Personal Information Processing Policy
Personal Information Processing Policy
In compliance with Article 30 of Personal Information Protection Act, Jeju Sumorum Hotel, operated by DSDL Co., Ltd. (Hereinafter “Sumorum Hotel) is developed and disclosed the following personal information processing policy with the objectives of protecting personal information of customers and facilitating rapid processing of related issues.This policy is subject to change according to amendments and establishment of related laws, government policy changes, and company policy changes. As such, please check this document regularly to avoid confusion.
This personal information processing policy has the following details:
- Article 1 Scope of Personal Information Collection
- Article 2 Purpose of Personal Information Collection and Use
- Article 3 Processing Period of Personal Information
- Article 4 Provision of Personal Information to Third Parties
- Article 5 Consignment of Personal Information Processing
- Article 6 Rights, Duties, and Exercising of Rights of Information Principals and Their Legal Representative
- Article 7 Destruction of Personal Information
- Article 8 Ensuring Security of Personal Information
- Article 9 Operation and Use of Cookies
- Article 10 Personal Information Protection Manager
- Article 11 Remedy to Rights Infringement
- Article 12 Installation and Operation of Image Information Processing Devices
- Article 13 Changes to Personal Information Processing Policy
Article 1 (Scope of Personal Information Collection)
To provide service in a fair and legal manner, Sumorum Hotel collects personal information in the minimal scope.In principle, sensitive personal information that may infringe upon human rights (ethnicity, religion, ideology, place of birth, registered location, political positions, criminal records, health information, sexual information, etc.) are not collected. However, certain sensitive information may be collected for users of certain programs. In such cases, separate information will be provided to obtain consent from the users.
Article 2 (Purpose of Personal Information Collection and Use)
Sumorum Hotel processes personal information the following purposes. The processed personal information is not collected or used for purposes other than the following. In case such purposes are changed or information needs to be used for purposes other than what was originally notified, Sumorum Hotel will obtain consent from owners of personal information and take other necessary measures in accordance with Article 18 of the Personal Information Protection Act.| Category | Collected Information | Purpose | Collection Method | Storage Period | |
|---|---|---|---|---|---|
| Registration | Required | Name, date of birth, sex, nationality, passport number, e-mail, phone number, mobile phone number, credit card information | Guest identification, provision of hotel and room services, complaint processing, missing items and other service processing, communication, handling, and processing of issues related to hotel services, guarantee of guest room reservation | E-mail, phone, fax , customer registration card | 5 years from date of stay |
| Optional | Nationality, company name, job title, address | Provision of services according to demographic characteristics and development of statistical information regarding member services | |||
| Optional | E-mail, mobile phone number | Provision of product, service, event, and promotional information | |||
| Reservation | Required | Name, mobile phone number | Reservation and consultation services | E-mail, phone, fax | 3 months |
| Service Use | Required | Name (company name), phone number, mobile phone number, e-mail, and other contact information | Service user identification, contact and information for service implementation, notification, complaint, and other communication paths | Quote, contract | 3 years after service completion |
| Optional | Address | Billing | |||
| Optional | Credit card information | Payment of contract deposit and guarantee for event cancellations and delays | |||
* While customers may refuse to consent to collection, use, or provision of information, without the consent to process required information or identification information, it may be impossible to establish or maintain transactional relationships.
* Customers may refuse to consent to processing of optional information. However, refusal to consent may result in restrictions in certain services and convenience features.
Article 3 (Processing Period of Personal Information)
- When hotel guests or membership customers request to delete their personal information, Sumorum Hotel will immediately process the request to prevent the collected personal information from being read or used.
-
However, in case related laws including the Commercial Act require preservation of the information after service cancellation, Sumorum Hotel reserves the right to possess minimal scope of personal information during the preservation period prescribed in the related laws. In case preservation period for personal information was notified in advance, or individual consent to preserve personal information was obtained, the information will be maintained by Sumorum Hotel for the specified period. In such cases, Sumorum Hotel will only use the maintained information for its originally specified purposes. Preservation periods are as follows;
(1) Records on contract or termination: 5 years
(2) Records on payment or supply of goods, etc.: 5 years
(3) Records on processing of customer complaints or conflicts: 3 years
Article 4 (Provision of Personal Information to Third Parties)
- Except for cases in which the principal of information gives consent or required by provisions of related laws, Sumorum Hotel will never use personal information or provide it to other individuals/companies/agencies beyond the scope specified in “Article 2 Purpose of Personal Information Collection and Use.”
-
The following are cases in which Sumorum Hotel may provide personal information to third parties without advance consent from principal of the information:
(1) In case advance consent from the principal of information was obtained;
(2) In case special provisions allowing transfer of information exist in the Protection of Communications Secrets Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., Framework Act on Telecommunications, Telecommunications Business Act, Consumer Protection Act, and Criminal Procedure Act, or in case investigation agencies require the information in accordance with procedures and methods prescribed in related laws, for purpose of carrying out investigations;
(3) In case the information is provided for statistical analysis, academic research, or market research, processed into forms that de-identifies individuals. - Meanwhile, the personal information may be provided to or shared with affiliated companies to provide better services. In case Sumorum Hotel provides or shares information with third parties, it will seek consent via e-mail, internet website, phone, and writing to confirm recipient of personal information, purpose of information sharing, provided personal information items, and period of use and maintenance of the information. Without consent from the principal of information, the information will not be provided to or shared with affiliated companies. As personal information provided by Sumorum Hotel is for services offered by Sumorum Hotel, refusal to provide consent for provision of information to third parties may render it impossible to provide normal range of services.
Article 5 (Consignment of Personal Information Processing)
Sumorum Hotel consigns personal information as noted below, and it uses consignment contracts in accordance with related laws to safely manage personal information. Companies receiving consignment from Sumorum Hotel may not use the personal information beyond the scope of consignment contract. In addition, Sumorum Hotel regularly supervises and monitors consignee companies to prevent the personal information from being used illegally. In case business related to personal information is partially consigned to third parties, the fact is notified in advance to principals of the personal information. The following shows companies receiving consignment of personal information:| Consignee | Consigned Business |
|---|---|
| Frasers Hospitality Pte Ltd | Hotel operation |
| Oracle | Guest rooms, reservations, system operation and maintenance |
| Korea Information Co., Ltd. | Credit card transaction approval and billing |
| iParking Co., Ltd. | Confirmation of vehicle information for automatic parking system |
Article 6 (Rights, Duties, and Exercising of Rights of Information Principals and Their Legal Representative)
-
Principals of personal information may exercise the following rights related to their personal information protection over Sumorum Hotel at any point in time:
(1) Access to personal information;
(2) Making corrections to errors in personal information or making other changes;
(3) Demanding deletion of personal information;
(4) Demanding suspension of personal information processing. - Exercise of rights over Sumorum Hotel in accordance with the above paragraph 1 may be done in writing or via e-mail, fax, or etc., as per Appendix Forms 8 and 10 of Enforcement Rule of the Personal Information Protection Act. Sumorum Hotel will process such requests without delay. In case principals of personal information require correction of errors or deletion of data, Sumorum Hotel will not use or provide the personal information until correction or deletion is completed.
- Exercise of rights in accordance with paragraph 1 may also be conducted through legal representatives or delegated parties of the information principal. In this case, power of attorney, as provided in Appendix Form 11 of the Enforcement Rule of the Personal Information Protection Act, must be provided.
- In case of requesting access to personal information or requiring suspension of information processing, rights of information principals may be restricted in accordance with Article 35(5) and Article 37(2) of the Personal Information Protection Act.
- Information principals may not require deletion of their personal information in case other laws require their information to be collected and maintained.
- Sumorum Hotel will confirm whether the person requesting access or requiring correction/deletion/processing suspension of information is the owner or lawful representative of the owner.
Article 7 (Destruction of Personal Information)
- When personal information becomes unnecessary due to the passage of personal information holding period or achievement of information processing objectives, Sumorum Hotel will destroy the personal information without delay.
- If other laws require continued preservation of personal information, despite the passage of personal information holding period or achievement of information processing objectives, Sumorum Hotel will relocate the personal information to a separate database or a different location.
-
The procedures and methods of destroying personal information is as follows:
(1) Destruction procedure: Sumorum Hotel identifies personal information which require destruction, and destroys such information under approval from its personal information protection manager.
(2) Destruction method: Personal information printed on paper is shredded or incinerated for destruction, and personal information recorded or saved as electronic files will be permanently deleted using technical methods disabling restoration.
Article 8 (Ensuring Security of Personal Information)
In accordance with Article 29 of the Personal Information Protection Act, Sumorum Hotel takes the following technical/managerial/physical measures to ensure security of personal information.-
Managerial Actions:
(1) To protect personal information, minimal authority is given to personal information processors.
(2) Sumorum Hotel conducts regular training to enhance awareness of personal information protection.
(3) Sumorum Hotel conducts regular independent inspections to ensure security of personal information processing. -
Technical Actions:
(1) To ensure safety processing and management of personal information, Sumorum Hotel establishes internal management plans for personal information protection.
(2) Personal information and passwords of information principals are saved and managed after encryption. When the information is transferred, separate security features are used to ensure safe management.
(3) To prevent leakage of or damage to personal information by hacking attacks or computer viruses, Sumorum Hotel installed security programs and regularly updates/inspects them. Systems are installed in restricted areas, in addition to being monitored and restricted in technical and physical manners.
(4) By granting, changing, and deleting access authority to database systems that process personal information, Sumorum Hotel takes necessary access control measures. It also uses an intrusion prevention system to control unauthorized access from the outside. -
Physical Actions:
(1) Documents and storage devices containing personal information are stored in safe locations with locks.
(2) Sumorum Hotel operates a physical storage space for personal information, and uses and operates entry control procedures for the space.
(3) In preparation for natural calamities and disasters, Sumorum Hotel has and inspects risk response manual and other emergency procedures.
Article 9 (Operation and Use of Cookies)
-
Operation of Cookies
Sumorum Hotel uses cookies for user convenience. Information collected through cookies are used to provide customized marketing services after analyses of access frequency and access times. -
Installation, Operation, and Rejection of Cookies
Customers have the option to allow or refuse installation of cookies. They can set their web browsers to allow all cookies, require confirmation every time cookies are saved, or refuse saving of all cookies. However, refusal to save cookies may restrict services that require log-in.
Article 10 (Personal Information Protection Managers)
Sumorum Hotel designates personal information protection managers as indicated below, to supervise and take accountability for personal information protection business, and to process complaints and remedy injuries related to the issue. Please contact the below personal information protection manager or personnel for inquiries about personal information. Sumorum Hotel will provide rapid answers to such inquiries with due diligence.-
Personal Information Protection Manager
Name Title/Rank Contact Information E-Mail Seo Gyeong-cheol Management Support Team Lead 2098-0530 tony.seo@frasershospitality.com -
Personal Information Protection Personnel
Name Department Title/Rank Contact Information E-Mail Seung Jeong-hun IT Office Manager 2098-0535 jerry.seung@frasershospitality.com Gang Myeong-gu FA Team Lead 2220-8210 Ken.kang@frasershospitality.com Hwang Gwi-tae HR Deputy Team Lead 2098-0510 peter.hwang@frasershospitality.com Song So-yeon RSVN Team Lead 2220-8130 ellaine.song@frasershospitality.com Lee Jae-eun S&M Team Lead 2220-8200 jeffrey.lee@frasershospitality.com Kim Eun-hak F&B Team Lead 2098-0658 avril.kim@fraserplace.co.kr
Article 11 (Remedy to Rights Infringement)
Information principals may seek remedy to infringement of personal information or receive consultation through below agencies:-
Personal Information Infringement Report Center (Korea Internet & Security Agency)
-Services: Reporting of infringement of personal information, request for consultation
-Website: privacy.kisa.or.kr
-Phone: 118
-Address Personal Information Infringement Report Center, 9, Jinheung-gil, Naju-si, Jeollanam-do 58324 (3rd floor, 301-2, Bitgaram-dong) -
Personal Information Mediation Committee
-Services: Request for personal information mediation, collective conflict mediation (civil resolution)
-Website: www.kopico.go.kr
-Phone: 1833-6972
-Address: Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul 03171 (4th floor) -
Cyber Crime Investigation Group at the Supreme Prosecutor’s Office
-Phone: +82-2-3480-3573
-Website: www.spo.go.kr -
Bureau of Cyber Security at the National Police Agency
-Phone: 182
-Website: http://cyberbureau.police.go.kr
Article 12 (Installation and Operation of Image Information Processing Devices)
Sumorum Hotel installed and operates image information processing devices as follows:-
Grounds and Purpose of Installing Image Information Processing Devices
- Facility safety and fire prevention
- Crime prevention for safety of customers
- Prevention of car theft or damage
* Parking facilities with capacity of 30 vehicles or more may install and operate image information processing devices as per Article 6(1) of Enforcement Rule of the Parking Lot Act. -
Number, Location, and Range of Devices
Category No. of Devices Locations and Range Seodaemun Gate 111 Interior and exterior of the building, corridors on each floor, elevators, parking lot, etc. 남대문 105 Interior and exterior of the building, corridors on each floor, elevators, parking lot, etc. -
Managers and Access Authority Holders
To protect customers’ image information and process complaints regarding personal image information, Sumorum Hotel has the following managers of related information.Category Name Department Title/Rank Contact Information Manager Main Yang Cheon-taek Security Team Lead 2220-8010 Sub Lee Su-jin Deputy Team Lead 2098-0560 Access Authority Holders Seodaemun Gate Kim Yeong-sik Employee 2220-8119 Namdaemun Gate Jeong Tae-hun Employee 2098-0561 -
Filming Period, Storage Period, Storage Location, and Processing Method of Image Information
- Filing Period: 24 hours
- Storage Period: 50 days from filming
- Storage Location and Processing Method: In security room; information is automatically deleted after storage period -
Information on Consignment of Installation and Management of Image Information Processing Devices
Sumorum Hotel consigns handling of image information processing devices as follows. It also regulates necessary items to safety manage personal information in the consignment contracts.Consignee Name Contact Information None - - -
Access to Personal Image Information and Location
In case information principals request access to or confirm the existence of personal image information, or demand deletion of such information, they may contact the managers in the above paragraph 3 in advance and visit relevant departments. -
Actions in Response to Requests to Access Image Information by Information Principals
Such requests must be made using a form regarding confirmation of personal image information. In case the information principal is filmed, only personal image information clearly required to urgently protect life, body, and property of the information principal may be accessed. In case information principals request access to or confirmation of personal image information or demands deletion of such information, Sumorum Hotel will take necessary measures without delay. -
Ensuring Security of Image Information
Image information processed by Sumorum Hotel is securely managed using encryption measures, etc. Internal management plans exist to control access to and authority over such information, and to prevent tampering of such information, date created, purpose of access, accessing individual, and time of access are recorded and managed. In addition, physical locks are installed to ensure physical safety of personal image information.
Article 13 (Changes to Personal Information Processing Policy)
-
In case establishment and amendments to related law, changes in government policies, changes in company policies, or changes in security technologies incur addition, deletion, or correction of this document, Sumorum Hotel will notify the changes without delay via its website. As the contents of this personal information protection policy is subject to frequent changes, please check this document with every visit to Sumorum Hotel website.
This personal information processing policy will be effective beginning on (Day) (Month), 2019.