1. Purpose of Processing Personal Information
The Hotels do not use personal information for any purposes other than those described in this Privacy Policy. If the purpose of using personal information changes, the Hotels will ask for the agreement in advance. The Hotels process personal information strictly for the following purposes.
- A. Service Offer
- • Identification of guests and execution of contract for providing accommodation, food, and beverage services, venues, and meeting/wedding services
- • Customer satisfaction survey
- • Service customization
- E. Marketing & Advertisement
- • Development of new services and service customization
- • Promotion of new services and offers
- • Service delivery and advertisement based on statistical data
- F. Employment & Job Experience Program
- • Job application, selection process, qualification review, test records of applicants, aptitude test, Q&A, etc. Recruitment process
- • Application and selection of job experience programs, Q&A, etc.
2. Types of Personal Information
The Hotels collect the following personal information to provide hotel services while keeping the information collected to a minimum.
- A. Room Guest Information
- • Required information: Name, date of birth, personally identifiable number (passport number), nationality, payment method
- • Optional information: Email address, address, company, city, zip code, telephone number, membership number
- B. Service Offer
- Customer Satisfaction Survey
- • Required information: Name, email address, mobile phone number
- • Optional information: Date of birth, wedding anniversary date
- Food & Beverage Service
- • Required information: Name, email address, mobile phone number
- • Optional information: Date of birth, wedding anniversary date
- VOC
- • Required information: Name, email address, phone number
- • Optional information: Gender, address, company name
- C. Recruitment & Job Experience Program
- • Required information: Photo, applied department and job experience, name (Korean, English), date of birth, telephone number, mobile phone number, email address, current address, educational background, training record, job experience, foreign language skills and certificate, military service records (if applicable), self-introduction
- • Optional information: Family relations, national veteran status and certification number, disability record, other information
- • Method of collection: Email address, job recruitment website
3. Processing & Retention Period
- A. The Hotels store personal information for a certain period of time after the purpose of the collection has been fulfilled and destroy it according to the following schedule under their internal policies and applicable laws.
- 1) General shipping information: Upon delivery of goods or services
- 2) Information collected for promotional offers and other purposes: Upon completion of such promotional offers(unless stated otherwise when agreeing to the collection of personal information)
- B. The Hotels store personal information if required by law as follows.
- 1) Record of contract or withdrawal of subscription: 5 years
- 2) Payment and supply of goods: 5 years
- 3) Consumer complaint and dispute resolution: 3 years
- Identification and preferences of guests for revisit and service customization: 5 years
- C. Job application information
- 1) Period of retention: 3 years
- 2) Basis for retention: Internal policies and regulations (To prevent errors in the application process, personal information is destroyed at the time when the process finishes.)
4. Third Party Disclosure
The Hotels do not disclose personal information to third parties without the consent of the guests unless:
- A. agreed otherwise by the guest in advance, required by laws, or investigators for the purpose of investigation
5. Outsourcing the Processing of Personal Information
- A. The Hotels outsource the processing of personal information to the following third-party service providers:
설치 대수, 설치 위치 및 촬영범위 내용
Service Providers |
Outsourcing Companies |
Purpose of processing personal data |
Personal Data and Remarks |
Period of retention |
Parnas Hotel Co., Ltd. |
PNS Co., Ltd. Outsourcing of Rokaus hotel Management |
Outsourcing of Rokaus hotel Management |
all customer information (phone number, guest name, date of birth, e-mail, etc.) |
With the expiry of outsourcing contract |
Parnas Hotel Co., Ltd. |
IBS Co., Ltd. |
Outsourcing of facility management in Rokaus Hotel |
room number, guest name, duration of stay (day of check-in and check-out) |
With the expiry of outsourcing contract |
Parnas Hotel Co., Ltd. |
YB Service Co., Ltd |
Outsourcing of room maintenance in Rokaus Hotel |
room number, guest name, duration of stay (day of check-in and check-out) |
With the expiry of outsourcing contract |
KOREA INFORMATION & COMMUNICATIONS CO., LTD. |
|
Processing of payment |
paying card number, date of payment, mobile phone number |
Card number, date of payment : 3 months Mobile phone number : 5years |
Sanha Information Technology Co.,LTD |
|
Operation and Maintenance of Computer System |
guest name, e-mail address, phone number, address |
With the expiry of outsourcing contract |
- B. The Hotels set forth the clear security guidelines and ensure their strict compliance for the protection of personal information and prohibition of unauthorized disclosure.
The Hotels keep the contract in writing or electronic format. Any changes in service providers are announced through the Privacy Policy posted on the website.
6. Rights & Obligations of Information Owners and How to Exercise these Rights
- A. As the owner of personal information, the guests can exercise the following rights.
- 1) Request for access to personal information
The guests can request access to their personal information under Article 35 (Access to Personal Information) of the Personal Information Protection Act.
However, such request may be denied under Article 35-5 thereof if:
- • such access is prohibited or restricted under the law such access may cause death or injuries, damage to personal property, or infringe the rights of others.
- 2) Request for correction and removal of personal information
The guests may request correction and removal of their personal information under Article 36 (Correction & Removal of Personal Information) of the Personal Information Protection Act unless required otherwise by law.
- 3) Request for cessation of processing personal information.
The guests may request cessation of processing their personal information under Article 37 (Cessation of Processing Personal Information) of the Personal Information Protection Act unless required otherwise in accordance with Article 37-2 thereof if:
- • such cessation may result in violation of the law
- • such cessation may cause death or injuries, damage to personal property, or infringe the rights of others
- • such cessation may interrupt the delivery of service and performance of the contract and the guests fail to express their intention to terminate the contract.
- B. If the guests request access, correction, or removal of personal information, or cessation of processing personal information by phone or email, then the Hotels will take necessary measures immediately after the proper identification process.
- C. If the guests request correction of personal information, then the Hotels will not use or provide their personal information until it is corrected. In the event that the Hotels provide incorrect personal information to a third party, the Hotels will notify the party immediately to make sure that its correction is made.
- D. The guests must keep their personal information updated and are responsible for any damage or loss caused by providing inaccurate personal information. Abusing or misusing other persons' personal information may result in the loss of membership or restrictions of using service.
- E. The guests are responsible for protecting their own personal information and not infringing the rights of others. The guests must take necessary precautions to prevent their personal information from being compromised and not to abuse the information of others. Failure in fulfilling these responsibilities, infringing the rights of others, or providing false information may result in the loss of membership and prosecution under the law.
- F. The Hotels operate the following support team to ensure smooth communication with the guests regarding their personal information.
- • Guest support team: Management Support Team
- • TEL: +82 2-6923-8140
- • Address: Nine Tree Premier Rokaus Hotel Seoul Yongsan, 25, Hangang-daero 23-gil, Yongsan-gu, Seoul, Korea
7. Destruction of Personal Information
- A. Process
- • The Hotels retain personal information for a set period of time and destroy it when the purpose of the collection is fulfilled in accordance with the internal policies and applicable laws. Upon expiry of the retention period or fulfillment of the purpose of collection or any other cases where the retention of personal information is no longer required, the Hotels destroy personal information immediately.
- • In the event that other laws require that personal information be stored even after the retention period is expired or the purpose of collection is fulfilled, the Hotels transfer such personal information to a separate database or store it in a different place.
- B. Method
Paper containing personal information is shredded or incinerated while electronic files are deleted beyond recovery.
8. Security Measures
- A. Establishment and implementation of internal control plan
The internal control plan is established and implemented in accordance with the Internal Control Guidelines set by the Ministry of the Interior and Safety and training is conducted on a regular basis.
- B. The manager handling personal information takes necessary security measures to minimize the access and conduct security training on a regular basis.
- C. Restriction of access to personal information
The Hotels restrict the access to personal information by controlling the access to the database system and prevent any unauthorized access from outside using this security system.
- D. Storage of access logs and prevention of its modification
The Hotels store and manage the record (e.g. web logs, summary) of accessing the personal information processing system for at least 6 months and take necessary security measures to prevent unauthorized modification, loss, and theft.
- E. Encryption of personal information
Personal information is encrypted for storage and management. Important data is secured through encryption for storage and transmission.
- F. Technological measures against hacking
The Hotels install, update, and inspect security software to protect personal information from hacking and computer viruses. The security system is installed in a secure place and protected technically and physically to prevent any unauthorized access.
- G. Prevention of unauthorized access
The personal information system is located separately and protected with physical access control and procedures.
9. Installation and Operation of Automatic Personal Information Collection and Rights to Refuse
- A. The Hotels use cookies to store and access the user information in order to provide personalized service for the users.
- B. Cookies are small files which are sent by the website server(http) and stored on a user's PC hard disk drive.
- • Purpose of using cookies: to identify the user's pattern of accessing or using the service and website, popular search words and security access to provide personalized information.
- • Installation, operation and refusal of cookies: users may disable cookies in Tools > Internet Option tab in the web browser.
- C. The users may not be able to use personalized service if they disable cookies.
10. Personal Information Manager
For the protection of personal information and complaint handling, the Hotels have appointed the following managers.
- A. Head of Personal Information Management: Han Man Hwan, Managing Director
- B. Personal Information Manager: Kim Jung Jun, Deputy Manager (IT Team)
- C. Personal Information Assistant Manager: Kim, Jae Gwon (IT Team)
11. Response to Infringement of Rights
The guests may request the settlement of dispute or consultation to the Personal Information Arbitration Committee and Personal Information Infringement Notification Center of Korea Internet Security Agency in addition to the following organizations:
- A. Privacy Breach Report Center (operated by Korean Internet Security Agency)
- • Responsibilities: consultation and report privacy breaches
- • Website: privacy.kisa.or.kr
- • TEL: (without area code) 118
- • Address: Privacy Breach Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeonnam, 58324
- B. Personal Information Arbitration Committee
- • Responsibilities: arbitration and group dispute resolution regarding personal information (civil resolution)
- • Website: www.kopico.go.kr
- • TEL: (without area code) 1833-6972
- • Address: 4F, Government Complex Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul, 03171
- C. Cyber Criminal Investigation Team of Supreme Prosecutors Office: 02-3480-3573 (www.spo.go.kr)
- D. Cyber Terror Response Center of National Police Agency: 182 (http://cyberbureau.police.go.kr)
12. Revision History
This Privacy Policy takes effect on the date of implementation.
- A. Date of Announcement: January 25, 2023
- B. Date of Implementation: February 01, 2023