Personal Information Treatment Policy
(2017.06.28~2018.4.8 )
Grand Korea Leisure Co., Ltd. complies with the privacy protection regulations of relevant legislations such as the privacy protection act, and its privacy policy is as follows.
Article 1. (Purpose of Personal Information Handling)The personal information is handled for the following purpose. The handled personal information is used for any purpose other than the following, and when the purpose of use is to be changed, prior consent shall be requested.
- ① The personal information is handled for purposes such as website subscription, management, confirmation of intent to subscribe, identification and authentication according to the subscription service provision, membership maintenance and management, and identity confirmation according to the enforcement of limited identity confirmation system.
- ② The personal information is handled for purposes of identity confirmation for petition handling, petition check, communication/notice for fact-finding, notification of handling results and such.
- ③ ③ The purpose of handling personal information registered/published by Grand Korea Leisure Co., Ltd. according to Article 32 of the privacy protection act is as follows.
| NO | Personal information file | Basis of operation | Handling purpose |
|---|---|---|---|
| 1 | 7luck website membership information | Consent by the information subject | Terms of use and information subject consent/membership management |
| 2 | Grand Korea Leisure Website (regarding hiring) | Consent by the information subject | Hiring-related information handling petition task handling |
| 3 | Use for registration, entry history management, sales activity of foreigner casino users | Article 29 of the tourism promotion act (requirements for casino user) | Foreigner casino entry management, customer management |
※For more details on the publication of personal information file registry by Grand Korea Leisure Co., Ltd., please go to Ministry of Government Administration and Home Affairs Privacy Protection Portal (www.privacy.go.kr) → privacy petition → request for privacy browsing and such → privacy file list search menu.
Article 2. (Personal Information Handling and Possession Period)- ①Grand Korea Leisure Co., Ltd. handles/possesses personal information within the period of possession/use of personal information according to the legislations or the period for possession/use of personal information consented upon collecting the personal information from the information subject.
- ②The respective personal information handling and possession period is as follows.
| NO | Personal information file | Basis of operation | Possession period (upon achieving the purpose) |
|---|---|---|---|
| 1 | 7luck website membership information | Consent by the information subject | Semi-permanent (Immediately deleted upon membership withdrawal) |
| 2 | Grand Korea Leisure website (regarding hiring) | Consent by the information subject | Immediately deleted upon hiring completion |
| 3 | Use for registration, entry history management, sales activity of foreigner casino users | Article 29 of the tourism promotion act (requirements for casino user) | 10 years from the final transaction date (however, upon the delete request by the subject, it is immediately deleted and handled to prevent use in any other way unless a related legislation requires the storage of the corresponding information |
The personal information is provided to the following institutions and parties, and the purpose and scope of the provision are as follows.
- ①Grand Korea Leisure Co., Ltd. provides the personal information to a third party only if it is applicable to Article 17 and Article 18 of the privacy protection act such as special stipulations in legislations or the consent of the information subject.
- ②Grand Korea Leisure Co., Ltd. allows for the institution storing the personal information file can browse the personal information of the petitioner in order to handle the personal information browsing, modifying/deleting, handling suspension request and such.
- ③"Personal information browsing, modifying/deleting, handling suspension request user information"
-The personal information is provided to the public institution the petitioner requested, and is possessed and used until the handling of the received petition is completed.
The matters subject to personal information handling consignment are as follows.
| NO | Consigned business | Consignment period | Address | Tel. | Consigned task |
|---|---|---|---|---|---|
| 1 | Ringnet Co., Ltd. | ‘16/4/12 ~ ‘18/4/11 |
306, Digital-ro, Guro-gu, Seoul (Guro-dong, DaeRungPost Tower II 4F) | 02-6675-1500 | Information system integration and operation management (including institution and marketing website) |
| 2 | Lotte Tour Development Co., Ltd. | ‘17/1/1 ~ ‘18/12/31 |
149, Sejong-daero, Jongno-gu, Seoul (Sejong-ro) | 02-2075-3847 | Information query upon customer airline ticket reservation |
- ①Grand Korea Leisure Co., Ltd. specifies, on documents such as agreements, the matters regarding prohibition of personal information handling outside the purpose of the consigned task, technical/managerial protection measure, re-consignment restriction, management/supervision of consignee, indemnities and such responsibilities, and supervises that the personal information is safely handled by the consignee.
- ②Upon changes to the details of consigned task or consignee, such matters shall be, without delay, published through this privacy policy.
- ①The information subject (refers to the legal guardian if the subject is under 14 years of age) may exercise, at all times, the rights such as personal information browsing, modifying, deleting, handling suspension request and such.
- ②The exercise of the rights as in Clause 1 may be achieved through preparation according to format of Appendix No. 8 of the privacy protection act enforcement regulations, and then through written letter, e-mail, or FAX, and such shall be handled without delay.
- ③The exercise of the rights according to Clause 1 may be achieved through delegates such as the legal guardian or attorney of the information subject. In such case, the power of attorney according to the format of Appendix No. 11 of the privacy protection act enforcement regulations must be submitted.
- ④Regarding the personal information browsing and handling suspension request, the rights of the information subject may be restricted according to Article 35 Clause 5 and Article 37 Clause 2 of the privacy protection act.
- ⑤The personal information modifying or deleting request cannot be made in case the corresponding personal information is specified to be subject to collection in other legislations.
- ⑥Upon the browsing request, modifying/deleting request, and handling suspension request according to the rights of the information subject, the identity of the person making the request is confirmed to be the person himself/herself or an entitled delegate.
- *”Privacy protection act enforcement regulation appendix no. 8” personal information (browsing, modifying/deleting, handling suspension) request
- *”Privacy protection act enforcement regulation appendix no. 11” power of attorney
The following personal information items are handled.
| NO | Personal information file | Items of personal information recorded on the personal information file |
|---|---|---|
| 1 | 7luck website membership information |
*Required: name, e-mail
*Optional: nationality, gender, birthdate, membership card number |
| 2 | Grand Korea Leisure website (regarding hiring) |
*Required: name, e-mail, telephone number (landline/mobile), photo, address, nationality, residing country, alma mater, academic history, major, career history (experienced hire), military service (reason for non-fulfillment in case of non-fulfillment), veteran matters (including the veteran number in case of a veteran subject), i-pin unique ID code
*Optional: career history (new hire), qualifications, language proficiency, award history |
| 3 | Use for registration, entry history management, sales activity of foreigner casino users | Name, birthdate, passport number, alien registration number, nationality, gender, age, address |
①Grand Korea Leisure Co., Ltd., in principle, destroys the corresponding personal information without delay in case the purpose of the personal information handling has been achieved. However, such is not the case if it needs to be preserved according to other legislations. The procedure, timeline, and method of destruction are as follows.
- A. Destruction procedure
The unnecessary personal information and personal information file are handled as follows according to the internal policy procedure under the charge of the privacy manager.- 1) Personal information destruction
The personal information past the possession period is destroyed without delay upon the termination date. - 2) Personal information file destruction
When the corresponding personal information file is unnecessary due to fulfillment of the purpose of the personal information file handling, discontinuation of the corresponding service, and business termination and such, the corresponding personal information file is destroyed without delay from the date on which the handling of that personal information is deemed unnecessary.
- 1) Personal information destruction
- 나. Destruction method
- 1) The information in the electronic format employs technical method where the record cannot be restored.
- 2) The personal information printed on paper is shredded or incinerated.
Grand Korea Leisure Co., Ltd. does not use ‘cookie’ which saves and frequently loads the usage information in order to provide the individually customized service to the user.
Article 9. (Measures to Secure Privacy Safety)- ① Establishment and execution of internal management plan The establishment and execution of internal management plan are conducted in compliance to the internal management guideline of Ministry of Governmental Administration and Home Affairs.
- ② Minimization and education of personal information handling officers The personal information handling officers are designated and minimized to execute measures for managing personal information.
- ③ Restricted access to the personal information The measures necessary for the access control for the personal information are taken through attribution, change, and cancellation of access rights to the database system handling the personal information, and unauthorized access from the outside is controlled using infiltration blocking system.
- ④ Storage and anti-tampering of access records The records of access to the privacy handling system (web logs, summary information, etc.) are stored and managed for at least 6 months, and security functionalities are used to prevent access record tampering, theft, or loss.
- ⑤ Personal information encryption The personal information of the user is encrypted for storage and management.
- ⑥ Technical measures against hacking, etc. In order to prevent leakage or damage of personal information due to hacking or computer viruses, etc., security programs are installed and periodically renewed/inspected, and the system is installed in an area to which external access is controlled, and also is technologically/physically monitored and blocked.
- ⑦ Restricted entry for unauthorized persons The physical storage location of the personal information system which stores the personal information is separately reserved, and the entry control procedures are established and executed.
The information subject can send inquiries for damage relief, consulting and such regarding privacy infringement to the following institutions.
-
▶ Privacy infringement report center (operated by Korea Internet Security Agency)
- Jurisdiction: privacy infringement report and consulting request
- Website: privacy.kisa.or.kr
- Tel.: 118
- Address: (138-950) 135, Jungdae-ro, Songpa-gu, Seoul / KISA privacy infringement report center -
▶ Privacy dispute arbitration committee (operated by Korea Internet Security Agency)
- Jurisdiction: privacy dispute arbitration request, group dispute adjustment (civil resolution)
- Website: www.kopico.go.kr
- Tel.: 1833-6972
- Address: (138-950) 135, Jungdae-ro, Songpa-gu, Seoul / KISA privacy infringement report center - ▶ Supreme Public Prosecutor’s Office cyber-crime investigation group: 1301, cid@spo.go.kr (www.spo.go.kr)
- ▶ National Police Agency cyber-safety bureau: 182 (cyberbureau.police.go.kr)
Also, those whose rights or interests have been infringed due to action or inaction of the head of a public institution regarding the request by the information subject regarding personal information browsing, modifying/deleting, handling suspension request and such may file for an administrative trial as determined by the administrative trial act.
☞ Refer to the telephone number guide by Central Administrative Appeals Committee (www.simpan.go.kr)
Article 11. (Personal Information Browsing Request)- ① The information subject can request personal information browsing according to Article 35 of the privacy protection act to the following department. The Ministry of Governmental Administration and Home Affairs shall give efforts to handle the personal information browsing of the information subject quickly.
▶ Personal information browsing request registration/handling department
Department name: IT team (information security part)
Officer: Hyeon-Deok Jeong
Contact: Tel. 02-6421-6461, E-mail dustpeo@7luck.com, Fax 02-6421-6475 - ② The information subject can also request personal information browsing through the ‘privacy protection portal’ website (www.privacy.go.kr) beside the browsing request reception/handling department in Clause 1.
▶ Ministry of Governmental Administration and Home Affairs privacy protection integrated support portal → privacy petition → personal information browsing and such requests (requires identity authentication through public i-Pin)
In order to protect the personal information and handle the complaints regarding personal information, the privacy protection manager and officer are designated as follows.
| Classification | Department | Name | Contact | |
|---|---|---|---|---|
| Privacy protection manager | Head of management headquarters | Nam-Sun Yun | 02-6421-6010 | privacy@7luck.com |
| Privacy protection officer | IT team (information security part) | Hyeon-Deok Jeong | 02-6421-6461 | dustpeo@7luck.com |
- ① This privacy policy takes effect on July 28th, 2017.
- ② The previous privacy policy can be confirmed below.
