Crown Park Hotel (hereinafter referred to as the "Company" or "Crown Park Hotel") complies with the personal information protection regulations under relevant laws and regulations that information and communications service providers must observe, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act. In accordance with these relevant laws, the Company has established a Privacy Policy and is committed to protecting the rights and interests of its users. This Privacy Policy applies to the use of Crown Park Hotel and all related services provided by the Company and includes the following information.
- 1.
Items of Personal Information Collected and Methods of Collection.
- 2.
Purpose of Collection and Use of Personal Information.
- 3.
Sharing and Provision of Personal Information.
- 4.
Entrustment of Personal Information Processing.
- 5.
Retention and Use Period of Personal Information.
- 6.
Procedures and Methods for Destruction of Personal Information.
- 7.
Rights of Users and Legal Representatives and How to Exercise Them.
- 8.
Installation, Operation, and Refusal of Automatic Personal Information Collection Devices.
- 9.
Technical and Administrative Measures for Personal Information Protection.
- 10.
Contact Information of the Privacy Officer and Person in Charge.
- 11.
Obligation to Notify.
1. Items of Personal Information Collected
A. Items of Personal Information Collected
First, the Company collects the following minimum personal information as mandatory items at the time of initial membership registration to provide seamless customer consultation and various services.
[Member Registration]
- Mandatory Items: ID, Password, Name, Date of Birth, Gender, Mobile Phone Number for verification, and Information of Legal Representative for children under 14 (The legal representative's Name, ID, and Mobile Phone Number are collected and retained until the child reaches the age of majority).
- Optional Items: Emergency Contact Email Address (Registration is possible even if optional items are not provided).
Second, the following information may be automatically generated and collected during the use of services or business processing.
- IP Address, Cookies, Date and Time of Visit, Service Usage Records, Misuse Records, and Device Information.
Third, the following information may be collected only from users of supplementary, customized services, or event entries using the Crown Park Hotel ID.
- When additional consent for personal information collection is obtained: IP Address, Cookies, Date and Time of Visit, Service Usage Records, Misuse Records, and Device Information.
Fourth, when identity verification is required to comply with relevant laws for using certain services such as adult content, paid services, or games, the following information may be collected.
- Name, Date of Birth, Gender, Duplication Identification Information (DI), Encrypted Connection Information (CI), Mobile Phone Number (Optional), I-PIN Number (When using I-PIN), and Domestic/Foreigner Status.
Fifth, the following payment information may be collected during the use of paid services.
- Credit Card Payment: Card Issuer Name, Card Number, etc.
- Mobile Phone Payment: Mobile Phone Number, Carrier, Payment Approval Number, etc.
- Bank Transfer: Bank Name, Account Number, etc.
- Gift Certificates: Gift Certificate Number.
B. Methods of Personal Information Collection
The Company collects personal information through the following methods.
- Website, Written Forms, Fax, Telephone, Consultation Boards, Email, Event Entries, and Delivery Requests.
- Provision from partner companies (affiliates).
- Collection through tools for generating information.
2. Purpose of Collection and Use of Personal Information
A. Fulfillment of Contract Regarding Service Provision and Fee Settlement Following Service Delivery
Provision of content, provision of specific customized services, shipping of goods or billing statements, identity verification, purchase and payment, and fee collection.
B. Member Management
Provision of membership-based services, individual identification, measures to restrict use for members violating Crown Park Hotel’s Terms of Use, sanctions against acts that interfere with the smooth operation of the service and unauthorized service use, confirmation of intent to join, restrictions on registration and frequency of joining, confirmation of consent from legal representatives when collecting personal information of children under 14, subsequent identity verification of legal representatives, record preservation for dispute resolution, handling of civil complaints including grievance processing, delivery of notices, and confirmation of intent to withdraw membership.
C. Development of New Services and Utilization in Marketing and Advertising
Development of new services and provision of customized services, provision of services and placement of advertisements based on demographic characteristics, verification of service validity, provision of event information and participation opportunities, provision of promotional information, tracking of access frequency, and statistics on members' service usage.
3. Sharing and Provision of Personal Information
The Company uses users' personal information only within the scope notified in "2. Purpose of Collection and Use of Personal Information." In principle, the Company does not use the information beyond this scope or disclose users' personal information to third parties without prior consent. However, the following cases are exceptions.
A. When users have given their consent in advance.
B. When requested by law enforcement agencies in accordance with the procedures and methods set forth by laws and regulations for the purpose of investigation or compliance with legal requirements.
4. Entrustment of Personal Information Processing
To improve its services, the Company entrusts the processing of personal information as follows. In accordance with relevant laws and regulations, the Company stipulates necessary matters to ensure that personal information is securely managed during the conclusion of entrustment contracts. The Company's entrusted agencies and the scope of entrusted work are as follows.
| Entrusted Company | Content of Entrusted Work | Period of Retention and Use |
|---|---|---|
| Sanha IT Co., Ltd. | Operation of online reservation system and management of booking data | 5 years in accordance with the Act on the Consumer Protection in Electronic Commerce or until contract termination |
5. Retention and Use Period of Personal Information
In principle, the Company destroys users' personal information without delay once the purpose of collection and use is achieved. However, the following information is retained for the specified periods for the reasons stated below.
A. Grounds for Retention According to Internal Company Policy
- Records of Misuse (Abnormal service usage records such as fraudulent registration or disciplinary records)
- Items Retained: Mobile phone number used for verification, and the ID of the legal representative for members under 14.
- Reason for Retention: To prevent fraudulent registration and misuse.
- Retention Period: 1 year.
※ ‘Records of Misuse’ refers to records of users subjected to service restrictions by the Company due to fraudulent registration or the creation of posts that violate operational principles.
B. Grounds for Retention According to Relevant Laws and Regulations
If it is necessary to retain information in accordance with the provisions of relevant laws, such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Company shall store member information for a certain period as prescribed by the relevant laws. In this case, the Company uses the stored information only for its intended purpose of storage, and the retention periods are as follows.
- Records on Contracts or Withdrawal of Offers, etc.
Reason for Retention: Act on Consumer Protection in Electronic Commerce.
Retention Period: 5 years.
- -Records on Payment and Supply of Goods, etc.
Reason for Retention: Act on Consumer Protection in Electronic Commerce
Retention Period: 5 years
- Reason for Retention: Electronic Financial Transactions Act
Retention Period: 5 years
- Records on Handling of Consumer Complaints or Disputes
Reason for Retention: Act on Consumer Protection in Electronic Commerce
Retention Period: 3 years
- Website Visitation Records (Log files)
Reason for Retention: Protection of Communications Secrets Act
Retention Period: 3 months
6. Procedures and Methods for Destruction of Personal Information
In principle, the Company destroys users' personal information without delay once the purpose of collection and use is achieved. The Company's procedures and methods for destroying personal information are as follows.
A. Destruction Procedure
- Information entered by users for membership registration, etc., is transferred to a separate database (or a separate filing cabinet for paper documents) after the purpose is achieved. It is stored for a certain period and then destroyed in accordance with internal policies and other grounds for information protection under relevant laws (refer to the Retention and Use Period).
- This personal information will not be used for any purpose other than retention unless required by law.
B. Destruction Method
- Personal information printed on paper is destroyed by shredding with a shredder or by incineration.
- Personal information stored in the form of electronic files is deleted using technical methods that render the records irrecoverable.
7. Rights of Users and Legal Representatives and How to Exercise Them
- Users and legal representatives may, at any time, access or correct their own registered personal information or the personal information of children under the age of 14. If you do not agree with the Company’s processing of personal information, you may refuse consent or request the termination of registration (membership withdrawal). However, in such cases, use of some or all services may be restricted.
- To access or correct the personal information of a user or a child under 14, click on 'Change Personal Information' (or 'Edit Member Information,' etc.). To terminate registration (withdraw consent), click on "Withdraw Membership." You may directly access, correct, or withdraw after completing the identity verification process.
- Alternatively, if you contact the Privacy Officer in writing, by telephone, or by email, we will take action without delay.
- If a user requests the correction of errors in their personal information, the Company will not use or provide the relevant personal information until the correction is completed. Furthermore, if incorrect personal information has already been provided to a third party, the Company will notify the third party of the results of the correction without delay to ensure that the correction is made.
- The Company processes personal information that has been terminated or deleted at the request of the user or a legal representative as specified in "5. Retention and Use Period of Personal Information" and ensures that it cannot be accessed or used for any other purposes.
8. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
A. What are Cookies?
- The Company uses 'cookies' to store and frequently retrieve user information in order to provide personalized and customized services.
- A cookie is a very small text file sent to the user's browser by the server used to operate the website and is stored on the user's computer hard drive. When a user subsequently visits the website, the website server reads the contents of the cookie stored on the user's hard drive to maintain the user's preferences and provide customized services.
- Cookies do not automatically or actively collect information that identifies an individual, and users can refuse to store or delete these cookies at any time.
B. The Company's Purpose for Using Cookies
Cookies are used to provide optimized and customized information, including advertisements, by identifying the visit and usage patterns of each service and website of Crown Park Hotel visited by users, popular search terms, secure connection status, news editing, and user scale.
C. Installation, Operation, and Refusal of Cookies
- Users have the right to choose whether to install cookies. Therefore, by setting options in the web browser, users may allow all cookies, go through a confirmation process whenever a cookie is stored, or refuse to store all cookies altogether.
- However, if you refuse to store cookies, you may experience difficulties in using some Crown Park Hotel services that require login.
- The method for specifying whether to allow cookie installation (for Internet Explorer) is as follows.
① Select [Internet Options] from the [Tools] menu.
② Click the [Privacy] tab.
③ Set the [Privacy Level].
9. Technical and Administrative Measures for Personal Information Protection
In handling users' personal information, the Company takes the following technical and administrative measures to ensure safety and prevent personal information from being lost, stolen, leaked, altered, or damaged.
A. Password Encryption
The passwords for Crown Park Hotel member IDs are stored and managed in an encrypted format, known only to the user. Access to and changes of personal information are only possible by the individual who knows the password.
B. Measures Against Hacking, etc.
The Company is doing its best to prevent users' personal information from being leaked or damaged by hacking or computer viruses. Data is backed up frequently to prepare for potential damage, and the latest anti-virus programs are used to prevent leakage or damage to users' information. We ensure that personal information can be securely transmitted over the network through encrypted communication. Furthermore, we control unauthorized access from the outside using intrusion prevention systems and strive to equip all possible technical devices to secure systematic safety.
C. Minimization and Education of Handling Personnel
The Company limits the number of employees who handle personal information to a minimum. Dedicated passwords for these employees are issued and updated regularly, and compliance with the Crown Park Hotel Privacy Policy is consistently emphasized through frequent training.
D. Operation of a Dedicated Privacy Protection Organization
Through an internal dedicated organization for personal information protection, the Company monitors compliance with the Privacy Policy and ensures that any discovered issues are corrected immediately. However, the Company shall not be held liable for damages caused by the user's own negligence or accidents in areas not managed by the Company, provided that the Company has fulfilled its obligations to protect personal information.
10. Contact Information of Privacy Officers
| Privacy Officer | |
|---|---|
| Name | Hyun-soo Kim |
| Department | Management Support |
| Contact Number | +82-2-750-5945 |
| Position | General Manager |
| E-mail Address | gm@crownparkhotel.co.kr |
| Privacy Coordinator | |
|---|---|
| Name | Soo-jung Ko |
| Department | Marketing |
| Contact Number | +82-2-750-5919 |
| Position | Head of Marketing |
| E-mail Address | mkt@crownparkhotel.co.kr |
If you need to report or seek counseling regarding personal information infringement, please contact the organizations below.
- Personal Information Dispute Mediation Committee: +82-1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center: +82-118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: +82-1301 (www.spo.go.kr)
- National Police Agency: +82-182 (ecrm.cyber.go.kr)
11. Obligation to Notify
If there are any additions, deletions, or modifications to the current Privacy Policy, notice will be provided through the 'Announcements' section of the website at least 7 days prior to the revision. However, for significant changes affecting user rights, such as the collection and use of personal information or third-party disclosure, notice will be provided at least 30 days in advance.
- Public Notice Date: October 15, 2015
- Effective Date: October 15, 2015