PRIVACY POLICY

Privacy Policy

Grand InterContinental Seoul Parnas and InterContinental Seoul COEX (hereinafter the "Hotels") collects, retains, and processes personal information under the Personal Information Protection Act. The Personal Information Protection Act sets forth the framework under which personal information is handled and managed. The Hotels will collect, retain, and process personal information in accordance with the act and protect the rights of the guests. In addition, the Hotels meet the guests' requests for access, correction, removal, and discontinuation of processing their personal information, and the users may raise legal claims to protect their rights under the Administrative Appeal Act. The Hotels established the following Privacy Policy to protect the rights and interests of the guests and handle their complaints. The Hotels also keep guests updated on any changes in the Privacy Policy by announcing such changes on the website or notifying them individually.

This Privacy Policy will be effective on January 1, 2018.

  1. 1. Purpose of Processing Personal Information
  2. 2. Types of Personal Information
  3. 3. Processing & Retention Period
  4. 4. Third Party Disclosure
  5. 5. Outsourcing the Processing of Personal Information
  6. 6. Rights & Obligations of Information Owners and How to
    Exercise these Rights
  1. 7. Destruction of Personal Information
  2. 8. Security Measures
  3. 9. Installation and Operation of Automatic Personal Information Collection and Rights to Refuse
  4. 10. Personal Information Manager
  5. 11. Response to Infringement of Rights
  6. 12. Revision History
1. Purpose of Processing Personal Information

The Hotels do not use personal information for any purposes other than those described in this Privacy Policy. The Hotels do not collect personal information through online membership registration and operate any online membership programs on the website. In addition, the Hotels do not collect personal information of persons under 14 years of age. The Hotels process personal information strictly for the following purposes.

A. Web Membership Enrollment & Management
  • Online information service, reservations and shopping through the website
  • Securing communication channels for identification, order, shipping, cancelation and refund
B. Room Guest Information
  • Identification and confirmation of guests for their reservations
  • Communication including announcements and complaint handling
  • Compliance with the Tourism Promotion Act
C. Membership Management
  • Identification of members for membership services
  • Communication including announcements and complaint handling
  • Delivery of membership cards
  • Service customization
D. Service Offer
  • Identification of guests and execution of contract for providing accommodation, food, and beverage services, venues, and meeting/wedding services
  • Customer satisfaction survey
  • Service customization
E. Marketing & Advertisement
  • Development of new services and service customization
  • Promotion of new services and offers
  • Service delivery and advertisement based on statistical data
F. Employment & Job Experience Program
  • Job application, selection process, qualification review, test records of applicants, aptitude test, Q&A, etc.
  • Recruitment process
  • Application and selection of job experience programs, Q&A, etc.
2. Types of Personal Information

The Hotels collect the following personal information to provide hotel services while keeping the information collected to a minimum.

A. Web Member (confirmation required)
  • Required information: Name, email address, phone number, date of birth
  • Optional information: Address, gender, country
B. Room Guest Information
  • Required information: Name, date of birth, personally identifiable number (passport number), nationality, payment method
  • Optional information: Email address, address, company, city, zip code, telephone number, membership number
C. Membership Management
I CHOICE
  • Required information: name (Korean/English), contact information (mobile phone/telephone), address (home/office)
  • Optional information: Gender, date of birth, email address
IWC
  • Required information: Name (Korean/English), date of birth, mobile phone number, date of wedding, home address
  • Optional information: Email address
SUMMIT
  • Required information: Name (Korean/English), company name, home address, contact information (mobile phone/telephone)
  • Optional information: Date of birth, gender, wedding anniversary date, birth date of spouse, email address, company name, office telephone, office fax, company address, job title.
Fitness Club
  • Required information: Name, resident registration number (transferring membership), photo, contact information (mobile phone, home or office), address (home or office), email address (web membership only), company name (for corporate members), company registration number
  • Optional information: Gender, email address, company name, job title, wedding anniversary date, license plate number
D. Service Offer
Customer Satisfaction Survey
  • Required information: Name, email address, mobile phone number
  • Optional information: Date of birth, wedding anniversary date
Food & Beverage Service
  • Required information: Name, email address, mobile phone number
  • Optional information: Date of birth, wedding anniversary date
VOC
  • Required information: Name, email address, phone number
  • Optional information: Gender, address, company name
E. Recruitment & Job Experience Program
  • Required information: Photo, applied department and job experience, name (Korean, English), date of birth, telephone number, mobile phone number, email address, current address, educational background, training record, job experience, foreign language skills and certificate, military service records (if applicable), self-introduction
  • Optional information: Family relations, national veteran status and certification number, disability record, other information
  • Method of collection: Email address, job recruitment website
3. Processing & Retention Period
A. The Hotels store personal information for a certain period of time after the purpose of the collection has been fulfilled and destroy it according to the following schedule under their internal policies and applicable laws.
  • 1) General shipping information: Upon delivery of goods or services
  • 2) Information collected for promotional offers and other purposes: Upon completion of such promotional offers
    (unless stated otherwise when agreeing to the collection of personal information)
B. The Hotels store personal information if required by law as follows.
  • 1) Record of contract or withdrawal of subscription: 5 years
  • 2) Payment and supply of goods: 5 years
  • 3) Consumer complaint and dispute resolution: 3 years
  • Identification and preferences of guests for revisit and service customization: 5 years
C. Job application information
  • 1) Period of retention: 3 years
  • 2) Basis for retention: Internal policies and regulations (To prevent errors in the application process, personal information is destroyed at the time when the process finishes.)
4. Third Party Disclosure

The Hotels do not disclose personal information to third parties without the consent of the guests unless:

A. agreed otherwise by the guest in advance B. required by laws or investigators for the purpose of investigation
5. Outsourcing the Processing of Personal Information
A. The Hotels outsource the processing of personal information to the following third-party service providers:
Service Providers, Scope of Work, Period of Retention & Use
Service Providers Scope of Work Period of Retention & Use
Doing C&S, Hansung MS Room management Until the purpose of processing is achieved or the contract expires
IPSOS (by IHG) Survey on the satisfaction of guests and IHG membership
JY Marketing Membership management, information communication, shipping and telemarketing
Dain Manpower Inc., NCTAS, Jinmyung, TCK Hotel operations
Lotte Rental Airport transportation service for hotel guests
Hanju Holdings Marketing message service
GS Park 24, NCTAS Auto parking information
TCK Korea Response to call inquiries
Naafmedia Parnas Mall promotional event (selection of prize winners)
Sanha Information Technology, Oracle, Creavision INT, Solutek System, Daekyo CNS, Do It System, Wiz Group Building and maintenance of computer systems
B. The Hotels set forth the clear security guidelines and ensure their strict compliance for the protection of personal information and prohibition of unauthorized disclosure. The Hotels keep the contract in writing or electronic format. Any changes in service providers are announced through the Privacy Policy posted on the website.
6. Rights & Obligations of Information Owners and How to Exercise these Rights
A. As the owner of personal information, the guests can exercise the following rights.
  • 1) Request for access to personal information
    The guests can request access to their personal information under Article 35 (Access to Personal Information) of the Personal Information Protection Act.
    However, such request may be denied under Article 35-5 thereof if:
    • such access is prohibited or restricted under the law
    • such access may cause death or injuries, damage to personal property, or infringe the rights of others.
  • 2) Request for correction and removal of personal information
    The guests may request correction and removal of their personal information under Article 36 (Correction & Removal of Personal Information) of the Personal Information Protection Act unless required otherwise by law.
  • 3) Request for cessation of processing personal information
    The guests may request cessation of processing their personal information under Article 37 (Cessation of Processing Personal Information) of the Personal Information Protection Act unless required otherwise in accordance with Article 37-2 thereof if:
    • such cessation may result in violation of the law
    • such cessation may cause death or injuries, damage to personal property, or infringe the rights of others
    • such cessation may interrupt the delivery of service and performance of the contract and the guests fail to express their intention to terminate the contract.
B. If the guests request access, correction, or removal of personal information, or cessation of processing personal information by phone or email, then the Hotels will take necessary measures immediately after the proper identification process.
C. If the guests request correction of personal information, then the Hotels will not use or provide their personal information until it is corrected. In the event that the Hotels provide incorrect personal information to a third party, the Hotels will notify the party immediately to make sure that its correction is made.
D. The guests must keep their personal information updated and are responsible for any damage or loss caused by providing inaccurate personal information. Abusing or misusing other persons' personal information may result in the loss of membership or restrictions of using service.
E. The guests are responsible for protecting their own personal information and not infringing the rights of others. The guests must take necessary precautions to prevent their personal information from being compromised and not to abuse the information of others. Failure in fulfilling these responsibilities, infringing the rights of others, or providing false information may result in the loss of membership and prosecution under the law.
F. The Hotels operate the following support team to ensure smooth communication with the guests regarding their personal information.
  • Guest support team: IT Team
  • TEL: +82 2-559-7321
  • Address: Grand InterContinental Seoul Parnas, 521, Teheran-ro, Gangnam-gu, Seoul
  • Website: http://seoul.intercontinental.com > Service Center > VOC
7. Destruction of Personal Information
A. Process
  • The Hotels retain personal information for a set period of time and destroy it when the purpose of the collection is fulfilled in accordance with the internal policies and applicable laws. Upon expiry of retention period or fulfillment of the purpose of collection or any other cases where the retention of personal information is no longer required, the Hotels destroy personal information immediately.
  • In the event that other laws require that personal information be stored even after the retention period is expired or the purpose of collection is fulfilled, the Hotels transfer such personal information to a separate database or store it in a different place.
B. Method

Paper containing personal information is shredded or incinerated while electronic files are deleted beyond recovery.

8. Security Measures
A. Establishment and implementation of internal control plan

The internal control plan is established and implemented in accordance with the Internal Control Guidelines set by the Ministry of the Interior and Safety and training is conducted on a regular basis.

B. The manager handling personal information takes necessary security measures to minimize the access and conduct security training on a regular basis.
C. Restriction of access to personal information

The Hotels restrict the access to personal information by controlling the access to the database system and prevent any unauthorized access from outside using this security system.

D. Storage of access logs and prevention of its modification

The Hotels store and manage the record (e.g. web logs, summary) of accessing the personal information processing system for at least 6 months and take necessary security measures to prevent unauthorized modification, loss, and theft.

E. Encryption of personal information

Personal information is encrypted for storage and management. Important data is secured through encryption for storage and transmission.

F. Technological measures against hacking

The Hotels install, update, and inspect security software to protect personal information from hacking and computer viruses. The security system is installed in a secure place and protected technically and physically to prevent any unauthorized access.

G. Prevention of unauthorized access

The personal information system is located separately and protected with physical access control and procedures.

9. Installation and Operation of Automatic Personal Information Collection and Rights to Refuse
A. The Hotels use cookies to store and access the user information in order to provide personalized service for the users.
B. Cookies are small files which are sent by the website server(http) and stored on a user's PC hard disk drive.
  • Purpose of using cookies: to identify the user's pattern of accessing or using the service and website, popular search words and security access to provide personalized information
  • Installation, operation and refusal of cookies: users may disable cookies in Tools > Internet Option tab in the web browser.
C. The users may not be able to use personalized service if they disable cookies.
10. Personal Information Manager

For the protection of personal information and complaint handling, the Hotels have appointed the following managers.

  • A. Head of Personal Information Management: Kim Ju-seong, Managing Director
  • B. Personal Information Manager: Kim Jung Jun, Deputy Manager (IT Team)
  • C. Personal Information Assistant Manager: Park Dae Jin, Manager (IT Team) Contact Info. +82 2-559-7321
11. Response to Infringement of Rights

The guests may request the settlement of dispute or consultation to the Personal Information Arbitration Committee and Personal Information Infringement Notification Center of Korea Internet Security Agency in addition to the following organizations:

A. Privacy Breach Report Center (operated by Korean Internet Security Agency)
  • Responsibilities: consultation and report privacy breaches
  • Website: privacy.kisa.or.kr
  • TEL: (without area code) 118
  • Address: Privacy Breach Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeonnam, 58324
B. Personal Information Arbitration Committee
  • Responsibilities: arbitration and group dispute resolution regarding personal information (civil resolution)
  • Website: www.kopico.go.kr
  • TEL: (without area code) 1833-6972
  • Address: 4F, Government Complex Seoul, 209, Sejongdae-ro, Jongno-gu, Seoul, 03171
C. Cyber Criminal Investigation Team of Supreme Prosecutors Office: 02-3480-3573 (www.spo.go.kr)
D. Cyber Terror Response Center of National Police Agency: 182 (http://cyberbureau.police.go.kr)
12. Revision History

This Privacy Policy takes effect on the date of implementation.

  • A. Date of Announcement: January 18, 2018
  • B. Date of Implementation: January 18, 2018