PRIVACY POLICY
privacy
SOTETSU INTERNATIONAL KOREA., LTD (hereinafter referred to as “Company”) is handling all collected personal information with care, and strictly follows “Personal Information Protection Act”
This policy contains matters regarding the processing of personal information. It is subject to change due to the enactment・amendment of laws or the company's operating policy.
The company's privacy policy includes the following
- 1.General Provisions
- 2.Purpose of processing personal information
- 3.Way of collection and items being collected
- 4.Duration of process and storage of personal information
- 5.Access to personal information by the third party
- 6.Discard of personal information and its method
- 7.Consignment of personal information processing work
- 8.Rights and obligations of data subject and legal representative & how to exercise it.
- 9.Securement of personal information
- 10.Policy regarding install, operation, refuse of automated collection of personal information
- 11.A person responsible for personal information & infringement of rights and its remedy
- 12.Change in the privacy policy
1. General Provision
The "Personal Information Protection Act" provides general norms for the processing of personal information, and the company shall treat personal information collected, retained, and processed in accordance with the provisions of the "Personal Information Protection Act" legally and appropriately to protect the rights and interests of data subjects.
2. Purpose of processing personal information
(1) Reservation via website, Registration to SOTETSU HOTELS
- ・Reservation via website, registration to SOTETSU HOTELS through dedicated application, delivering information forwarding services
- ・Securing communication channels for related services such as identification, cancellation, refund, etc.
(2) Room Accommodation Information
- ・Identification and verification of the person according to the room reservation.
- ・Securing smooth communication channel for the delivery of announcements, handling complaints, etc.
- ・Service delivery
(3) Employee Recruitment
- ・Support, selection, certificate verification, test performance verification of applicants, aptitude test, medical examination, answers, and guidance on inquiries from candidates for employment, etc.
- ・Process of staff recruitment.
3. Items and collection methods for processing personal information
(1) Reservations made through the website, membership in SOTETSU HOTELS.
- ・Required Items: Mail address, name, phone number, credit card information
(2) Room Accommodation Information
- ・Required Items: Name, phone number, date of birth, email address, gender, passport number, nationality, credit card information
- ・Optional: Workplace name
(3) Employee Recruitment
- ・Required Items: Photo, name, date of birth, phone number, email address, address, educational background, career, foreign language skills, military service, qualification, self-introduction, health information.
4. Duration of process and storage of personal information
When the company collects personal information from uses, the retention period and use of personal information agreed by the company shall be as follows.
- (1) Reservation made through the website and personal information on membership of SOTETSU HOTELS: 3 years
- (2) Personal information related to room accommodation: 3 years
- (3) Personal information collected at the time of recruitment: 6 months
① Records of withdrawal of contracts or subscriptions, etc.
- ・Retention period: 5 years
- ・Reasons for preservation: The Consumer Protection Act in Electronic Commerce, etc.
② Records of payment and supply of goods, etc.
- ・Retention period: 5 years
- ・Reasons for preservation: The Consumer Protection Act in Electronic Commerce, etc.
③ Records on the handling of consumer complaints or disputes.
- ・Retention period: 3 years
- ・Reasons for Preservation: The Consumer Protection Act in Electronic Commerce, etc.
④ Website visit history
- ・Retention period: 3 months
- ・Reason for Preservation: Communication Secret Protection Act
5. Access to personal information by the third party
(1) The company shall not provide personal information to any third party without the consent of the data subject.
However, exceptions are made in the following cases.
- ① Where the data subject agrees in advance
- ② Where there is a special provision in the Act
(2) With the consent of the data subject, the company provides personal information to third parties as follows.
The name of the recipient of the personal information. | SOTETSU INTERNATIONAL KOREA., LTD SOTETSU HOTEL MANAGEMENT., LTD |
---|---|
Purpose of the recipient’s use | The contents are explained by direct and monthly leave reports only when responding to customer complaints or emergencies. |
Items in the personal information provided | Name, Nationality, Phone Number |
Period of retention and use of recipients. | 3 years |
6. Discard of personal information and its method
(1) Destruction procedure
If personal information becomes unnecessary, such as the lapse of the personal information retention period and the achievement of the processing purpose, the personal information shall be destroyed promptly. Personal information shall not be used for purposes other than those under the Act.
(2) Destruction method
Destroy personal information printed on paper through shredder or incineration, and delete personal information preserved in electronic file form using non-replayable technical methods.
7. Consignment of personal information processing work
Entrusted work: Hotel Management System
Trustee: SANHA
[Overseas Trustee]
Entrusted work: Reservation management system on the website
Trustee: D-Edge Hospitality Solutions Pte Ltd
Transferring privacy item | Name, email, phone number, guarantee credit card information |
---|---|
Country to be transferred | United States, United Kingdom, France, Ireland, Germany, Singapore, Japan (Server management in 7 countries) |
Date and method of transfer | Upon acquisition, it is kept on a server managed by the seven countries above |
Contact information of the trustee in charge of information management | Phone +33 (0) 1 44 71 05 05 |
Retention and use period | Credit Card information: automatically delete within 10 days of checkout Keep other customer information for one year |
Entrusted work: Member management system
Trustee: CREANSMAERD
Transferring Privacy Items | Name, address, contact phone number, email Date of birth (any), gender (any), area of use (any) |
---|---|
Country to be transferred | Japan |
Date and method of transfer | Archive on Cloud Server Upon Acquisition |
Contact information of the trustee in charge of information management; | Takeshi Tsukamoto 81-428-23-3120 |
Retention and use period | Until the end of the customer registration period |
8. Rights and obligations of data subject and legal representative & how to exercise it.
(1) Rights and obligations of data subjects
The data subject and his/her agent may exercise the following rights for personal information protection at any time in relation to the personal information of the data subject or the person under the age of 14 processed by the company.
- ① Request for the perusal of personal information
- ② Request for correction and deletion of personal information
- ③ Request for suspension of personal information processing
- ④ Request for withdrawal of consent for personal information
If there is a request for correction or deletion of personal information, such as an error in personal information from the data subject and its representative, the company shall not use or provide the relevant personal information until the correction or deletion is completed.
(2) How to request perusal, correction, deletion, suspension of processing, and withdrawal of consent of personal information
If the data subject or his/her agent intends to request perusal, correction or deletion of personal information, suspension of processing, or withdrawal of consent, please contact the person in charge of personal information protection by phone, email or fax. Upon receipt, we will respond to the request faithfully and deal with it immediately. In addition, where a request is made through an agent of the data subject (a court agent, a delegated person, etc.), a power of attorney under attached Form 11 shall be submitted.
9. Securement of personal information
(1) Formulation and implementation of an internal management plan for the safe processing of personal information
An internal management plan is prepared and managed for the safe processing and management of personal information. In addition, by restricting the person who processes personal information, we are implementing personal information management measures such as limiting the number of people who handle personal information and minimizing the number of people in charge.。
(2) Control of access to personal information and restrictions on access rights
By granting, altering, and erasing access to databases that process personal information, we take necessary steps to restrict access to personal information and use intrusion prevention systems to prevent hacking from outside.
(3) Measure of encryption technology that can safely store and transmit personal information or corresponding measures
Personal information is stored and managed encrypted, and it is managed safely by using separate security functions.
(4) Keeping access records and preventing forgery and tampering to cope with personal information infringement incidents
It keeps and manages access records to the personal information processing system for at least a year, so it uses security functions to prevent access records from being forged, tampered with, stolen, or lost.
(5) Installing and updating security programs for privacy
To prevent leakage, loss, or damage of personal information due to hacking or computer viruses, a security program is introduced to conduct regular updates and inspections. A system is installed in areas with limited access from outside to monitor and block technically.
(6) Physical measures, such as preparing storage facilities or installing locks for the safe storage of personal information
Documents containing personal information, auxiliary storage media, etc., are stored safely with locks.
10. Policy regarding install, operation, refuse of automated collection of personal information
(1) Purpose of use of cookies
It is used to provide optimized information to users by identifying the frequency of access, type of use, popular search terms, security access, etc.
The cookie information can identify the user's computer but not the user's individual.
(2) How to reject cookie settings
The user has the option of installing cookies. Therefore, by changing the options settings on the Tools>Internet Options menu at the top of your web browser, you can accept all cookies, display a warning when cookies are received or refuse to receive cookies.
However, if you refuse to receive cookies, you may not be able to use all or part of the services provided by the company on the website.
11. A person responsible for personal information & infringement of rights and its remedy
(1) Person in charge of personal information protection
To protect personal information and deal with complaints related to personal information, the company shall designate a person in charge of personal information protection and a person in charge as follows.
- ① Person in charge of personal information protection
- ・Name: Yoshizawa Koji
- ・Phone number: 02-2095-4950
- ・Email address: [email protected]
- ② Person in charge of personal information protection
- ・Department in charge: Management department
- ・Name: Lee Hyeon-kwon
- ・Phone number: 02-2198-1254
- ・Email address: [email protected]
(2) How to remedy infringement of rights and interests
To receive remedy for infringement of personal information, an information entity may apply for dispute resolution, counselling, etc., to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center. For other personal information infringement reports and counselling, please contact the institution below.
- ① Report Center for Personal Information Infringement (Operated by the Korea Internet Agency)
- ・Jurisdiction: Report of infringement of personal information and application for counselling.
- ・Home page: privacy.kisa.or.kr
- ・Phone number: (without country number) 118
- ・Address: (58324) 3rd-floor personal information infringement report center, Jinheung-Gil 9 (Bitgaram-dong 301-2), Naju-si, Jeollanam-do
- ② Personal Information Dispute Mediation Committee
- ・Jurisdiction: Application for mediation of personal information disputes, mediation of collective disputes
- ・Home page: www.kopico.go.kr
- ・Phone number: (without country number) 1833-6972
- ・Sddress: (03171) 4F, Sejong-daero 209, Jongno-gu, Seoul, Republic of Korea
- ③ Supreme Prosecutors' Office Cybercrime Investigation Unit.
- ・Home page: www.spo.go.kr
- ・Phone number: 02-3480-3573
- ④ Cyber Security Bureau of the National Police Agency
- ・Home page: cyberbureau.police.go.kr
- ・Phone number: (without country number) 182
12. Change in privacy policy
Announcement date: October 1, 2019
Effective date: October 1, 2019