PRIVACY POLICY

1. General Provision

2. Purpose of processing personal information

(1) Reservation via website, Registration to SOTETSU HOTELS

• ・Reservation via website, registration to SOTETSU HOTELS through dedicated application, delivering information forwarding services
• ・Securing communication channels for related services such as identification, cancellation, refund, etc.

(2) Room Accommodation Information

• ・Identification and verification of the person according to the room reservation.
• ・Securing smooth communication channel for the delivery of announcements, handling complaints, etc.
• ・Service delivery

(3) Employee Recruitment

• ・Support, selection, certificate verification, test performance verification of applicants, aptitude test, medical examination, answers, and guidance on inquiries from candidates for employment, etc.
• ・Process of staff recruitment.

3. Items and collection methods for processing personal information

(1) Reservations made through the website, membership in SOTETSU HOTELS.

• ・Required Items: Mail address, name, phone number, credit card information

(2) Room Accommodation Information

• ・Required Items: Name, phone number, date of birth, email address, gender, passport number, nationality, credit card information
• ・Optional: Workplace name

(3) Employee Recruitment

• ・Required Items: Photo, name, date of birth, phone number, email address, address, educational background, career, foreign language skills, military service, qualification, self-introduction, health information.

4. Duration of process and storage of personal information

• (1) Reservation made through the website and personal information on membership of SOTETSU HOTELS: 3 years
• (2) Personal information related to room accommodation: 3 years
• (3) Personal information collected at the time of recruitment: 6 months

① Records of withdrawal of contracts or subscriptions, etc.

• ・Retention period: 5 years
• ・Reasons for preservation: The Consumer Protection Act in Electronic Commerce, etc.

② Records of payment and supply of goods, etc.

• ・Retention period: 5 years
• ・Reasons for preservation: The Consumer Protection Act in Electronic Commerce, etc.

③ Records on the handling of consumer complaints or disputes.

• ・Retention period: 3 years
• ・Reasons for Preservation: The Consumer Protection Act in Electronic Commerce, etc.

④ Website visit history

• ・Retention period: 3 months
• ・Reason for Preservation: Communication Secret Protection Act

5. Access to personal information by the third party

(1) The company shall not provide personal information to any third party without the consent of the data subject.

However, exceptions are made in the following cases.

• ① Where the data subject agrees in advance
• ② Where there is a special provision in the Act

(2) With the consent of the data subject, the company provides personal information to third parties as follows.

6. Discard of personal information and its method

(1) Destruction procedure

If personal information becomes unnecessary, such as the lapse of the personal information retention period and the achievement of the processing purpose, the personal information shall be destroyed promptly. Personal information shall not be used for purposes other than those under the Act.

(2) Destruction method

Destroy personal information printed on paper through shredder or incineration, and delete personal information preserved in electronic file form using non-replayable technical methods.

7. Consignment of personal information processing work

8. Rights and obligations of data subject and legal representative & how to exercise it.

(1) Rights and obligations of data subjects

The data subject and his/her agent may exercise the following rights for personal information protection at any time in relation to the personal information of the data subject or the person under the age of 14 processed by the company.

• ① Request for the perusal of personal information
• ② Request for correction and deletion of personal information
• ③ Request for suspension of personal information processing
• ④ Request for withdrawal of consent for personal information

If there is a request for correction or deletion of personal information, such as an error in personal information from the data subject and its representative, the company shall not use or provide the relevant personal information until the correction or deletion is completed.

(2) How to request perusal, correction, deletion, suspension of processing, and withdrawal of consent of personal information

If the data subject or his/her agent intends to request perusal, correction or deletion of personal information, suspension of processing, or withdrawal of consent, please contact the person in charge of personal information protection by phone, email or fax. Upon receipt, we will respond to the request faithfully and deal with it immediately. In addition, where a request is made through an agent of the data subject (a court agent, a delegated person, etc.), a power of attorney under attached Form 11 shall be submitted.

9. Securement of personal information

(1) Formulation and implementation of an internal management plan for the safe processing of personal information

An internal management plan is prepared and managed for the safe processing and management of personal information. In addition, by restricting the person who processes personal information, we are implementing personal information management measures such as limiting the number of people who handle personal information and minimizing the number of people in charge.。

(2) Control of access to personal information and restrictions on access rights

By granting, altering, and erasing access to databases that process personal information, we take necessary steps to restrict access to personal information and use intrusion prevention systems to prevent hacking from outside.

(3) Measure of encryption technology that can safely store and transmit personal information or corresponding measures

Personal information is stored and managed encrypted, and it is managed safely by using separate security functions.

(4) Keeping access records and preventing forgery and tampering to cope with personal information infringement incidents

It keeps and manages access records to the personal information processing system for at least a year, so it uses security functions to prevent access records from being forged, tampered with, stolen, or lost.

(5) Installing and updating security programs for privacy

To prevent leakage, loss, or damage of personal information due to hacking or computer viruses, a security program is introduced to conduct regular updates and inspections. A system is installed in areas with limited access from outside to monitor and block technically.

(6) Physical measures, such as preparing storage facilities or installing locks for the safe storage of personal information

Documents containing personal information, auxiliary storage media, etc., are stored safely with locks.

10. Policy regarding install, operation, refuse of automated collection of personal information

(1) Purpose of use of cookies

It is used to provide optimized information to users by identifying the frequency of access, type of use, popular search terms, security access, etc.
The cookie information can identify the user's computer but not the user's individual.

(2) How to reject cookie settings

The user has the option of installing cookies. Therefore, by changing the options settings on the Tools>Internet Options menu at the top of your web browser, you can accept all cookies, display a warning when cookies are received or refuse to receive cookies.
However, if you refuse to receive cookies, you may not be able to use all or part of the services provided by the company on the website.

11. A person responsible for personal information & infringement of rights and its remedy

(1) Person in charge of personal information protection

To protect personal information and deal with complaints related to personal information, the company shall designate a person in charge of personal information protection and a person in charge as follows.

• ① Person in charge of personal information protection
  • ・Name: Yoshizawa Koji
  • ・Phone number: 02-2095-4950
  • ・Email address: yoshizawa_k@splaisir.com
• ② Person in charge of personal information protection
  • ・Department in charge: Management department
  • ・Name: Lee Hyeon-kwon
  • ・Phone number: 02-2198-1254
  • ・Email address: lee_hk@splaisir.com

(2) How to remedy infringement of rights and interests

To receive remedy for infringement of personal information, an information entity may apply for dispute resolution, counselling, etc., to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center. For other personal information infringement reports and counselling, please contact the institution below.

• ① Report Center for Personal Information Infringement (Operated by the Korea Internet Agency)
  • ・Jurisdiction: Report of infringement of personal information and application for counselling.
  • ・Home page: privacy.kisa.or.kr
  • ・Phone number: (without country number) 118
  • ・Address: (58324) 3rd-floor personal information infringement report center, Jinheung-Gil 9 (Bitgaram-dong 301-2), Naju-si, Jeollanam-do
• ② Personal Information Dispute Mediation Committee
  • ・Jurisdiction: Application for mediation of personal information disputes, mediation of collective disputes
  • ・Home page: www.kopico.go.kr
  • ・Phone number: (without country number) 1833-6972
  • ・Sddress: (03171) 4F, Sejong-daero 209, Jongno-gu, Seoul, Republic of Korea
• ③ Supreme Prosecutors' Office Cybercrime Investigation Unit.
  • ・Home page: www.spo.go.kr
  • ・Phone number: 02-3480-3573
• ④ Cyber Security Bureau of the National Police Agency
  • ・Home page: cyberbureau.police.go.kr
  • ・Phone number: (without country number) 182

12. Change in privacy policy