Privacy Policy

  • Hanwha Hotels & Resorts (hereafter referred to as the Company) handles its customers' personal information with care and observes privacy-related laws including the Personal Information Protection Act and the Act on the Promotion of Information and Communications Network Utilization and Information Protection. This policy contains information about the handling of personal information. It is subject to change, according to the passing of new laws, amendment of existing laws and changes to Company's own management practices. The Company's privacy policy contains the following elements. 1. Items of personal information collected, as well as purpose of collection and use, and period of retention and use
    2. Retention of personal information for which the period of use has expired
    3. Procedures and methods of deleting personal information
    4. Provision of personal information to third parties
    5. Subcontracting the management of personal information
    6. Collection of the personal information of children aged below 14 years
    7. Rights and responsibilities of the owners of personal information, and how rights may be exercised
    8. Measures to ensure the security of personal information
    9. Gathering of opinion and handling of complaints
    10. Persons responsible for the protection of personal information
    11. Operation and management of video processing devices
    12. Changes to privacy policy

  • 1. Items of personal information collected, as well as purpose of collection and use, and period of retention and use

    The Company collects and uses the following items of personal information. Information collected may differ according to type of guest. When relevant laws mandate the retention of personal information, the Company will retain the information stipulated in said law(s) for the prescribed period of time.
    • 1) Personal information collected and used
      수집·이용하는 개인정보를 나타낸 표
      Category Information collected and used Purpose Period of retention
      and use
      Room
      guests      		 Mandatory Name, telephone number, email address, signature Provision of service Until membership is terminated or purpose of collection has been served
      Optional Date of birth, postal address, gender, nationality, payment information, passport number Delivery of notices, provision of anniversary services, money-changing service
      Fitness Club
      members      		 Mandatory Citizen’s registration number, gender, date of birth, telephone number, postal address Submission of name transfer to National Tax Service, gaining membership
      Optional Hobbies, place of work Customer management
      Wedding
      couples      		 Mandatory Name, telephone number, email address Reservations and events
      Optional Parents’ names, postal address Customer management
      Inquiry Mandatory Name, Gender, Email, mobile phone number To provide information and services regarding inquiry 3 months from date of the signing of this agreement
      Tour Concierge Mandatory Name, Gender, Email, mobile phone number, Dates of stay, Preferred tour schedule To provide information and services regarding inquiry
      Optional Nationality, Purpose of tour, Preferred means of transport, traveling with or without children provision of personalized service
      Feedback Mandatory Name, Gender, Email, mobile phone number, password To provide information and services regarding inquiry 3 years from date of the signing of this agreement
    • 2) Personal information collected automatically
      When applying for membership or verifying your identity on-line (through systems such as I-PIN or mobile phone ID verification), information such as gender, date of birth, service usage records, access logs, cookies, IP information and usage time records may be collected automatically. This can be prevented if users change their personal browser settings to forbid the use of cookies. (To access cookie settings, go to tools in your web browser > Internet options > Personal information > Advanced > Cookie authorization)
      ※ Cookies are small amounts of information sent by websites to a user's browser. They identify specific computers but not specific users.

  • 2. Retention of personal information for which the period of use has expired

    The Company deletes personal information without delay once the purpose for which it is used has been achieved. However, in cases where related laws in internal policies necessitate the retention of personal information for the following purposes, such as verifying relationships of obligation vis-a-vis rights of commerce, such information will be retained for the minimum legally stipulated time.
    Consumer protection laws regarding electronic commerce
    -Records of withdrawal from contracts of agreements: 5 years
    -Records of payments and supply of goods: 5 years
    -Records of consumer complaints or dispute settlement: 3 years
    Protection of Communications Secrets Act
    -Records of website visits: 3 months
    Commercial law
    -Statements or similar documents: 5 years

  • 3. Procedures and methods of deleting personal information

    After the purpose for which personal information was collected and used has been achieved, this information is deleted without delay, according to retention and use periods. Deletion methods are as follows.
    Personal information printed on paper: Shredded using a shredder
    Personal information stored in the form of electronic files: Permanently deleted using technology that prevents data recovery
    Information stored on a storage device such as HDD or USB: Completely physically destroyed

  • 4. Provision of personal information to third parties

    In principle, the Company hands personal information within the bounds of the purposes for which it is collected and used, and does not exceed these bounds or pass on information to third parties. However, personal information may be handled outside these bounds in the following exception circumstances.
    With the advance permission of the owner of the information
    When specific legal requirements make this inevitable
    When the owner of the information or her/his legally designated proxy is unable to express her/his opinion, or when advance permission cannot be obtained for reasons such as unknown postal address and it is deemed that measures must be taken in order to protect the life, physical wellbeing or assets of the owner of the information or a third party
     The Company shares personal information with the following parties, for purposes such as providing better service and customer convenience. However, advance permission is obtained from customers before their personal information is shared with these parties.

    개인정보의 제3자 제공에 관한 사항을 나타낸 표
    Recipient of
    information    		 Purpose of
    provision    		 Information provided Period of
    retention and use
    Hanwha General Insurance Filing insurance claims in case of accident Name, gender, age, telephone number, bank and account number (and scan of bank account book in cases where payments are made directly by insurance company) When agreement is withdrawn or purpose of information collection has been achieved

  • 5. Subcontracting the management of personal information


    In order to improve efficiency and provide optimized service, we outsource the handling of personal information to the following professional subcontractors.

    개인정보처리의 위탁에 관한 사항을 나타낸 표
    Subcontractor Work outsourced Period of
    retention and use
    Hanwha Systems Management of website and computing systems When agreement is withdrawn or purpose of information collection has been achieved
    Hanwha 63 City, Hanwha Estate Management of building access and CCTV
    Korea Information Credit card payment services
    Joeunnal Flower deliveries for Xystum florist
    Taihoinst POS, customer management system, maintenance
    KT Mail sending services

    When outsourcing the handling of personal information, the Company uses documents containing the following
    Prohibition of the use of personal information for any purpose than that of the outsourcing
    Technical and administrative measures for protecting personal information
    Safe management of personal information, as well as purpose and scope of outsourced work
    Restrictions on re-subcontracting work
    Measures for ensuring the safety of personal information
    Supervision, including inspections on the state of management of personal information retained as part of outsourced work
    Responsibility to provide compensation for damages incurred when the subcontractor fails to observe its responsibilities

  • 6. Rights and responsibilities of the owners of personal information, and how rights may be exercised

    Customers may view or correct their own personal information as held on records, at any time. This can be done directly on-line by clicking on “Change personal information” and “Amend member information” and confirming identity, or by a member of Company staff if requested by telephone. However, the Company may request that the customer fill out a personal information request form at such times.
    Requesting access to personal information
    A customers may request access to any of her/his personal information that is processed by the Company.
    The Company will allow the customer to access the personal information within 10 days of the customer's request. If there is a legitimate reason for this request to be denied, the customer may be notified of the reason and its viewing by the customer can be postponed; if this reason become no longer valid, the information will be made available to the customer without delay. The Company may notify the customer of the cause and restrict or deny access to information on either of the following grounds.
    ① When the law prohibits or restricts viewing
    ② If there is a risk of harming the life or physical wellbeing of another person or a possibility of unjustly infringing upon the property and other interests of another person.
    Requesting correction and deletion of personal information
    A customer may request the correction or deletion of personal information processed by the Company. However, if any law mandates the collection of this personal information, requests for its deletion cannot be accepted. When a customer requests correction or deletion of personal information, the Company shall take necessary measures without delay and notify the customer of the outcome, except when relevant laws stipulate a particular procedure. If necessary, the Company may require the customer to submit evidence required to confirm the necessity of correction or deletion. If a customer requests the correction of an error in personal information, it will not be used or externally released until the correction is complete. Moreover, if a customer's personal information has already been provided to a third party, we will notify said third party without delay of correction or deletion that has taken place. When the Company deletes personal information, appropriate measures are taken to prevent the related data from being recovered.
    Requesting the suspension of personal information handling
    A customer may request that the Company no longer handle her/his data.
    The Company shall suspend, partially or entirely, the handling of personal information immediately if the customer requests such action. However, the customer's request may be refused in the following circumstances. ① If compliance with statutory obligations prevents the suspension of personal information handling
    ② If not handling the personal information obstructs fulfillment of the contract with the owner of the information, or if the customer has not clearly stated her/his intention to terminate the contract.
    ③ When there is a risk of harming the life or physical wellbeing of another person, or a possibility of unjustly violating the property rights or other interests of another person.     The Company takes necessary measures such as the deletion of the personal information without delay in cases where personal information handling has been suspended in response to the request of the customer.
    Requesting the viewing, correction, deletion, or suspended handling of personal information
    If a customer wishes to request to view, correct, delete or suspend personal information, he/she must fill in a Personal Information Request Form and submit it to the individual responsible for data protection person, by email or facsimile.

  • 7. Measures to ensure the security of personal information

    The Company takes the following technical, administrative and physical measures to ensure the safety of customers in order to prevent personal information from being lost, stolen, leaked, altered or damaged. Devising and implementing of internal plans for safe processing of personal information
    Controlling access to personal information and restricting access rights
    Applying encryption technology, or taking equivalent measures, for the secure storage and transmission of personal information
    Taking measures to prevent the storage of access logs, in order to prevent violation of personal information or tampering
    Installing and regularly updating of personal information security programs
    Taking measures to provide physical protection, including the building of facilities for secure storage of personal information and installation of locking devices

  • 8. Gathering of opinion and handling of complaints

    In order to promote clear communication with customers, the Company operates a personal information advice point. If you have an inquiry, please contact us at the number below. We will endeavor to respond as soon as possible.

    의견수렴 및 불만 처리 연락처를 나타낸 표
    Category THE PLAZA
    Main telephone number 02.771.2200
    VOC www.hoteltheplaza.com

    Customers requiring advice regarding other violations of personal information, you may contact the Korea National Internet Development Agency's Personal Information Violation Notification Center or the National Police Agency's Cyber Terrorism Response Center.

    의견수렴 및 불만 처리 연락처를 나타낸 표
    Body Personal Information Violation Notification Center Cyber Terrorism Response Center
    Telephone number 118 182
    URL http://privacy.kisa.or.kr http://cyberbureau.police.go.kr

  • 9. Individuals in charge of protecting personal information

    In order to protect the personal information of customers and to handle complaints related to personal information, the Company places the following individuals in charge of personal information.

    개인정보보호 책임자에 관한 사항을 나타낸 표
    Category Individual in charge of personal information Personal information protection manager Person responsible for personal information protection
    Position/department Information Security Secretariat Information Security Secretariat Information Security Secretariat
    Name Seo Jungpyo Lee Jaeho Cho Sungwoo
    Email address hnrresortcpo@hanwha.com hnrresortcpo@hanwha.com csw2371@hanwha.com

  • 10. Changes to privacy policy

    This privacy policy was amended on Dec 1, 2021. When and if further changes (amendments, additions or deletions) are made in accordance with related laws or changes in hotel policy, these will be announced on website news pages or in pop-up windows. Date of announcement: Dec 1, 2021
    Date of implementation: Dec 1, 2021
See previous privacy policies