The-K Hotel Seoul(hereinafter referred to as the company) operated by The-K Hotel and resort(Co.) respects the personal information of users and it is complies with the Act on Promotion of Information and Communications Network Utilization and Information. The company notifies how and for what purposes the personal information provided from users is used and what actions are taken for personal information protection through the personal information handling policy. In case that the personal information handling policy is revised, it will be notified via web site notices(or individual notice).

Article 1 [Personal Information Collection Item and Methods]

The-K Hotel Seoul allows users to access most of contents with no restriction even if they did not sign up for the membership. If you want to use the membership service of the company, then you must enter the following information. Even if you decide not to enter optional items, there will be no restriction of your service use.

1. 1. Scope of personal information collection

   1. A. The-K Hotel Seoul collects the personal information within the minimum scope to ensure service supplies.
   2. B. The-K Hotel Seoul does not collect the sensitive personal information that is likely to infringe the basic rights of members.(ethical, race, belief and motto, origin, and birth place, political preference or criminal records, health condition and sex life)

2. 2. Personal information collection items

   1. Website membership signing

      1. * Required information : mobile phone, ID, password, name, name in English, birthdate, sex, email address, address
      2. * Optional information : marriage status, wedding anniversary, telephone number

   2. Room reservation

      1. * Required information : name, sex, nationality, email address, reservation password

   3. Dining reservation

      1. * Required information : name, mobile phone, email address

   4. Consulting reservation

      1. * Required information : name, mobile phone, email address

3. 3. How to collect the personal information

   The company collects the personal information through the homepage(membership signup, reservation consulting, voice of customer, online survey, event application), paper, tel, fax and so on. In addition, during the course of service use or business handling, the following information can be created and collected.

   1. * IP Address, cookies, visit date, service use records

Article 2 [Goals of Personal Information Collection and Use]

For satisfactory services, the company collects the personal information under the following goals.

1. 1. Service supply related contractual performance and contents supply, service and signup consulting, notice delivery, confirmation of your desired, smooth communication route acquired such as voice of customers and so on
2. 2. Member management (member signup, self authentication, individual identification unfair use prevention and unauthorized use prevention, confirmation of desired to signup, complaint handling and civil appeal handling, notice delivery and so on)
3. 3. Marketing/ads use (event and ads information delivery, demographic characteristics based service supply and ads posting)

Article 3 [Personal Information Retention and Use Periods]

1. 1. Once the goals of personal information collection or supply are achieved, the-K Hotel Seoul will immediately discard the personal information. The specific discarding date is shown as follows.

   1. A. Membership signup information (internal policy): withdrawing the membership, it will be stored for one year for the purpose of revisit awareness services.

      1. ① A. Membership signup information (internal policy): withdrawing the membership, it will be stored for one year for the purpose of revisit awareness services.
      2. ② The personal information of users who did not use the service for one year is separately stored and it will be stored for one year and after that it will be immediately discarded
   2. B. Room stay information (internal policy) : Stored for 5 years for revisit service supply
   3. C. Delivery information : When the item or service is handed over
   4. C. Delivery information : When the item or service is handed over

2. 2. But even if the goal of collection or supply is achieved, if there is a need for preserving it according to the commerce laws and so on, then company will retain the persona information for some periods as follows.

   1. A. Fee payment and resource supply records : 5 years
   2. B. Consumer’s complaint or dispute related records : 3 years
   3. C. If there is a need for preserving it as a basis for lawsuits or disputes : 5 years
   4. D. Contract or application revocation records : 5 years

Article 4 [Supply of Personal Information to Third Parties]

The-K Hotel Seoul basically handles the personal information within the scope indicated for collection and use and only in case that it falls under the category of Article 17 of the personal information protection act including special provisions of the law or consent from the information subject, it will be provided to a third party.

Recipient	goals of collection and use	collection and use item	retention periods
KTCU	union membership checkup	name, member number, birthdate, mobile phone number	5 years
Sanha IT	Union member inquiry and member service supply	name, member number, birthdate, mobile phone number	when the goal of supply is achieved

Article 5 [Personal Information Supply and Sharing]

1. 1. Except when there exists a provision in the relevant laws or consent from the member, the-K Hotel Seoul will not provide the personal information of the member to the outside or use it beyond the scope notified in 『Goals of Personal Information Collection and Use』 in any case. In case of supplying or sharing the personal information of the member through a partnership, it is necessary to seek out consent after individually notifying the members via emails or paper ahead of time about who is the person that receives or shares it, what is the main business, which personal information items are shared or supplied, what are the goals of personal information supply or sharing and so on. Supply of the personal information by the-K Hotel Seoul aims to supply unique services of the-K Hotel Seoul, and thus unless they agree to supplies, they will not be able to receive and use normal services.

2. 2. In the following cases, according to the relevant laws, it is possible to provide the personal information without consent from the member.

   1. A. In case of needs for fee(point) settlement and product delivery as part of service supply
   2. B. In case of needs for stats preparation, academic research or market survey; In case of supply after being processed into a form where the individual cannot be identified
   3. C. If there is a demand from the criminal investigation organization according to the legal procedures and methods with an aim for investigation or if it relies on the provisions of the laws

Article 6 [Notice of Consigned Personal Information Handling]

For improved services, the company is consigning the duties of personal information handling to external companies as follows.

1. - Consignee : Sanha IT
2. - Details of consigned business : Room/ball room, B/O system repair and maintenance, online room reservation
3. - Use periods : Upon requests for service termination or until the consigned contract is terminated

1. - Consignee : LG U+
2. - Details of consigned business : Room reservation SMS transmission+
3. - Use periods : Upon requests for service termination or until the consigned contract is terminated

1. - Consignee : SCI
2. - Details of consigned business : Self authentication for membership signup on the homepage
3. - Use periods : Upon requests for service termination or until the consigned contract is terminated

1. - Consignee : Daekyo Industry
2. - Details of consigned business : Hotel CCTV maintenance and management
3. - Use periods : Upon requests for service termination or until the consigned contract is terminated

1. - Consignee : Inter Major
2. - Details of consigned business : Homepage system development, repair and maintenance
3. - Use periods : Upon requests for service termination or until the consigned contract is terminated

Article 7 [Personal Information Discarding Procedures and Methods]

In principle, the company immediately discards the personal information once the goal of personal information and collection is achieved

1. * Discarding procedures and methods are shown as follows.

   1. - The personal information saved in electronic formats will be deleted using a technical method that makes sure it cannot be reversed.
   2. - The personal information printed on paper will be destroyed by using a destructor or incineration.

Article 8 [Rights to Users and Legal Representatives and How to Exercise Them]

Customers are allowed to peruse or correct the personal information registered. In case of perusal or correction of the personal information in ledger, make sure to contact the personal information manager or staff via paper, telephone or email. We will take necessary actions immediately. If you, customer demands a correction on errors in the personal information, the personal information will not be used or provided until a correction is completed.

1. * In case of being able to restrict perusal or correction on the personal information

   1. - In case that the person or third party’s life, body, property or rights are in significant danger
   2. - In case that the business of the service provider can be significantly interrupted
   3. - In case of violating the laws

Article 9 [How to Revoke Consent]

You can anytime revoke consent to the personal information collection, use or supply established through the membership signing. To revoke your consent, go to the homepage and 『LOGIN』 and then click 『MODIFY』 : 『WITHDRAW MEMBER』 or contact the personal information manager or staff via paper, telephone or email and so on. We will immediately take necessary actions including deletion of the personal information and etc.

Article 10 [Personal Information Protection for Kids Below Age of 14 Years Old]

The company does not collect the personal information of a kid below the age of 14 years old. But in case that it is necessary to collect the personal information of a kid below the age of 14 years old for some unavoidable reasons, the company will comply with the laws and postings.

Article 11 [Personal Information Auto Collection Device Installation and Operation and Its Rejection]

1. 1. To provide individual customized service to users, the company uses cookies to save and frequently retrieve the use information.

2. 2. Cookie refers to small size data sent to the web browser on the PC of users from the server(http) used for operation of the website and it is sometimes saved in the HD of the PC of users.

   1. - Goals of cookie use: To provide the customized service for users who visit the homepage, their personal information such as login ID, whether to check the ‘so not open for a day(pop-up); option and so on is automatically collected
   2. - Cookie installation/operation and rejection: At the top of web browser, select Tools > Internet Option > Personal Information and set the option to reject saving of cookies
   3. - If you reject saving of cookies, then there can be difficulties in using the customized services.

Article 12 [Behavioral Information Collection and Use]

For the site use analysis such as product/service development and customer analysis, the company collects and uses the online behavioral information. Behavioral information refers to the information about user's online activities that can be used to assess and analyze users’ interest, preference or tendency including their history of website visits, app use, and purchase and search and so on,

1. 1. Behavioral information item collected

   1. - Web/app service visit history, use records such as search/click, ads identifiers

2. 2. How to collect the behavioral information

   1. - Information collection tool is use for automatic collection and transmission of the information about main activities performed by users in the web/app

3. 3. Behavioral information recipient

   1. - Google, Kakao, logger, Naver, wider planet, Idea Key Co. Inter Major Co.

4. 4. Google, Kakao, logger, Naver, wider planet, Idea Key Co. Inter Major Co.

   1. - For use in the user analysis such as product/service development, statistic and customer analysis

5. 5. Behavioral information retention/use periods and how to handle the information afterward

   1. - Immediately deleted upon expiration of use periods or cookie deletion

6. 6. User’s control rights exercise methods

   1. - Customer can adjust the browser setting to reject cookie saving and so on to reject use.

      1. · Web browser

         1. Internet Explorer : Tool → Internet Option → Personal Information → Advanced → Disable Cookie Blocking and Processing
         2. Internet Explorer : Tool → Internet Option → Personal Information → Advanced → Disable Cookie Blocking and Processing

      2. · Smartphone

         1. Android phone : Setting → Personal Information Protection → Ads → Select or Deselect Personal Ads Optimization
         2. iPhone : Setting → Personal Information Protection → Ads → Restrict Ads Tracking

            (※ Depending on the version of OS, the method can differ slightly.)

7. 7. User damage relief methods inquiry from customers

   1. - Ads team, sales department : +82-2-526-9345

Article 13 [Technical and Systematic Management of Personal Information]

When handling the personal information, the company is seeking out technical and managerial measures as follows to secure the safety and prevent loss, theft, leakage, tampering, falsification or damage of the personal information.

1. ① Member’s password is encrypted before it is saved and managed, thus only the user knows it. Also, the user is the only one who can confirm or change the personal information.

2. ② Countermeasures against hacking and etc

   1. - The company is doing the best to prevent leakages or damage of the member's personal information due to hacking or PC viruses and so on
   2. - The company is using an intrusion blocking system to control unauthorized access from the outside

3. ③ Minimization and training of staff handling the personal information

   1. - The duties of handling the personal information is limited to only certain employees in charge and they are frequently trained to make sure that they always comply with the personal information handling policies

4. ④ The duties of handling the personal information is limited to only certain employees in charge and they are frequently trained to make sure that they always comply with the personal information handling policies

   1. - If the internal personal information protection organization discovers issues in personal information handling policy compliance by the staff, the company does the best to correct it immediately.
   2. - If the internal personal information protection organization discovers issues in personal information handling policy compliance by the staff, the company does the best to correct it immediately.

Article 14 [Personal Information Manager and Staff]

The company is comprehensively responsible for the business associated with personal information handling and designates the following personal information protection manager and department for the sake of complaint handling and damage relief of the information subject in relation to personal information handling.

Classification	Charge	Contac
Personal Information Protection Manager	CEO : Jin Jaeho	- Email: lsk1608@thek-hotel.co.kr - Phone: +82-2-526-9310 - Fax: +82-2-526-9397
Personal Information Protection Manager	Personal Information Protection Manager : Jang Ji Man	- Email: jangjm72@thek-hotel.co.kr - Phone: +82-2-526-9422 - Fax: +82-2-526-9444
Complaint Handling	Room team at sales department	- Phone: +82-2-571-8100

Article 15 [How to Relief Infringed Rights of Information Subjects]

While using the company’s service, users are welcome to report about any personal information related complaints to the personal information manager or department. The company will provide users with immediate and satisfactory answers regarding their complaints. In case that you need to report or discuss about other personal information infringement incidents, please contact the following organizations.

1. - KISA Personal Information Infringement Reporting Center (privacy.kisa.or.kr / 118)
2. - Personal Information Infringement Reporting Center (www.118.or.kr / 118)
3. - e-Privacy Committee (www.eprivacy.or.kr / +82-2-580-0533~4)
4. - Prosecutor’s Office: Advanced Crime Investigation Dept (www.spo.go.kr / +82-2-3480-2000)
5. - National Police Agency: Cyber Security Station (www.ctrc.go.kr / 182)

Article 16 [Ads Information Transmission]

1. 1. The-K Hotel Seoul does not transmit profit oriented ads information against the explicit expression of desire of customers to reject it

2. 2. In case that ads information is sent via emails and so on for online marketing such as product information, the-K Hotel Seoul shall take necessary actions to make sure customers can easily find it by using the email title or main body

   1. - email title : Indicate (ads) text and the tile of sender in the title.
   2. - email main body : Explicitly indicate the name, email address, tel and address of sender so that users can express their desire and reject receipt. Explicitly indicate methods for easily expressing desires and rejecting receipt
3. 3. Even in case of transmitting profit oriented ads information to customers who agreed to receive ads via fax/mobile phone SMS and so on apart from email addresses, make sure to take necessary actions such as indicating the name of sender.

Article 17 [Rights to Notify]

Article 17 [Rights to Notify]

1. - Personal information handling policy version number : 2.1
2. - Personal information handling policy change date : September 29, 2011
3. - Personal information handling policy change date : September 30, 2011
4. - Personal information handling policy change date : November 16, 2016
5. - Personal information handling policy change date : November 25, 2016
6. - Personal information handling policy change date : August 23, 2017
7. - Personal information handling policy change date : October 26, 2018
8. - Personal information handling policy change date : August 12, 2019
9. - Personal information handling policy change date : August 30, 2019
10. - Personal information handling policy change date : December 23, 2020 [Download previous version]
11. - Personal information handling policy change date : January 6, 2022 [Download previous version]
12. - Personal information handling policy change date : August 10, 2023 [Download previous version]
13. - Personal information handling policy change date : September 1, 2023 [Download previous version]

The abovementioned The-K Hotel Seoul’s personal information handling policy becomes effective starting on September 1, 2023.