- Grounds for retaining personal data: Consent from data subjects
Article 3 (Provision of Personal Data to a Third Party)
1. “SECON & eGISEC” shall process personal data of data subjects within the scope specified in Article 1 (Purpose of Personal Data Processing), providing personal data to the third party only when it meets the provisions of Articles 17 and 18 of the Personal Information Protection Act; the provisions include consent from the data subjects and existence of special provisions in other laws.
2. “SECON & eGISEC” shall provide personal data to the third party as follows:
Checking the appropriate checkbox on the provision of personal data to a third party, applicable to both online pre-registration and onsite registration, acts as a statement of consent to the provision of personal data by a data subject.
Scanning the visitor’s personal barcode on the exhibitors’ barcode reader (for product consultations and event participation), is an implied consent which provides authority to handle and transfer the visitor’s personal data to the third party.
- The recipient of personal data: Exhibitors (
A AND T GLOBAL, Acoustic Digital Media , AEPEL, AhnLab, AINETWORK. CO.LTD, AutoL, Axiomtek, bellock, BeyondTrust, BLUEMOON SOFT, BRINFOTEC, CARDINAL Co., Ltd., CATIS, CMI Tech, CODE1, COREEDGE NETWORKS, CPRO, CREATIVENET, CS Information Technology, CTEC, CyberLink, D&S Technology, Dahua Technology korea company, Danusys, DataProtec, Datasecure, DATISBANET, DAWONTECH, Deeply Inc. , DEMCO CSI, Digitalsense, Divisys, DOGU , DURUAN, easycerti, EMSTONE, ENDAS, Ensonsoft, EONSYSTEM, ESCA, estorm, ESTsecurity, Everyzone , Exosphere Labs, Eyenix, EZ-NET Ubiquitous, FOCUS H&S , Fostec, FSNETWORKS Co., Ltd, FST KOREA, Futuresystems, gabia, Gasi, GEOMEX SOFT, GITSN, GOT Co.,LTD., GPLUS SYSTEMS, Green IT Korea, GST, GUNNEBOKOREA, HandreamNet, HANKYUL PIF, hongseok, HUNESION, HyeSung TechWin , Hyunmyung, IBASE Technology, IBSKOREA CO.,LTD, ICTK, IDIS, IGLOO Corporation, IIST, InBic, INCA internet , INCON, INDUSVISION, Innodep, INSPIEN, Intellivix, Inter-M, IONEKOREA, IRE S&C, IRIS ID, ITLogin, ITSON, ITSTATION , Jason, Jiangxi Trace Optical, JIINTECH, JINMYUNG INFORMATION & COMMUNITY, JiranSecurity, JWC NETWORKS, KANA ENG, KJ TECH, KOREA SCANTECH, Koreaits , Ksign, KX NexG, KYEUNGIN CNS , L7 Security, Linxens, LOGPRESSO, Mark Any, mcloudoc , MDS Tech, Microsystems, MIK SCAN, MIRAE System, MIRAESIGNAL , MONITORAPP , MPOLE SYSTEM, NAIZ, NAONWORKS, NETAND, Network Optix, Nextstep, NOVITEC, NPCore, NSID, NST , NURICON, Nurilab, NYOUL, ONECAST , OneMoreSecurity, OPTEX, OQ SOLUTION, OTC TECH Co., Ltd., OTS, PATLITE KOREA, PINTEL, PIOLINK, PNPSECURE, PRIBIT Technology, PROBEDIGITAL CO., LTD, QUARRY SYSTEMS , RETECHKOREA, Rexgen , RIFATRON, SAENOON, Saevit M&S, SAFE NETWORK , SAI Technologies, Seagate Technology, Secuinfo, SecuLayer, Secureki, SeeEyes , SELECS, SEO, Seyeon Tech, SGA Solutions, ShenZhen HYX Hardware And Electronics, SHINHWA SYSTEM, SHINILTECH , Silicon Bridge, SiliconCube Co.Ltd, Snaptag, Soltech, SOMO IR , SONGWOO, Sparrow, SSenStone, SSNC, SSR , SSTLab, SUNGCHANG, Sunghyun System, Sunjin Infotech , Suprema, Surgefree, TaeJung ENG, TAEYANG TECH, TERUTEN, The Zone System, ToCSG, TP-Link Korea, TRINITYSOFT, TRUEN, UNIONCOMMUNITY, Universe, UROCK , Verkada, VIASCOPE, VISION I&C, VST KOREA, WANTECH, Warevalley, Waterwall Systems , WEEDS KOREA, Wilcon Technology , WINS, Witcon Co., Ltd., WONWOO Engineering , Wookyoung Information Technology, YH DATABASE, YTOT KOREA, Zenosys , ZIOVISION
)
- Purpose for which the recipient collects and uses personal data: Development of new services (products), provision of customized services, provision of information on events and advertisement, and of opportunity for participation
- Items to be provided: Gender, full name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interest, purpose of visit, purchasing responsibility, job function, annual purchasing budget, annual turnover, and number of employees
- The period during which the recipient retains and uses personal data: One (1) year from the date personal data is provided
Article 4 (Outsourcing of Personal Data)
1. For a seamless processing of personal data, it shall be outsourced as follows.
Outsourcee |
Tasks to be outsourced |
Personal data retention & usage period |
KD Planning |
Exhibitors’ identification |
Until the end of the exhibition or termination of outsourcing contract |
Welltec |
Exhibitors and Visitors’ identification and issuance of badges |
Until the end of the exhibition or termination of outsourcing contract |
Panaroad |
Exhibitors’ identification |
Until the end of the exhibition or termination of outsourcing contract |
KINTEX |
Exhibitors’ identification |
Until the end of the exhibition or termination of outsourcing contract |
Association of Korean Exhibition Industry |
Exhibitors and Visitors’ identification |
One (1) year from the date personal data is provided |
Informa Group |
Visitor pre-registration, application for participation in the exhibition and various services, data storage, and service operation |
One (1) year from the date personal data is provided |
2. When signing an outsourcing contract, “SECON & eGISEC” shall specify the followings in the contract and other relevant documents: Prevention of personal data processing for the purposes other than the outsourced purpose, technical and managerial safeguards of personal data, limitation on re-outsourcing, control and supervision over outsourcees, and compensation and responsibilities. And “SECON & eGISEC” shall supervise whether outsourcees process personal data safely.
3. If there is any change in the tasks to be outsourced, “SECON & eGISEC” will notify the change via this Privacy Statement without delay.
Article 5 (Overseas Transfer of Personal Data)
“SECON & eGISEC” outsources storage of data and operation of services to “Informa Group” as follows. “Informa Markets” is the parent company of the organizer, protects personal data in accordance with the same information protection policy as that of “SECON & eGISEC”, and carries out its duties under strict supervision of “SECON & eGISEC”.
Outsourcee |
Informa Group |
Tasks to be outsourced |
Pre-registration, application for participation, various services, data storage, and service operation of the exhibition |
|
Personal data items to be transferred |
1. Visitor pre-registration
Gender, name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interests, purpose of visit, English name, and company name in English, job function, annual purchasing budget, purchasing responsibility, annual turnover, and number of employees, interest of hosted buyer programme
2. Application for participation
Company name, company website, company address, name of the person in charge, department in charge, position, phone number, fax number, mobile phone number, e-mail, name of the person in charge of tax invoice, department in charge, position, phone number, fax number, business nature, purpose of visit, key exhibits, exhibit details, booth application, and participation fee
|
Outsourcing schedule and method |
Transmission via network from a remote site immediately after online application |
Data transfer destination country |
Hong Kong |
Retention period |
One (1) year |
Person in charge of data management |
itsupport-kr@informa.com |
Article 6 (Rights and Obligations of Data Subjects and Methods for Exercise of Rights)
1. Data subjects may exercise the following rights concerning protection of personal data over “SECON & eGISEC”.
1) Request access to personal data
2) Request amendments
3) Request deletion
4) Request suspension of processing
2. Exercising rights in accordance with Paragraph (1) of this Article may be done pursuant to attached Form 8 of Public Notification concerning the methods for processing personal data (Public Notification of the Personal Information Protection Commission no. 2020-7) via letter, e-mail, or fax and “SECON & eGISEC” shall take necessary measures for exercising the rights without delay.
3. If a data subject makes a request for amendment or deletion of an error in his/her personal data, “SECON & eGISEC” shall not use or provide such personal data until the amendment or the deletion is made.
4. Exercising rights in accordance with Paragraph (1) may be done via a legal representative of a data subject, a person entrusted with exercising the rights, or an agent. In this case, a letter of authorization shall be submitted in accordance with attached Form 11 of Public Notification concerning the methods for processing personal data (Public Notification of the Personal Information Protection Commission no. 2020-7).
Article 7 (Personal Data Items to be Processed)
“SECON & eGISEC” processes the following personal data items.
1. Application for pre-registration
Of the items to be collected, industry, business nature, fields of interests, and purpose of visit shall only be used for visitor statistics and providing match-making services for participating companies and buyers in accordance with Article 18 of the Personal Information Protection Act.
- Required items: Gender, name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interests, and purpose of visit, job function, annual purchasing budget, purchasing responsibility, annual turnover, and number of employees, interest of hosted buyer programme
- Optional items: English name and company name in English
- Methods for collection: Online and onsite registration
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
2. Application for participation
- Required items: Company name, company website, company address, name of the person in charge, department in charge, position, phone number, fax number, mobile phone number, and e-mail
- Optional items: Name of the person in charge of tax invoice, department in charge, position, phone number, fax number, business nature, purpose of visit, key exhibits, exhibit details, booth application, and participation fee
- Methods for collection: Online, e-mail, and fax
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
3. Exhibition and participation inquiries
- Required items: Inquiry category, title, name, position, company name, e-mail, mobile phone, and details of inquiry
- Methods for collection: Online
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
Article 8 (Destroying Personal Data)
1. In principle, “SECON & eGISEC” shall destroy personal data without delay when the purpose of processing the data is fulfilled.
2. The procedures and methods for destroying personal data shall be as follows:
1) Procedures for destroying personal data
“SECON & eGISEC” shall select the personal data that has the grounds for being destroyed and then destroy the data after obtaining approval from the privacy officer at “SECON & eGISEC”.
2) Methods for destroying personal data
“SECON & eGISEC” shall destroy the personal data recorded and stored in an electronic file by making the file unable to be opened and the personal data recorded and stored in paper with a paper shredder or by burning the paper.
Article 9 (Ensuring the Safety of Personal Data)
“SECON & eGISEC” takes technical, managerial, and physical measures required to ensure the safety of personal data in accordance with Article 29 of the Personal Information Protection Act.
1. Establishment and implementation of an internal management plan
“SECON & eGISEC” is establishing and implementing an internal management plan for safe processing of personal data.
2. Technical measures against hacking, etc.
“SECON & eGISEC” installed security programs to prevent personal data from being divulged or damaged by hacking or computer viruses and has updated the system on a regular basis for examination. “SECON & eGISEC” installed the system in an area where access is restricted from the outside and has monitored and blocked the system technically and physically.
3. Restricting access to personal data
“SECON & eGISEC” has taken necessary measures to restrict access to personal data by granting, changing, and denying the right to access to the database system which processes personal data and has restricted unauthorized access to the system from the outside with its intrusion prevention system.
4. Restricting entry by an unauthorized person
“SECON & eGISEC” has a separate physical area where personal data is stored. Entry to the area is restricted under the procedures established and implemented by “SECON & eGISEC”.
Article 10 (Privacy Officer)
1. “SECON & eGISEC” has designated a privacy officer who takes charge of personal data processing. The officer handles data subjects’ grievances and remedial compensation in relation to personal data processing.
Privacy officer
Name: Choi, So-young
Position: CEO
Phone: +82-2-719-6933
E-mail:
sychoi@boannews.com
Department in charge of personal data protection
Person in charge: James Lee / Position: Team Manager
Phone: +82-2-6715-5406(dir.)
E-mail:
itsupport-kr@informa.com
2. A data subject may inquire to the privacy officer and department in charge of personal data protection at “SECON & eGISEC” on personal data protection, grievances handling, and remedial compensation arising from using the services (businesses) of “SECON & eGISEC”. “SECON & eGISEC” shall answer and handle the inquiries of the data subject without delay.
Article 11 (Remedy against Infringement upon Rights)
A data subject may inquire the following institutions about remedy against infringement upon the rights of the data subject and consultation.
[The following institutions are independent from “SECON & eGISEC”. If you are not satisfied with “SECON & eGISEC”’s handling of grievances about personal data and the results of its remedy or if you need more detailed help, feel free to contact any of the followings.]
- Personal Information Infringement Report Center (privacy.kisa.or.kr / phone number: 118 (without area code))
- Cybercrime Investigation Division of the Supreme Prosecutors' Office (www.spo.go.kr / phone number: 1301 (without area code))
- Cyber Safety Bureau of the Korean National Police Agency (cyberbureau.police.go.kr / phone number: 182 (without area code))
Article 12 (Changes in Privacy Statement)
1. This Privacy Statement shall be effective from August 19, 2021.
2. You can check any of the previous privacy statements below.
- Effective until August 18, 2021.