Personal Information Treatment Policy
(details the policy for 2018. 04. 09 ~ 2018. 12. 17)
Grand Korea Leisure Co., Ltd. complies with the privacy protection regulations of relevant legislations such as the privacy protection act, and its privacy policy is as follows.
Grand Korea Leisure (hereinafter referred to as the "Company") complies with the legislation concerning protection of personal information, including Personal Information Protection Act. The Personal Information Policy of the Company is as follows.
Article 1. (Purpose of Handling of Personal Information)Personal information is to be handled for the following purposes. The personal information handled will not be used for other purposes than the specified, and change in any of the specified purposes requires advance consent of information holders.
- ① TPersonal information is handled for such purposes as application for membership online, confirmation of membership, identity verification/certification to provide membership services, maintenance and management of membership, and identity verification pursuant to the limited verification of identity program.
- ② Personal information is used in order to handle civil complaints, such as identification of a person who has filed a complaint, details of the complaint, contact information for investigation, and notification of settlement results.
- ③ The files on personal information the Company registers and discloses pursuant to Article 32 of the Personal Information Protection Act are as follows.
| NO | Personal information file | Basis of operation | Handling purpose |
|---|---|---|---|
| 1 | 7luck Website Membership Information | Consent by the subject of information | Terms of Use, consent by the subject of personal information, membership management |
| 2 | Grand Korea Leisure Website (regarding employment) | Consent by the subject of information | Handling of information on employment, handling of civil complaints |
| 3 | Use in Customer Registration, Access History Management, and Sales Activities of Foreigners-Exclusive Casino | Article 29 (Casino Users' Duties) of Tourism Promotion Act | Access management and customer management for the foreigners-exclusive casino |
※For more information on personal information files registered by the Company, please visit the portal site on personal data protection, operated by the Ministry of the Interior and Safety (www.privacy.go.kr), and use the menu Civil Complaint on Personal Information > Request to View Personal Information > Search the List of Personal Information Files.
Article 2. (Personal Information Handling and Retention)- ① The Company handles and retains personal information for the period of use and retention of personal information in accordance with the relevant legislation or for the period of use and retention of personal information to which the subject of personal information has agreed at the time of information collection.
- ② The said periods of personal information use and retention are as follows.
| NO | Personal information file | Basis of operation | Possession period (upon achieving the purpose) |
|---|---|---|---|
| 1 | 7luck Website Membership Information | Consent by the subject of information | 9 years (deleted right after withdrawal from membership) |
| 2 | Grand Korea Leisure Website (regarding employment) | Consent by the subject of information | Deleted right after employment |
| 3 | Use in Customer Registration, Access History Management, Credits Use, and Sales Activities of Foreigners-Exclusive Casino | Article 29 (Casino Users' Duties) of Tourism Promotion Act | 9 years from the date of last transaction (however, upon receipt of a request by the information holder, deleted immediately and processed so as to prevent use in other ways unless the information is required to be kept in accordance with the relevant legislation) |
The Company shares personal information with authorities and other third parties for the purposes and within the scopes as specified below.
- ① The Company provides personal information to third parties only in the cases under Articles 17 and 18 of the Personal Information Protection Act, such as a case agreed on by the subject of information or stipulated in a relevant law.
- ② The Company lets a personal data-retaining authority retrieve the personal information of a civil petitioner for the purpose of handling civil complaints such as a request to view, correct, or delete personal information.
- ③ Information of a person who makes a request to view, correct, delete or suspend handling personal information The Company provides personal information to a public agency to which a civil complaint has been filed, and lets the agency use and handle the information until the complaint is completely settled.
Works involving handling of personal information are entrusted in the following manner.
| NO | Contractor | Period of Entrustment | Address | Tel. | Entrusted Works |
|---|---|---|---|---|---|
| 1 | RingNet Co., Ltd. | ‘16/4/12 ~ ‘18/10/11 |
306 Digital-ro, Guro-gu, Seoul city (4F, Daeryung Post Tower the 2nd, Guro-dong) | 02-6675-1500 | Integration, operation and management of information systems (including institutional and marketing websites) |
| 2 | Lotte Tour Development Co., Ltd. | ‘17/1/1 ~ ‘18/12/31 |
149, Sejong-daero, Jongno-gu, Seoul (Sejong-ro) | 02-2075-3847 | Checking information when a customer books an airline ticket |
- ① The Company sets out not only the objective of entrusted works in an entrustment agreement or other such documents, according to Article 25 of the Personal Information Protection Act, but also prescribes responsibilities, such as prohibition of personal information processing, technical/administrative measures for protection, restrictions on re-entrustment, management and supervision of contractors, and compensation for damage. In addition, the Company supervises the contractors so as to ensure safe processing of personal information.
- ② Change in entrusted works or contractors will be forthwith disclosed according to this Personal Information Policy.
- ① The subject of personal information (in the case of a minor, a legal representative) may at any time exercise his/her right to make a request on personal information, in order to view, correct, delete or suspend processing such information.
- ② To exercise a right under Paragraph 1, one shall fill out the Form 8 attached to the Enforcement Decree of the Personal Information Protection Act and submit it by mail or fax. Upon receipt of a completed form, the Company will take a necessary action without delay.
- ③ The exercise of a right under Paragraph 1 may be performed by the subject of the personal information, his/her legal representative or any other agent. Exercising such a right by a legal representative or any other agent requires a designated power of attorney as the Form 11 attached to the Enforcement Decree of the Personal Information Protection Act.
- ④ A request to view or suspend handling personal information may limit the right of the subject of the information in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
- ⑤ A request to correct or delete personal information shall not be fulfilled in the case where the personal information concerned is stipulated by the relevant legislation as an object of information collection.
- ⑥ The Company will verify the identity of the person who as the subject of personal information, has made a request to view, correct, delete or suspend handling personal information.
- * Form 8 (Request for Personal Information (Viewing, Correcting/Deleting, Suspending Handling)) attached to the Enforcement Decree of the Personal Information Protection Act
- * Form 11 (Power of Attorney) attached to the Enforcement Decree of the Personal Information Protection Act
The items of personal information handled by the Company are as follows.
| NO | Personal information file | Items of Personal Information Recorded in Personal Information File |
|---|---|---|
| 1 | 7luck Website Membership Information |
|
| 2 | Grand Korea Leisure Website (regarding employment) |
|
| 3 | Use in Customer Registration, Access History Management, Credits Use, and Sales Activities of Foreigners-Exclusive Casino | Name, date of birth, passport number, alien registration number, nationality, gender, age, address, mobile phone number |
- ① The Company destroys personal information without delay when the purpose of handling the information is fulfilled unless otherwise required by law. The procedure, time limit and method of destruction are as follows.
- A. Procedure for Destruction
It is the responsibility of the personal information manager to handle personal information and personal information files that have become unnecessary. Such information and files are handled according to the Company's internal policy as follows.- 1) Destruction of Personal Information
The personal information is destroyed from the end date of the retention period thereof. - 2) Destruction of Personal Information Files
Where personal information files become unnecessary for such a reason as fulfillment of a purpose of handling personal information files, or discontinuance of the related service or business, they are destroyed without delay from the date it is recognized unnecessary to handle such information.
- 1) Destruction of Personal Information
- B. Destruction Method
- 1) Information in an electronic form is destroyed in a way that it is impossible to reproduce the record.
- 2) Personal information of hard copy is destroyed with a shredder or by incineration.
- A. Procedure for Destruction
The Company does not use cookies that save and retrieve information on content use in order to provide users with customized services.
Article 9. (Measures to Secure Safety of Personal Information)-
① Establishment and Execution of Internal Management Plans
The Company's internal management plans are established and executed in accordance with the guidelines on internal management by the Ministry of the Interior and Safety. -
② Limit of Persons who Handle Personal Information, and Training
The Company separately appoints the persons who handle personal information and minimizes the number of the appointed persons. -
③ Control of Access to Personal Information
Measures to control access to personal information are taken by the Company, such as authorization, change or cancellation of the right to access a database system, and control of unauthorized access with a firewall system -
④ Storage and Anti-Tampering for Access Logs
The Company keeps and manages the logs of access to the personal information handling system (web logs, summary information, etc.) for not less than six (6) months, and uses security functions to prevent forgery, theft and loss of access logs. -
⑤ Encryption of Personal Information
Users' personal information is encrypted to be stored and managed. -
⑥ Technical Measures against Hacking
The Company takes measures to prevent personal information from being leaked or damaged by hacking, computer virus or the like, such as installation, regular updates and check of security programs, installation of such programs in a restricted area, and technical and physical surveillance and blocking. -
⑦ Control of Unauthorized Access
The Company designates a separate area to install a system that saves personal information, and establishes and operates a procedure to control access to the system.
The subject of personal information may inquire to the following agencies about a remedy for infringement or for consultation regarding personal information.
▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Jurisdiction: Report or consultation on infringement on a right to personal information
- Website: privacy.kisa.or.kr
- Tel.: (without a telephone exchange number) 118
- Address: Personal Information Infringement Report Center, Korea Internet & Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul (138-950)
▶ Privacy dispute arbitration committee (operated by Korea Internet & Security Agency)
- Jurisdiction: Application for personal information dispute mediation, settlement of collective dispute (civil remedy)
- Website: www.kopico.go.kr
- Tel.: 1833-6972
- Address: Personal Information Infringement Report Center, Korea Internet & Security Agency, 135 Jungdae-ro, Songpa-gu, Seoul (138-950)
▶Cyber Crime Investigation Division of Supreme Prosecutors' Office: (without a telephone exchange number) 1301, cid@spo.go.kr (www.spo.go.kr)
▶ Cyber Safety Bureau of Korean National Police Agency: (without a telephone exchange number) 182 (cyberbureau.police.go.kr)
In addition, it is allowed to file an administrative appeal according to the Administrative Appeals Act for any one with a right or interest infringed upon by a public agency's disposition or non-fulfillment against a request by the subject of personal information to view, correct, delete or suspend handling personal information.
☞ Refer to the directory assistance of the Central Administrative Appeals Commission (www.simpan.go.kr)
Article 11. (Request to View Personal Information)-
① A request to view personal information under Article 35 of the Personal Information Protection Act may be made by the subject of the information to the following department. The subject of information may make a request to the Ministry of the Interior and Safety. The Company will make efforts to have such a request to be promptly processed.
▶ Department Responsible for Receiving and Handling Requests to View Personal Information
Department: IT Team (Information Security Section)
Officer: Hyeon-Deok Jeong
Contact: Tel. 02-6421-6461, E-mail dustpeo@7luck.com>, Fax 02-6421-6475 -
② The subject of information may make a request to view personal information on the Personal Information Protection portal site of the Ministry of the Interior and Safety (www.privacy.go.kr) as well as to the department referred to in Paragraph 1.
▶ Visit the Personal Information Protection portal site of the Ministry of the Interior and Safety. Use the menu Civil Complaint on Personal Information > Request to View Personal Information, etc. (real name verification required, using a public I-PIN)
The Company appoints a personal information protection manager and a person in charge at working level as below, in order to protect personal information and process complaints on personal information.
| Classification | Department | Name | Contact | |
|---|---|---|---|---|
| Privacy protection manager | Head of management headquarters | Nam-Sun Yun | 02-6421-6010 | privacy@7luck.com |
| Privacy protection officer | IT team (information security part) | Hyeon-Deok Jeong | 02-6421-6461 | dustpeo@7luck.com |
- ① This Personal Information Policy shall be effective on and after April 09, 2018.
