1. Purpose of collecting and using personal information
(1) The company collects minimum essential information from customers for the business processing of reservation of travel products and provision of travel-related services, and all personal information provided shall not be used for purposes other than the relevant purpose unless otherwise agreed. not.
(2) The company will notify you in advance if the items to be collected, purpose of use, and use of personal information change, and will seek the consent of the customer.
(3) The company uses the collected personal information for the following purposes.
end. Fulfillment of contracts for service provision and settlement of fees according to service provision
Reservation of travel products, reservation of airline tickets/hotels and confirmation of immigration information, confirmation and consultation of reservation details, performance of domestic travel services, provision of contents, preferential treatment of members when using travel services, Purchase and payment Member management Individual identification, confirmation of sign-up, record retention for dispute settlement, complaint handling, notification delivery
2. Personal information collection items and collection methods
(1) The company collects personal information of customers in accordance with legitimate procedures and legal standards, and collects only the minimum information necessary for the use of the customer's service. Collection and use are restricted in accordance with the Personal Information Protection Act.[Table 1] When registering as a member
(2) Personal information is collected by signing up for membership on the website (www.hanatouritc.com) operated by the company, making reservations for travel products, consulting on travel products, verifying identity through phone, fax, e-mail, and providing from affiliates.
(3) The detailed personal information items, purpose, retention and use period collected to provide member services and travel services are as shown in [Table 1] and [Table 2] below.
[Table 2] When booking travel products
|division||Personal information details||Usage||Retention and use period|
|Required information||Name, date of birth, email, contact information, ID||Member service provision||Until service termination However, if it is necessary to retain it for a certain period of time for confirmation of transaction-related rights and obligations according to the regulations of the Commercial Act at the time of termination, the period specified by the relevant laws and regulations.|
|Personal information items||Usage||Retention and use period|
|Name, date of birth, email, contact information, country/region||Travel product reservation and consultation/product delivery|
Information on cancellation of unpaid service provision and retention period in accordance with related laws : 3 months from the date of cancellation of the reservation
|Name, company name (optional), credit card number, valid unpaid cancellation information: 3 months from the date of reservation cancellation||Payment/Settlement|
3. Period of use and retention of personal information
of use of personal information Customer's personal information is retained only during the period of service provision or dispute settlement, and will be destroyed without delay if the information subject requests deletion and consents to withdrawal. However, if it is necessary to preserve it in accordance with the provisions of the relevant laws and regulations, we will keep the member information securely for a certain period specified by the relevant laws and regulations as follows.
end. Records on contract or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce, etc.
B. Records on Payment and Supply of Goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
C. Consumers' Records on handling complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
with the personal information expiration date system a . The company follows the personal information expiration date system, and takes necessary measures to destroy the personal information of users who have not used the relevant information and communication service for the specified expiration period to prevent misuse, abuse and leakage of personal information.
I. The company notifies that the user's personal information items are destroyed, stored separately, and managed in accordance with relevant laws and regulations if the user's personal information items are destroyed or stored in accordance with the company's security regulations and guidelines 30 days before the expiration of the expiration date specified at the time of membership registration. Do it.
All. Even after the expiry of the expiration date, if a member uses the company's service, consults, or changes information, it is considered a request for reuse and can be restored to normal use from separate storage and management.
4. Matters concerning the provision of personal information to a third party
The Company shall in any case exceed the scope notified in the'Purpose of Collection and Use of Personal Information', except with the consent of the member customer or in accordance with the provisions of the relevant laws and regulations, or other companies/organizations not related to the applicable member service area. Do not provide or use. However, personal information is provided under limited conditions only to companies directly related to customer service performance, and the contents are as follows.
|Service area||Recipient||Items to be provided||Purpose of use of the recipient|
|lodgment||Domestic hotels and resorts/lodging companies|
(Daejeon Lotte City, Ulsan Hyundai Hotel, Gyeongju
Lahan Select Hotel, Suwon Velas Suite Hotel, Kensing
Turn Seorak Hotel, Gochang Healing County, Buyeo Lotte
Resort, Jeju G Hotel, Jeju Ramada City Hall)
|Name (Korean/English), contact information||Accommodation reservation progress / confirmation|
|Affiliate||Korea History and Culture School||Name (Korean/English), contact information||Experience product event progress and confirmation|
5. Details and status of work that Hana Tour ITC entrusts customers' personal information to
(1) The company entrusts some tasks to specialized companies in order to provide customer-friendly services smoothly.
(2) In order to ensure the protection of personal information, the Company shall comply with the legal procedures for consignment of personal information processing by service providers, observance of security instructions, confidentiality of personal information, restrictions on use beyond business purposes and scope, and restrictions on reconsignment We clearly stipulate the liability for damages in the event of an accident, and store the contents of the contract in writing or electronically and strictly supervise it.
(3) If the contents of the consignment business or the consignee change, we will disclose it through this personal information processing policy without delay.
(4) The status of the company entrusting customer's personal information is as follows.
|Entrusted company (trustee)||Purpose of consignment work|
|KG INICIS||Credit card payment approval, automatic deposit service for sales details (Korean page)|
|Paypal||Credit card payment approval, automatic deposit service for sales details (English/Japanese page)|
|Wechat Pay||Credit card payment approval, automatic deposit service for sales details (Chinese page)|
6. Matters concerning the device for automatic collection of personal information
The company operates'cookies' that store and find user information from time to time. Cookies are very small text files sent to the user's browser by the server used to operate the company's website and are stored on the user's computer hard disk. Cookies identify the user's computer, but do not personally identify the user.
end. Purpose of using cookies To provide targeted marketing and personalized services that analyze users' access frequency or visit time
B. How to reject cookie settings The user has the option of installing cookies. Therefore, users can select to allow all, allow some, or reject all cookies by setting options in the web browser.
※ How to set (for Internet Explorer)
Click [Tools] on the Internet screen task bar, select [Internet Options], select [Personal Information Tab], and set whether to allow cookies in [Settings]. However, if the user refuses to install cookies, there may be difficulties in providing the service.
7. Rights and obligations of the subject of personal information
The personal information subject can exercise the following rights related to personal information protection at any time to the company.
- Personal information read request (data subject and the data subject than the view of the origin, purpose of processing, use history of the personal information collected from)
- When the error correction requirements
- personal information deletion request
-processing stop request
for the entry Rights can be exercised to the company in writing, by phone, e-mail, or fax (fax), and the company will take action without delay. The information subject violates related laws such as the Personal Information Protection Act, and is obligated to ensure that the personal information and privacy of the information subject and others handled by the company are not infringed.
8. How to view, correct and delete personal information
To view and correct your personal information, you can access or correct your personal information by accessing the company website (www.hanatouritc.com) and clicking'Edit My Information' in the PROFILE.
If it is impossible to read or correct, or if you need to delete personal information, please contact us by email (email@example.com) and we will take care of it promptly.
You can withdraw your consent to the collection and use of personal information at any time through'Membership Withdrawal'.
In the case of children under the age of 14, the legal representative has the right to view or modify the child's personal information, and to withdraw consent to collection and use.
If a request for correction of errors in personal information is requested, the personal information will not be used or provided until the correction is completed.
In addition, if incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay so that the correction can be made.
9. Protection of personal information of children under the age of 14
In the case of children under the age of 14, contracts for use of travel products/services are possible through a legal representative, and minimum personal information necessary to perform the service is collected. The legal representative of a child under the age of 14 may request to view or correct the child's personal information, or withdraw consent for collection, use, provision, and consignment of personal information. Personal information of children under the age of 14 will not be provided or shared with third parties without the consent of their legal representative.
10. Measures to ensure safety for personal information protection
In processing users' personal information, the Company takes the following technical, administrative, and physical measures to prevent loss, theft, leakage, external attacks, forgery, alteration, and hacking of personal information and to ensure the best safety. There is.
end. Minimization and training
of personnel handling personal information – We designate employees who handle personal information, minimize the number of people in charge of handling personal information, and conduct continuous personal information protection training.
I. Establishment and implementation of an
internal management plan-We have established and implemented an internal management plan for safe handling of personal information.
of personal information-User's personal information is encrypted and stored and managed according to the standards stipulated by laws and regulations, and encryption is applied to files and transmission data.
la. Technical measures against hacking
-The company installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, periodically updates and checks, installs a system in an area where access from outside is controlled, and installs a technical/physical system. Monitoring and blocking.
hemp. Restriction of
access to personal information-We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from outside by using an intrusion prevention system. Are in control.
bar. Storage of access records and prevention of forgery and alteration
– Records of access to the personal information processing system are stored and managed, and access records are managed to prevent forgery, alteration, theft and loss.
four. Use of locking device for document security-
Documents and auxiliary storage media containing personal information are stored in a safe place with a locking device.
Ah. Access control for unauthorized persons-A
separate physical storage place for personal information is established, and access control procedures are established and operated for this.
11. Personal information destruction procedure and method
After the purpose of use of the collected personal information is achieved, the company destroys the information without delay according to the period of use and storage, and the destruction procedure and method are as follows.
end. Destruction Procedure The
personal information entered by the customer for membership registration and use of the travel service is stored for a certain period of time after the purpose of use is achieved and the reason for information protection pursuant to other related laws and regulations, and then deleted or destroyed.
I. Destruction method
-Personal information printed on paper: Shredding using a shredder
-Personal information stored in electronic file format: Personal information is not left, and records are deleted through a method that cannot reproduce the record
12. Personal information protection officer and person in charge
The company designates a person in charge of personal information protection and a department in charge of handling complaints in order to protect customers' personal information safely and to handle complaints and complaints related to personal information. If you have any inquiries related to personal information, please contact us. We will respond sincerely and promptly according to the standards.
|Personal Information Protection Officer||Personal information related inquiries|
|Name: Lee Je-woo||Department Name: ITC HR/General Affairs Team|
|Affiliation/Title: CEO of Hana Tour ITC||Phone: 02-398-6567|
|Phone: 02-398-6600||Mail: firstname.lastname@example.org|
|E-mail: email@example.com||FAX: 02-6234-2308|
If you need to consult other personal information infringement or reporting, you can obtain confirmation through inquiries to the following external organizations.
○ Personal Information Infringement Report Center (without area code) 118 (privacy.kisa.or.kr)
○ Personal Information Dispute Mediation Committee 1833-6972 (www.kopico.go.kr)
○ Supreme Prosecutors' Office Cyber Investigation Division (without area code) 1301 (www. spo.go.kr)
○ National Police Agency Cyber Bureau (without area code) 182 (cyberbureau.police.go.kr)
13. Notice of changes to the personal information processing policy
If there is any addition, deletion or modification of the contents of the personal information processing policy, it will be notified through the notice on the website before the amendment is reflected. In addition, a version number and revision date are assigned to the personal information processing policy so that you can easily know whether or not to be revised, and if it is an important matter, we will deliver the guidance to the customer's e-mail.