1. Personal information items collected
- A. Items of personal information collected
- First, the company collects the following minimum amount of personal information as a mandatory item at the time of initial member registration for the purpose of membership registration, proper customer consultation, and provision of various services.
- [Membership registration]
- Required items: ID, password, name, date of birth, gender, mobile phone number for verification, and legal representative information for children under 14 years of age (name of legal representative, DI, mobile phone number will be collected and archived until the child turns a legal age.)
- Optional items: Emergency e-mail address (You can register even if you do not enter optional items.)
- [Group ID membership]
- Required items: Group ID, Group name, Corporate name (Group name), Name of representative, Business location, Representative phone number, Manager ID, Manager mobile number, Manager’s department / position
- Optional items: Representative fax number (You can register even if you do not enter the optional items.)
- Second, the following information may be automatically generated and collected during the usage of service or business process.
- IP Address, cookie, date and time of visit, service usage history, defective usage history, device information
- Third, the following information may be collected only from the user of the service in the process of utilizing the additional services and customized services or the event application using the Stayrak ID.
- If you agree to collection of additional personal information
- Fourth, when using certain services such as adult contents, charged / games, etc., the following information may be collected when the authentication of the user is required to comply with relevant laws.
- Name, date of birth, gender, DI, CI, mobile phone number (optional), I-PIN number (if using I-PIN), Korean/foreign nationality information
- Fifth, the following payment information may be collected during the use of charged services.
- Credit card payment: name of the card company, card number, etc.
- When paying on mobile phone: mobile phone number, carrier, payment authorization number, etc.
- For bank transfer: bank name, account number, etc.
- When using voucher: voucher number
- B. Method of collecting personal information
The Company collects personal information in the following ways:
- Homepage, written form, fax, telephone, bulletin board, e-mail, event application, delivery request
- Provision by partner companies
- Collection through generated information collection tool
2. Purpose of Collection and Use of Personal Information
- A. Fulfillment of contracts related to the provision of services and settlement of fees according to provision of services
Provide content, provide customized services, ship goods or send invoices, personal authentication, purchase and payment, and collection of fees
- B. Membership Management
Membership service provision, personal identification, restrictions on members who violate the Stayrak Terms of Use, restrictions on behaviors that interfere with the proper operation of services and
illegal use of services, confirmation of enrollment, limitations on enrollment and the number of enrollment,
confirmation of consent of legal representative when collecting personal information of children under 14 years, confirmation of identification of legal representative, preservation of records for dispute settlement,
handling of complaints such as complaints, delivery of notification, and confirmation of withdrawal of membership
- C. Development of new services and application in marketing and advertising
New service development and provision of customized services, provision of service according to statistical characteristics and advertising, validation of service, provision of event information and participation opportunity,
provision of advertisement information, identification of access frequency, and statistical analysis of members’ service usage
3. Sharing and provision of personal information
The Company shall use the personal information of the users within the scope of "2. Purpose of Collection and Use of Personal Information" and do not use it beyond the scope without prior consent of the user and does not disclose the user's personal information to the outside in principle. However, exceptions are as follow:
- A. If the user has agreed in advance
- B. If there is a request made by the investigating agency in accordance with the provisions of the Act or the procedure and method prescribed by the Act for the purpose of investigation
4. Consignment for handling of personal information
In order to improve the service, the company entrusts personal information as below and stipulates necessary matters so that personal information can be managed safely in consignment contracts according to related laws and regulations.
The company's personal information consignment agency and entrusted business are as follow:
회사의 개인정보 위탁처리 기관 및 위탁업무 내용
| Consignee |
Consignment service contents |
Retention and usage period of personal information |
| SanhaIT Co., Ltd. |
Web site management and system management |
Until the membership withdrawal or end of consignment contract |
5. Retention and usage period of personal information
In principle, the personal information of the user is destroyed without delay when the purpose of collecting and using the personal information is achieved. However, the following information will be retained for the period specified for reasons below.
- A. Retention of information according to internal policy
- Records of fraudulent use (records of unusual use of services such as fraudulent registration and disciplinary records)
- Retention items: mobile phone number used for registration verification, legal representative DI for members under 14 years of age
- Reason for retention: prevention of fraudulent registration and usage
- Retention period: 1 year
- ※ " Records of fraudulent use" refers to a record of receiving usage restriction from the company due to fraudulent registration and creation of a post against the operation principle.
- B. Retention of information according to relevant laws
If it is necessary to archive the information in accordance with related laws such as the Commercial Act and Consumer Protection Act on Electronic Commerce, etc.,
the Company keeps the membership information for a certain period stated in the relevant laws and regulations. In this case, the company will only use the information for the purpose of retention, and the retention is as follows:
- Record of contract or withdrawal of contracts, etc.
- Reason for retention: Consumer Protection Act on Electronic Commerce etc.
- Retention period: 5 years
- Record of payment and goods supply
- Reason for retention: Consumer Protection Act on Electronic Commerce etc.
- Retention period: 5 years
- Record of electronic financial transactions
- Reason for retention: Electronic Financial Transactions Act
- Retention period: 5 years
- Record of consumer complaints or disputes
- Reason for retention: Consumer Protection Act on Electronic Commerce etc.
- Retention period: 3 years
- Website visit history
- Reason for retention: Communication Confidentiality Protection Act
- Retention period: 3 months
6. Procedures and methods of destruction of personal information
In principle, the personal information of the user is destroyed without delay when the purpose of collecting and using the personal information is achieved.
The company’s procedure and method of destruction of personal information are as follows.
- A. Destruction procedure
- The information entered by the user for membership, etc., is transferred to a separate DB after the purpose has been accomplished (in the case of paper, to a separate document folder), archived for a certain period of time according to the internal policy and other relevant laws and regulations, and destroyed.
- Such personal information will not be used for any purpose other than those held by law unless otherwise provided by law.
- B. Destruction method
- Personal information printed on paper is destroyed by shredder or incineration.
- Personal information stored in the form of electronic files is deleted using a technical method so that the record cannot be reproduced.
7. Rights of users and legal representatives and how to exercise them
- Users and legal representatives may inquire or modify the personal information registered of themselves or their children under the age of 14 at any time. If they do not consent to the processing of personal information by the Company, they may refuse to accept or cancel the membership. However, in such cases, it may be difficult to use some or all of the services.
- To view or modify the personal information of a user or a child under the age of 14 years, please click on "Change Personal Information" (or "Edit Member Information") and to cancel the membership (Withdrawal of consent), click "Cancel Membership," and you can directly view, correct or withdraw membership after personal verification.
- Or, if you contact the person in charge of personal information management by phone or email, the manager will take care of the problem without delay.
- If a user requests correction of modification of personal information, it will not be used or provided until the correction is completed. Also, if wrong personal information has already been provided to a third party, the Company will notify the third party without delay for correction.
- The Company processes the personal information that has been terminated or deleted at the request of the user or legal representative as described in "5. Retention and Usage Period of Personal Information" and makes sure that it is prohibited from being viewed or accessed for any other purpose.
8. Matters concerning installation, operation and refusal of automatic collection tool of personal information
- A. What are Cookies?
- In order to provide personalized and customized services, the company uses “Cookies” to store and retrieve information from users.
- Cookies are very small text files sent to the user's browser by the server used to run the website and stored on the user's computer's hard disk. When the user visits a website later, the website server maintains the user's setting preferences and provide customized services by reading the contents of Cookies stored on the user's hard disk.
- Cookies do not automatically/ actively collect personal identification information, and the user can refuse to the storage or delete the Cookies at any time.
- B. The purpose of the company's use of Cookies
They are used to provide users with customized and optimized information including the advertisement by assessing visits and usage of Stayrak’s services and websites visited by users, popular queries, security access, news editing, and user scale.
- C. Installation / operation of Cookies and refusal
- Users have the option of installing Cookies. Therefore, users can allow all Cookies by setting options in the web browser, check each time a Cookie is saved, or refuse to save any Cookies.
- However, if you refuse to save Cookies, you may have difficulty using some Stayrak services that require log-in.
- Here's how to specify whether to allow cookies to be installed (for Internet Explorer):
- ① Select [Internet Options] from the [Tools] menu.
- ② Click [Privacy tab].
- ③ Set the [Privacy level].
9. Technical and administrative protection measures of personal information
In handling personal information of users, the Company takes the following technical and administrative measures to ensure the safety of personal information so that it is not lost, stolen, extruded, altered or damaged.
- A. Password encryption
The password of Stayrak's member ID is stored and managed in an encrypted form, and the user is the only person who knows the password. Confirmation and change of personal information are possible only by the person who knows the password.
- B. Measures against hacking
The company is doing its best to prevent extrusion or damage of personal information of members by hacking or computer virus.
In order to prevent personal information from being damaged, the Company backs up the data from time to time and uses the latest vaccine program to prevent users' personal information or data from being extruded or damaged and ensures secure transmission of personal information on the network through encrypted communication etc.
The company also uses intrusion prevention system to control unauthorized access from the outside and tries to have all possible technical devices to ensure security in other systems.
- C. Minimization and training of staff in charge
The company's personal information staff is limited to the person in charge, and a separate password is assigned to update regularly. The company emphasizes the compliance with Stayrak's privacy policy through on-the-job training.
- D. Operation of personal information protection organization
In addition, the Company verifies the compliance with Stayrak Privacy Policy and of the person in charge through in-house personal information protection organization and to fix the problem immediately upon detection.
However, the Company shall not be liable for damages that are not attributable to the Company and that occur even though the Company has fulfilled its obligation to protect personal information from negligence of the user himself or accidents in areas not controlled by the Company.
10. Personal Information Management Officer and Contact Information
You may report any privacy complaints that may arise while using the Company's services to the person in charge of Personal Information Management or the department in charge. The Company will respond promptly to the users' complaints.
회사의 개인정보 위탁처리 기관 및 위탁업무 내용
| Personal information supervisor |
Personal information manager |
| Name |
general manager |
Name |
Jang dong-sig |
| Affiliation |
Stayrak Operations Team |
Affiliation |
Stayrak Operations Team |
| Telephone |
1811-1811 |
Telephone |
1811-1811 |
| Position |
Manager |
Position |
Assistant manager |
| Mail |
reservation@stayrak.com |
Mail |
reservation@stayrak.com |
11. Duty of Notification
If there is any addition, deletion or amendment of the current Privacy Policy, the Company will notify you through “Announcement” on the website at least 7 days before the revision. However,
if there is a significant change in user rights, such as the collection and use of personal information or the provision of third parties, the Company will notify you at least 30 days in advance.
- Announcement date: July 31, 2018
- Effective as of: July 7, 2018
