MTDI

Chapter Ⅰ. General Provisions

Article 1 (Purpose)

The purpose of these provisions is to prescribe the rights, obligations, and responsibilities of the Korea Materials Testing Development & Instruments (hereinafter referred to as "MTDI"), subscribers, and users regarding the use of the accredited certification service (hereinafter referred to as "MTDI service") provided by MTDI as the designated certification authority pursuant to the Digital Signature Act (hereinafter referred to as "Act").

Article 2 (Definitions of Terms)

(1) "Subscriber" refers to a person who has received a certificate issued by MTDI.

(2) "User" pertains to a person who verifies the validity of the subscriber certificate.

(3) "Registration Authority" refers to an institution which verifies the identity of a subscriber and receives and registers applications for certificate issuance, suspension, or revocation on behalf of MTDI.

(4) "MTDI Certification Practice Statement" pertains to the set of guidelines prescribed by MTDI pursuant to the Act and submitted to the Ministry of Public Administration and Security, covering overall matters related to the MTDI service such as types of accredited certification service, service methods and procedures, and service conditions and fees, etc.

(5) “Accident Information” pertains to the equipment information (IP and MAC addresses and the like) and personal information (name and resident registration number and the like) as to occurrence of digital financial accidents.

Article 3 (Effect and Amendment)

(1) These Provisions become effective as from the date of the notification on the MTDI homepage on the web.

(2) MTDI may amend these provisions as necessary in case important matters or events for the amendment arise such as the application of new service, improvement of a security system related to certificate issuance, and corrective order from government, etc. The amended provisions shall become effective as stipulated in Clause (1), Article 3 herein.

(3) A Subscriber is deemed to approve the amended Provisions, unless a Subscriber raises a written objection against MTDI within thirty (30) days from the date of the notification of the amended Provisions or the reception of the notice thereof.

Article 4 (Other Applicable Provisions)

(1) Other matters that are not stipulated in these provisions shall be governed by laws related to digital signature and MTDI Certification Practice Statement (hereinafter referred to as "CPS").

(2) MTDI shall disclose the CPS to Subscriber and User for reference.

Chapter Ⅱ. Use of the MTDI Service

Article 5 (Service Types)

The following are the types of MTDI service:
1. certificate issuance
2. certificate reissuance
3. certificate renewal
4. Updating subscriber information
5. certificate revocation
6. certificate suspension
7. certificate reinstatement
8. Providing access to certificate Suspension/Revocation Lists as well as the entire certificate lists
9. Real-time Validation of certificates
10. Time-stamping electronic documents
11. Other services provided by MTDI in relation to the accredited certification practice

Article 6 (certificate Issuance)

(1) Person wishing to obtain certificates shall visit a Registration Authority and fill out an application to subscribe for accredited certificate (the application for electronic financial service provided by the Registration Authority may be used for the same purpose; hereinafter referred to as "Application"). In the case of the electronic financial service user who has undergone personal identification verification pursuant to Clause (2), Article 6 herein, however, the provisions of Clause (3), Article 6 shall apply.

(2) The Registration Authority shall confirm the identity of an applicant in accordance with the Act.

(3) An applicant for subscription shall apply for certificate issuance through the electronic financial service media operated by the Registration Authority or the MTDI homepage. MTDI shall then issue certificates after verifying his/her identities. If the applicant for subscription fails to submit an application for certificate issuance within 7 days of the date of application, however, the application for subscription shall be canceled.

(4) certificate issuance may be restricted or the issued certificate may be compulsorily cancelled without the Subscriber’s consent under any of the following cases:
1. The application is submitted under the name of another person.
2. False information is entered in the application, or false documents are attached.
3. The Registration Authority believes that the issuance of a certificate may cause business or technical problems.
4. The application or issuance is made from usage of Accident Information.

Article 7 (Obligations of MTDI and Registration Authority)

(1) MTDI shall periodically announce in accordance with CPS that anyone can refer to subscriber's certificates based on Public Key Infrastructure. Note, however, that MTDI shall not be held liable for any and all problems arising from the use of a certificate during the period beginning from the moment when MTDI has received an application for revocation, suspension, or reinstatement of the same certificate up to the moment when it includes the certificate in question in certificate Suspension/Revocation Lists.

(2) MTDI and the Registration Authority shall observe CPS and these provisions.

Article 8 (Obligations of Subscriber and User)

(1) Subscriber shall provide accurate information and facts to the Registration Authority and MTDI.

(2) Subscriber shall check the details of the certificate issued by MTDI on the MTDI homepage and immediately notify MTDI of any discrepancy noted through wired telephone.

(3) Subscriber shall manage his/her own digital signature creation data and certificate passwords safely.

(4) User shall check and confirm the term of validity, scope of use, and purpose of the certificates submitted by the subscriber.

(5) User shall check the effectiveness of the subscriber's certificates before using them.

(6) Subscriber and user shall comply with CPS and these provisions.

Article 9 (Limitation on Using the certificates)

MTDI may restrict the subscriber's use of certificates under any of the following cases:
1. It is impossible to check the identity of a subscriber or to engage in legal activities due to subscriber's death or arrest, etc.
2. An incompetent or quasi-incompetent person has subscribed to the service without the consent of a legal representative.
3. A corporate subscriber has lost its legal entity due to the dissolution of the corporation or other equivalent reasons.
4. The term of validity of the certificate has expired.
5. The subscriber has received the certificate through unlawful means.
6. MTDI limits the use of the issued certificates to maintain and improve the security of the MTDI service or for security reasons such as leakage of the digital signature creation data of MTDI.

Article 10 (Service Hours)

(1) In principle, MTDI shall provide the MTDI service 24 hours a day, 7 days a week except in cases wherein it separately prescribes the service hours to maintain and improve security or to inspect servers, etc.
(2) In case it wishes to limit the service hours for reasons specified in Clause (1), Article 10 herein, MTDI shall post the corresponding details on the MTDI homepage.

Chapter Ⅲ. Fees

Article 11 (Fees)

(1) The types, term of validity, and fees of certificates shall be posted on the MTDI homepage.
(2) Registration Authorities shall post the fees for certificate issuance and payment method at the counters of branches or through service media.
(3) Any change in fees and the payment method shall also be posted on the MTDI homepage.

Article 12 (Refund of Fees)

Subscriber may get a refund of fees under any of the following cases, and the relevant certificates shall be revoked (MTDI and the Registration Authorities may deduct the required expenses before returning the fees):
1. The subscriber requests for a refund within 7 days after submitting an application for subscription and having not received a certificate, or within 7 days after having received a certificate.
2. The subscriber requests for a refund due to faults attributable to MTDI or the Registration Authority concerned.

Chapter Ⅳ. Compensation for Damage, etc.

Article 13 (Compensation for Damage)

MTDI and the Registration Authorities shall compensate the subscriber and/or user for damage due to faults attributable to MTDI and/or the Registration Authorities in accordance with CPS.

Article 14 (Collection of Information and Use thereof)

(1) For MTDI service, following information is to be collected to a minimum extent:
1. Individual: Name, Resident Registration Number
2. Legal Entity: Trade Name; Business License Registration No.
3. Common: e-mail, Telephone Number, Address
(2) Pursuant to Article 15 (Issuance of Accredited certificate), Article 18.3 (Securing Safety of Licensed Certification Authority) and Article 22 (Keeping Records of Certification Work) of Digital Signature Act, the equipment information (IP and MAC addresses and HDD Serial and the like) is to be collected for verification of unjustifiable issuance of purchase.
(3) MTDI and Registration Authority may share the collected information with other accredited certification institutions and registration authorities, financial ISAC and supervisory authority and the like for prevention of unjustifiable issuance of purchase and use thereof.

Article 15 (Protection of Personal Information)

MTDI and/or the Registration Authorities shall not use the materials acquired after receiving applications for subscription for purposes other than to provide applicants with MTDI service and to prevent the unjustifiable issuance of purchase and financial accidents and shall compensate for any damage resulting from the disclosure of personal information or said materials.

Article 16 (Notice of Information)

(1) MTDI and the Registration Authorities notice the following items to subscribers through the MTDI homepage, email, or subscribers' cellular phones:
1. Pause, suspension or abolition of the certification service or changes in the status of the accredited certification authority and/or Registration Authorities including the cancellation of the license of the accredited certification authority, etc.
2. Revocation of certificates without the consent of subscribers due to the loss or theft of MTDI's digital signature creation data or for other reasons that may affect the reliability or effectiveness of certificates
3. Information on the status of certificates such as certificate Suspension/Revocation Lists, etc.
4. Guidance on certificate renewal vis-a-vis the expiration of the certificates
5. Information deemed necessary by MTDI to promote the utilization of certificates and subscriber's use of the MTDI service including information on applicable use of certificate
(2) MTDI and/or the Registration Authorities shall not be held liable for any damage sustained by subscriber in case they have not been notified of the details described in Clause (1), Article 15 herein due to the incorrect input or failure to enter the email address.

Article 17 (Exemption)

MTDI and the Registration Authorities shall not be held liable under any of the following cases:
1. Subscriber or user sustains damage owing to the delay or inability of certification services in the event of force majeure, such as natural disasters, and MTDI and/or the Registration Authorities prove that such damage occurred through no fault of their own.
2. Services are delayed or stopped due to errors in communications equipment or lines, or computer systems operated by MTDI and the Registration Authorities, provided that MTDI and/or the Registration Authorities shall be held liable in case the reasons for such errors are attributable to them.
3. Damages resulting from the exposure of the digital signature creation data or certificate passwords due to Subscriber's negligence or inadequate management of the electronic financial service media, such as infiltration of computer virus or installation of illegal software, etc.
4. Damages resulting from User's noncompliance with the provisions of Clauses (4) and (5) of Article 8 herein.
5. Damages resulting from the use of inappropriate certificates for purposes other than the intended use.
6. Damages resulting from an accident that is not the fault of MTDI and/or the Registration Authority concerned.
7. certificate issuance is restricted or the issued certificate is compulsorily cancelled pursuant to Clause (4), Article 6 herein.

Article 18 (Legal Jurisdiction)

Any and all disputes arising from the use of the MTDI service shall be settled by the court having jurisdiction over the area where the main office of MTDI or the Registration Authority concerned is located.

Thank you very much for visiting the MTDI homepage. Believing that personal information of users counts first of all, MTDI makes best efforts to protect personal information for safe uses. Further as required under the Act on Information Communication Network Use Promotion and Information Protection, MTDI establishes and implements personal information protection policy as follows:

Consent to Collection of Personal Information

The MTDI accredited certification services provide procedures of consent to the personal information protection policy or a Use Agreement in order for users to consent to collection of personal information, and consider the act of clicking on the 「Consent」button the consent to collection of personal information.

Collection and Purpose of Personal Information

The MTDI accredited certification services collect personal information to a minimum extent for the following purposes:
- Certificate issuance: name, resident registration number
- Various notices related to certification services: e-mail address, address, telephone number
- Equipment information for verification of unjustifiable issuance and prevention of use: IP and MAC addresses, HDD serial and the like The MTDI accredited certification services do not collect sensitive personal information that may infringe upon fundamental human rights.

Reading, Correction, Consent, Withdrawal and Deletion of Personal Information

The MTDI accredited certification services collect personal information through the registration authority and the like in applying for services, and users may read and correct their own personal information in the column of subscriber information change on the certificate management menu of the MTDI homepage.

Period of Maintaining and Using Personal Information

The MTDI accredited certification services safely preserve subscriber’s personal information to provide accredited certification services for ten (10) years from the date when a certificate ceases being in force pursuant to Article 22 (Management of Records on Certification Services) of the Digital Signature Act.

Where Personal Information Is Provided to a Third Party

Personal information of a user will be provided to a third party only when the user consents to such provision or such provision does not violate the relevant laws.

Protective Measures for Personal Information

Personal information of users is thoroughly controlled through passwords after users being designated with the minimum personnel as necessary for access and control. The MTDI homepage operates the following security programs with respect to provisions of services in order to prevent loss, steal, leakage, alteration, or damages.
- Preserving customer information and establishing security of transmitting networks by applying cryptographic algorithms
- Connecting with vaccine programs to prevent damages of computer viruses
- Installing and operating keyboard security devices to prevent hacking of keyboard inputs

Use of Cookies

The homepage of the MTDI accredited certification services does not use cookies.

Personal Information Protection for Children

Where a child of less than fourteen (14) years old applies for services, the MTDI accredited certification services require the consent of a legal representative. A legal representative may request for reading, correcting a child’s personal information or withdrawing services (revoking certificates).

Amendment of Personal Information Protection Policy

In case of amendment (addition, deletion, change) of personal information protection policy according to changes in laws, governmental policies, or security technologies, the MTDI accredited certification services notify users of the changes and the date of application through its bulletin board at least seven (7) days before the date of amendment.

Handling Complaints Related to Personal Information

The MTDI accredited certification services designate and employ a person in charge of managing personal information. Where personal information has been infringed upon or there is a complaint with respect to the use of services, please send an opinion to the below relevant department, and the MTDI accredited certification services will take immediate measures and notify the results.