Article 1 (Purpose of Personal Information Processing)
Vanguard Trade Limited (hereinafter referred to as the company) handles the minimum personal information required for the following items. The processed personal information shall not be used for purposes other than those listed below.
1. (financial) transaction related
1) Regarding (financial) transactions, inquiries about personal credit information of credit inquiry companies or credit information centralized institutions, establishment of service provision contracts, identification of individuals and confirmation of individual wishes, determination of establishment, maintenance, performance and management of (financial) transaction relationships ( financial) transaction relationship.
2) Perform and provide services, provide specific customized services, provide content, send various reports and requests, provide (financial) transaction identity verification and financial services, purchase and settlement of financial investment products.
3) Prevention and investigation of financial accidents, dispute resolution, complaint handling, statistics and analysis, risk management, and fulfillment of other statutory obligations (real-name confirmation, specific financial transaction reports, unfair transaction prevention, suitability confirmation, etc.).
2. Recommend products, service promotion and sales
Provide product introduction, publicity, persuasion and tailor-made services, provide various events and advertising information, provide convenience and participation opportunities such as gift payment and reward activities, asset/tax consulting, customer satisfaction surveys, customer classification, product development, Customer asset and profitability analysis
Grasp the connection frequency of the application, collect statistics on the use of the user service, provide services based on demographic characteristics, place advertisements, and communicate advertising information such as events
3. Management of information subjects
Confirmation of membership intention, membership registration, personal identification and authentication for membership-based services, maintenance and management of membership, prevention of improper use of services, prevention of unauthorized use, confirmation of legal representative consent and consent when handling personal information of children under the age of 14 No, identity verification of the legal representative, accident investigation, dispute resolution, petition handling, and communication of notifications
4. Purposes related to online transactions
According to Articles 21 and 22 of the "Electronic Financial Transaction Law", it is used to track and search electronic financial transaction content, formulate security policies and other statistical data.
5. Statistical compilation, scientific research, and public welfare record keeping purposes
In accordance with Article 28-2 of the "Personal Information Protection Act", pseudonymization of personal information is performed for the purposes of statistics, scientific research, and preservation of public interest records, etc.
Article 2 (Personal Information Processing and Holding Period)
The company will retain the personal information collected from the information subject until the purpose of collection and use is achieved, and if the purpose is achieved, it will be destroyed in principle.
The processing and holding periods of personal information are as follows.
1. Personal (credit) information related to (financial) transactions will be retained and used for the above-mentioned purposes within 5 years from the date of collection and use consent to the end date of (financial) transactions. However, after the (financial) transaction closing date, it will be owned and used separately in order to fulfill legal obligations such as financial accident investigation, dispute resolution, complaint handling, capital market law (storage for more than 10 years).
2. The personal (credit) information collected for the purpose of inquiring personal (credit) information will be retained and utilized from the date of consent to the collection and use to the effective period of the personal (credit) information provision and inquiry consent of the information subject . However, after the validity period of personal (credit) information provision and inquiry consent expires, it will be retained and used only for investigating financial accidents, resolving disputes, handling complaints, and fulfilling legal obligations.
3. Relevant personal (credit) information such as product and service promotion and sales persuasion, shall be retained and used from the date of collection and use consent to the end date of (financial) transaction or withdrawal of consent. However, we hope that customer information will be stored and used for one year from the date of collection. After withdrawal of consent, it will only be retained and used for investigating accidents related to Article 1, resolving disputes, handling complaints, and fulfilling legal obligations. The advertising identifier (ADID/IDFA) collected for the purpose of grasping the connection frequency of the application, the statistics of the use of user services, and the communication of advertising information such as events, for the purpose of online customized advertising, within 1 year from the date of collection owned and used.
4. The personal (credit) information collected for the purpose of managing the information subject is owned and used from the day the customer joins the membership until the day the customer withdraws from the membership. However, after the date of membership withdrawal, it will be reserved and used only for investigating accidents related to Article 1, resolving disputes, handling complaints, and fulfilling legal obligations.
5. Personal (credit) information collected for the purpose of Internet transactions will be retained and used until the period stipulated in Article 12 of the Enforcement Decree of the Electronic Financial Transactions Act. However, after the validity period of consent expires, it will be reserved and used only for investigating related accidents, resolving disputes, handling petitions, and fulfilling legal obligations.
6. With regard to My Data Service, the collected personal (credit) information will be retained and used until the end of service use (member leaving date) or withdrawal of consent.
7. "Personal information processed under a pseudonym (pseudonym information)" is retained and used for statistical production, scientific research, and record keeping for public interest only until the specified purpose is achieved (time) when the pseudonym processing plan is formulated.
Article 3 (Personal Information Items Handled)
The company handles personal information items for the establishment, maintenance, performance, management and provision of goods and services of (financial) transactions as follows.
1. Required information
1) Unique identification information: ID number, driver's license number, passport number, alien registration number
2) General personal information
Personal information: name, date of birth, address (home, unit), contact information (mobile phone, home, unit), email address, nationality, resident classification, country of residence, contact information CI, occupation, unit name, department , gender, domestic domicile declaration number
Personal information of the agent: name, date of birth, contact information, nationality, occupation, unit name, domestic domicile declaration number, relationship with the person
Transaction media information: ID, media type, IP/MAC address, terminal information
Customer confirmation information (CDD/EDD): customer identity information, transaction purpose and source of funds, expected transaction, agent. Client and other special related party information
Transaction qualification judgment information: education training number and qualification certificate number for specific financial investment product transactions
3) Credit transaction information: information generated by product type, financial transaction information (transaction type, transaction conditions, date, amount setting generation information), (financial) transaction setting, maintenance, execution, management consulting, etc.
4) Credit judgment information: information on arrears, occurrence of non-performance of debts and whether to cancel them, information on name theft, information on financial disorder
5) Credit capacity information: income information, property information, debt information
6) Public information, etc.: personal credit information score, basic living security recipients or not, resident ID card/driver's license issuance date
* It is possible to refuse consent to information collection, use, and provision, but if you do not agree to necessary information and unique identification information, you may not be able to establish or maintain a transaction relationship.
* In principle, the company does not collect sensitive information that may infringe on the privacy of customers. When adding tax discounted products, it collects after obtaining the individual consent of the customer, and uses it only for the purpose of consent.
Sensitive information processed when joining tax incentives: Disabled persons, national (independent) meritorious businessmen, patients with defoliant effects, victims of the 5.18 democratization movement
2. Select information
Information for providing convenient services to customers
1) General personal information: name, date of birth, gender, address, contact information (mobile phone, residence, workplace), email address, terminal information
2) Credit transaction information: on the transaction day, commodity types, transaction conditions, transaction setting information, concerned commodities, preferred commodities and services
3) Credit ability information: investment tendency, payable period, total income
Provide information on convenient services for potential customers
1) General personal information: name, mobile phone number, gender, e-mail address, age group, other information (region, workplace name, SNS account, SNS ID, whether other securities companies trade or not, reasons for choosing securities companies, caring about products, following Assignment, Participation Event, Participation Path, Registration Path)
* It is possible to refuse consent for selective information processing, but if you do not agree, some services and provision of convenience may be restricted.
3. Collection of information under the Electronic Financial Transactions Act (limited to electronic financial transactions).
1) Content tracking and searching of electronic financial transactions: customer ID, connection date, IP Address, MAC Address, HDD device information, OS information, etc.
2) Smartphone application service: On the company's application service, the customer's permission of access does not mean that the permission-related information allowed from the terminal information, etc., will be collected (transmitted) immediately. Within the scope of the notification and approval of access to the terminal information, etc., collect (transmit).
3) Installed application information (Android OS): For safe financial transactions, among the applications installed on the terminal, detect malicious applications that may become threats (malicious application detection information, detection of detected malicious applications diagnostic information, whether a remote control application is running).
4. Collection information of My Data service
1) General personal information: name, date of birth, gender, mobile phone number, email, customer identifier (CI), simple authentication information, device information (UUID)
2) Credit transaction information: information on financial investment products that are traded with the company (contract information, financial asset information, financial transaction information), information generated by the establishment, maintenance, performance, and management of financial transactions, consultation, etc., credit Transaction information, insurance transaction information, credit card transaction information, other financial transaction information, electronic settlement information, and other contract and service signing, maintenance, performance, management, improvement, etc., information provided or generated by the person
* It is limited to the information provided/received by the person himself/herself from an information provider such as a financial institution to your company, which is a credit information management company, in response to a request for information transfer.
3) Credit ability information: investment propensity, income information, property information, debt information, tax performance information, personal credit score, asset holding information (real estate, cars, spot assets, etc.) that customers directly input when using My Data service.
4) Public information, etc.: Public fee payment information
5. The types and items of pseudonym information to be processed, and the purpose of use can be confirmed in View Details.
※ Home>Personal Information Handling Policy>Current Status of Pseudonym Information Handling
6. Collection method
1) Collect directly from customers who visit the company's business hall.
2) Collect directly from customers through online member registration
3) Homepage, written form, fax, telephone, consultation bulletin board, e-mail, application details, delivery request
4) Collected by phone calls with customer service center counselors
* The company agrees to collect personal information of customers. Regarding the collection of customer personal information, if the customer "agrees" to the company's personal information processing policy or terms of use or the content of the personal (credit) information consent form, it is deemed to have agreed to the collection of the company's personal information.
Article 4 (Handling of personal information of children under the age of 14)
1. When the company collects personal information of children under the age of 14, it obtains the consent of the legal representative and collects the minimum personal information required to perform the service.
Required items: legal representative's name, relationship, contact information
2. In addition, when collecting personal information of children for the promotion of the company's products, services and sales promotion, the consent of the legal representative is required.
3. When the company collects the personal information of children under the age of 14, the child may be required to provide minimum information such as the name and contact information of the legal representative to confirm whether the legal representative agrees.
Article 5 (Personal information is provided by a third party)
1. The company only processes the personal information of the information subject within the scope expressly stated in Article 1 (Personal Information Processing Purpose). Personal information is only provided to a third party under the conditions specified in this article, otherwise, the personal information of the information subject will not be provided to a third party.
2. In order to provide smooth services, the company will only provide personal information to third parties within the minimum necessary scope with the consent of the information subject in the following cases.
1) Credit information centralized agencies and credit inquiry companies
First. the person who accepts the offer
Credit information centralized agency: Korea Credit Information Service
Credit inquiry company: NICE Evaluation Information Co., Ltd.
B. Provider's purpose of use
Personal credit evaluation, real-name confirmation and other credit inquiry services, contract maintenance and post-management
Centralized management and utilization of credit information and other business of credit information centralized institutions
C. Personal information provision items
personally identifiable information
A. Personal information retention period
Personal (credit) information will be retained and used from the date of provision until withdrawal of consent or until the purpose of provision is achieved. After withdrawing consent or achieving the purpose of providing, it will only be owned and used within the necessary scope for investigating financial accidents related to the above purposes of use, resolving disputes, handling complaints, and fulfilling legal obligations.
2) Cooperative enterprises
[Homepage>Personal Information Handling Policy>Personal (Credit) Information Handling Business Consignment and Cooperation Status] You can check the current status of partner companies on the screen
A. Provider: cooperative enterprise
B. The purpose of use of the provider: the purpose of cooperation
C. Personal information provision items: personal (credit) information processing items
B. Personal information retention period: use/retention period (repealing time limit)
3. The company may provide personal information to relevant departments without the consent of the information subject in the event of the following emergency situations such as disasters, surveillance diseases, incidents that cause emergency life, health, and danger, accidents, and emergency property damage.
Article 6 (Entrustment of personal information processing business)
1. The company entrusts part of the personal information processing business to external professional companies for the purpose of improving service levels, smooth (financial) transaction setup, maintenance, execution, management, and provision of goods and services.
1) Entrusted company
Current status of entrusted enterprises
Home>Personal Information Handling Policy>Personal (Credit) Information Handling Business Consignment and Cooperation Status
2) Purpose of entrustment
Execution of necessary consignment work such as the establishment, maintenance, execution, and management of (financial) transactions
Product and service promotion and sales persuasion, gift payment, entertainment activities, customer satisfaction surveys, etc., perform entrusted business when necessary
3) Personal information consignment items
Personal identification information: Unique identification information such as name and ID number, contact information such as nationality, occupation, address, e-mail address, phone number, etc.
(Financial) transaction information: transaction settings and detailed information such as name, account number, transaction date and time, transaction amount, etc.
In addition to personally identifiable information, the information written on the transaction application form or the information provided by the information subject
2. When the company signed the entrustment contract, in accordance with Article 26 of the "Personal Information Protection Act", the contract and other documents clearly stated in the contract and other documents the prohibition of personal information processing other than the purpose of entrusted business execution, technical and management protection measures, re-entrustment restrictions, and Liability-related matters such as management and supervision of the trustee, compensation for damages, and supervision of whether the trustee handles personal information safely.
3. When the content of the entrusted business or the entrusted person changes, it will be disclosed through this personal information processing policy.
Article 7 (Personal Information Destruction Procedures and Methods)
1. The company will destroy the relevant personal information immediately when the personal information becomes unnecessary after the expiration of the personal information possession period and the achievement of the processing purpose.
2. After the personal information retention period agreed by the information subject or when the personal information needs to be kept according to other laws and regulations even if the processing purpose is achieved, the relevant personal information is transferred to another database (DB) or a different storage place for storage.
1) Storage of unavoidable cases: In accordance with Article 62 of the "Enforcement Decree of the Capital Market and Financial Investment Industry-related Act", transaction-related materials such as order records (10 years), information related to the use of investor assets (10 years), and investment Relevant materials of the contract signed by the applicant (10 years), etc.
2) Items of personal information that are classified and stored: name, unique identification information, contact information such as mobile phone number, address, email, etc.
3. The procedure and method of personal information destruction are as follows.
1) Destruction procedure: The enterprise selects the personal data for which the reason for destruction occurs, and destroys the personal information with the approval of the person in charge of personal information protection of the enterprise.
2) Destruction method: The enterprise destroys the personal information recorded and stored in the form of electronic files, and the records are not allowed to be played back; the personal information recorded and stored in paper documents is shredded or destroyed with a shredder.
Article 8 (Rights, Obligations and How to Exercise Information Subjects and Legal Representatives).
1. The information subject can exercise the right to read, correct, delete, stop processing, etc. against the company at any time.
※ Requests for viewing personal information of children under the age of 14 should be directly carried out by the legal representative. Minor information subjects over the age of 14 can exercise their rights with respect to the personal information of the information subject by the minor himself or through a legal representative. exercise rights.
2. According to Paragraph 1, Article 41 of the Enforcement Order of the Personal Information Protection Act, rights can be exercised in writing, by telephone, on the website, etc., and the company will take immediate measures against this.
3. The exercise of rights can be carried out through agents such as the legal representative or the entrusted person of the information subject. In this case, a power of attorney is required.
4. Requests for reviewing and stopping processing of personal information According to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act, the rights of the information subject may be restricted.
5. Requirements for modification and deletion of personal information When other laws and regulations clearly stipulate that personal information is the object of collection, deletion cannot be requested.
6. Whether the requester is the person or legal representative of the company when requesting access, correction, deletion, and cessation of processing based on the rights of the information subject.
Article 9 (Measures to ensure the security of personal information)
According to Article 29 of the Personal Information Protection Act, the company is taking the following management/technical and physical measures necessary to ensure security.
1. Management measures: formulate and implement internal management plans, operate specialized organizations, and regularly train staff
2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs, application of data leakage prevention solutions (DLP), operation of intrusion blocking systems, storage of connection records and Prevent counterfeiting, install intrusion detection systems, and implement security controls 24 hours a day, 365 days a day
3. Physical measures: Designate control areas and access control for computer rooms, data storage rooms, etc.
In order to ensure the safety of personal information, the company will carry out the following activities in addition to the matters stipulated by laws and regulations.
Obtained domestic and foreign personal information protection certification: ISO27001, ISMS-P
Article 10 (Installation, operation and rejection of automatic personal information collection devices)
The company uses "cookies" that store usage information and load them at any time in order to provide users with individually tailored services. on the internal hard disk.
1. Purpose of use of cookies: To understand the access and usage patterns of various services of the user's access to the homepage, user authentication, etc., to provide special services and improve usability.
2. Installation, operation and rejection of cookies: You can refuse to save cookies by setting the settings menu at the top of the web browser>Internet options>personal information>advanced menu option settings.
3. When choosing the option to refuse to save cookies, it may be difficult to use customized services.
Article 11 (Collection, use, provision and rejection of behavioral information)
The company collects and uses online form information for use analysis of the site, such as product and service development and customer analysis. Behavior information refers to online user activity information that can grasp and analyze the user's concerns, interests, preferences, and tendencies, such as website visit history, application program use history, purchase and search history, etc.
1. Collection of behavioral information items
Website/app service access records, usage records such as searches and clicks, and advertisement identifiers
2. Morphological information collection method
Using Google Analytics, a Weblog analysis tool provided by Google, to collect information such as the user's access frequency and pages visited, in this case, use de-identified anonymous user information so that the user cannot be identified personally.
Collect logs of key customer actions on the website and within the app
3. Purpose of collection of form information
User analysis such as product and service development and statistics, customer analysis, and provision of customized advertisements based on user profile information
4. Form information retention, use period and subsequent information processing methods
It can be stored and used for up to 3 years from the date of collection, and the form information will be deleted immediately when the period of use expires
5. Method of exercising user control rights
Customers can refuse to use it by adjusting browser settings, refusing to save cookies, etc.
Browser (example): Settings menu at the top > Internet options > Personal information > Advanced > Cookie blocking
Microsoft Edge: "···" in the upper right corner > Settings > "Personal Information, Search and Services" in the upper left corner > Prevent Tracking > Prevent Tracking >
. Always choose whether to use "Strict" to prevent tracking when searching for InPrivate
. Select whether to "Send Do Not Track Request" in the personal information column
Chrome (example): Settings menu on the right side of the web browser > Personal information and security > Select whether to "Block cookies and website data from other companies"
Smartphone (example)
Android phone: ①Google Settings>②Advertising>③Ad customization selection or cancellation
iPhone: ①Apple Settings>②Personal Information Protection>③Advertising>④Ad Tracking Restriction (※ Depending on the OS version, the method may be different)
6. User victim relief methods
Relevant departments and customer inquiries
7. Providers of behavioral information
KB Financial Holdings
Article 12 (Additional use, provision of relevant judgment criteria)
According to Article 15, Paragraph 3 and Article 17, Paragraph 4 of the "Personal Information Protection Act", if the company intends to use or provide personal information without the consent of the information subject, it shall consider the following items in accordance with Article 14-2 of the Enforcement Order Items, personal information can be used and provided without the consent of the information subject.
1. Whether it is reasonably related to the original collection purpose
2. Whether it is possible to predict additional use or provision of personal information from the situation of collecting personal information or handling practices.
3. Whether the interests of the information subject have been infringed improperly.
4. Are necessary measures to ensure security such as pseudonymization or encryption taken?
Article 13 (Handling of pseudonym information)
According to Article 28-2 of the "Personal Information Protection Act", personal information collected for statistical compilation (including commercial purposes), scientific research (including industrial research), public interest record keeping purposes, etc. is pseudonymized so that it cannot A specific individual is identified and processed as follows.
1. Purpose of processing pseudonym information
The processing purpose of pseudonym information handled by the company is confirmed in the following "Current status of pseudonym information processing"
2. Items of personal information processed under a pseudonym
The types and items of pseudonym information handled by the company, and the purpose of use are confirmed in the following "Current status of pseudonym information processing"
3. Pseudonym information processing and retention period
Pseudonym information is retained and used only until the time (time) when the purpose of the pseudonym handling plan is achieved
The processing and retention period of pseudonym information handled by the company is confirmed in the following "Current status of pseudonym information processing"
4. Matters concerning provision of pseudonym information to third parties
Regarding the provision of pseudonym information to third parties, please confirm in the following "Current status of pseudonym information handling".
5. Matters concerning measures to ensure the security of pseudonym information
Management measures: formulate and implement internal management plans, and regularly train employees
Technical measures: management of access rights to pseudonymized information, access control, prevention of re-identification, installation of security programs
Physical measures: Designate control areas and access control for computer rooms, data storage rooms, etc.