Pass&Trip, Inc. ( "the Company") is committed to protecting your personal information.
For this purpose, the Company has complied with the Personal Information Protection Act, Promotion of Information Network Usage and Information Protection Act,
We also comply with the personal information protection regulations related to personal information such as the Telecommunications Business Act, the Communications Privacy Protection Act, and the Personal Information Protection Directives established by the Korea Communications Commission.
The Company intends to inform you of the purpose and manner in which the personal information is being used and what measures are being taken to protect your personal information.
1. Purpose of collecting and using personal information
- ① Settlement of travel goods sales and brokerage services and provision of services: Reservation of travel goods, provision of contents, purchase and payment, delivery of goods or billing, authentication of financial transaction, financial service, payment collection, etc.
- ② Customer management: Prevention of unauthorized use of unauthorized members, prevention of misuse, confirmation of enrollment / withdrawal, confirmation of age over 14 years old, complaint handling, notification delivery, etc.
- ③ Others: Confirmation of order, new service/promotion information
2. Personal information collection
- The minimum personal information collected by the Company are as follows
- ① First Name / Last name, Email, Cell phone number, Age, Sex, Password: The Company uses your personally identifiable information to support and enhance the site, including the execution of your orders, the introduction of new products, service information and notices.
- ② Phone number, billing and shipping address, credit card information: Use the collected information to secure a smooth communication path such as contact and guidance for the execution of the contract, notification of delivery progress, delivery of notices, service and event information guidance, complaint handling, payment and refund for purchase of goods.
- ③ Service usage record, access log, cookie, access IP information, payment record: We use the above information to prevent fraudulent use and to prevent unauthorized use during the business process.
- ④ The Company collects personal information of the user with the consent of the user. Information such as the place of birth, permanent address, ideology, political orientation, criminal record, and health status that may infringe on the basic human rights of the user is not collected except by the consent of the user or the regulation.
3. How to keep, use and destroy personal information
- ① Your personal information will be collected in accordance with laws and regulations. However, if there is a need to hold for a certain period of time due to the confirmation of rights and obligations related to the transaction, we may hold information in accordance with the provisions of relevant laws and regulations.
- A. Possession of contract or contract withdrawal records: Article 6 of the Act on Consumer Protection in Electronic Commerce & Article 6 Retention period : 5 years
- B. Record of payment and goods supply: Article 6 of the Act on Consumer Protection in Electronic Commerce & Article 6 Retention period : 5 years
- C. Records of consumer complaints or disputes: Article 6 of the Act on Consumer Protection in Electronic Commerce & Article 6 Retention period : 3 years
- D. Record of identity verification : Article 44-5 of the Act on Promotion of Information Network Usage and Information Protection and Article 29 of the Enforcement Ordinance
Retention period : 6 months
- E. Record of connection: Article 15-2 of Telecommunications Privacy Act and Article 41 of Enforcement ordinance Retention period: 3 months
- F. Abuse Records: Exclusion of fraudulent use, Retention period: 1 year
- G. Records on the collection, processing and use of credit information Retention period: 3 year
- H. Records on Display Ads: Consumer Protection Act in Electronic Commerce, Retention period: 6 months
- ②If the Company has notified the retention period in advance and the retention period has not expired, and if the individual consent has been obtained, the company will keep it for the agreed period.
- ③ Retention and use period of collected personal information is from beginning of contract (membership) to termination of service use contract (termination of membership, termination of company). In addition, at the time of termination, the Company shall destroy the personal information of the user without delay, except for the data which is stored for a certain period according to the ordinance. If the handling of personal information is entrusted to a third party, instruct the trustee to destroy it.
- ④ User's personal information will be destroyed without delay after the purpose of collection and use is achieved. Personal information printed on paper must be shredded or destroyed by crushing and personal information stored in electronic file format shall be destroyed using a technical method that can not reproduce the record.
4. Providing personal information to third parties.
- ① The Company shall use the personal information of the users within the scope of Article 1 for the purpose of collection and use of personal information, and in principle shall not use it beyond the scope of the information without prior consent of the user or disclose it to the outside.
② When settlement or order is made through the service provided by the company, we provide relevant information to the counterparty to the extent necessary to carry out transactions such as confirmation of buyer and preparation of program.
- A. Personal information recipient: Each program host
- B. Purpose of Providing: Identification and Program Preparation
- C. Provided information: Name, gender, age, contact, program input information, etc.
- D. Retention and use period: 6 months after services are delivered.
5. Commitment of handling personal information
- ① The Company is entrusted with the work related to the processing of personal information, and in accordance with the relevant laws and regulations, the Company takes necessary measures to ensure that personal information is managed safely when contracted.
In addition, the information to be entrusted is limited to the minimum information required to provide smooth service transaction.
- ② The Company shall, at the time of concluding the contract, with the purpose and scope of the entrusted business pursuant to Article 26 of the Personal Information Protection Act, prohibit the processing of personal information other than the purpose of the entrusted business, the restriction of re-entrustment, management of supervision of the trustee, and oversee whether the trustee handles personal information securely.
6. Protection of personal information
- ① Administrative actions: The matters concerning the organization and operation of the personal information protection organization such as the designation of the person in charge of personal information protection. Establish and implement an internal management plan that includes information about the education of the personal information handler.
- ② Technical actions: Establish and enforce standards on granting, modifying, and deleting access rights to database systems structured to handle personal information,
When personal information is processed by accessing the intrusion prevention system and intrusion detection system for the personal information processing system, it is possible to store the date and time of connection, confirm and monitor such information,
It keeps backup records of personal information processing system in a separate storage device, stores one-way encryption of passwords, stores encrypted information of financial information such as account information,
When sending and receiving personal information and authentication information of user through information communication network, measures such as security server establishment,
Anti-virus software is installed and periodically updated and checked to ensure that infiltration of malicious programs such as computer viruses and spyware infiltrates into the personal information processing system and the information devices that personal information handlers use to process personal information.
7. Rights of members and legal representatives and how to exercise rights
- ① User may click on "Change Personal Information (or Edit Member Information)" of the site at any time to view or modify his / her personal information registered in the company.
- ② The user can click "Withdraw membership" of the site to confirm the identity of the user and then cancel the membership (withdraw the consent).
- ③ If you do not consent to the processing of personal information of the company, you may refuse to accept or request withdrawal (withdrawal), in which case the use of some or all services may be restricted.
- ④ If a user requests correction of an error of personal information, the company will not use the personal information or provide it to others until the processing is completed.
In addition, if wrong personal information has already been provided to a third party, we will notify the third party without delay and correct the result of the correction.
- ⑤ The Company shall deal with personal information that has been terminated or deleted at the request of the user or legal representative as described in Article 3, "How to keep and use personal information and how to destroy it," and is prohibited from being viewed or used for other purposes.
8. Personal information manager
- ① In order to protect your personal information and to handle complaints related to your personal information, the company has a customer service department and a personal information manager. If you have any questions about your personal information, please contact the customer service department or the person in charge of personal information management below.
- ② In order to protect customer's personal information and to handle complaints related to personal information, the Company appoints the related department and personal information manager as follows.
- Personal information manager: Frank Lim
- E-mail : firstname.lastname@example.org
- Personal information associate: Sung Kwon
- E-mail : email@example.com
- You may report all personal information related complaints to your personal information manager or department. The Company will respond promptly and adequately to your complaints. If you need to report or consult about other privacy infringement, please contact the following government organizations.
- Private Dispute Resolution Committee (www.1336.or.kr) TEL : 1336
- Information Protection Certification Committee (www.eprivacy.or.kr) TEL : 02-580-0533~4
- Internet Crime Investigation Center, Supreme Prosecutors' Office (icic.sppo.go.kr) TEL : 02-3480-3600
- National Police Agency Cyber Terror Response Center (www.ctrc.go.kr) TEL : 02-392-0330