OneMoreTrip, an Internet service of the Seoul Tourism Organization, protects personal information and interests of the users in accordance with the Personal Information Protection Act. In order to facilitate the successful handling of users’ complaints in connection with personal information, the Seoul Tourism Organization ensures the following handling policy.
OneMoreTrip will make notifications through the website announcements (or separate notices) when making amendments to the personal information handling policy.
This policy shall be effective from August 31, 2018.
1. Purpose of Handling Personal Information
OneMoreTrip collects minimum personal information for the purposes of providing service and handling complaints, and carrying out businesses. All pieces of information are collected through the website. The processed personal information will not be used for any purpose other than the following purposes, and prior consent will be obtained in the event of any changes made to the purpose of the use.
- Personal information is processed for the purposes of providing recommended information such as events and products, providing opportunities for event participation, shipping prizes, identifying the frequency of access, or for the statistics on the use of service.
2. Processing and Retention Period of Personal Information
- a. User information
- Basis of retention: Collection and use of personal information via the information subject’s consent in accordance with Article 15 Paragraph (1) of the Personal Information Protection Act
- Retention period: Personal information shall be handled within the scope specified for the purposes of collection and use, and the retention period provided under the Personal Information Protection Act and related statutes shall be applied and performed mutatis mutandis.
- b. Record of service use
- History of service use, access logs, cookies, access IP information, recommended information, event applications, etc.
- Basis of retention: Preservation of records for dispute resolution
3. Matters Concerning Third-Party Provision of Personal Information
OneMoreTrip will provide personal information to third parties only if they are applicable under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the subject of information, and special provisions of law.
OneMoreTrip provides personal information to third parties as follows:
- Personal information recipient: Cream House Co., Ltd
- Purpose of use of the personal information of the recipient: record of service use, access logs, cookies, access IP information
- Period of retention and use of the recipient: Period of service provision (if needed to preserve in accordance with the relevant laws and regulations, and if prior consent has been acquired, the applicable period of retention)
4. Matters Concerning Consignment of the Personal Information Handling
- a. OneMoreTrip consigns the personal information handling tasks as follows to facilitate the personal information processing.
- Consignee (trustee): Cream House Co., Ltd
- Contents of the consigned tasks: Provision of service through the service use record, access logs, cookies, and access IP information
- Consignment period: Until the consignment agreement expires
- b. OneMoreTrip, at the time of signing the consignment contract, in accordance with Article 25 of the Personal Information Protection Act, specifies and documents matters concerning the prohibition of personal information processing, technical and administrative protection measures, restriction of reconsignment, management and supervision of the trustee, and liabilities such as indemnification for any purposes other than those of the consigned tasks, and supervises to ensure that the trustee safely handles the personal information.
- c. If the contents of the consigned tasks or if the trustee changes, we will make notices through this personal information handling policy. We will also obtain prior consent if and when necessary.
5. Rights, Obligations and Exercising Methods of the Legal Representative of the Information Subject
The users may exercise the following rights as the personal information subject.
- ① The information subject may exercise the rights related to the personal information protection under each of the subparagraphs against OneMoreTrip at any time.
- – Perusal request for personal information
- – If there is an error, request for correction
- – Request for deletion
- – Request to stop handling
- ② The exercise of the rights under Paragraph (1) can be made in writing, email, fax, etc. according to the attached Form No. 8 of the Enforcement Rules of the Personal Information Protection Act against OneMoreTrip, and OneMoreTrip will take actions without any delay.
- ③ When an information subject requests correction or deletion of the personal information, OneMoreTrip will not use or provide the applicable personal information until the correction or deletion is completed.
- ④ The exercise of rights under Paragraph (1) may be made through a legal representative of the information subject or a duly authorized agent. In this event, one shall submit a power of attorney according to the attached Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
6. Items of the Personal Information Handled
OneMoreTrip handles the following items of personal information.
- Required items: Record of service use, access logs, cookies, and access IP information
- Optional items: None
- ※ When applying for an event or participation, information may be received for the delivery of prizes.
7. Matters Concerning the Destruction of Personal Information
In principle, OneMoreTrip shall destroy personal information without any delay when and if the purposes of processing personal information have been achieved. However, personal information that shall be preserved in accordance with other laws and regulations shall not be destroyed. The procedures, deadlines and methods of the destruction are as follows.
- a. Destruction procedure
- The information entered by the users is transferred to a separate database after the achievement of the mentioned purposes (separate documents in the case of paper) and is stored for a certain period of time or immediately destroyed after a certain period of time according to the internal policies and other related laws. At this time, the personal information transferred to the database is not used for other purposes unless required by law.
- b. Period of destruction
- If the personal information of the users is past the retention period, the information shall be destroyed within 5 days from the date of expiration of the retention period, and if and when such personal information is no longer needed for reasons such as the achievement of the purposes of handing, abolition of the applicable service, or closure of business, the personal information shall be destroyed within 5 days from the date on which such handing is deemed unnecessary.
- c. Method of destruction
- Information in the form of electronic files shall be subjected to the use of technical methods by which one can not reproduce records. The personal information printed on paper shall be crushed by a crusher or destroyed by incineration.
8. Measures for Ensuring the Safety of Personal Information
OneMoreTrip, pursuant to Article 29 of the Personal Information Protection Act, takes technical, administrative and physical measures to ensure safety as follows.
- ① Minimization and training of staff responsible for handling personal informationEmployees who handle personal information are designated, and limited to the person in charge for minimization, and measures are taken to manage personal information.
- ② Technical measures against hackingOneMoreTrip installs a security program, periodically updates and checks, installs the system in an area restricting external access, and technically and physically monitors and blocks it to prevent personal information against leakage or damage by hacking or computer viruses.
- ③ Restriction of access to personal informationWe take necessary measures to control access to personal information through granting, modifying, and deleting the access rights to the database system that processes personal information, and also control unauthorized external access by using an intrusion blocking system.
- ④ Storage of access records and prevention of fabrication and forgeryWe maintain and manage the records of access to the personal information processing system for a minimum of 6 months and use the security function to prevent fabrication and forgery, theft and loss of the access records.
- ⑤ Access control against unauthorized personsWe have developed and operate a separate physical storage area for storing personal information and have access control procedures in place.
9. Personal Information Protection Manager
- ① OneMoreTrip is responsible for the handling of personal information, and has designated the persons responsible for personal information protection as follows for handing the complaints of the information subject related to the personal information processing and remedies.
- – Personal information protection manager: Seoul Tourism Organization
- – Contact person: Kwon Hyuk-Bin, Team Manager
- – Contact: 02-3788-0836
- – Personal information protection department: Tourism Business Team
- – Contact person: Kim Jung-Hyun, Assistant Manager
- – Contact information: 02-3788-0849
- ② While using OneMoreTrip’s service (or business), the information subject can inquire with the personal information protection manager and the responsible department for personal information protection related matters, complaints, and remedies. OneMoreTrip will respond to the inquiries made by the information subject without any delay.
10. Remedies for the Rights Infringement
- In order to seek remedies to the damages caused by personal information infringements, the personal information subject may apply for dispute resolution or consultation to the Personal Information Dispute Arbitration Committee or the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency.
- – Personal Information Dispute Arbitration Committee: 1833-6972 (www.kopico.go.kr)
- – Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
- – Supreme Prosecutors’ Office Cyber cid : (without area code) 1301, firstname.lastname@example.org, (www.spo.go.kr)
- – National Police Agency’s Cyber Security Bureau: (without area code) 182, (cyberbureau.police.go.kr)
- In addition, any person whose rights or interests have been infringed upon due to the disposition or omission of the head of a public institution concerning the request of the information subject such as on the perusal, correction, deletion, suspension of processing, etc., of personal information may request for an administrative judgment as provided by the Administrative Appeals Act.
- – Refer to the telephone number guidance of the Central Administrative Appeals Commission (www.simpan.go.kr).
11. Change of the Personal Information Handling Policy
- This Personal Information Handling Policy will be effective on the date of enforcement, and in the event of any additions, deletions or corrections of the changes made in accordance with statutes or policies, we will make notifications through public announcements at least 7 days before changes are made.