Privacy Policy

Personal information is handled by the Bank for the following purposes.
The personal information being handled by the Bank shall not be used for any purposes other than those listed below and, should the purpose of use thereof be changed; the Bank will seek to obtain prior consent:

Purposes pertaining to financial transactions

Personal information is handled by the Bank to make inquiries on personal credit information through credit bureaus or credit information centralization agencies pertaining to financial transactions; make a decision on entering into a financial transaction relationship; to enter into, maintain, execute and manage a financial transaction relationship; investigate financial incidents; resolve disputes; address customer complaints; and perform statutory obligations

Promotion and marketing of products and/or services

Personal information is handled by the Bank to conduct customer satisfaction surveys to develop new services and offer personalized services; deliver services and post advertisements in a way that meets demographic characteristics of target customers; validate the effectiveness of services; provide customers with convenience and participation opportunities through give-aways, thank-yous or other promotional events; identify frequencies of access to its website; and compile statistics concerning service utilization by its customers

Acquiring and managing membership subscriptions

Personal information is handled by the Bank to process membership applications; give access to members-only services; verify the identity of a customer as required under the Limited Identity Verification System; identify individual users; prevent illegitimate or unauthorized uses; confirm a customer’s intention for membership sign-up; confirm consent by a legal representative to collect personal information of children under the age of 14 and verify the identity of the legal representative thereafter; investigate incidents; resolve disputes; address customer complaints; and send announcements and notices to customers.

Purposes pertaining to online transactions

Personal information is handled by the Bank to track and search details of electronic financial transactions and use them as statistical data for establishing security policy in accordance with Article 21 and Article 22 of the Electronic Financial Transactions Act.

• Personal (credit) information related to financial transactions shall be retained and used for the purposes stated above for the period from the date of consent to information collection and use till the date of termination of financial transactions.
  After the date of termination, however, such information shall be kept and used only for investigating financial incidents, resolving disputes, addressing customer complaints, fulfilling legal obligations and performing the Bank’s risk management activities.
• Personal (credit) information collected for the purpose of personal (credit) information inquiry shall be retained and used from the date of consent to information collection and use until the date when the consent thereof expires. However, such information shall be kept and used only for investigating financial incidents, resolving disputes, addressing customer complaints and fulfilling legal obligations after a customer’s consent to providing personal (credit) information and authorizing inquires to be made thereon expires.
• Personal (credit) information pertaining to the promotion and marketing of products and services shall be retained and used for the period from the date of consent to the collection and use thereof to the date of withdrawal of the consent.
  After the consent is withdrawn, however, such information shall be kept and used only for investigating incidents, resolving disputes, addressing customer complaints and fulfilling legal obligations related to the purposes specified under Article 1.
• Personal (credit) information collected for accepting and managing membership subscriptions shall be retained and used for the period from the date of membership sign-up to the withdrawal date.
  However, such information shall be kept and used only for investigating incidents, resolving disputes, addressing customer complaints and fulfilling legal obligations related to the purposes specified under Article 1.
• Personal (credit) information pertaining to online transactions shall be retained and used for the period prescribed in Article 12 of the Enforcement Decree on the Electronic Financial Transactions Act.

• A customer is entitled to demand access to his/her personal information or that of children under the age of 14 (applicable only to their legal representative) being handled by the Bank.
• A customer who has viewed his/her personal information is entitled to demand that the Bank correct or delete the personal information that differs from the truth or cannot be verified.
  However, if such information is clearly specified as information subject to collection under any other statute, a customer may not demand the deletion thereof.
• A customer is entitled to demand that the Bank suspend processing his/her personal information.
  However, the Bank may reject the demand for such suspension by giving the customer the reason for rejection in the event of any of the following:
• There are special regulations in the law or it is prerequisite for the Bank in the fulfillment of its legal obligations;
• Suspension of personal information may cause danger to the life of another person or bodily harm or unreasonably infringe upon the property or other interests of another person;
• Or failure to process the personal information of a customer interferes with the Bank’s performance of the contract with the customer including, but not limited to, failure to provide contracted services to him/her in cases where he/she has not explicitly expressed an intention to terminate the contract.

The Bank collects the following required and optional data items, which are needed to enter into, maintain, execute and manage (financial) transactions and offer products and services:

Required information:

• Personally identifiable information: Information that uniquely identifies an individual, such as full name and resident registration number, nationality, job, and contact information including postal address, e-mail address and contact number;
• Information pertaining to (financial) transactions: Information on the establishment of a transaction and its details including product type, transaction terms (e.g., interest rate, maturity and security or collateral), transaction date and transaction amount.
• Information required for credit assessment (only for loan transactions)
• Credit capacity information: Total amount of assets, liabilities and income as well as records of taxes paid
• Information for determining a credit rating: Delinquency, subrogated performance, substitute payments, bankruptcy, occurrence of an affiliated person(s), etc.
• And any other information generated from consultations to establish, keep, execute, and manage financial transactions as well as receivables management.

Personal information obtained prior to this agreement is also included.

Optional information

Information stated on transaction application forms other than personally identifiable information or any other information given by a customer: Residential and family status, length of residence, household members, marital status, etc.

Information collected pursuant to the Electronic Financial Transactions Act (subject to online transactions only):

• User ID, login (access) date and time, IP address, HDD serial number, MAC address, personal firewall settings, type of operating system, browser version, etc.
• Statistical data for establishing security policy: Personal firewall settings, type of operating system, major operating system patches, firewall settings, remote access settings, browser version, type of keyboard, etc.
• The Bank, in principle, does not collect sensitive information that may infringe upon your privacy. We collect such information, if needed, by obtaining your separate consent and make a limited use of it only for the purposes consented to.

Collection Methods

• Direct collection from customers who visit the branches of the Bank
• Collection through our website, written forms, faxes, phone calls, Q&A or consultation message board, e-mail, entries for promotional events and delivery requests
• Collection using tools to collect generated information
• Collection through inquiries received by the Customer Service Center

Use of Cookies

The Bank uses cookies to authenticate you while you are connected to its website.
You have the right to accept or reject cookies. You can change your option from your Internet browser to accept all cookies, to be notified when a cookie is sent, or block all cookies.
In the case of Internet Explorer, you can change your preferences by going to Tools > Internet Options > Privacy. Please note, however, that choosing an option that disables cookies may affect your ability to use some of our services.

• When the retention period of personal information expires, the Bank shall destroy personal information within five (5) business days from the end date of the retention period. When personal information becomes unnecessary for reasons such as the fulfillment of purposes of personal information handling, discontinuation of relevant services or closure of business, the Bank shall destroy personal information within five (5) business days from the day when it is deemed unnecessary to handle such information, except for any of the following cases:
• Credit information centralization agencies or credit bureaus retain personal credit information (only for the allowed retention period) for the purpose of centralized management and utilization of credit information or assessment of personal credit rating;
• Credit bureaus or other relevant institutions retain personal credit information for the period of time that they have civil or criminal responsibilities or for the period under a statute of limitations or hold personal credit information as evidence to resolve disputes;
• The Bank is obliged to preserve personal information in accordance with Article 33 of the Commercial Act;
• Or there are any other justifiable reasons similar to the above.
• Printouts or any other paper documents containing personal information shall be shredded or incinerated. Personal information in an electronic format shall be destroyed by deleting it permanently in ways that make it impossible to retrieve or reproduce such information or records.

The Bank takes technical and administrative measures as well as physical measures necessary to ensure security, as follows, pursuant to Article 29 of the Personal Information Protection Act:

Encryption of personal information

Your password is accessible only by you because it is stored and managed through encryption. Files and transmission data containing important data are protected via separate security measures including encryption or file locking.

Technical measures against hacking

To prevent any leakage of personal information or damage thereto triggered by hacking or computer viruses, the Bank has security programs installed, updated and monitored on a regular basis while placing its systems in an access-restricted area and conducting technical and physical monitoring.

Restricted access to systems processing personal information

The Bank takes measures necessary to restrict access to personal information by assigning, modifying or deleting access authorizations to database systems that process personal information. The Bank also blocks unauthorized access from outside by using firewall systems.

Minimization of personal information handlers and their training

The Bank takes measures to limit access to personal information by designating handlers of personal information and assigning them with minimum personal information required.

In the event that the Bank should make any changes to its Privacy Policy, the timing of such changes and their enforcement as well as details thereof shall be continuously disclosed. To make it easier for customers to recognize the changes, comparison of the provisions before and after the changes shall be disclosed.

If you want a consultation on the infringement of your privacy or report such an incident, please contact the following agencies: