Securing the Personal Information of Guests
CINEMAHOUSE (hereinafter called “Hotel”) highly prioritizes the security of your personal information and adheres to the “Privacy Act.” The following details how the hotel utilizes the personal information provided by guests and what measures are being taken to protect it.
Processing Personal Information
Only the necessary personal information of adults over the age of 19 is collected for the management of the hotel.
Personal Information Collected When Making an Online (homepage) Reservation
- Mandatory items : name, mobile phone number.
- The following information is generated automatically in the course of using online services or business processes. (service records, access logs, cookie, IP connection information)
- The hotel does not collect sensitive personal information that may invade the rights of guests. (race and ethnicity, ideology and beliefs, hometown and domicile, political inclination and criminal record, health status and sexual information)
- Gathered after consent to personal information collection and usage agreement via the hotel homepage, phone/fax, e-mail etc.
- Consultation details and records, payment records, automatically collected data during standard service procedures, and generated information are collected.
Purpose of Handling Personal Information
The hotel collects personal information for the following reasons. Any information provided by the guests is used only for the purposes described below, and the hotel will seek informed consent beforehand if there are any changes of purpose.
- Names and cell phone numbers are used for self-identification for the utilization of the service provided.
Consent to Collection of Personal Information
The hotel must seek the legal consent of members when collecting personal information.
Other Purposes for Personal Information and Distribution of Personal Information to Third Parties
The personal information of guests is used without prior consent if it is within the notified limits of [Processing Personal Information] and [Purpose of Handling Personal Information] and is not available to other parties or businesses and organizations. However, there are exceptions in the case that the guests give their consent or in the following situations:
- In the case that it is necessary for the billing of the service provider
- In the case that it is difficult for the guest to consent to providing personal information to service providers for financial or technical reasons.
- In the case that special provisions in the law allow or relevant authorities request the personal information for investigative or legal purposes and is in accordance with legal procedures.
Retention of Personal Information and Period of Usage
The personal information of guests are immediately terminated after achieving the purposes of the collection of personal information or provided services. However, the information is preserved for the specified period in the cases listed below. (In the case that guests have given prior consent or if there are special legal regulations for the preservation of personal information)
Retention of information provided and period of usage
- Usage Period : From the service registration date to cancellation date or the contract termination date (whichever date is reached first)
- Retention Period : Termination after the end of usage period (However, the usage period for PR and marketing purposes is for 2 years)
Retention of personal information regarding commercial transactions
- Retention Provision : Transaction history
- Retention grounds : Commercial Code, Law on Consumer Protection in Electronic Commerce
- Retention Period
- Retention period as record of evidence in lawsuits or legal disputes : 10 years
- Record of cancellation of contract or subscription withdrawal etc : 5 years
- Record of payment and supply : 5 years
- Record of consumer complaints and disputes : 3 years (laws regarding e-commerce and consumer protection)
- Record of the collection/ handling, use etc. of credit information : 3 years (Law on the Use and Protection of Credit Information)
- Records are preserved during disputes regarding overpayment
Process and method of termination of personal information
- Personal information is terminated if the hotel achieves the purposes of the collection of personal information, after the expiration of the retention period in accordance with internal policies, and in accordance with other legal regulations and privacy laws (refer to Retention of Personal Information and Period of Usage).
- Target for termination : Retention and usage period, expired guest information in accordance with applicable laws
- Use of method to prevent the reproduction of information stored as electronic files
- Termination of paper and other printed personal information through shredding or incineration.
Operation and Declination of Automatic Installation and Collection of Personal Information
Use and purpose of cookies
- Analysis of the home page
- Guests have the option to install cookies. Therefore, according to their browser options, guests may allow all cookies, confirm each time a cookie is stored, or decline all cookies.
Method to decline the installation of cookies
- Guests may change their browser option to allow all cookies, confirm each time a cookie is stored, or decline all cookies.
- Installation method example (in the case of Internet Explorer): ‘Tools’ located at the top of the web browser > Internet Options > Privacy
However, guests who decline cookies may face difficulty in using the provided services.
Message Board Posts
The hotel values your comments and will do the best to protect your posts from modification, damage, and deletion. However, the following are exceptions.
- Spam (ex: chain letters, 800 million mail, advertisements from certain websites etc. )
- Defamatory posts that spread false information intended to slander
- Disclosure of personal information without consent, content that infringes upon copyright laws, and content that is irrelevant to the message board subject
- The hotel may delete parts of or modify certain symbols in the case of disclosure of personal information without consent for the message board.
- In the case that the content is transferable to a message board of a different subject, the hotel will reveal the transfer of the post to prevent any misunderstandings.
- Otherwise, the hotel may delete a post after sending explicit or individual warnings to the poster.
Fundamentally, the rights and responsibilities belong to the individual poster. As it is difficult to protect information that is given voluntarily, please evaluate the content before posting.
Items Regarding the Rights of Credit Information, Obligations, and Event Method
- Guests may withdraw personal information consented to for the collection, use, and provision at any time. Necessary measures will be taken if guests contact the privacy security officer via mail, telephone, FAX, e-mail etc. for the immediate termination of personal information. However, the exercise of these rights may be limited if there are obligations imposed by the law.
- The user is responsible for accidents caused by inaccurate information and may be deemed ineligible for withdrawal if the user has entered fraudulent or falsified information. In addition, all legal responsibility belongs to the one who has entered fraudulent or falsified information.
- Guests have a right to protect their personal information and have a duty not to infringe upon the privacy of others. Please be careful not to leak personal information, including message boards. If these responsibilities are not fully upheld and the information and the dignity of others are damaged, the offender may be held punishable under the ‘Promotion of Information and Communications Network Utilization and Information Protection Act.’
- The hotel must obtain the consent of a legal guardian when collecting the personal information of minors under the age of 14 (hereinafter called “child”). The hotel may require mandatory information, such as the name and contact information of the legal representative. The legal representative may request the correction or the deletion of the child’s personal information via mail, telephone, e-mail, FAX etc., in which the hotel will immediately take necessary measures.
Guest opinions, complaints, and the privacy security officer
- The hotel offers a counter for guest feedback and complaints regarding personal information. The hotel will quickly process the results of the feedback or complaints through the hotel homepage or customer service.
- The privacy security officer is available as follows to protect the personal information of guests and handle the complaints regarding the protection of personal information.
|Access Advisory Authority
|Access Advisory Authority
Safety Measures to Ensure Privacy
The hotel enforces the steps listed below to prevent the loss, theft, leak, alteration, or the damage of the personal information of guests.
- Your personal information is password protected, files and transmitted data are encrypted, and important data is protected separately.
- Security devices are in operation to prevent information leakage by attacking application programs.
- The hotel utilizes automatically installed vaccines and patches to prevent damages caused by computer viruses. In the case of a virus outbreak during the periodic update of the program, the hotel immediately applies patches to prevent any security breaches.
- Each server uses security devices such as firewalls and systems analysis systems (firewall, IPS, and server security etc.) to prevent and monitor hacking and other external intrusions for the protection of personal information.
- The hotel limits personnel access to personal information to the following.
- Personal information manager, the person-in-charge, and those who manage personal information
- Those who work directly with the guest for marketing purposes
- Those who must handle personal information for business
- Upon employment, all employees must undertake a security pledge for the prevention of information leakage while internal audits are conducted for compliance with the personal information protection policies.
- Personnel who handle personal information thoroughly maintains confidentiality when transferring duties and is held liable for security accidents after entering and leaving the company.
- As a special protected area, access to the computer room and data storage room is restricted.
- The hotel is not responsible for events caused by the user’s mistake or the basic risks of the Internet.
- The hotel will immediately inform you and take the appropriate measures if there is a loss, leakage, tampering, or damage of personal information due to mistakes in management or a technical accident.
Changes in Personal Information Policies
The personal information policy was enacted on April 1, 2015 and any legal, policy, or technological changes made, including additions, deletions, and modifications are announced at least 7 days on the hotel homepage.
- Publication Date: April 1, 2015
- Enforcement Date: April 1, 2015