메인

1. “Personal information” refers to the information of a living individual such as symbols, letters, sound and images that may identify a specific individual with a name, customer identification number, etc. (including when the information alone cannot identify a specific individual, but may do so when simply combined with other available information).
2. Act on the Promotion of Information and Communications Network Utilization and Information. This personal information handling policy applies to the use of roaming inbound services provided by KT Corp. (hereinafter referred to as “the Company”), including but not limited to all available services offered by the Company regardless of types of services or accessible wired/wireless terminals.
3. The KT Roaming Inbound homepage, roaming.kt.com (hereinafter referred to as “the homepage”) takes seriously every relevant process from the collection, use and storage to the destruction of personal information, and strives to protect the rights and interests of customers by complying with provisions under the Personal Information Protection Act.
4. The homepage notifies customers of the purposes of the collection and use of the personal information they provide and the measures taken to protect the personal information through the Handing Policy of Personal Information, and publishes the Personal Information Handling Policy on the first page of the homepage for convenient viewing at all times.
5. The homepage complies with the various laws relating to personal information protection. If the Personal Information Handling Policy is amended, customers will be informed of such amendments via notification or a separate notice.

1. Pursuant to the relevant laws, the Company uses the personal information of customers within the scope clearly stated in the membership application and the terms of service, and notifies customers of the scope of such collection and purpose of use in advance.
2. The Company collects minimal personal information and does not collect any personal information that is likely to clearly breach the human rights of customers, including but not limited to information on ethnicity, nationality, ideology, creed, home, legal domicile, political affiliation, criminal records and health conditions.
3. The Company collects personal information in each of the following categories, for the following purposes.

※ The aforementioned information includes updated or modified information as well as information upon membership subscription.

The Company collects personal information through the homepage or roaming customer service center. Personal information is collected by a tool to collect the data created when customers or their agents log in onto or use the homepage, contact the customer service center via phone or facsimile to confirm identity, enter a special gift event, provide affiliates with personal information, or use mobile phone rental reservation services.

1. Pursuant to the relevant laws, the Company uses the personal information of customers within the scope specified under the Collection of Personal Information & Purpose of Use of the Membership Application, Terms of Service and Personal Information Handling Policy or stated under the Terms of Service.
2. The Company does not disclose the personal information of customers to third parties. If the Company discloses the information to a third party as specified under Section 4 below in the future, the Company shall obtain written consent in advance, via email or by posting in the homepage. When there is a special provision of relevant laws (such as Communication Confidentiality Protection Act, Electric Communication Business Law, Framework Act on National Taxes), exceptions can be made for cases of disclosure according to the regulations and procedures provided under the law.
3. Pursuant to the Terms of Service and the Personal Information Handling Policy, Customers may give consent in any of the following methods with respect to collection or use of personal information of customers making an online reservation or assignment of handling services.
   • A.A.When the customer logs into the homepage via PC, tablet or mobile device and filling out the online reservation application, he/she should check the content of the consent to the Personal Information Handling Policy posted in the homepage and click the “I Agree” button.
4. In the event of changes in the alliance or transfer or merger of the Company’s operations in part or whole, the Company provides or uses personal information as specified below.
   • A. Affiliation: The Company may offer or share the personal information of customers to or with affiliates in order to provide better services. In such cases, customers will be notified in advance, in writing or via email, of who the affiliates are, which personal information categories are given, why such personal information has to be offered or shared and/or until when the information is protected and managed so that they can give consent. If customers do not agree, the Company will not offer or share their personal information to or with affiliates. If affiliation changes or ends, customers will be notified through the same procedure and asked for consent.
   • B. B.Transfer of Operation, etc.: If part or all of an operation is transferred or the rights and duties of a service provider are relocated or taken over due to a merger, etc., such an incident shall be reported to customers or posted on the front page of the homepage for at least 30 days in order to guarantee the rights of customers with respect to personal information protection. However, notification in writing, via email or through other means can be replaced by at least one-time publication in two or more central daily newspapers (regular daily newspapers if the majority of customers live in a specific location) if customers are missing contact information due to no fault of their own, or if there is a justifiable reason not to give notifications such as a natural disaster.
5. KT Roaming entrusts the processing of personal information to foreign corporations related to the transfer of personal information abroad as below

   Personal Information to be transfered	The Time, country and method by which personal information is transferred	Person or entity to whom the personal information is provided	The purpose of use and the period of possession
   device information (IMEI, Model,Serial number)	• Country : the United States • Time: within 24 hours of reporting the loss • Method: SFTP should be sent	• GSMA  - E-mail：IMELHELPDESK@ GSMA.COM  - Telephone number : +1 (408) 617 8959	• The purpose of use: Bloking the overseas use for the device which is reported missing • Usage Period: until the report of the loss is canceled
   Phone number, IMSI number, service usage information	• Countries: Israel, Pune India, Manila Philippines, Moscow Russia • Time: In the event of a billing system problem • Method: Check information by accessing kt system in a secure way from abroad	Aviv Sneh (Head of Amdocs Korea)	• The purpose of use: Solving the billing systme problem • The period of possession: Destroy immediately right after achievement of the purpose
   EID, ICCID	• Countreis: Belgium, Germany • Time: Upon request to activate eSIM • Method: Remote site transmission with TLS Authentication over HTTPS	Thales DIS (Singapore) Pte. Ltd	• The purpose of use: activate eSIM • Usage Period: Until consignment contract ends
   EID, eventID(Thales DIS (Singapore) Provided via Pte.Ltd RSP server)	• Country : the United states • Time: Upon request to activate eSIM • Method : Remote site transmission with TLS(Mutual certificate-based)	Samsung, Apple	• The purpose of use : Add the fuction to easily download eSIM by displaying Noti. on the device without QR scanning when acrivating eSIM • Usage Period: Until consignment contract ends

1. The Company has outsourced the following processes to handle personal information in order to smoothly execute applications of the online reservation maker (hereinafter referred to as “the Reservation Maker”), check reservations, provide customers with convenient services and manage customer accounts.

   Subcontractor	Outsourced Processes
   kt ds	Maintain and control the reservation system of the KT Roaming Inbound homepage
   kt is/kt cs	Manage rentals and operate the roaming customer center
   NEXBRAIN Co., Ltd.	Operate and manage the KT Roaming Inbound homepage

2. The Company requires subcontractors to comply with laws and guidelines relating to personal information protection and regulations on protecting personal information & confidentiality, prohibition from offering information to a third party, assumption of responsibility in the event of an accident, and the duty to return or destroy personal information immediately after the outsourcing period ends.

1. The Company keeps and utilizes the personal information of customers within the period during which services are offered to customers (hereinafter referred to as “the Service Period”) or when a dispute is processed. However, the Company conserves the information according to the relevant law if there is one. The scope of the Service Period and dispute processing period is as follows.
   • A.Service Period: This is defined as the period of service subscription, from the day of subscription through the day of cancellation or the dispute processing period.
   • B.Dispute Processing Period: Personal information is retained for up to 6 months after service cancellation in order to prepare for any dispute over settlement of charges, overpayment, etc. In the event that there is an overdue balance, overpayment or any other charge-related disputes, personal information is kept until the dispute is resolved.
2. Among the personal information of a customer who has cancelled the service, the following categories of information are retained according to provisions under Chapter 85-3 of the Framework Act of National Taxes, and utilized when required by law or to check the eligibility of returning customers for subscription fee discounts.
   • A.Categories of Information Conserved: name, customer identification number (passport number/ foreigner registration number), birthdate, telephone number (mobile/landline), charge history (billed amount, V.A.T. amount, payments, statement dates, payment dates), payment methods, payer name, used services, discounted amounts & reasons, statement address, etc.
   • B.Retention Period: 5 years
3. Data about electronic communication provided by the Communication Confidentiality Protection Act are kept according to the following rules.
   • A.Name, passport number and mobile phone number required to provide data to confirm communication facts: 12 months
   • B.Subscriber’s electronic communication dates, time to begin and end electronic communication, the other party’s subscription number such as caller and receiver numbers, usage frequency and location of transmitting base stations: 12 months
   • C.Log records of computer communication or Internet and tracking data of access points to check the location of information and communications terminals: 3 months
4. Other categories are conserved according to provisions under the laws relating to e-commerce and credit information.
   • A.Records of indications and/or advertisements: 6 months (Pursuant to the Act on Consumer Protection in e-Commerce)
   • B.Records of contracts or subscription cancellations: 5 years (Pursuant to the Act on Consumer Protection in e-Commerce)
   • C.Records of balance payments and supplies of commodities, etc.: 5 years (Pursuant to the Act on Consumer Protection in e-Commerce)
   • D.Records of processing complaints or disputes by consumers: 3 years (Pursuant to the Act on Consumer Protection in e-Commerce)
   • E.Records of collecting, handling and/or using credit information: 3 years (Pursuant to the Act on the Use and Protection of Credit Information)

As a rule, the Company promptly destroys personal information based on the set retention and usage periods once the purpose of its collection and use has been accomplished. The scope of destruction targets and the destruction procedures and methods are as follows.

1. Destruction Target
   • A.Information of reservation makers whose conservation period has expired based on the retention period or relevant laws.
2. Destruction Procedure and Method
   • A.Personal information entered in the homepage by customers to use roaming services is transferred to a separate database (a separate file cabinet for paper information) after the purpose of its collection has been achieved, and is kept for a specified period of time according to the information protection reasons (see Retention & Use Period) provided by the internal guidelines and other relevant laws before its destruction.
   • B.Personal information transferred to the separate database is not used for purposes other than those specified unless stipulated otherwise under the law.
   • C.Personal information written or printed on a paper form such as a subscription application is shredded by a shredder or incinerated. Personal information stored in electronic file formats such as a database is deleted using a technical method that will prevent its recovery.

The Company shall faithfully respond to demands from customers (including legal guardian for children under 14) if customers demand to view or edit their personal information. Customers may cancel reservations and withdraw their consent on the collection, use, assignment or provision of personal information, whereas the Company may immediately correct or delete personal information if a need to correct or delete the respective personal information is acknowledged (e.g., the information is deemed to have contained errors or its conservation period has elapsed).

1. If customers demand to view, verify or correct their personal information:
   • A.Any customer using the online reservation feature can view reservation information on the homepage.
   • B.If a customer demands via email or phone that his or her personal information be corrected or deleted, necessary measures shall be taken immediately after the identification is confirmed
   • C.If a request to view, verify or correct part or all of the personal information is refused for a justifiable reason, the customer shall be notified and the reason shall be explained.
   • D.A legal guardian (either parent) may withdraw consent to the collection, use or provision of personal information of a child under 14, and demand to view the personal information provided by the child under 14 or correct any errors
2. Cancellation of Reservations and Withdrawal of Consent to the Collection, Use, Assignment or Provision of Personal Information
   Customers may delete their personal information entered on the View Reservations page of the homepage and withdraw their consent to the collection, use or provision of the personal information.
3. Handling of Deleted Personal Information
   The Company handles personal information deleted at the request of a customer who has made a reservation according to the provisions under the “Retention & Use Periods of Personal Information Collected by the Company,” and prohibits the information from being viewed or used for other purposes.

The Company may install and operate cookies to find and save information of a reservation maker if necessary for operating the homepage or roaming reservation system. Cookies are small test files that are sent by the server used in operating the Company’s website and roaming reservation system to the browser of the reservation maker, and are saved to the hard disk of the reservation maker’s computer. The reservation maker may determine whether to allow or refuse the collection of information via cookies using the security policy of the web browser.

1. The information collected by the cookies and the purpose of its collection are as follows.
   • A.Information Collected: access IP, access log, service usage data such as used contents
   • B.Purpose of Collection: identifying log-ins, making & viewing reservations
2. The reservation maker has options regarding the installation of cookies. Therefore, the level of information collection by cookies may be adjusted by setting options in the web browser.
   • A.Go to [Internet Options] → [Security] → [Custom Level] in the [Tool] menu of the web browser and set the level of information collection via cookies.
   • B.Through the procedure presented above, customers may check cookies whenever they are saved, or decline to save any cookies. However, if the customer refuses to install the cookies, he or she may experience difficulties using the service.

The Company has established the following technical and administrative measures in order to secure reliability to prevent the personal information of customers from being lost, stolen, leaked, falsified or damaged.

1. Technical Protection Measures
   • A.The personal information of customers is protected by a password, and files or transmitted data of important information are protected by separate security features, such as coding and locking.
   • B.An anti-virus program is used in the homepage to prevent damage by computer viruses. The anti-virus program is regularly updated. When a new virus is discovered, the program will immediately implement and apply countermeasures to prevent personal information from being exposed.
   • C.A security device (SSL) is adopted to safely transmit personal information and personal authorization data on the network.
   • D.In order to prevent the personal information of customers from being leaked by hackers, etc., a system is installed in the areas where outside access is restricted, a device is used to block trespassing, and an intruder detection system is set up for 24-hour monitoring.
2. Administrative Protection Measures
   • A.The Company has established necessary procedures to manage and have access to the personal information of customers, requires all of its employees and partners to understand and comply with them, and periodically inspects to ensure compliance.
   • B.The Company limits the number of staff handling personal information of customers to the minimum and controls their access authority. By regularly providing internal and external outsourced training classes regarding the acquisition of new security technologies and duties to protect personal information, the Company trains the staff to abide by the law and policy. The staff members who handle personal information are as follows:
     • ①Staff who directly or indirectly deal with customers and execute operations relating to reservations
     • ②Staff who are in charge of operations related to the management and protection of personal information, including the Personal Information Protection Manager and Personal Information Protection Administrator
     • ③Staff who are inevitably required to handle such personal information in the course of their duties
   • C.All affiliates and employees of KT Roaming Inbound Service are required to sign the Information Protection Pledge to prevent the disclosure of information (including personal information) before working, and are frequently reminded of their duty to protect personal information. Internal procedures have been developed and enforced to monitor compliance.
   • D.Operations of personal information handlers are thoroughly taken over under tight security. Liabilities for any violation of personal information after starting or leaving the job have been clearly provided.
   • E.The Company is not responsible for any incidents occurring due to personal error – such as a customer’s unawareness or misunderstanding of matters already posted on the website or announced – or the fundamental risks of the Internet.

The Company has designated the following relevant division and Personal Information Protection Manager in order to protect the personal information of customers and process complaints relating to personal information. Customers can report any complaints with respect to personal information protection, which may occur while making an online reservation on the homepage, to the division or manager in charge. The Company shall promptly process the complaints and reply.

1. Personal Information Protection Division and Contact Information
   • A.Personal Information Protection Manager: Eunsang Kim
   • B.Personal Information Protection Administrator: Minhye Kim
   • C.Division: KT Customer Strategy Division VAS Department Roaming business Team
   • D.Contact: +82-2-2190-0901
2. For any inquiries or questions about breaches of personal information security, please contact one of the following agencies.
   • A.Privacy Violation Reporting Center : http://privacy.kisa.or.kr/kor/main.jsp
   • B.Cybercrime Investigation Division of Supreme Prosecutor’s Office : http://cybercid.spo.go.kr/
   • C.Cyber Bureau, National Police Agency : http://cyberbureau.police.go.kr/crime/sub2.jsp

Previous revision date : 2020.07.09
Current effective date : 2021.1.28