Korea Association of Machinery Industry Messe Co., Ltd. (hereinafter referred to as KOAMI MESSE) is the organizer of the Korea International Machinery Expo (hereinafter referred to as “KIMEX”; www.kimex.com). In accordance with Article 30 of the Personal Information Protection Act, Informa Markets KOAMI Co., Ltd. has established and published this privacy statement in order to protect personal data and to handle related issues effectively. Informa Markets shall be hereinafter referred to as “KIMEX”.
We take the privacy and protection of data and information seriously and are committed to handling the personal information of all those we engage with, whether customers, suppliers, colleagues or any other community, responsibly and in a way that meets the legal requirements of the countries in which we operate.
As part of using KIMEX’s products and services, browsing our websites and contacting the business, data and information is collected. This Privacy Policy sets out KIMEX’s approach to safeguarding and maintaining the privacy of that personal information, and explains what data is collected, how it is used, the legal basis for its use, and the rights individuals have over that data.
1. Purpose of processing personal information
“KIMEX” shall process the personal data for the following purposes. The processed personal data shall not be used for purposes other than the following. If there is a change to any of the following purposes, “KIMEX” shall take necessary measures, such as obtaining additional consent from the data subject in accordance with Article 18 of the Personal Information Protection Act.
1. Homepage membership and management
Personal information is processed for the purpose of confirming membership intention, identification and certification according to the provision of membership services, maintenance and management of membership status, identification due to the implementation of a limited identification system, prevention of illegal use of services, confirmation of consent from legal representatives when collecting personal information for children under the age of 14, various notices and notices, grievance handling, and preserving records for dispute mediation.
2. Processing of public complaints
Personal information is processed for the purpose of identifying the complainant's identity, checking public complaints, contacting and notifying the facts, and notifying the results of the processing.
3. Product (Service) Inquiry, Sales, and Management
We collect detailed information including the data subject's name, country, job title, company information, mailing address, email address, phone number, affiliated company, and job description as part of product and service purchases, product inquiries, information requests, and account management.
In the event of inquiries regarding our company, products, or services made via online/non-face-to-face channels, in-person meetings, or telephone, we use the inquirer's email address and contact information to respond to inquiries or take actions based on specific requests before entering into a contract. When speaking with a sales representative over the phone, the call may be recorded for training and monitoring purposes. In the latter case, specific technical measures are applied to minimize the processing of the data subject's personal information after prior notice. (e.g., identifying information is deleted to the extent possible.)
4. Utilization for marketing and advertisement
Personal information is processed for the purpose of developing new services (products) and providing customized services, event and advertising information as well as opportunities to participate, services and advertising based on demographic features, verifying the validity of services, identifying access frequencies, or statistics on members' service use. Data subjects have the right to opt out of all future marketing emails, and information on how to refuse the collection of personal information is provided. Data subjects also reserve the right to modify their marketing preferences at any time.
5. Use of Public Sources for Promotion
If your personal information is relevant to certain products and is freely available through public sources, such as on a website related to your work or profession, we may use this personal information to promote our products, as part of our legitimate interests as a commercial organisation and to the extent allowed by law.
6. Matchmaking and Media Recording
In order to access the event’s matchmaking platform, a personal picture is required to complete the exhibitor/buyer profile. In addition, we sometimes take photos and videos at our events, which may feature visitors, speakers, sponsors or exhibitors. Where photos and videos are taken that feature you, we may use those photos and videos for promotional purposes on our channels, such as our website or social accounts (legal bases: consent or controller’s legitimate interest, according to applicable laws).
7. Analytics and Tracking Technologies
We may combine visitor session information, or other information collected through tracking technologies with personally identifiable information, to understand and measure your online experiences and determine what products, promotions and services are likely to be of interest. Technical methods are also used in HTML e-mails, for purposes including: (i) to determine whether recipients have opened or forwarded e-mails and/or clicked on links in those e-mails, (ii) to customise the display of banner advertisements and other messages after closing an e-mail, and (iii) to determine whether a visitor has made an enquiry or a purchase in response to a particular e-mail.
8. Bulletin Boards, Chat Areas, and Inquiries
When you disclose personal information on any public bulletin board or chat areas of this website, or any other website used as a result of use of this website, such personal information can be collected and used by anyone who views that board or area. This may result in unsolicited messages from other participants or other parties, which we are not responsible for. Where you engage on our customer enquiry chat areas, we will use any information provided to help recommend our products and services and/or assist with confirming any order you wish to place.
2. Personal Data Items to be Processed
“KIMEX” processes the following personal data items.
1. Application for pre-registration
Of the items to be collected, industry, business nature, fields of interests, and purpose of visit shall only be used for visitor statistics and providing match-making services for participating companies and buyers in accordance with Article 18 of the Personal Information Protection Act.
- Required items: Gender, name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interests, and purpose of visit, job function, annual purchasing budget, purchasing responsibility, annual turnover, and number of employees, interest of hosted buyer programme
- Optional items: English name and company name in English
- Methods for collection: Online and onsite registration
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
2. Application for participation
- Required items: Company name, company website, company address, name of the person in charge, department in charge, position, phone number, fax number, mobile phone number, and e-mail
- Optional items: Name of the person in charge of tax invoice, department in charge, position, phone number, fax number, business nature, purpose of visit, key exhibits, exhibit details, booth application, and participation fee
- Methods for collection: Online, e-mail, and fax
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
3. Exhibition and participation inquiries
- Required items: Inquiry category, title, name, position, company name, e-mail, mobile phone, and details of inquiry
- Methods for collection: Online
- Grounds for retaining personal data: Consent from data subjects
- Retention period: One (1) year
3. Retention and Usage Period of Personal Data
1. “KIMEX” shall process and retain personal data within the retention and usage period in accordance with the relevant statutes or within the retention and usage period of personal data agreed upon collecting personal data from data subjects.
2. The retention and usage period of personal data shall be as follows:
1) Personal data related to the provision of services shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
2) Personal data related to marketing and advertisement shall be retained and used for one (1) year from the date consent is given to collection and use of personal data.
- Grounds for retaining personal data: Consent from data subjects
3) Personal data collected via on-site registration shall be retained and used in the same way as the personal data processed for visitor application.
- Grounds for retaining personal data: Consent from data subjects
4. Provision of Personal Data to a Third Party
1. “KIMEX” shall process personal data of data subjects within the scope specified in Article 1 (Purpose of Personal Data Processing), providing personal data to the third party only when it meets the provisions of Articles 17 and 18 of the Personal Information Protection Act; the provisions include consent from the data subjects and existence of special provisions in other laws.
2. “KIMEX” shall provide personal data to the third party as follows:
Checking the appropriate checkbox on the provision of personal data to a third party, applicable to both online pre-registration and onsite registration, acts as a statement of consent to the provision of personal data by a data subject.
Scanning the visitor’s personal barcode on the exhibitors’ barcode reader (for product consultations and event participation), is an implied consent which provides authority to handle and transfer the visitor’s personal data to the third party.
- The recipient of personal data: Exhibitors (KIMEX 2026), Association of Korean Exhibition Industry, KOAMI MESSE, SEOJIN INFOTECH
- Purpose for which the recipient collects and uses personal data: Development of new services (products), provision of customized services, provision of information on events and advertisement, and of opportunity for participation
- Items to be provided: Gender, full name, e-mail, company name, zip code, company address, department, job position, company phone number, mobile phone number, industry, business nature, fields of interest, purpose of visit, purchasing responsibility, job function, annual purchasing budget, annual turnover, and number of employees
- The period during which the recipient retains and uses personal data: One (1) year from the date personal data is provided
5. Outsourcing of Personal Data
1. For a seamless processing of personal data, it shall be outsourced as follows.
Outsourcee Tasks to be outsourced Personal data retention & usage period
SEOJIN INFOTECH Exhibitors and Visitors’ identification and issuance of badges Until the end of the exhibition or termination of outsourcing contract
FAMPPY Inc. Exhibitors’ identification, Application for participation in the exhibition Until the end of the exhibition or termination of outsourcing contract
TBC Exhibitors’ identification Until the end of the exhibition or termination of outsourcing contract
CECO Exhibitors’ identification Until the end of the exhibition or termination of outsourcing contract
Association of Korean Exhibition Industry Exhibitors and Visitors’ identification One (1) year from the date personal data is provided
KOAMI MESSEE Visitor pre-registration, application for participation in the exhibition and various services, data storage, and service operation One (1) year from the date personal data is provided
2. When signing an outsourcing contract, “KIMEX” shall specify the followings in the contract and other relevant documents: Prevention of personal data processing for the purposes other than the outsourced purpose, technical and managerial safeguards of personal data, limitation on re-outsourcing, control and supervision over outsources, and compensation and responsibilities. And “KIMEX” shall supervise whether outsources process personal data safely.
3. If there is any change in the tasks to be outsourced, “KIMEX” will notify the change via this Privacy Statement without delay.
6. The rights and obligations of the information subject and the legal representative and the users of how to exercise them may exercise the following rights as personal information subjects.
1. The information subject can exercise the rights to view, modify, delete, cease processing and etc. of personal information at any time to the Association.
2. The exercise of the rights pursuant to Paragraph 1 can be done in writing, telephone, e-mail, fax, etc. to the Association in accordance to Article 41 (1) of Personal Information Protection, and the Association will take action without delay.
3. The exercise of rights pursuant to Paragraph 1 can be done through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
4. Requests for viewing ceasing of personal information processing may restrict the rights of the data subject under Articles 35 (5) and 37 (2) of the Personal Information Protection Act.
5. Requests for modification and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
6. The Association checks whether it is the person who made the request for viewing, modification or deletion, or suspension of processing in accordance with the data information's rights, or whether it is the person who made the request.
7. Destruction of personal information
When the purpose of personal information processing has been achieved, the Association will destroy the personal information in accordance to the following procedures, period, and methods.
1. Destruction procedure
The information entered by the user is transferred to a separate DB after achieving the purpose (separate documents in the case of paper) and stored for a certain period of time in accordance with internal policies and other relevant laws and regulations, and then destroyed immediately. In this case, personal information transferred to the DB will not be used for any other purpose except for what is in accordance with the law.
2. Destruction period
The user's personal information shall be destroyed within 5 days from the end of the retention period, and within five days from the date when the personal information becomes unnecessary, such as achieving the purpose of processing the personal information, abolishing the service, or terminating the project.
3. Destruction method
Personal information in the form of electronic files is destroyed using method where the records cannot be reproduced.
8. Installation and operation and objection of automatic personal information collection device
1. The Association uses ‘cookie’ that frequently store and find information about the information subject.
2. Cookies are very small text files that the server used to operate the company's website sends to the user's browser and are stored on the computer hard disk of the information subject. A. Purpose of using cookie: It is used to provide optimized services for the users by identifying visits, use type, popular search, security connection for services and websites the users have visited. B. How to reject cookie installation and operation: You can reject saving cookies through the tools at the top of the web browser> Internet Options> Personal Information> Advanced> Select Setting Method. C. However, if you refuse to save cookies, some services that are tailored may be difficult to use.
9. Person in charge of personal information protection
The Association has designated the person in charge of personal information protection as follows to take full responsibility for the handling of personal information and to handle complaints and relief from damages of the information subject related to personal information processing.
▶ Personal information protection officer
Department : KOAMI MESSE Exhibition Team
Officer : Chief of Exhibition
Contact : [tel : 02-369-7800], [info@kimex.org], [fax : 02-369-7899]
The information subject can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the Association’s service. The Association will respond and handle inquiries from the information subject without delay.
10. Change of personal information processing policy
This privacy policy is applied from the date of implementation, and in case of addition, deletion and modification of the policy in accordance to Decree and Regulations, this will be notified through a notice 7 days prior to the implementation date of such changes.
11. Measures to secure safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the Association takes the following technical, administrative, and physical measures necessary to ensure safety.
1. Carrying out regular self-audit
In order to secure stability related to handling personal information, the Association conduct self-audit regularly (once every quarter).
2. Minimization and education of officer handling personal information
The Association are implementing measures to manage personal information by designating officers who handle personal information and minimizing it by limiting it to the person in charge.
3. Designing and implementing plans for internal management
The Association design and implement plans for internal management for the safe processing of personal information.
4. Technical countermeasures against hacking, and etc.
In order to prevent leakage and damage of personal information by hacking or computer viruses, the Association installs security programs, periodically updates and inspects them, and installs systems in areas with controlled access from outside, and monitors and blocks them technically and physically.
5. Encryption of personal information
As for the user's personal information, the password is encrypted, stored and managed, so that this can be known only to that specific individual, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
6. Prevention of storage and forgery of access history
History of access to the personal information processing system are stored and managed for at least 6 months, and security functions are used to prevent forgery, theft, and loss of access history.
7. Restriction access for personal information
We take necessary measures to control access to personal information through granting, changing, and cancelling access to the database system that processes personal information, and use an intrusion prevention system to control unauthorized access from outside.
8. Use of lock device for document safety
Documents containing personal information and auxiliary storage media are stored in a safe place with locks.
9. Control of access for unauthorized persons
We have a separate physical storage place where personal information is stored, and access control procedures are established and operated.
12. Remedy for infringement of rights and interests
The information subject may contact the following organizations for damage relief, consultation, etc. for personal information infringement.
< The following institutions are separate from our company, and if you are not satisfied with how the Association handles the personal information complaint, damage relief, or in case when you need more detailed help, please contact the following institutions. >
▶ Personal Information Infringement Report Center (Run by Korea Internet & Security Agency)
- Responsible work : Reporting of infringement of personal information, request for consultation
- Webpage : privacy.kisa.or.kr
- Contact : (Without area code) 118
- Address : KISA, 9 Jinheung-gil, Naju, Jeollanam-do, Republic of Korea
▶ Personal Information Dispute Mediation Committee
- Responsible work : Request of conflict mediation on personal information, group conflict mediation (resolving in civil terms)
- Webpage : www.kopico.go.kr
- Contact : 1833-6972
- Address : 4th floor of Seoul Government Complex 209, Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors' Office Cyber Crime Investigation Division:
- (Without area code) 1301, cid@spo.go.kr (www.spo.go.kr)
▶ National Police Agency Cyber Safety Guardian
- (Without area code) 182 (cyberbureau.police.go.kr)
In addition, a person whose rights or interests have been violated due to dispositions or omissions made by the head of a public institution regarding the request of the data subject to access, modification, deletion, and ceasing of processing of personal information may request an administrative trial as prescribed by the Administrative Trial Act.
☞ Please refer to the contact number of Online Administrative Appeals (www.simpan.go.kr)
