The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:
The data protection officer of the controller is:
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.
The personal data of the data subject shall be deleted, blocked or made anonymous as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Deletion, blocking or anonymization of the data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
All data is currently processed at a data center in South Korea. Mandatory data from application forms is stored in encrypted form at that location. Data center operators do not have access to cardholders' personal data. Access is assigned to KISES, the ISIC Korea Service Office located in Seoul, South Korea. Data voluntarily provided to KISES is stored on servers in South Korea and can only be accessed by KISES.
To ensure the confidentiality of communication with you, we use TLS encryption for the transmission of our website. According to the current state of the art, the 128-bit encryption thus possible is to be regarded as secure. All browsers of the younger generation achieve this level of security. If necessary, you should update the browser on your PC.
Our employees are bound to data secrecy, which includes Art. 5 para. 1 lit. f and para. 2 GDPR as a confidentiality principle, compliance with which must be demonstrated. Data processing and our technical security precautions are continuously adapted to current circumstances and requirements.
Our website contains links to external websites. By clicking on such a link you will leave our website. As these other website providers may have different data protection practices and third countries may not have the same level of data protection as South Korea, we recommend that you read the relevant data protection policies of these other website providers.
Our website contains numerous links to the external website www.isic.org. It is global website of ISIC Association, of which we are a member. The ISIC Association website is operated from Denmark on servers in the EU. We recommend that you also read the privacy policy of this external website.
Whenever our website is accessed, we collect data on the basis of our legitimate interests about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
The data is also stored in the log files of our system. For security reasons (e.g. for the clarification of abuse or fraud), the data is stored for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
‘Cookies’ are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example the contents of a shopping cart in an online store or a login status are stored. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be saved when users visit the website after several days. Likewise, such a cookie may store the interests of users, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the responsible party that operates the website (otherwise, if they are only its cookies, they are referred to as “first-party cookies”). We use temporary and permanent cookies and explain this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by means of their deactivation in the browser settings. Please note that then not all functions of this online offer can be used.
On our website, we offer users the opportunity to register by providing personal data in order to verify ISIC card. The data is entered in an input mask and transmitted to us and stored. As part of the processing of the ISIC card application within the framework of the conclusion of the contract, the collected data first name, last name, date of birth (all mandatory) as well as photo will be transferred to the ISIC Korea in South Korea. The following data is collected as part of the registration process:
– as mandatory fields in each case: First name, last name, date of birth, photo
The processing of the mandatory fields is carried out on the legal basis of Art. 6 para. 1 S. 1 lit. b GDPR (contractual purpose). All data is required for issuing the requested card and the associated verification of the applicant’s identity as well as for the necessary communication with the applicant.
The data will be deleted, blocked or anonymized as soon as they are no longer required to achieve the purpose for which they were collected.
We initially process the aforementioned data categories for the duration of the contract. After termination of the contract, your data will be deleted if and insofar as it is not subject to statutory retention obligations.
As a user, you have the option to cancel the registration at any time in accordance with the card terms and conditions. You can have the data stored about you changed at any time.
If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion, blocking or anonymization of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
1. you have the right:
– to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, blocking or anonymization, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
– in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;
– pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
– to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
– pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
– according to Art. 7 par. 3 GDPR to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing that was based on this consent for the future, and
– complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The latter supervisory authority is:
If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to info@isic.co.kr.