K Auction Inc. Privacy Policy

K Auction Inc. (hereafter referred to as the “Company”) has established and discloses the following Privacy Policy in accordance with Article 30 of the Personal Information Protection Act for the purpose of protecting the personal information of data subjects and swiftly and smoothly addressing related issues.

Article 1 (Purpose)

The Company processes personal information for the following purposes. Personal information processed shall not be used for purposes other than the following, and in the case that usage purposes change, the Company shall obtain prior consent in accordance with Article 18 of the Personal Information Protection Act. In addition, the data subject has the right to refuse consent for personal information used by the Company for other purposes, and in case of refusal of personal information usage, personal information shall not be used for the following purposes:

1.     Website membership registration and management

2.     Verification of intent to register as a member, personal identity verification∙authentication for the provision of membership services, other related duties

[Personal information shall be processed for the purposes of verifying intent to register as a member, review∙management∙maintenance of member eligibility, identity verification in accordance with the limited identity verification system, prevention of misuse of services, verification of legal guardian consent for the processing of personal information for minors under 14 years of age, various announcements∙notifications, and addressing issues.]

3.     Provision of goods and/or services, other related duties

[Personal information shall be processed for the purposes of verifying eligibility during bidding registration, issuance of cash receipts∙tax invoices, verification of eligibility for tax exemptions, etc.]

4.     Delivery of goods and/or provision of services

[Personal information shall be processed for the purposes of transmission of contracts∙invoices, delivery of goods, provision of content, provision of individualized services, identity verification, age verification, payment∙settlement of fees, collection of debts, etc.]

5.     Addressing Problems

6.     Addressing Complaints

[Personal information shall be processed for the purposes of verifying the identity of the complainant, verifying the details of the complaint, contact∙notification in the course of investigation, notification of results of addressing complaints, etc.]

7.     Provision of Information

[Notification of news provided by the Company, information regarding auctions and lots, information regarding consignment∙bidding∙failure to sell∙purchase, information regarding artworks, education, newsletters, etc.]

Article 2 (Processing and Retention Period of Personal Information)

①    The Company shall process∙retain personal information within the retention∙usage period in accordance with relevant law and/or the retention∙usage period agreed upon by the data subject at the time of personal information collection.

②  The personal information processing and/or retention period shall each be as follows.

2.     Website membership registration and/or management : 30 days from the date of website membership cancellation by the business operator/organization; however, if the following reason(s) are applicable, until the end of applicability of such reason(s)

1)    In the case of an ongoing investigation∙inquiry due to a violation of relevant law, until the end of such investigation∙inquiry

2)    In the case of remaining debt∙liability due to usage of the website and/or dispute(s) regarding the Terms & Conditions, etc., until such debt∙liability and/or dispute(s), etc. have been resolved

3)    Login ID: Retained in perpetuity

[Limited to Login ID(s), retention in perpetuity may be possible for the purpose of preventing duplicate service membership registration and/or misuse]

3.       Provision of goods and/or services : Until such goods and/or services have been provided in full and/or fees have been paid∙rendered in full

4.     However, even if the above Clause 3 applies, in the case that any of the following applies, until the end of such period

1)    Records regarding labeling∙advertisement in accordance with the「Act on the Consumer Protection in Electronic Commerce, Etc.」, records regarding trade, including contract details and/or fulfillment, etc.

-     Records regarding labeling∙advertisement : 6 months

-     Records regarding withdrawal of contract and/or subscription, payment of fees, provision of goods, etc. : 5 years

-     Records regarding customer complaints and/or dispute addressal : 3 years

2)    Retention of communications fact verification data in accordance with Article 41 of the Enforcement Decree of the「Protection of Communications Secrets Act」

-     Subscriber’s electronic communication date(s), start∙end time(s), other subscriber’s number, frequency of use, outgoing cell tower location tracking data : 1 year

-     Computer communications, internet log record data, access location tracking data : 3 months

3)    For the purpose of declaring national taxes, etc. and verifying electronic financial transaction records, etc.

-     National tax evidentiary documentation, etc. : 10 years (National tax imposition exclusion period and extinctive prescription calculated)

-     VAT tax base and/or tax amount declaration data, etc. : 5 years

-     Records regarding electronic financial transaction(s) and/or other party information, etc. : 5 years

5.     However, even if the above Clause 4 applies, in the case that additional retention period(s) are required by other individual laws and/or regulations, etc., until the end of such period

Article 3 (Provision of Personal Information to Third Parties)

①     The Company shall process the personal information of the data subject only within the limits set forth in Article 1 (Purpose of Personal Information Processing), and shall provide personal information to third parties only in cases in accordance with Article 17 of the Personal Information Protection Act, such as the consent of the data subject, special regulations of law, etc.

-       ② The Company provides personal information to third parties as follows. However, if additional consent of the data subject exists, personal information is provided to such third parties with such consent.

Article 4 (Entrustment of Personal Information Processing) ① The Company may entrust the processing of personal information as follows for the purpose of smooth processing of personal information duties.

※ During payment, the PG (Payment Gateway) of individual payment methods may require input of information, such as credit card information, account information, mobile telephone information, in the input window.

②    During the conclusion of entrustment contracts, the Company specifies information forbidding the processing of personal information for purposes other than the completion of entrusted duties, regarding technical∙managerial protection measures, restrictions on re-entrustment, management∙oversight of entrusted parties, indemnification for damages, etc. in accordance with Article 26 of the Personal Information Protection Act, and oversees entrusted parties regarding the safe processing of personal information.

③     Changes in entrusted duties or parties shall be disclosed immediately through the Privacy Policy.

Article 5 (Rights∙Obligations of the Data Subject and Methods of Exercise)

①     The data subject may exercise each of the following rights regarding personal information protection at any time against the Company.

1.      Request to view personal information

2.      Request to correct errors, etc.

3.      Request for deletion

4.      Request to suspect processing

②    The exercise of rights according to Clause 1 may be carried out through submission in writing, by telephone, email, FAX, etc., and the Company shall immediately take necessary action.

③     In the case that the data subject requests correction of error in personal information or deletion, the Company shall not use or provide such personal information until the completion of such correction or deletion.

④     The exercise of rights according to Clause 1 may be carried out through a representative, such as a legal representative or delegated person of the data subject. In such case, a power of attorney in accordance with the form set forth in Article 11 of the Attachment to the Public Notice Regarding Personal Information Processing must be submitted.

⑤    The data subject must not infringe upon the personal information and/or privacy of himself and or others being processed by the Company through the violation of relevant law, including the Personal Information Protection Act, etc.

Article 6 (Types of Personal Information Processed)

The Company processes the following types of personal information.

1.      Website membership registration and management

1) In the case of individuals

-     Required : Name, date of birth, ID, password, address, shipping address, mobile telephone number, gender, email address, I-PIN verification result, mobile phone/credit card identity verification result, foreigner registration number (if applicable), passport photo/nationality/expiration date (if applicable), foreign identity card photo (if applicable)

-     Optional : Areas of interest in the arts, occupation, company name, company phone number, company address

2) In the case of organizations

-     Required : Name of alternative representative, alternative representative gender, alternative representative date of birth, alternative representative department/position, ID, password, I-PIN verification result, mobile phone/credit card identity verification result, foreigner registration number (if applicable), organization name/business registration number/name of principal representative/home office location/company phone number (if applicable), passport photo/nationality/expiration date (if applicable), foreign identity card photo (if applicable)

2.      Provision of goods and/or services

-     Required : Payment information including name, date of birth, ID, password, address, shipping address, mobile telephone number, gender, email address, I-PIN number, credit card number, bank account information, cash receipt information (if applicable, resident registration number or mobile phone number, in the case of organizations, organization name/business registration number/name of principal representative/home office location/email address), tax invoice information (if applicable, resident registration number), tax exemption eligibility information (if applicable, passport information or foreign business registration certificate or foreign identity card information, immigration documentation information), personal customs clearance code (if applicable), etc.

-       mobile phone/credit card identity verification result, foreigner registration number (if applicable), passport photo/nationality/expiration date (if applicable), foreign identity card photo (if applicable)

-     Optional : Areas of interest, previous purchase history

3.      The following types of personal information may be created automatically and collected in the process of using internet services.

-     IP address, cookies, MAC address, service usage records, access records, misuse records, etc.

Article 7 (Destruction of Personal Information)

①     The Company shall destroy personal information without delay when such personal information is no longer necessary, such as upon the expiration of the retention period, completion of processing purposes, etc.

②    In the case that personal information must continue to be retained in accordance with other laws, despite the expiration of the retention period agreed upon by the data subject or the completion of processing purposes, such personal information shall be moved to a separate database (DB) or other storage location and retained.

③    The procedure and method of destroying personal information is as follows.

1.      Procedure for destruction

-     The Company shall select personal information for which there are grounds for destruction and destroy the personal information with approval from the person responsible for the protection of personal information.

2.      Method of destruction

-     The Company shall destroy personal information recorded∙saved in electronic file format using methods such as Low Level Format, etc. to preclude the possibility of restoration, and personal information saved∙recorded on paper documents shall be shredded by a paper shredder or incinerated.

Article 8 (Measures to Ensure the Safety of Personal Information)

The Company undertakes the following measures to ensure the safety of personal information.

1.      Managerial measures : Establishment∙implementation of an internal managerial plan, regular training of employees, etc.

2.      Technical measures : Management of access to the personal information processing system, etc., installation of an access control system, encryption of personally identifiable information, installation of security program

3.      Physical measures : Restriction of access to data processing room, data storage room, etc.

Article 9 (Information Regarding the installation∙Operation and Refusal of Automated Personal Information Collection Devices)

①    The Company utilizes cookies, which save and continually retrieve usage information, for the purpose of providing individualized services to users.

②    Cookies are small amounts of information sent by the server used to operate the website to the computer browsers of users and may be stored on the hard disks of users’ PC computers.

1.      Purpose of using cookies : Cookies are used to determine each service visited by the user, website visit and/or usage formats, popular search terms, use of secure connections, etc. to provide optimized information for users.

2.      Installation∙operation and refusal of cookies : Users can refuse to store cookies through the Option settings under Tools>Internet Options>Personal Information at the top of the web browser.

3.      Refusing to store cookies may result in difficulties in utilizing individualized services.

Article 10 (Person Responsible for the Protection of Personal Information)

①     The Company designates the following person(s) responsible for the protection of personal information for the purpose of being responsible for and overseeing duties regarding personal information processing, processing complaints and remedying damages of the data subject relevant to personal information processing, etc.

1.       Person Responsible for the Protection of Personal Information

Name : Lee, SangJin

Position : Director, IT Team

Contact : 02-3479-8820/sjlee@k-auction.com

※    Directed to the Personal Information Protection Department.

2.      Personal Information Protection Department

Department : IT Team

Supervisor : Nam, YoonHo, Manager

Contact : 02-3479-8876/yhnam@k-auction.com

②    The data subject can direct all information regarding inquiries, complaint processing, damage remedies, etc. arising in the course of utilizing the Company’s services (or business) to the person responsible for the protection of personal information and/or the relevant department. The Company shall respond to and process such inquiries by the data subject without delay.

Article 11 (Request to View Private Information) The data subject can submit requests to view private information to the following department in accordance with Article 35 of the Personal Information Protection Act. The Company shall make efforts to swiftly process such requests by the data subject to view personal information.

Personal Information Viewing Request Reception∙Processing Department

Department : IT Team

Supervisor : Nam, YoonHo, Manager

Contact : 02-3479-8876/yhnam@k-auction.com

Article 12 (Remedies for Infringement of Rights) The data subject can inquire regarding remedies, consultation, etc. for infringement of rights to the following agencies.

[The following agencies are separate entities from the Company. Please contact them if you are unsatisfied with the Company’s own processing of complaints or remedying of damages related to personal information or require additional assistance.]

1.      KISA Privacy Center (Operated by Korea Internet & Security Agency)

-     Responsible Duties : Reporting infringements of personal information, consultation requests

-     Website : privacy.kisa.or.kr

-     Telephone : (No area code) 118

-     Address : (58324) KISA Privacy Center, 3^rd Fl., 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)

2.      Personal Information Dispute Mediation Committee

-     Responsible Duties : Request for personal information dispute mediation, collective dispute mediation (civil resolution)

-     Website : www.kopico.go.kr

-     Telephone : (No area code) 1833-6972

-     Address : (03171) 4^th Fl., Government Complex-Seoul, 209 Sejong-daero, Jongno-gu, Seoul

3.      Supreme Prosecutors’ Office of the Republic of Korea – Cyber Crime Investigation Unit : 02-3480-3573 (www.spo.go.kr)

4.      Police Cyber Terror Response Center : 182 (http://cyberbureau.police.go.kr)

Article 13 (Installation∙Operation of Video Information Processing Devices)

①     The Company installs∙operates video information processing devices as follows.

1.       Video Information Processing Device Installation Reason∙Purpose : The safety of the Company’s facilities∙prevention of fires, prevention of crimes to ensure customer safety, prevention of vehicle theft and/or damage

2.     Number of installed devices, location of installation, recording range : 111 devices in main facilities including the office lobby∙exhibition spaces, etc., recording range included all areas of facilities

3.       Person Responsible for Management, Relevant Department and Access Holders to Video Information

4.     Video Information Recording Hours, Storage Period, Storage Location, Processing Method

- Processing Method : Information regarding usage of individual video information for other purposes, provision to third parties, requests including destruction, viewing, etc. is recorded/managed, and upon the expiration of the storage period is deleted in perpetuity using methods precluding restoration (printed materials are shredded or incinerated).

Information is stored∙processed in the video information processing devices control room of the General Affairs Team.

5.     Video Information Viewing Method and Location :

          - Viewing Method : Viewing is possible upon visiting the Company after contacting the person responsible for the management of video information ahead of time.

          - Viewing Location : Maintenance Office (B2)

6.     Measures Regarding Requests by the Data Subject Including Viewing Video Information : Requests must be made with individual video information viewing∙verification of existence request forms, and shall be allowed in cases limited to those in which the data subject himself/herself has been recorded or such information is clearly necessary for the benefit of the data subject’s life∙physical well-being∙property.

7.     Technical∙Managerial∙Physical Measures for the Protection of Video Information : Video information processed by the Company is safely managed through measures including encryption, etc. In addition, the Company grants discriminative access to personal information as a managerial measure for the protection of individual video information, and records and manages the time of creation, viewing purposes in case of viewing, viewer, viewing date, etc. of individual video information for the purpose of preventing the forgery∙falsification of individual video information. Furthermore, locking devices are installed for the safe physical storage of individual video information.

Article 14 (Modification of the Privacy Policy)

①    This Privacy Policy shall take effect from 18 April, 2021.

②    Previous Privacy Policies can be viewed below.
 

- Applicable 11 August 2017 ~ 2 December 2018 (Click)

- Applicable 3 December 2018 ~ 17 April 2021 (Click)