Privacy Policy

  • Hanwha Hotels & Resorts (hereafter referred to as the Company) handles its customers' personal information with care and observes privacy-related laws including the Personal Information Protection Act and the Act on the Promotion of Information and Communications Network Utilization and Information Protection. This policy contains information about the handling of personal information. It is subject to change, according to the passing of new laws, amendment of existing laws and changes to Company's own management practices.
  • Indication of Major Personal Information (Labeling)

    ※ For more information, please check the full statement of Privacy Policy below.

  • The Company's privacy policy contains the following elements.
    1. Items of personal information collected, as well as
    purpose of collection and use, and period of retention and use
    개인정보 개인정보(여권번호) 개인정보(결제정보) 개인정보의 처리 항목 개인정보의 처리 목적 개인정보의 보유 기간
    The Company collects and uses the following items of personal information. Information collected may differ according to type of guest. When relevant laws mandate the retention of personal information, the Company will retain the information stipulated in said law(s) for the prescribed period of time.
    • 1) Personal information collected and used
      수집·이용하는 개인정보를 나타낸 표
      Category Information collected and used Purpose Period of retention
      and use
      Mandatory Name, telephone number, email address, signature Provision of service Until membership is terminated or purpose of collection has been served
      Optional Date of birth, postal address, gender, nationality, payment information, passport number Delivery of notices, provision of anniversary services, money-changing service
      Fitness Club
      Mandatory Name, date of birth, telephone number, postal address Gaining membership
      Optional Hobbies, place of work Customer management
      Mandatory Name, telephone number, email address Reservations and events
      Optional Parents’ names, postal address Customer management
      Inquiry Mandatory Name, Gender, Email, mobile phone number To provide information and services regarding inquiry 3 months from date of the signing of this agreement
      Tour Concierge Mandatory Name, Gender, Email, mobile phone number, Dates of stay, Preferred tour schedule To provide information and services regarding inquiry
      Optional Nationality, Purpose of tour, Preferred means of transport, traveling with or without children provision of personalized service
      Feedback Mandatory Name, Gender, Email, mobile phone number, password To provide information and services regarding inquiry 3 years from date of the signing of this agreement
    • 2) Personal information collected automatically
      When applying for membership or verifying your identity on-line (through systems such as I-PIN or mobile phone ID verification), information such as gender, date of birth, service usage records, access logs, cookies, IP information and usage time records may be collected automatically. This can be prevented if users change their personal browser settings to forbid the use of cookies. (To access cookie settings, go to tools in your web browser > Internet options > Personal information > Advanced > Cookie authorization)
      ※ Cookies are small amounts of information sent by websites to a user's browser. They identify specific computers but not specific users.
    2. Retention of personal information
    for which the period of use has expired
    개인정보의 보유 기간
    The Company deletes personal information without delay once the purpose for which it is used has been achieved. However, in cases where related laws in internal policies necessitate the retention of personal information for the following purposes, such as verifying relationships of obligation vis-a-vis rights of commerce, such information will be retained for the minimum legally stipulated time.
    Consumer protection laws regarding electronic commerce
    -Records of withdrawal from contracts of agreements: 5 years
    -Records of payments and supply of goods: 5 years
    -Records of consumer complaints or dispute settlement: 3 years

    Protection of Communications Secrets Act
    -Records of website visits: 3 months

    Commercial law
    -Statements or similar documents: 5 years
    3. Procedures and methods of deleting personal information 개인정보의 파기
    After the purpose for which personal information was collected and used has been achieved, this information is deleted without delay, according to retention and use periods. Deletion methods are as follows.
    Personal information printed on paper: Shredded using a shredder
    Personal information stored in the form of electronic files: Permanently deleted using technology that prevents data recovery
    Information stored on a storage device such as HDD or USB: Completely physically destroyed
    4. Provision of personal information to third parties 개인정보의 제3자 제공
    In principle, the Company hands personal information within the bounds of the purposes for which it is collected and used, and does not exceed these bounds or pass on information to third parties. However, personal information may be handled outside these bounds in the following exception circumstances.
    With the advance permission of the owner of the information
    When specific legal requirements make this inevitable
    When the owner of the information or her/his legally designated proxy is unable to express her/his opinion, or when advance permission cannot be obtained for reasons such as unknown postal address and it is deemed that measures must be taken in order to protect the life, physical wellbeing or assets of the owner of the information or a third party
    The Company shares personal information with the following parties, for purposes such as providing better service and customer convenience. However, advance permission is obtained from customers before their personal information is shared with these parties.

    개인정보의 제3자 제공에 관한 사항을 나타낸 표
    Recipient of
    Purpose of
    Information provided Period of
    retention and use
    Hanwha General Insurance Filing insurance claims in case of accident Name, gender, age, telephone number, bank and account number (and scan of bank account book in cases where payments are made directly by insurance company) When agreement is withdrawn or purpose of information collection has been achieved
    5. Subcontracting the management of personal information 개인정보 처리 업무의 위탁
    In order to improve efficiency and provide optimized service, we outsource the handling of personal information to the following professional subcontractors.

    개인정보처리의 위탁에 관한 사항을 나타낸 표
    Subcontractor Work outsourced Period of
    retention and use
    Hanwha Systems
    (Re-commission: XT)
    Management of computing systems
    (Re-commission: Management of website)
    When agreement is withdrawn or purpose of information collection has been achieved
    Hanwha 63 City Management of building access and CCTV
    Korea Information Credit card payment services
    Joeunnal Flower deliveries for Xystum florist
    Sogomsoft POS, customer management system, maintenance
    KT Mail sending services

    When outsourcing the handling of personal information, the Company uses documents containing the following
    Prohibition of the use of personal information for any purpose than that of the outsourcing
    Technical and administrative measures for protecting personal information
    Safe management of personal information, as well as purpose and scope of outsourced work
    Restrictions on re-subcontracting work
    Measures for ensuring the safety of personal information
    Supervision, including inspections on the state of management of personal information retained as part of outsourced work
    Responsibility to provide compensation for damages incurred when the subcontractor fails to observe its responsibilities
    6. Collection and Use of Behavioral Information 행태정보의 수집
    The company collects and uses behavioral information in order to provide optimized and customized services and benefits to customers based on behavioral information such as website visit records.

    행태정보 수집∙이용에 관한 사항을 나태낸 표
    Category Information
    Behavioral information items collected Automatically generated information such as the user's website visit history, log records, product selection information, and internal search information
    Method of collecting behavioral information Automatic collection through membership registration and login on the web
    Purpose of collecting behavioral information To analyze the website visitors to evaluate users' tastes and areas of interest and use them for target marketing and possible product planning.
    Retention and use period of behavioral information and method of subsequent information processing Log records such as web site visit history, search history, etc.
    : When service is terminated

    * Immediately destroyed upon expiration of the retention and use period.
    Method of exercising user control 1. Web browser
    1) Safari: Preferences menu → Privacy tab → Cookie and website data level settings
    2) Chrome:
    Customization and control → Settings → Show advanced settings → Privacy → Content settings
    3) Edge: Tools → Settings → Cookies and site permissions

    2. Smartphone
    1) Android: Settings → Google → Advertising → Ads personalization ON/OFF
    2) IOS: Settings → Privacy → Advertising → Ad tracking limit ON/OFF
    Method of user damage relief * Relevant department: The Plaza Marketing Team
    * E-mail:
    7. Collection of Personal Information of Children Under the Age of 14 법정대리인의 권리와 의무
    When collecting personal information of children under the age of 14, we obtain the consent of the legal representative. In order to obtain such consent, we may collect from the child the name and contact information of the legal representative. However, the legal representative’s personal information collected is used only for the purpose of obtaining consent to the collection of the child’s personal information, and if consent is not given within 5 days, the former is automatically destroyed.
    8. Rights and responsibilities of the owners of personal information,
    and how rights may be exercised
    정보주체의 권리
    Customers may view or correct their own personal information as held on records, at any time. This can be done directly on-line by clicking on “Change personal information” and “Amend member information” and confirming identity, or by a member of Company staff if requested by telephone. However, the Company may request that the customer fill out a personal information request form at such times.
    Requesting access to personal information
    A customers may request access to any of her/his personal information that is processed by the Company.
    The Company will allow the customer to access the personal information within 10 days of the customer's request. If there is a legitimate reason for this request to be denied, the customer may be notified of the reason and its viewing by the customer can be postponed; if this reason become no longer valid, the information will be made available to the customer without delay. The Company may notify the customer of the cause and restrict or deny access to information on either of the following grounds.
    ① When the law prohibits or restricts viewing
    ② If there is a risk of harming the life or physical wellbeing of another person or a possibility of unjustly infringing upon the property and other interests of another person.
    Requesting correction and deletion of personal information
    A customer may request the correction or deletion of personal information processed by the Company. However, if any law mandates the collection of this personal information, requests for its deletion cannot be accepted. When a customer requests correction or deletion of personal information, the Company shall take necessary measures without delay and notify the customer of the outcome, except when relevant laws stipulate a particular procedure. If necessary, the Company may require the customer to submit evidence required to confirm the necessity of correction or deletion. If a customer requests the correction of an error in personal information, it will not be used or externally released until the correction is complete. Moreover, if a customer's personal information has already been provided to a third party, we will notify said third party without delay of correction or deletion that has taken place. When the Company deletes personal information, appropriate measures are taken to prevent the related data from being recovered.
    Requesting the suspension of personal information handling
    A customer may request that the Company no longer handle her/his data.
    The Company shall suspend, partially or entirely, the handling of personal information immediately if the customer requests such action. However, the customer's request may be refused in the following circumstances. ① If compliance with statutory obligations prevents the suspension of personal information handling
    ② If not handling the personal information obstructs fulfillment of the contract with the owner of the information, or if the customer has not clearly stated her/his intention to terminate the contract.
    ③ When there is a risk of harming the life or physical wellbeing of another person, or a possibility of unjustly violating the property rights or other interests of another person.
    The Company takes necessary measures such as the deletion of the personal information without delay in cases where personal information handling has been suspended in response to the request of the customer.
    Requesting the viewing, correction, deletion, or suspended handling of personal information
    If a customer wishes to request to view, correct, delete or suspend personal information, he/she must fill in a Personal Information Request Form and submit it to the individual responsible for data protection person, by email or facsimile.
    9. Measures to ensure the security of personal information 안전성 확보조치 사항
    The Company takes the following technical, administrative and physical measures to ensure the safety of customers in order to prevent personal information from being lost, stolen, leaked, altered or damaged. Devising and implementing of internal plans for safe processing of personal information
    Controlling access to personal information and restricting access rights
    Applying encryption technology, or taking equivalent measures, for the secure storage and transmission of personal information
    Taking measures to prevent the storage of access logs, in order to prevent violation of personal information or tampering
    Installing and regularly updating of personal information security programs
    Taking measures to provide physical protection, including the building of facilities for secure storage of personal information and installation of locking devices
    10. Gathering of opinion and handling of complaints 고충사항 처리 부서
    In order to promote clear communication with customers, the Company operates a personal information advice point. If you have an inquiry, please contact us at the number below. We will endeavor to respond as soon as possible.

    의견수렴 및 불만 처리 연락처를 나타낸 표
    Category THE PLAZA
    Main telephone number 02.771.2200

    Customers requiring advice regarding other violations of personal information, you may contact the Korea National Internet Development Agency's Personal Information Violation Notification Center or the National Police Agency's Cyber Terrorism Response Center.

    의견수렴 및 불만 처리 연락처를 나타낸 표
    Body Personal Information Violation Notification Center Cyber Terrorism Response Center
    Telephone number 1833-6972 182
    11. Persons responsible for the protection of personal information 개인정보 보호책임자 지정 및 현황
    In order to protect the personal information of customers and to handle complaints related to personal information, the Company places the following individuals in charge of personal information.

    개인정보보호 책임자에 관한 사항을 나타낸 표
    Category Individual in charge of personal information Personal information protection manager Person responsible for personal information protection
    Position/department Office of Information Security Office of Information Security Office of Information Security
    Name Lee Jaeho Kim Youngsoo Park Jihyun
    Email address
    12. Changes to privacy policy 처리방침의 변경
    This privacy policy was amended on February 2, 2024. When and if further changes (amendments, additions or deletions) are made in accordance with related laws or changes in hotel policy, these will be announced on website news pages or in pop-up windows. Date of announcement: January 26, 2024
    Date of implementation: February 2, 2024