개인정보 처리방침_영어



1. Method and Scope of Collection of Personal Information 

2. Processing Purpose, Items, and Retention Period of Personal Information

3. Provision of Personal Information to Third Parties

4. Source of Personal Information Collected from Persons other than Data Subject

5. Transfer of Personal Information Overseas

6. Destruction of Personal Information

7. Entrustment of Handling of Personal Information  

8. Protection of Personal Information of Children under 14 

9. Rights of Data Subjects and Legal Representatives and Methods of Exercising Rights 

10. Installation/Operation and Rejection of Automatic Personal Information Collection Device

11. Measures for Securing the Safety of Personal Information

12. Link Sites

13. Transmission of Advertising Information

14. Remedy for Violation of Rights and Interests

15. Changes to Privacy Policy

HueminStay Co., Ltd. PATIO7 Hotel (hereinafter, the “Company”) considers the protection of personal information of the Data Subject (hereinafter, the “Customer” or “User”) as a top priority and makes best efforts for protecting the rights and interest of the User by establishing and adhering to the Privacy Policy according to relevant laws and regulations including the Act on Promotion of Information and Communication Network Utilization and Information Protection and Personal Information Protection Act in order to strictly protect all personal information. 

The Privacy Policy of the Company specifies the following matters.

1. Method and Scope of Collection of Personal Information

- Collection Method of Personal Information

① The Company collects personal information by using methods as follows.  

Website, written form, fax, telephone, customer inquiry bulletin board, email, event application, provision by partner companies or affiliates

  The Company allows Customers to personally decide whether to agree with each content of the Consent Form for Collection and Use of Personal Information by providing an item for selecting ‘Agree’ or ‘Do not agree’.

- Scope of Collection of Personal Information

  The Company collects the minimum amount of personal information necessary for providing the services.

  The Company does not collect sensitive personal information with a risk of basic human rights violations of the Customer (race, ethnic group, ideology, belief, birthplace, the legal domicile of origin, political inclination, criminal records, health status, and sex life, etc.).

2. Purpose of Use and Items of Collected Personal Information

A. The Company collects personal information as follows for the provision of the services. 




Collected items 

Purpose of use 


 Room reservation


Name, contact, email, credit card info 

Guaranteeing room reservation (credit card info), securing the communication channel 



 Address, nationality


 Guest registration


 Name, contact, nationality

Contact and guidance for the delivery of customer notices and lost items 



 Gender, email, address, date of birth


Restaurant reservation (Call) 


Name, contact 

 Reservation and  securing the communication channel

Les Fins (Asian restaurant

 PATIO Membership Club subscription


 Name, gender, date of birth, contact, address

Delivery of announcements and personal identification procedure for membership-based service use, securing adequate communication channels for verifying personal intention and handling of complaints,  guidance for the latest information regarding new services, benefits 



 Email, marriage status, marriage anniversary, company name, department/position, subscription recommender


 Customer comment card


 Name, room number, date of stay, contact

 Handling consumer complaints




 Contact, Email, Address

 Communication channel for product/service info and sales, event info, and prize delivery


B. In the process of service use or business processing, the following information may automatically be created and collected. 
- Service usage record, access log, cookie, access IP information, payment record, usage record, etc.

3. Sharing and Provision of Personal Information
A. The Company processes the personal information of the Data Subject only within the specified scope under Article 2(Purpose of Use and Items of Collected Personal Information) and provides the personal information to a third party only when it falls under Article 17 of Personal Information Protection Act, a special rule under laws, or consent by the Data Subject.

4. Source of Personal Information Collected from Persons other than Data Subject
A. Sources of personal information collection (Provider): Online room reservation sites or offline travel agencies
B. Items of personal information provided: Name (English), contact, email, credit card information, address, nationality 
C.Purpose of personal information processing: Room reservation, amenities (Les Fins) reservation
D. Period of retention of personal information: 5 years
E. Rights of the Data Subject: The Data Subject has the right to request suspension of processing of personal information under Article 37 of the Personal Information Protection Act and the methods of exercise of the rights are the same as the following 『9. Rights of Data Subjects and Legal Representatives and Methods of Exercising Rights』

5. Transfer of Personal Information Overseas 


Items provided

Purpose of provision

Period of retention and use

Limitations upon disagreement

Sanha Information Technology Co., Ltd.

Name (English), contact information, email, credit card information

Room reservation, channel manager operation (online room reservation site)

Reservations and all related procedures cannot be processed


6. Destruction of Personal Information
A. The Company destroys personal information without delay when the collected personal information becomes no longer necessary after achieving the purpose of personal information processing or expiration of the period of retention of personal information.
1) Membership subscription information: Retained for 1 year after membership withdrawal
2) User registration information: Retained for 5 years to provide revisit service
3) Delivery information: When goods or services are delivered or provided
4) Customer inquiries: When the inquiry response is completed
5) Collection for the purpose of a survey, event, etc.: When the survey, event, etc. is finished
6) Identity verification information: When personal identity is verified 

B. The information entered by the User for the purpose of membership subscription, etc., the information will be transferred to a separate DB after achieving the purpose (in the case of papers, to a separate filing cabinet), stored for a certain period of time according to the internal rules or the reasons of information protected under other relevant laws, then destroyed. Provided, however, that when the information is required to be retained for a certain period of time due to reasons such as the verification of rights and duties relationship related to a transaction as follows due to the internal rules or provisions of related laws such as the Commercial Law, the information will be retained only for the pertinent period.
- Records of contract or withdrawal of offer: 5 years (Basis: Act on the Consumer Protection in Electronic Commerce, etc.)
- Records on payment and supply of goods: 5 years (Basis: Act on the Consumer Protection in Electronic Commerce, etc.)
- Records of processing of consumer complaints or disputes: 3 years (Basis: Act on the Consumer Protection in Electronic Commerce, etc.)

C. Method of destruction
- Personal information printed on paper will be destroyed by being shredded with a shredder or by incineration.
- Personal information stored as an electronic file will be deleted by using a technological method that prevents the restoration of the record. 

7. Entrustment of Handling of Personal Information 
A. The Company operates personal information processing tasks by entrusting an external specialized company as follows for the performance of the services. 


Tasks entrusted

Sanha Information Technology

System maintenance, channel manager operation, homepage room reservation system provision

CCTV company


B. The Company manages to ensure the adherence to the rules that specify compliance with personal information protection laws and regulations, confidentiality duties, prohibition on a provision to third parties, responsibility and liability for accidents, a period of entrustment, and duties of return or destruction upon the termination of the period of entrustment via agreements on services.

C. When there is a change/addition of a trustee company or change/addition of contents of the tasks and services, such a matter will be notified to Customers by posting on the website or methods such as in writing, email, or SMS. 

8. Protection of Personal Information of Children under 14

- The Company obtains consent from a legal representative of a child under 14 years old when the consent according to the Personal Information Protection Act is required to process personal information of a child under 14. In this case, the minimum amount of information necessary for obtaining the consent of the legal representative may be collected directly from the child without the consent of his or her legal representative.

9. Rights of Data Subjects and Legal Representatives and Methods of Exercising Rights

- The Customer or the legal representative thereof may request viewing, inquiry, modification, deletion, withdrawal of membership, and withdrawal of consent regarding registered personal information of the Customer oneself or of a child under 14 at any time.

- When the request is made by visiting the hotel of the Company or by a call, the processing will be completed promptly after verifying the personal identity of the requester. 

- Name of the department in charge of inquiry request application and processing: Guest room team (02-517-8833)

- When the Customer requests the correction of an error in personal information, the personal information is prohibited from being used or provided until the correction is completed. In addition, when incorrect personal information is already provided to a third party, the results of the correction will be notified to the third party without delay to complete the correction.

- The Company processes the personal information deleted or terminated based on a request by the Customer or his or her legal representative as prescribed under ‘5. Destruction of Personal Information’ and processes to prohibit any inquiry or use of personal information in any other use or purpose.  

10. Installation/Operation and Rejection of Automatic Personal Information Collection Device

- The Company uses ‘cookie’ that stores information of the User and retrieves it from time to time to provide individualized and tailored services. A cookie is a minute-sized text file that the server used for the operation of the website sends to the browser of the User and is stored in the hard disk of the computer of the User. 

A) Purpose of using the cookie

1) Analysis of frequency or time of the visit of members and non-members, identification of interested fields and preference of Users, tracking, provision of individual-tailored services and targeted marketing via identification of the level of various event participation and number of visits 

B) Installation/operation, and rejection of cookie

1) The User has the right to choose cookie installation. Thus, the User may allow all cookies, make verification to take place whenever cookie is stored, or reject the storage of all cookies by setting the options on the web browser.  

2) How to set cookie installation authorization (for Internet Explorer)

- On the [Tools] menu, select [Internet Options].

- Click [Personal Information Tab].

- Set [Personal Information Process Level].

However, if you refuse to install cookies, there may be difficulties in service provision.


11. Measures for Securing the Safety of Personal Information

A. Technical measures

- The Company devises the following technical measures to secure safety and to prevent loss, theft, leakage, alteration, or damage to personal information in processing your personal information.

1) Your personal information is protected by passwords, files and transmission data are encrypted, and important data are protected via a separate security function.  

2) The Company uses a vaccine program to take measures to prevent damages from a computer virus.

3) The Company utilizes password algorithms to select security devices for safe transmission of personal information on the network.  

4) In preparation for hacking or other external intrusions, each server uses intrusion prevention systems and vulnerability analysis systems to ensure security.

B. Management measures

1) The Company limits the number of personnel to the minimum with the right to access your personal information.

- Persons such as personal information protection officers and managers who perform personal information management tasks 

- Other persons who must inevitably handle personal information due to job responsibility

2) The Company regularly conducts education for employees handling personal information in relation to the duty to protect personal information and other related matters.

3) The Company prevents information leakage in advance via security commitment pledges from all employees and has internal procedures to audit the implementation of the Privacy Policy and adherence by employees.

4) The transition of work between persons in charge of personal information management is strictly conducted while security is maintained, and the responsibilities on personal information accidents upon starting or terminating the employment are clearly defined.

5) The data center is designated as a specially protected area to which access is controlled.  

6) The Company shall not be responsible for occurrences caused by a personal mistake of the User or the basic risk of the Internet. Each member shall be responsible for managing his or her ID and passwords appropriately to protect personal information and shall have the responsibilities and liabilities thereof. 

7) In the event that mistakes of an internal manager or technical management accidents cause loss, leakage, alteration, or damage to personal information, the Company will immediately notify you and take appropriate measures.

12. Link Sites

A. The Company may provide you with links to websites of other companies or materials. In this case, the Company can neither guarantee nor be held responsible for the usefulness of the services or materials provided therefrom because the Company has no control over the external sites and materials.  

B. When you are transferred to a page of another site by clicking on the link included by the Company, the privacy policy of the site has no relevance to the Company, and therefore please review the policy of the newly visited site. 

13. Transmission of Advertising Information

A. The Company does not transmit advertisement information for commercial purposes against your explicit refusal to receive such information.  

B. When you have agreed to receive emails including newsletters, the Company will take measures in the title box or body text of the emails as follows to assist your recognition.  

C. The subject line of the email: The text (newsletter) and the main contents of the body text field are displayed.

D. Body text of the email: The sender's name, email address, telephone number, and address where you can express your refusal are specified.

E. The method to easily opt-out, the date when you agreed, and the contents thereof are specified. 

14. Remedy for Violation of Rights and Interests

You may report any complaints related to personal information protection arising from using the Company's services to the personal information protection manager or the department in charge. The Company will promptly and fully respond to the report by the Data Subject.

If you need to report or consult about other matters of personal information infringement, please contact the following organizations.

1) Personal Information Violation Report Center ( / 118)

2) Supreme Prosecutors' Office Internet Crime Investigation Center ( / 1301)

3) Korea Police Agency Cyber Safety Department ( / 182)


15. Changes to Privacy Policy

This Privacy Policy was established on July 29, 2009, and when there are additions, deletions, or modifications of contents according to changes in laws, policies, or security technologies, the reason and contents of change will be announced at least 7 days before the implementation on the website of the Hotel. 


Date of implementation of the Privacy Policy: April 1, 2020


Date of announcement: October 1, 2018

Date of implementation: April 1, 2020