개인정보 처리방침_영어
Contents
1. Method and Scope of Collection of Personal Information
2. Processing Purpose, Items, and Retention Period of Personal Information
3. Provision of Personal Information to Third Parties
4. Source of Personal Information Collected from Persons other than Data Subject
5. Transfer of Personal Information Overseas
6. Destruction of Personal Information
7. Entrustment of Handling of Personal Information
8. Protection of Personal Information of Children under 14
9. Rights of Data Subjects and Legal Representatives and Methods of Exercising Rights
10. Installation/Operation and Rejection of Automatic Personal Information Collection Device
11. Measures for Securing the Safety of Personal Information
12. Link Sites
13. Transmission of Advertising Information
14. Remedy for Violation of Rights and Interests
15. Changes to Privacy Policy
HueminStay Co., Ltd. PATIO7 Hotel (hereinafter, the “Company”) considers the protection of personal information of the Data Subject (hereinafter, the “Customer” or “User”) as a top priority and makes best efforts for protecting the rights and interest of the User by establishing and adhering to the Privacy Policy according to relevant laws and regulations including the Act on Promotion of Information and Communication Network Utilization and Information Protection and Personal Information Protection Act in order to strictly protect all personal information.
The Privacy Policy of the Company specifies the following matters.
1. Method and Scope of Collection of Personal Information
- Collection Method of Personal Information
① The Company collects personal information by using methods as follows.
Website, written form, fax, telephone, customer inquiry bulletin board, email, event application, provision by partner companies or affiliates
② The Company allows Customers to personally decide whether to agree with each content of the Consent Form for Collection and Use of Personal Information by providing an item for selecting ‘Agree’ or ‘Do not agree’.
- Scope of Collection of Personal Information
③ The Company collects the minimum amount of personal information necessary for providing the services.
④ The Company does not collect sensitive personal information with a risk of basic human rights violations of the Customer (race, ethnic group, ideology, belief, birthplace, the legal domicile of origin, political inclination, criminal records, health status, and sex life, etc.).
2. Purpose of Use and Items of Collected Personal Information
A. The Company collects personal information as follows for the provision of the services.
Category | Required/ Optional | Collected items | Purpose of use | Note |
Room reservation | Required | Name, contact, email, credit card info | Guaranteeing room reservation (credit card info), securing the communication channel |
|
Optional | Address, nationality |
| ||
Guest registration | Required | Name, contact, nationality | Contact and guidance for the delivery of customer notices and lost items |
|
Optional | Gender, email, address, date of birth |
| ||
Restaurant reservation (Call) | Required | Name, contact | Reservation and securing the communication channel | Les Fins (Asian restaurant |
PATIO Membership Club subscription | Required | Name, gender, date of birth, contact, address | Delivery of announcements and personal identification procedure for membership-based service use, securing adequate communication channels for verifying personal intention and handling of complaints, guidance for the latest information regarding new services, benefits |
|
Optional | Email, marriage status, marriage anniversary, company name, department/position, subscription recommender |
| ||
Customer comment card | Optional | Name, room number, date of stay, contact | Handling consumer complaints |
|
Marketing | Optional | Contact, Email, Address | Communication channel for product/service info and sales, event info, and prize delivery |
|
Receiver | Items provided | Purpose of provision | Period of retention and use | Limitations upon disagreement |
Sanha Information Technology Co., Ltd. | Name (English), contact information, email, credit card information | Room reservation, channel manager operation (online room reservation site) | Reservations and all related procedures cannot be processed |
Trustee | Tasks entrusted |
Sanha Information Technology | System maintenance, channel manager operation, homepage room reservation system provision |
CCTV company | Security |
B. The Company manages to ensure the adherence to the rules that specify compliance with personal information protection laws and regulations, confidentiality duties, prohibition on a provision to third parties, responsibility and liability for accidents, a period of entrustment, and duties of return or destruction upon the termination of the period of entrustment via agreements on services.
C. When there is a change/addition of a trustee company or change/addition of contents of the tasks and services, such a matter will be notified to Customers by posting on the website or methods such as in writing, email, or SMS.
8. Protection of Personal Information of Children under 14
- The Company obtains consent from a legal representative of a child under 14 years old when the consent according to the Personal Information Protection Act is required to process personal information of a child under 14. In this case, the minimum amount of information necessary for obtaining the consent of the legal representative may be collected directly from the child without the consent of his or her legal representative.
9. Rights of Data Subjects and Legal Representatives and Methods of Exercising Rights
- The Customer or the legal representative thereof may request viewing, inquiry, modification, deletion, withdrawal of membership, and withdrawal of consent regarding registered personal information of the Customer oneself or of a child under 14 at any time.
- When the request is made by visiting the hotel of the Company or by a call, the processing will be completed promptly after verifying the personal identity of the requester.
- Name of the department in charge of inquiry request application and processing: Guest room team (02-517-8833)
- When the Customer requests the correction of an error in personal information, the personal information is prohibited from being used or provided until the correction is completed. In addition, when incorrect personal information is already provided to a third party, the results of the correction will be notified to the third party without delay to complete the correction.
- The Company processes the personal information deleted or terminated based on a request by the Customer or his or her legal representative as prescribed under ‘5. Destruction of Personal Information’ and processes to prohibit any inquiry or use of personal information in any other use or purpose.
10. Installation/Operation and Rejection of Automatic Personal Information Collection Device
- The Company uses ‘cookie’ that stores information of the User and retrieves it from time to time to provide individualized and tailored services. A cookie is a minute-sized text file that the server used for the operation of the website sends to the browser of the User and is stored in the hard disk of the computer of the User.
A) Purpose of using the cookie
1) Analysis of frequency or time of the visit of members and non-members, identification of interested fields and preference of Users, tracking, provision of individual-tailored services and targeted marketing via identification of the level of various event participation and number of visits
B) Installation/operation, and rejection of cookie
1) The User has the right to choose cookie installation. Thus, the User may allow all cookies, make verification to take place whenever cookie is stored, or reject the storage of all cookies by setting the options on the web browser.
2) How to set cookie installation authorization (for Internet Explorer)
- On the [Tools] menu, select [Internet Options].
- Click [Personal Information Tab].
- Set [Personal Information Process Level].
However, if you refuse to install cookies, there may be difficulties in service provision.
11. Measures for Securing the Safety of Personal Information
A. Technical measures
- The Company devises the following technical measures to secure safety and to prevent loss, theft, leakage, alteration, or damage to personal information in processing your personal information.
1) Your personal information is protected by passwords, files and transmission data are encrypted, and important data are protected via a separate security function.
2) The Company uses a vaccine program to take measures to prevent damages from a computer virus.
3) The Company utilizes password algorithms to select security devices for safe transmission of personal information on the network.
4) In preparation for hacking or other external intrusions, each server uses intrusion prevention systems and vulnerability analysis systems to ensure security.
B. Management measures
1) The Company limits the number of personnel to the minimum with the right to access your personal information.
- Persons such as personal information protection officers and managers who perform personal information management tasks
- Other persons who must inevitably handle personal information due to job responsibility
2) The Company regularly conducts education for employees handling personal information in relation to the duty to protect personal information and other related matters.
3) The Company prevents information leakage in advance via security commitment pledges from all employees and has internal procedures to audit the implementation of the Privacy Policy and adherence by employees.
4) The transition of work between persons in charge of personal information management is strictly conducted while security is maintained, and the responsibilities on personal information accidents upon starting or terminating the employment are clearly defined.
5) The data center is designated as a specially protected area to which access is controlled.
6) The Company shall not be responsible for occurrences caused by a personal mistake of the User or the basic risk of the Internet. Each member shall be responsible for managing his or her ID and passwords appropriately to protect personal information and shall have the responsibilities and liabilities thereof.
7) In the event that mistakes of an internal manager or technical management accidents cause loss, leakage, alteration, or damage to personal information, the Company will immediately notify you and take appropriate measures.
12. Link Sites
A. The Company may provide you with links to websites of other companies or materials. In this case, the Company can neither guarantee nor be held responsible for the usefulness of the services or materials provided therefrom because the Company has no control over the external sites and materials.
B. When you are transferred to a page of another site by clicking on the link included by the Company, the privacy policy of the site has no relevance to the Company, and therefore please review the policy of the newly visited site.
13. Transmission of Advertising Information
A. The Company does not transmit advertisement information for commercial purposes against your explicit refusal to receive such information.
B. When you have agreed to receive emails including newsletters, the Company will take measures in the title box or body text of the emails as follows to assist your recognition.
C. The subject line of the email: The text (newsletter) and the main contents of the body text field are displayed.
D. Body text of the email: The sender's name, email address, telephone number, and address where you can express your refusal are specified.
E. The method to easily opt-out, the date when you agreed, and the contents thereof are specified.
14. Remedy for Violation of Rights and Interests
You may report any complaints related to personal information protection arising from using the Company's services to the personal information protection manager or the department in charge. The Company will promptly and fully respond to the report by the Data Subject.
If you need to report or consult about other matters of personal information infringement, please contact the following organizations.
1) Personal Information Violation Report Center (http://privacy.kisa.or.kr / 118)
2) Supreme Prosecutors' Office Internet Crime Investigation Center (http://www.spo.go.kr / 1301)
3) Korea Police Agency Cyber Safety Department (http://cyberbureau.police.go.kr / 182)
15. Changes to Privacy Policy
This Privacy Policy was established on July 29, 2009, and when there are additions, deletions, or modifications of contents according to changes in laws, policies, or security technologies, the reason and contents of change will be announced at least 7 days before the implementation on the website of the Hotel.
Date of implementation of the Privacy Policy: April 1, 2020
Date of announcement: October 1, 2018
Date of implementation: April 1, 2020