Privacy Policy
Privacy Policy Effective Date: December 11, 2024
Hwiya Co., Ltd. (hereinafter referred to as "Company") considers the protection of members' personal information important and is doing its best to ensure that members' personal information is protected by complying with personal information protection regulations under related laws such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and the "Personal Information Protection Act."
This Privacy Policy provides information related to the Company's personal information processing, explains the rights that customers have and how to exercise those rights, and provides contact information for the personal information protection officer and staff who can be contacted if there are inquiries related to personal information while using our services.
Article 1 (Personal Information Collection Items and Methods)
We collect the minimum personal information necessary for using TripFriend services. If you wish to use membership services, you must enter the following required information, and there are no restrictions on service use if you do not enter optional items.
• Personal information collected when using services
| Category | Collection and Use Purpose | Collection and Use Items | Retention and Use Period |
|---|---|---|---|
| [Required] | Member registration and user identification, member management | When using services ・ ID (email), password When using services through SNS accounts ・ Kakao: Kakao account (email), profile information (nickname/profile photo), Kakao account (phone number) ・ Naver, Facebook: Email address ・ Apple: Apple ID (email) ・ Google: Google ID (email) | Until member withdrawal ・ When necessary to preserve according to related laws, stored until the deadline required by such laws |
| Identity verification during membership registration | ・ Name, date of birth, gender, domestic/foreign resident information, CI/DI, carrier information, mobile phone number | ||
| Prevention of illegal/fraudulent use, external transaction monitoring and service analysis | ・ Automatically generated information: Device information (device type, OS version), usage records (IP address, cookies, *service usage records) ※ Service usage records: Access date and time, list of services used and all logs generated during service use, consultation details between partners and travelers, etc. This is necessary for service provision, and service use may be restricted if you refuse this. | ||
| [Optional] | Location-based service provision | ・ Personal location information | Upon consent withdrawal, personalized ad blocking, destroyed upon member withdrawal |
| Service usage analysis, provision of information on personalized product and service benefits, transmission of advertising information such as events | ・ Email, mobile phone number |
• Personal information separately collected by services
| Category | Collection and Use Purpose | Collection and Use Items | Retention and Use Period |
|---|---|---|---|
| [Required] | When purchasing products (common) | ・ Reservation holder and traveler information: Name, email, mobile phone number, English name (some products) ・ Reservation details: Reservation date, payment amount ・ Additional reservation information: Gender (some products), date of birth (some products) | Until member withdrawal ・ When necessary to preserve according to related laws, stored until the deadline required by such laws |
| Identity verification when purchasing products (partial) | ・ Name, date of birth, gender, domestic/foreign resident information, CI/DI, carrier information, mobile phone number | ||
| Delivery products | ・ Recipient, mobile phone number, postal code, address | ||
| Payment and settlement | ・ Card holder name, card number, expiration date, first 2 digits of password, date of birth (domestic products) ・ Financial institution name, account number, account holder name | ||
| Customer consultation and inquiry response | (Website inquiry) ・ Email, phone number, reservation number, message details (included personal information), consultation content | ||
| Customer center consultation | ・ Name, email, contact information, consultation content | ||
| Community registration | ・ Nickname, profile photo | ||
| Bank transfer refund | ・ Account holder, deposit bank, account number | Destroyed upon information deletion request or member withdrawal |
Article 2 (Purpose of Personal Information Use)
- Member management: Personal identification for providing membership services, confirmation of registration intention, usage restriction measures for members who violate terms of service, registration and registration frequency restrictions, sanctions for fraudulent service use, record preservation for grievance handling and dispute mediation, delivery of notices, confirmation of member withdrawal intention
- In addition to providing existing services such as content (including advertising), demographic analysis, analysis of service visits and usage records, formation of relationships between members based on personal information and interests, discovery of new service elements such as providing customized services based on acquaintances and interests, and improvement of existing services
- New service development and utilization in marketing advertising: New service development and customized service provision, service provision and advertisement placement according to demographic characteristics, service effectiveness verification, provision of event and advertising information and participation opportunities
- Identity verification, contract and fee payment, product and service provision accompanying payment system provision
- Building an environment where members can use services with confidence in terms of security, privacy, and safety
Article 3 (Retention and Use Period of Personal Information, Destruction Procedures and Methods)
The retention and use period of collected personal information is from the conclusion of the service use contract (membership registration) to the termination of the service use contract (withdrawal application). In principle, the Company destroys such information without delay after the purpose of personal information collection and use is achieved.
However, when personal information must be stored for a certain period according to laws despite the expiration of the personal information retention period agreed upon by users or the achievement of processing purposes, personal information is stored separately according to the provisions of laws during the relevant period.
1. Personal Information Retention According to Related Laws
Based on the Act on Consumer Protection in Electronic Commerce, etc.
- Records on payment and supply of goods, etc. - 5 years
- Records on contracts or withdrawal of offers, etc. - 5 years
- Records on consumer complaints or dispute handling - 3 years
Based on the Act on Protection and Use of Location Information, etc.
- Records on location information - 6 months
Based on the Communications Secret Protection Act
- Website visit records - 3 months
2. Destruction Procedures
Users' personal information is moved to a separate DB after the purpose is achieved (separate filing cabinet in case of paper) and stored for a certain period according to information protection retention reasons under internal policies and other related laws (refer to 2.1) before being destroyed. At this time, personal information moved to a separate DB is not used for purposes beyond those agreed to by members or for other purposes except as stipulated by law.
3. Destruction Methods
Personal information stored in electronic file format is deleted using technical methods that make records irreproducible. Personal information printed on paper is destroyed by shredding with a shredder or incineration.
Article 4 (Provision of Personal Information)
- The Company does not disclose members' personal information to external parties without prior consent. However, exceptions are made when members have consented to provision in advance or when there are requests from investigative agencies according to legal provisions.
- Personal information is provided to counterpart members as follows during contracts and use between members, payment and refund processing:
- Name, mobile phone number, contract information, email address
Article 5 (Personal Information Processing Consignment Status)
TripFriend consigns personal information processing tasks to external specialized companies as follows for smooth business operations such as service provision, service maintenance/management, and user convenience provision.
1. Domestic Personal Information Processing Consignment Status
| Consignee | Consigned Tasks |
|---|---|
| Biztalk Co., Ltd. | Contract and payment notification service |
| Korea Mobile Certification Co., Ltd. | Identity verification and identity confirmation service provision |
| KOVAN | Payment processing service |
| NICE Information Service Co., Ltd. (Re-consignment status) | Identity verification and identity confirmation service provision |
| Amazon Web Services Inc. | System operation and data storage for service provision |
| Email, internal communication and collaboration tools, data storage, domestic flight cancellation refund applications |
2. Overseas Personal Information Processing Consignment Status
| Company Name (Contact) | Country | Date/Time and Method | Personal Information Items | Purpose of Use | Retention and Use Period |
|---|---|---|---|---|---|
| AWS (aws-korea-privacy@amazon.com) | United States | Transmitted through secure network when sending emails | Email transmission | Until member withdrawal or termination of consignment contract |
Users can refuse overseas transfer of personal information through the Company's personal information protection officer and relevant department. When users refuse overseas transfer of personal information, the Company excludes such users' personal information from overseas transfer targets. However, in this case, use of services that essentially require overseas transfer of personal information among the Company's services may be restricted.
Article 6 (Rights and Obligations of Data Subjects)
- Members and legal representatives may request inquiry, modification, or withdrawal of their registered personal information from the personal information management officer and staff at any time. However, in this case, use of part or all of the service may be difficult.
- Members and legal representatives may inquire about and modify personal information through written documents, telephone, email, etc. to the Company's personal information management officer, and the Company will take measures without delay.
- When members request correction of errors in personal information, the relevant personal information will not be used or provided until correction is completed. Also, if incorrect personal information has already been provided to third parties, correction processing results will be notified to third parties without delay to ensure correction is made.
Article 7 (Cookie Installation/Operation and Refusal)
1. What are Cookies?
- The Company uses 'cookies' that store and frequently retrieve information from service users including members (hereinafter 'users') to provide personalized and customized services.
- Cookies are very small text files sent by servers used to operate websites to users' browsers and stored on users' computer hard disks. When users later visit the website, the website server reads the cookie contents stored on users' hard disks to maintain users' environment settings and provide customized services.
- Cookies do not automatically/actively collect personally identifiable information, and users can refuse storage of or delete such cookies at any time.
2. Company's Cookie Usage Purpose
- Used to understand visit and usage patterns of webpages visited by users, user scale, etc. to provide optimized customized information (including advertisements) to users.
3. Cookie Installation/Operation and Refusal
- Users have the right to choose cookie installation. Therefore, users can allow all cookies, go through confirmation each time cookies are stored, or refuse storage of all cookies by setting options in web browsers.
- Cookie installation, operation and refusal methods: Cookie storage can be refused through the following methods:
- For Internet Explorer: Tools>Internet Options>Privacy menu option settings at the top of the web browser
- For Microsoft Edge: Top menu>Settings>View Advanced Settings>Cookie menu option settings
- For Chrome: Top menu>Settings>Advanced>Content Settings>Cookie menu option settings
- However, if cookie storage is refused, some services requiring login may be difficult to use.
Article 8 (Security Protection Measures for Personal Information)
The Company implements the following technical/administrative and physical measures necessary for ensuring security according to Article 29 of the Personal Information Protection Act.
- Administrative measures: Establishment and implementation of internal management plans, regular employee training, operation of dedicated personal information protection organizations, etc.
- Technical measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
- Physical measures: Continuous operation of access control systems that control entry and exit
Article 9 (Contact Information of Personal Information Management Officer)
Personal Information Management Officer
Name: Jung Young-hwi (CEO)
Contact: 010-2193-0200
Email: official@hwiya.com
Article 10 (Changes to Privacy Policy and Notification Obligations)
- When there are additions, deletions, and modifications to the current Privacy Policy content, we will notify through the service's 'Notice' from at least 7 days before the revision.
- This Privacy Policy applies from December 11, 2024.