PRIVACY POLICY

Privacy Policy

Parnas Hotel Co., Ltd.(hereinafter the "Hotels") collects, retains, and processes personal information under the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

The Personal Information Protection Act sets forth the framework under which personal information is handled and managed, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. sets out the rules for the protection of personal information and creates a safe environment for information and communication service users. The Hotels will collect, retain, and process personal information in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. to provide services and protect the rights of the guests.

In addition, the Hotels respect and support the guests' rights to access, correct and remove their personal information, and stop its processing, and the users may raise legal claims in accordance with the Administrative Appeal Act in case of the violation of their rights under the Personal Information Protection Act.

This Privacy Policy is subject to change in accordance with the laws, guidelines and internal operation policy and details will be announced as required by the laws.

This Privacy Policy consists of the following:

  1. 1. Purpose of Processing Personal Information
  2. 2. Types of Personal Information
  3. 3. Processing & Retention Period
  4. 4. Third Party Disclosure
  5. 5. Outsourcing the Processing of Personal Information
  6. 6. Rights & Obligations of Information Owners and How to
    Exercise these Rights
  1. 7. Destruction of Personal Information
  2. 8. Security Measures
  3. 9. Installation and Operation of Automatic Personal Information Collection and Rights to Refuse
  4. 10. Personal Information Manager
  5. 11. Response to Infringement of Rights
  6. 12. Revision History
1. Purpose of Processing Personal Information

The Hotels do not use personal information for any purposes other than those described in this Privacy Policy. The Hotels do not collect personal information through online membership registration and operate any online membership programs on the website. In addition, the Hotels do not collect personal information of persons under 14 years of age. The Hotels process personal information strictly for the following purposes.

A. Web Membership Enrollment & Management
  • Online information service, reservations and shopping through the website
  • Securing communication channels for identification, order, shipping, cancelation and refund
B. Room Guest Information
  • Identification and confirmation of guests for their reservations
  • Communication including announcements and complaint handling
  • Compliance with the Tourism Promotion Act
C. Membership Management
  • Identification of members for membership services
  • Communication including announcements and complaint handling
  • Delivery of membership cards
  • Service customization
D. Service Offer
  • Identification of guests and execution of contract for providing accommodation, food, and beverage services, venues, and meeting/wedding services
  • Customer satisfaction survey
  • Service customization
E. Marketing & Advertisement
  • Development of new services and service customization
  • Promotion of new services and offers
  • Service delivery and advertisement based on statistical data
F. Employment & Job Experience Program
  • Job application, selection process, qualification review, test records of applicants, aptitude test, Q&A, etc.
  • Recruitment process
  • Application and selection of job experience programs, Q&A, etc.
G. Operate customer support or reporting window
  • Receive questions and provide answers on the use of the website or service
  • Operate a window to receive reports on our employees regarding unjust requests and provide updates on the case
2. Types of Personal Information

The Hotels collect the following personal information to provide hotel services while keeping the information collected to a minimum.

A. Web Member (confirmation required)
  • Required information: Name, email address, phone number, date of birth
  • Optional information: Address, gender, country
B. Room Guest Information
  • Required information: Name, date of birth, personally identifiable number (passport number), nationality, payment method
  • Optional information: Email address, address, company, city, zip code, telephone number, membership number
C. Membership Management
THE PARNAS
  • Required information: name (Korean/English), contact information (mobile phone/telephone), address (home/office), email address
  • Optional information: Gender, date of birth
IWC
  • Required information: Name (Korean/English), date of birth, mobile phone number, date of wedding, home address
  • Optional information: Email address
Fitness Club
  • Required information: Name, resident registration number (transferring membership), photo, contact information (mobile phone, home or office), address (home or office), email address (web membership only), company name (for corporate members), company registration number
  • Optional information: Gender, email address, company name, job title, wedding anniversary date, license plate number
D. Service Offer
Customer Satisfaction Survey
  • Required information: Name, email address, mobile phone number
  • Optional information: Date of birth, wedding anniversary date
Food & Beverage Service
  • Required information: Name, email address, mobile phone number
  • Optional information: Date of birth, wedding anniversary date
VOC
  • Required information: Name, email address, phone number
  • Optional information: Gender, address, company name
E. Recruitment & Job Experience Program
  • Required information: Photo, applied department and job experience, name (Korean, English), date of birth, telephone number, mobile phone number, email address, current address, educational background, training record, job experience, foreign language skills and certificate, military service records (if applicable), self-introduction
  • Optional information: Family relations, national veteran status and certification number, disability record, other information
  • Method of collection: Email address, job recruitment website
F. Provide customer support or reporting window
  • Required information: guest name, email address, contact information, mobile phone number
  • Optional information: details of inquiry
3. Processing & Retention Period
A. The Hotels store personal information for a certain period of time after the purpose of the collection has been fulfilled and destroy it according to the following schedule under their internal policies and applicable laws.
  • 1) General shipping information: Upon delivery of goods or services
  • 2) Information collected for promotional offers and other purposes: Upon completion of such promotional offers
    (unless stated otherwise when agreeing to the collection of personal information)
B. The Hotels store personal information if required by law as follows.
  • 1) Record of contract or withdrawal of subscription: 5 years
  • 2) Payment and supply of goods: 5 years
  • 3) Consumer complaint and dispute resolution: 3 years
  • Identification and preferences of guests for revisit and service customization: 5 years
C. Job application information
  • 1) Period of retention: 3 years
  • 2) Basis for retention: Internal policies and regulations (To prevent errors in the application process, personal information is destroyed at the time when the process finishes.)
4. Third Party Disclosure

The Hotels do not disclose personal information to third parties without the consent of the guests unless:

A. agreed otherwise by the guest in advance B. required by laws or investigators for the purpose of investigation
5. Outsourcing the Processing of Personal Information
A. The Hotels outsource the processing of personal information to the following third-party service providers:
Service Providers, Scope of Work, Period of Retention & Use
Service Providers Purpose of processing personal data Personal Data and Remarks Period of retention
Unies Outsourcing of room maintenance in room number, guest name, duration of stay (day of check-in and check-out) With the expiry of outsourcing contract
SAMKOO Inc. Outsourcing of room maintenance in Grand InterContinental Seoul Parnas room number, guest name, duration of stay (day of check-in and check-out) With the expiry of outsourcing contract
Manpower Korea Outsourcing of business center operation in Grand InterContinental Seoul Parnas room number, guest name, duration of stay (day of check-in and check-out) With the expiry of outsourcing contract
Hansung MS Outsourcing of parking lot management in guest name, vehicle no., phone number, car model With the expiry of outsourcing contract
Bpos Outsourcing of parking lot management in Grand InterContinental Seoul Parnas guest name, vehicle no., phone number, car model With the expiry of outsourcing contract
TCK Outsourcing of room Instant Service Center operation room number, guest name, phone number, duration of stay (day of check-in and check-out) With the expiry of outsourcing contract
Infinity Consulting Inc. Management of membership service, information services, shipping service and telemarketing service phone number, guest name, date of birth, e-mail address With the expiry of outsourcing contract
Hanju Holdings Management of list of guests who have refused further receipt of LMS messages phone numbers of guests who have requested to block 080 numbers With the expiry of outsourcing contract
Bluewave Co,.ltd Management of website membership service, information service, supporting marketing services for guests who have consented to use of personal information guest name, phone number, e-mail address With the expiry of outsourcing contract
SurveyMonkey Management of customer inquiry and feedback guest name, phone number, e-mail address With the expiry of outsourcing contract
GS ITM Operation and Maintenance of Computer System guest name, e-mail address, phone number, address With the expiry of outsourcing contract
BASIC9(GS ITM’S Re-consignment Company) Operation of guest management system guest name, e-mail address, phone number, address With the expiry of outsourcing contract
Grid System Maintenance of Database guest name, e-mail address, phone number, address With the expiry of outsourcing contract
KIS Information & Communication Processing of payment paying card number, date of payment 5 years
Samhwa Taxi Provision of rent-a-car service to hotel guests guest name, e-mail address, phone number, flight number With the expiry of outsourcing contract
NAAF media & design Receipt of SNS events or offline event winners' personal information and sending the winning prize collects guest name, mobile phone number With the expiry of outsourcing contract
KOREA INFORMATION & COMMUNICATIONS CO.LTD Processing of payment and sending vouchers via mobile phone messages paying card number, date of payment, mobile phone number Card number, date of payment : 3 months
mobile phone number : 5 years
S&I Corp. Issuance of pass cards for Parnas Tower guests, registering membership subscribing guests guest name, mobile phone number, e-mail address, date of birth, corporate name With the expiry of outsourcing contract
designwid Management of guests to Parnas Tower, occupants' guests and air conditioning and heating guest name, mobile phone number, corporate name With the expiry of outsourcing contract
Cody the Manager E-Registration, e-Housekeeping, outsourcing of booking engine (reservation system) room number, guest name, phone number, duration of stay (day of check-in and check-out), name, date of birth, email address, address With the expiry of outsourcing contract
B. The Hotels set forth the clear security guidelines and ensure their strict compliance for the protection of personal information and prohibition of unauthorized disclosure. The Hotels keep the contract in writing or electronic format. Any changes in service providers are announced through the Privacy Policy posted on the website.
6. Rights & Obligations of Information Owners and How to Exercise these Rights
A. As the owner of personal information, the guests can exercise the following rights.
  • 1) Request for access to personal information
    The guests can request access to their personal information under Article 35 (Access to Personal Information) of the Personal Information Protection Act.
    However, such request may be denied under Article 35-5 thereof if:
    • such access is prohibited or restricted under the law
    • such access may cause death or injuries, damage to personal property, or infringe the rights of others.
  • 2) Request for correction and removal of personal information
    The guests may request correction and removal of their personal information under Article 36 (Correction & Removal of Personal Information) of the Personal Information Protection Act unless required otherwise by law.
  • 3) Request for cessation of processing personal information
    The guests may request cessation of processing their personal information under Article 37 (Cessation of Processing Personal Information) of the Personal Information Protection Act unless required otherwise in accordance with Article 37-2 thereof if:
    • such cessation may result in violation of the law
    • such cessation may cause death or injuries, damage to personal property, or infringe the rights of others
    • such cessation may interrupt the delivery of service and performance of the contract and the guests fail to express their intention to terminate the contract.
B. If the guests request access, correction, or removal of personal information, or cessation of processing personal information by phone or email, then the Hotels will take necessary measures immediately after the proper identification process.
C. If the guests request correction of personal information, then the Hotels will not use or provide their personal information until it is corrected. In the event that the Hotels provide incorrect personal information to a third party, the Hotels will notify the party immediately to make sure that its correction is made.
D. The guests must keep their personal information updated and are responsible for any damage or loss caused by providing inaccurate personal information. Abusing or misusing other persons' personal information may result in the loss of membership or restrictions of using service.
E. The guests are responsible for protecting their own personal information and not infringing the rights of others. The guests must take necessary precautions to prevent their personal information from being compromised and not to abuse the information of others. Failure in fulfilling these responsibilities, infringing the rights of others, or providing false information may result in the loss of membership and prosecution under the law.
F. The Hotels operate the following support team to ensure smooth communication with the guests regarding their personal information.
  • Guest support team: IT Team
  • TEL: +82 2-559-7321
  • Address: Grand InterContinental Seoul Parnas, 521, Teheran-ro, Gangnam-gu, Seoul
  • Website: http://seoul.intercontinental.com > Service Center > VOC
7. Destruction of Personal Information
A. Process
  • The Hotels retain personal information for a set period of time and destroy it when the purpose of the collection is fulfilled in accordance with the internal policies and applicable laws. Upon expiry of retention period or fulfillment of the purpose of collection or any other cases where the retention of personal information is no longer required, the Hotels destroy personal information immediately.
  • In the event that other laws require that personal information be stored even after the retention period is expired or the purpose of collection is fulfilled, the Hotels transfer such personal information to a separate database or store it in a different place.
B. Method

Paper containing personal information is shredded or incinerated while electronic files are deleted beyond recovery.

8. Security Measures
A. Establishment and implementation of internal control plan

The internal control plan is established and implemented in accordance with the Internal Control Guidelines set by the Ministry of the Interior and Safety and training is conducted on a regular basis.

B. The manager handling personal information takes necessary security measures to minimize the access and conduct security training on a regular basis.
C. Restriction of access to personal information

The Hotels restrict the access to personal information by controlling the access to the database system and prevent any unauthorized access from outside using this security system.

D. Storage of access logs and prevention of its modification

The Hotels store and manage the record (e.g. web logs, summary) of accessing the personal information processing system for at least 6 months and take necessary security measures to prevent unauthorized modification, loss, and theft.

E. Encryption of personal information

Personal information is encrypted for storage and management. Important data is secured through encryption for storage and transmission.

F. Technological measures against hacking

The Hotels install, update, and inspect security software to protect personal information from hacking and computer viruses. The security system is installed in a secure place and protected technically and physically to prevent any unauthorized access.

G. Prevention of unauthorized access

The personal information system is located separately and protected with physical access control and procedures.

9. Installation and Operation of Automatic Personal Information Collection and Rights to Refuse
A. The Hotels use cookies to store and access the user information in order to provide personalized service for the users.
B. Cookies are small files which are sent by the website server(http) and stored on a user's PC hard disk drive.
  • Purpose of using cookies: to identify the user's pattern of accessing or using the service and website, popular search words and security access to provide personalized information
  • Installation, operation and refusal of cookies: users may disable cookies in Tools > Internet Option tab in the web browser.
C. The users may not be able to use personalized service if they disable cookies.
10. Personal Information Manager

For the protection of personal information and complaint handling, the Hotels have appointed the following managers.

  • A. Head of Personal Information Management: Han Man Hwan, Managing Director
  • B. Personal Information Manager: Kim Jung Jun, Deputy Manager (IT Team)
  • C. Personal Information Assistant Manager: Kim, Jae Gwon (IT Team)
11. Response to Infringement of Rights

The guests may request the settlement of dispute or consultation to the Personal Information Arbitration Committee and Personal Information Infringement Notification Center of Korea Internet Security Agency in addition to the following organizations:

A. Privacy Breach Report Center (operated by Korean Internet Security Agency)
  • Responsibilities: consultation and report privacy breaches
  • Website: privacy.kisa.or.kr
  • TEL: (without area code) 118
  • Address: Privacy Breach Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeonnam, 58324
B. Personal Information Arbitration Committee
  • Responsibilities: arbitration and group dispute resolution regarding personal information (civil resolution)
  • Website: www.kopico.go.kr
  • TEL: (without area code) 1833-6972
  • Address: 4F, Government Complex Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul, 03171
C. Cyber Criminal Investigation Team of Supreme Prosecutors Office: 02-3480-3573 (www.spo.go.kr)
D. Cyber Terror Response Center of National Police Agency: 182 (http://cyberbureau.police.go.kr)
12. Revision History

This Privacy Policy takes effect on the date of implementation.

  • A. Date of Announcement: January 25, 2023
  • B. Date of Implementation: February 01, 2023