Privacy Policy

This Privacy Policy (the “Privacy Policy”) describes how and why KOR Financial Inc. , KOR Reporting Inc. and KOR Holdings US Inc. (together, “KOR”), along with any of their respective affiliates (the “KOR Affiliates”), which provide services through: www.korfinancial.com; any other websites where this Privacy Policy is posted; or any software application made available by KOR or any of its affiliates for use on a computer, tablet, mobile phone or other mobile device (together the "Services") collect and process personal information about you, how this information is protected, and your rights in relation to it.

The Services are owned and operated by KOR. Unless this Privacy Policy states otherwise, in this Privacy Policy, the terms "us", "we" or "our" refer collectively to KOR and the KOR Affiliates. This Privacy Policy applies only to the information collected on the Services. Your use of the Services is subject to KOR’s policies, which have been made available pursuant to separate agreements you have entered into with KOR.

Changes to Privacy Policy

This Privacy Policy is current as of the effective date set forth above. We reserve the right to change this Privacy Policy from time to time. Changes and modifications to this Privacy Policy will be effective immediately upon posting of the changes and modifications on the Services, except where prohibited by law. If we change this Privacy Policy, we will notify you of the changes by updating the effective date at the top of this policy and, if required by applicable laws, by other means, such as email or notice within the Services. Where the changes will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will, as required by applicable laws, provide you with notice in advance. If at any time you choose not to accept the terms of this Privacy Policy, you should not use the Services.

Collection of Information

We collect information from you directly (such as your registration information), automatically (via technologies such as cookies), and from other sources, including commercially available sources, such as public databases (where permitted by law).

Personal information We Collect Directly from You

We collect personal information from you when you use the Services. The type of information that we collect from you depends on your particular interaction with the Services. We require you to register with the Services to access certain features. When we do, we may collect information from you during the registration process, including, but not necessarily limited to, the following:

  • Identifiers, such as your name, date of birth, age, address, country of residence, phone number, email address, account password, or other identification details;
  • Commercial information including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Professional information, such as your job title or company;
  • Audio, electronic, visual, or similar information, such as photographs or voice recordings; and
  • Your preferences, such as how often you wish to receive marketing or other communications.

Personal information We Collect Automatically

We and our third-party service providers use cookies, web beacons, and other tracking technologies to collect information about you automatically as you use our Services. Examples of this type of information include, but are not limited to,

  • Identifiers, such as your IP (Internet Protocol) address, your browser type, your operating system, or domain name; and
  • Internet or other electronic network activity information, such as the dates and times of your use of the Services, the route by which you choose to access them, and your use of any hyperlinks or downloadable content available on the Services.

We may combine this information with other information that we collect about you. For additional information about our use of these technologies, please see “Cookies and Other Tracking Technologies” below.

Personal Information We Collect From Third Parties

We also collect information about you from third party sources, including suppliers that help us prevent money laundering and fraud; marketing agencies; identity verification services; and analytics providers. The categories of personal information we collect from these sources are:

  • Identifiers, such as your name or date of birth;
  • Commercial information;
  • Audio, electronic, visual, or similar information, such as photographs or voice recordings;
  • Financial information;
  • Professional Information, such as your employer name;
  • Education information; and
  • Internet or other electronic network activity information.

Please note that we may be required by law to collect and use certain personal information about you. And we may need to collect and use personal information to enter into or fulfill a contract with you. Failure to provide this information may prevent or delay the fulfillment of our obligations in these circumstances.

Where you provide personal information to KOR for purposes of providing Services (“Client’s Personal Information”), KOR may be considered a “service provider or “processor” (as defined under applicable law) with respect to such Client’s Personal Information.

KOR will process Client’s Personal Information consistent with KOR’s Privacy Policy and, unless Client provides prior written approval, KOR will not collect, retain, use, disclose, or sell Client’s Personal Information for any purpose other than performing the Services, enabling KOR to meet its legal and regulatory requirements, marketing KOR’s products and services, or product improvement and development.

Use of Your Information

We primarily use your personal information to provide our services to you and to respond to your inquiries. We also may use your personal information as follows:

  • To communicate with you, including to respond to your comments or requests for information, to request feedback on our products and services, and to notify you about changes to the services and products you use.
  • To help us understand our clients, to tailor and enhance our product and service offerings, anticipate and resolve problems with any products or services supplied to you, create products or services that may meet your needs.
  • To provide access to restricted content (which is not publicly available) of the Services.
  • To comply with legal and/or regulatory requirements and cooperate with regulators and law enforcement bodies.
  • To facilitate your activity and to identify you when you log into your account on our Services.
  • To send you marketing communications and advertising in line with your communications preferences and where permitted by applicable law about products and services that we believe would be of interest to you, including products and services offered by third parties.
  • To evaluate the success of our advertising campaigns, to improve our products and services, to assess patterns of use, and to plan and evaluate our marketing and business development programs.
  • To protect our rights, your rights, and the rights of others, and to meet our own high standards of business practice.

Information For EU Users

Some of the processing we conduct will involve making decisions about you based on automated processing of your personal information. For example, we may conduct profiling activities to select personalized offers or recommendations for you based on your use of the Services, browsing history. If you are in the EU, where these decisions are based solely on our automated processing of your personal data (e.g., not subject to human review), these types of decisions will not have legal or similar effects on you, but you can still contact us for further information and to object to this use of your personal information.

Under EU privacy law, we must have a legal basis to process personal information. In most cases the legal bases for our processing, under EU law, will be one of the following:

  • to fulfill our contractual obligations to you, for example to provide the Services or to ensure that invoices are paid correctly;
  • to comply with our legal and/or regulatory obligations, for example obtaining proof of your identity to enable us to meet our anti-money laundering obligations; and/or
  • to meet our legitimate interests, for example to: understand how you use the Services and to enable us to use this knowledge to improve our products and services and to develop new ones; to communicate with you about the products and services that you use or we offer; maintain our accounts and records; to assess patterns of use; and to plan and evaluate our marketing and business development programs. When we process personal information to meet our legitimate interests, we put in place, when needed, safeguards designed to protect your privacy interests, freedoms, and rights under applicable laws.

We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to some direct marketing activities, our use of cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Policy.

We may anonymize your personal information and use it for other purposes. For example, we may prepare aggregated reports about how users interact with the Services for research.

Cookies and Other Tracking Technologies

We may use cookies and other technologies to automatically collect information when you access the Services.

Disclosures and Onward Transfers

We share your personal information for our business purposes with the following persons/entities and in the following circumstances:

Service Providers: To enable us to more efficiently provide the products and services you have requested from us, we may share your personal information with selected entities that act on our behalf as our agents, suppliers, or providers, or these entities may collect your personal information on our behalf. These service providers may provide services such as marketing support, technical assistance, data hosting, payment processing and client service support. We also engage third-party analytics providers to help us understand how users engage with the Services. These analytics providers may use cookies and similar technologies to collect information about your use of the Services as well as information about your use of other websites over time.

Subsidiaries and KOR Affiliates: We share personal information with subsidiaries and the KOR Affiliates for the purposes of providing the services you have requested and to fulfill our contractual obligations to you, and to fulfill legal and regulatory obligations. We may also share personal information with subsidiaries and affiliates for their marketing use and so that they may develop and improve products and services, and subject to applicable law send you promotional and informational communications. California residents should consult our California Privacy Rights section below for additional information about the sharing of information with subsidiaries and affiliates.

Legal Compliance and the Protection of Our Rights: We will share information with regulators, government authorities, and third parties where we believe it is necessary to comply with a court order, subpoena, or regulatory request. We may disclose information when we believe in good faith that such disclosures will: help protect our rights or enforce our use policies, as applicable; support our detection of, prevention of, or response to fraud or intellectual property infringement; help protect your safety or security; or protect the safety and security of the Services, our services, or any individual.

Transfer of Business Assets: We may, in the future, sell or transfer any information we have about you as an asset to third parties in connection with the consideration, negotiation, or completion of a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of KOR and/or the KOR Affiliates, or as part of a corporate reorganization or stock sale or other change in corporate control.

Additional Sharing: From time to time we share your information with our attorneys, banks, auditors, securities brokers and other professional service providers and advisors in connection with the purposes described above. The following categories of your personal information may be shared with these parties:

  1. Identifiers;
  2. Commercial information;
  3. Internet or other electronic network activity information;
  4. Financial information;
  5. Professional information; and
  6. Inferences drawn from any of the above information categories

Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the Services). See the section on "International Transfers of Personal Information" below for more information.

Your Choices

If you wish to stop receiving marketing information concerning our services or products, or if you wish to withdraw any consent that you have provided, please contact us by email at privacy@korfinancial.com to notify us of your wishes.

International Transfers of Personal Information

We may transfer, process, and store your personal information outside of your home country, including in the United States and Canada. For the avoidance of doubt, if you are resident in the European Economic Area ("EEA") or the United Kingdom (UK), this may include the transfer of your personal information from within the EEA or UK (as applicable) to a country outside of the EEA or UK, which may have different data protection rules than in your country, and personal information may become accessible as permitted by law in such other third country, including to law enforcement and/or national security authorities.

Security and Data Integrity

We have put in place reasonable and appropriate safeguards physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the pseudonymization and encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards. Despite these protections, however, we cannot guarantee that your data will be 100% secure. You should take measures to protect your personal information.

Retention of Personal Information

We retain your personal information for as long as we have a relationship with you and for a period after the relationship has ended. When determining how long to keep your personal information after our relationship with you has ended, we take into account how long we need to retain the information to fulfill the purposes described above and to comply with our legal obligations, including regulatory obligations. We may also retain personal information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

Other Sites

Our Services may contain links to other sites or products that we do not own or operate. Also, links to the Services may be featured on third party websites on which we advertise. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. We recommend you read carefully the privacy statements, notices and terms of use of any linked websites. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat your personal information. This Privacy Policy does not apply to any third-party services; please refer to the privacy notices or policies for such third-party services for information about how they collect, use, and process personal information.

Complaints/Comments

We take your privacy concerns seriously. If you have any questions about this Policy, you may write to privacy@korfinancial.com.

Your California Privacy Rights

California law requires that we describe certain disclosures of personal information that involve monetary or other consideration. California law treats such disclosures as “sales” even if no money is exchanged. As disclosed elsewhere herein, we may disclose personal information with subsidiaries, affiliates, and business partners for their marketing use and so that they may develop and improve products and services, and subject to applicable law send you promotional and informational communications. Some such disclosures may constitute “sales” under California law and involve the disclosure of personal information to: Subsidiaries, KOR Affiliates, and business partners.

The following categories of your personal information may be disclosed in association with such sales:

  • Identifiers;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Financial information;
  • Audio, electronic, visual, or similar information, such as photographs or voice recordings;
  • Professional information; and
  • Inferences drawn from any of the above information categories.

You have the right to opt-out of the sale (as described above) of your personal information. You may exercise that right by sending a request to privacy@korfinancial.com with “Do Not Sell My Personal Information” on the subject line and in the body of your message.

Under California's "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the client information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of client information and the names and addresses of those businesses with which we shared client information for the immediately prior calendar year (e.g. requests made in 2021 will receive information regarding 2020 sharing activities).

To obtain this information, please send an email message to privacy@korfinancial.com with "Request for California Privacy Information" on the subject line and in the body of your message.

In order for us to authenticate your request, you must include the following information:

  • Your first name
  • Your last name
  • The full address of your primary residence, including country and state
  • The KOR product or service to which you are subscribed
  • The email address we have on file for you as well as the email address at which we should contact you about the request
  • Please also indicate what action you are requesting, i.e. return and/or deletion of your personal information, ‘do not sell’, etc.

The preceding information is necessary to authenticate your request and will be held by KOR for legal and regulatory purposes, including to comply with any rules or regulations promulgated to self regulatory bodies, for the length of time necessary to comply. If we are unable to authenticate your request we will reply as such to the email address from which your request originated. We will provide the requested information, along with any details of actions we’ve taken, to you at the email address you specify in your request.

Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.

Data Privacy Framework (DPF) Program

KOR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. KOR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EUU.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EUU.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

DPF: Complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, KOR commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EUU.S. DPF and the UK Extension to the EU-U.S. DPF.

DPF: Entity Adherence

KOR Financial Inc., KOR Reporting Inc., and KOR US Holdings Inc. (together, “KOR”) adhere to the EU-U.S. DPF Principles, including the UK Extension to the EU-U.S.

DPF: Contact

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, KOR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact KOR at: privacy@korfinancial.com

DPF: Informing Individuals of Rights

DPF: Informing Individuals of Rights - Third-Party Disclosures

KOR may share personal information with third-party service providers or partners for specific purposes, including but not limited to processing transactions, delivering products and services, managing communications, and improving our offerings. These third parties are only authorized to use the personal information for the purpose for which it was disclosed and are contractually bound to protect the confidentiality and security of your data. The types of third parties we may share your information with include:

Service Providers: Companies that provide operational support, such as payment processing, data hosting, marketing, and customer support. Business Partners: Organizations with which we collaborate to offer joint products or services.

Legal or Regulatory Authorities: When required by law or to comply with legal processes. We ensure that all third-party recipients of personal information adhere to appropriate privacy standards and safeguards in accordance with applicable privacy laws and regulations.

DPF: Informing Individuals of Rights - Personal Data

Under the U.S. Department of Commerce’s Data Privacy Framework (DPF), individuals have the right to access the personal data that KOR holds about them. You may request details about the personal information we collect, how it is used, and who it is shared with. Upon verification of your identity, we will provide access to this information and, where applicable, allow you to correct, amend, or delete any inaccurate or incomplete data. To exercise your right to access your personal data, you may contact us at privacy@korfinancial.com. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

DPF: Informing Individuals of Rights - Choices and Means

KOR provides individuals with choices regarding the use and disclosure of their personal data. You may choose to limit how we process or share your personal information with third parties for purposes other than those required for providing our services. To exercise these choices, you may: Opt-out of Marketing Communications: You can opt-out of receiving promotional communications from us by following the unsubscribe instructions included in those communications or by contacting us directly. Limit Data Sharing: You may request that we limit the sharing of your personal information with third parties not essential to providing our services, except when required by law. If you wish to limit the use or disclosure of your personal data, please contact us at privacy@korfinancial.com. We will respond to your requests in accordance with applicable laws and the U.S. Department of Commerce’s Data Privacy Framework.

DPF: Informing Individuals of Rights - Investigatory and Enforcement powers of the FTC

KOR complies with the U.S. Department of Commerce’s Data Privacy Framework (DPF) and is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). This means that the FTC has authority to ensure our compliance with privacy standards and investigate potential violations related to the handling of personal data.

DPF: Informing Individuals of Rights - Invoke binding arbitration

Under certain conditions, if a privacy-related dispute cannot be resolved through other means, individuals may invoke binding arbitration as a final recourse. KOR is committed to resolving any complaints related to personal data in compliance with the U.S. Department of Commerce’s Data Privacy Framework (DPF). If all other dispute resolution options have been exhausted, you may choose to initiate binding arbitration in accordance with the procedures outlined in Annex I of the DPF Principles. To invoke this right, individuals must notify KOR and follow the procedures and conditions set forth in Annex I of the Principles.

DPF: Informing Individuals of Rights - Lawful Requests

KOR may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We comply with such requests in accordance with applicable laws and regulations to ensure the safety, security, and compliance of our operations.

DPF: Informing Individuals of Rights - Onward transfers to third parties

KOR remains responsible and liable for the processing of personal data that we transfer to third party service providers or partners, in accordance with the U.S. Department of Commerce’s Data Privacy Framework (DPF). If third parties process your personal information in a manner inconsistent with the DPF Principles, we will ensure that they are held accountable, except where we can prove that we were not responsible for the event giving rise to the damage.