현재 페이지 위치 : > Privacy Policy > View previous version 10.7

개인정보 처리방침

We, Hotel Shilla Co., Ltd. (also hereinafter referred to as the “Company”), use our best efforts to protect your privacy and personal information, and to that end the Company is committed to complying with the Promotion of the Use of Information and Communication Networks and Protection of Information Act (the “Information and Communication Networks Act”), the Privacy Protection Act and all other relevant laws and regulations. This Privacy Policy is posted for public access on the Company’s website(https://www.shillahotels.com) so you can be well informed of what we do to protect your personal information.
This Privacy Policy may be revised or updated from time to time according to changes to pertinent laws, government policies or the Company’s internal regulations and we will immediately notify you of such revisions or updates in order that you can be readily aware thereof.
The Company’s Privacy Policy contains the following:

Date implemented : 1998-04-25
Last updated date : 2024-01-12

1. Collection of Personal Information; Purposes of Collection; Items to Be Collected; and Methods of Collection

A. We collect your personal information as may be required to sign up for a Hotel Shilla membership, to identify you and provide e-commerce services. The personal information to be collected by the Company is as follows:

Collection of Personal Information; Purposes of Collection; Items to Be Collected; and Methods of Collection
Classification Item Purpose Period
Member Registration Full name, username, password, date of birth, e-mail address, contact number, DI(Duplicated joining verification Information), gender, Shilla Rewards number. To confirm your identity, provide membership services Until withdrawal from membership
Accommodation Reservation Full name, e-mail address, region (based on passport), reservation information (staying period, room type, number of people, hotel name), customer preference, passport number (foreigner/Korean), gender, contact number, payment information (card type, card number, expiration date) Identification or complaint handling, etc. For five (5) years after room stay
Non-member Accommodation Reservation Full name, region (based on passport), e-mail address, contact number, reservation information, payment information (card type, card number, expiration date), gender Room reservations and customer service For one year after the reservation date
Restaurant Reservation Name, e-mail address, contact number, reservation information, payment information (card type, card number, expiration date) Identity verification, restaurant reservation & customer service For one year after the reservation date
Inquires (Comments) Full name, e-mail address, contact number Information and services for inquiries For three years from the day of collection or use you agree to
Inquires (Inquires) Full name, e-mail address, contact number Information and services for inquiries For two years from the day of collection or use you agree to
Blue Membership Registration Name (Korean,English), gender, date of birth, e-mail address, contact number, address, credit card information Personal identification, reservation confirmation, notificationof delivery, notice dispatch, complaint handling, payment-related issues, satisfaction survey Until the end of the membership usage period from the date of collection and usage agreement
Shilla S Registration Name (Korean,English), gender, date of birth, e-mail address, contact number, payment information Membership Application, Member Identification, Member Management, Contact for Contract Fulfillment, Service Information (Notification Delivery, Personal Preference Confirmation, Service-related Guidance & Consultation, Complaint Handling, Important notes, etc.), mail dispatch, annual fee payment, service satisfaction surveys Up to 1 year after membership termination (e.g., withdrawal)

B. We selectively collect your personal information as may be required to sign up for a Hotel Shilla membership, to identify you and provide e-commerce services. The personal information to be collected by the Company is as follows:

Collection of Personal Information; Purposes of Collection; Items to Be Collected; and Methods of Collection
Classification Item Purpose Period
Member Registration Phone, address To provide benefits for anniversaries, promote products and services; and investigate customer satisfaction. Until withdrawal from membership or delivery; or for five (5) years after room stay
Restaurant Reservation Allergy information Restaurant Menu Provision & Service One year after the reservation date
Inquires (Comments) Home phone Information and Services for Inquiries For three years from the day collection or use you agree to
Inquires (Inquires) Home phone Information and Services for Inquiries For two years from the day collection or use you agree to
Newsletter Subscription Application E-mail address Newsletter Dispatch Until newsletter subscription withdrawal
Blue Membership Registration Name (Korean,English), gender, date of birth, e-mail address, contact number, address Product and Service Introduction, Promotion Notification Until the end of the membership usage period from the date of collection and usage agreement
Shilla S Registration Name (Korean,English), gender, date of birth, e-mail address, contact number, address Introduction of products and services by Hotel Shilla Co., Ltd. (hotels, duty-free stores, etc.) and Shilla Stay, other affiliate companies, specific events, and foreign chef invitation events Until membership termination (e.g., withdrawal)

C. When you are using online membership services, we may collect such information as your IP address, service-use history and billing information (i.e., credit card number, bank account number, gift card number, mobile-service payment authorization code, etc.), only for the purposes of making such services available and/or verifying your financial transactions.

D. We collect your personal information from your application for membership on our website and by means of written notices, facsimile or phone communications, online message boards, promotional events and/or other approaches for collection of created information.

2. Disclosure and Sharing of Collected Personal Information

A. We will not use or disclose to any third party any of your personal information, without your consent or except as required by law, for purposes other than those intended hereunder and specified herein. However, in the following cases, customers' personal information is used and disclosed to third parties.

①. In the event that the rights and obligations of a service provider is fully assigned or transferred as a result of sale, merger or acquisition, we will ensure that we inform you in advance of details of the reasons and procedures for such assignment or transfer and that you have the right to withdraw your consent to the use of your personal information.

② Where your personal information is to be disclosed or shared, we will seek your consent in advance by notifying you by email or otherwise in writing of what items of such information will be disclosed or shared, whom the information will be disclosed to or shared with, why it should be disclosed or shared, and how and how long it will be protected and managed. If customers refuse to consent, personal information will not be disclosed or shared with third parties. The same procedures will apply if the information recipient is changed or terminated.

③To provide better service, the company provides the following information with the customer's consent.

[Domestic]

Disclosed to
(Name of Recipient)
Purpose of Use by Recipient Items of Information for Disclosure Period of Retention/Use
Shilla HM Co.,Ltd. To provide integrated reservation services and related convenience.  Name, date of birth, email address, phone number, length of stay (arrival and departure dates), payment method, passport number, and preferences 5 years after last stay
To provide Shilla Rewards membership services Name (both in native language and English), date of birth, gender, email address, mobile phone number, purchase and reservation details, length of stay, username, password, and Shilla Rewards number. Until membership withdrawal
Korean Air Lines Co., Ltd. To handle and/or identify flight reservations.  Name, contact number, email address, credit card information (card number, expiration date, first two digits of the password)
※ Card information is collected and disclosed upon ticketing request. 
Untile the purpose of use is achieved
Asiana Airlines Inc. 

[International]

Person to whom personal information is transferred. (Country, Contact information) SHILLA MONOGRAM QUANGNAM DANANG[QUEVIET - QUANGNAM COMPANY LIMITED(Vietnam, privacy@danang.shillamonogram.com)
Purpose of transferred personal information and recipent of use To provide Shilla Rewards membership services.
Personal information items transferred Name, DOB, Gender, E-mail, Phone No., Purchase history, Duration of stay, Shilla Rewards ID
Date/Method of Entrustment Info will be transferred via network the next day of account creation
Personal Information Retention and Use Period Until Account Termination
Rights to refuse the transfer of personal information outside South Korea and effects You can elect to refuse to agree to the provision of the above personal information to third parties and its transfer outside South Korea. In case of refusal, Shilla Rewards benefits and related services will not be available to you as you won't be able to earn Shilla Rewards points when using SHILLA MONOGRAM QUANG NAM-DANANG (Danang, Vietnam). 

B. When a customer's information is disclosed or shared with partners, we will notify and request the customer's consent for purpose, items, retention period, rights to refuse consent, any disadvantage due to refusal and recipient to whom the information is being disclosed and shared.

C. Your personal information may be disclosed without your consent in accordance with applicable provisions of relevant laws:
- When there are special provisions in other laws
- When it is clearly deemed necessary for any urgent matter regarding life, personal safety and wealth.


3. Outsourcing the Handling of Personal Information

A.The Company, for the provision of its services, has outsourced the handling of personal information on a contract basis as follows:

Outsourcing the Handling of Personal Information
Contractor (Outsourced to) Outsourced Service
Samsung SDS

Operation and maintenance of the computer system

S-Tec

Operation of CCTV systems, room maintenance & accommodation facility management

Yesong

Counseling to Shilla S members

Shilla HM Co.,Ltd.
(Shilla Stay Dongtan, Jeju, Mapo, Gwanghwamun
and Seocho)

ntegrated reservation services and other activities for registration of Shilla Rewards members, modification of Shilla Rewards member information, awarding and redemption of Shilla Rewards points and customer response

QUEVIET - QUANGNAM CO., LTD (Shilla Monogram Danang)

DAOU Tech, INC.

SMS, MMS sending agency

Standard Networks Co., Ltd

Product promotion and LMS for Shilla Rewards expiry points information.

Earlysloth Co., Ltd.

investigate customer satisfaction

Transcosmos Korea

Call center/Customer service & response

netsbridge Co., Ltd

TV contents service

SHP Corporation

Operation of Fitness Center(VANTT)

Google

Website user statistical analysis

B.Personal information collected internationally is handled as follows:
Hotel Shilla has entrusted TableCheck Inc. with Shilla Rewards use. Personal infromation is protected by all means and is under the strict supervision of Hotel Shilla.

Entrusted Company TableCheck Inc.
Location of Entrusted Company Dai-27 Chuo Bldg 4th floor 2-14-5 Ginza Chuo-ku, Tokyo, Japan 104-0061
Date/Method of Entrustment Personal information is transmitted via a network as needed for reservations.
Chief Privacy Officer Contact Information support@tablecheck.com
Collected Info for entrustment Name, phone number, Email, Address
Entrusted Tasks Storing information necessary for reservation services
Personal Information Retention and Use Period 3 months from last visit.
Rights to refuse the transfer of personal information outside South Korea and effects You can refuse to transfer personal information abroad by refusing to consent to the overseas transfer. However, consent to the overseas transfer is essential when making a reservation, so you must agree to the above to proceed with making a reservation.

4. Collection of personal information using cookies

A. Use of Cookies
We use cookies for the convenience of users. The information we collect through cookies includes your username and IP address and is used to keep you logged in and display personalized advertising messages.

B. Installation and Use of Cookies; and Refusal of Use
You have the option to accept or decline the installation of cookies and may set your web browser to accept all cookies, alert you whenever a cookie is stored, or disable or block the storage of cookies. (In the Chrome, you can delete all cookies stored on the user's PC by simply pressing the Delete button from the Tools > Settings > Privacy and security > Clear browsing data. Alternatively, if you check down the «Delete Search History when Exiting» item, you can automatically delete cookies each time you exit the browser) Disabling or blocking the storage of cookies may limit your access to services requiring you to log in.

C. Our company uses Google Analytics, a service provided by Google, to scrutinize your website interactions. The data generated via Google Analytics is handled according to Google's Privacy Policy and is transferred to, and retained on, Google's servers located within the United States. Acting on behalf of our company, Google processes this data to evaluate your website usage, formulate activity reports, and deliver other services tied to Internet usage. It is possible for you to reject the employment of cookies for the outlined objectives through your browser's settings. However, doing so may inhibit your ability to fully utilize the website's functions. By downloading and installing a browser add-on, you can opt out of the collection and processing of your user data, including your IP address. For a comprehensive understanding of how your information is used, please refer to Google's page(www.google.com/analytics/learn/privacy.html).

5. Retention and Destruction of Personal Information

A. The Company will retain your personal information until the purposes of collection or disclosure of such information are accomplished and will destroy your personal information immediately when such purposes are accomplished or upon the expiration of a retention period permitted by your consent. The times when we are required to destroy your personal information are as follows:
- Your membership information is destroyed when you withdraw or are dismissed from Hotel Shilla membership.
- Your delivery information is destroyed when a product or service has been delivered or provided.
- Your information collected for a survey or promotional event is destroyed upon when such survey or event is over.
- The information used to identify you is destroyed when your identity has been verified.

Notwithstanding the foregoing, when any of your personal information needs to be retained under relevant laws or internal regulations, we may retain such information (i) for a period of five (5) years if it pertains to the revocation of contracts or subscriptions; (ii) for a period of five (5) years if it relates to the supply of goods or services and payments therefor; or for a period of three (3) years if it pertains to the handling or resolution of complaints or disputes.

B. Your personal information will be destroyed by the following procedures and methods:
- Paper-printed information is destroyed with a paper shredder or through a shredding service provider.
- Electronically stored information is permanently deleted in a technically irretrievable manner.

C. How personal information is destroyed after period of retention and use
- Personal information printed on paper: shredded or entrusted to a professional shredding company
- Personal information stored in the form of an electronic file: deleted using a technical method that prevents reproduction of information

6. Rights and Obligations of Users and Exercise of Rights

A. You have the right at any time to view, correct or delete your registered personal information, have it corrected or deleted, have its processing suspended or withdraw your consent to the use and disclosure thereof, directly on the Membership Information page of our website or by contacting our Privacy Officer in writing, by telephone (at 02-2233-3131) or by email, in which case we will respond forthwith after identity verification.

B. If you request that we correct an error in your registered personal information, such information will not be employed or disclosed until such correction is made accordingly. Where any incorrect part of your personal information has been disclosed to any third party, we will have it corrected by giving immediate notice to such third party.

7. Measures for Security of Personal Information

A. In handling your personal information, we use our best efforts to prevent such information from being lost, stolen, leaked, falsified or damaged by taking the following technical, administrative and physical measures for security assurance:

- Minimum number of information workers and training
Personal information is made accessible to the smallest possible number of people and regular training is provided to such people.

- Regular in-house audits
In-house internal audits are conducted on a regular basis for the security of personal information.

- Internal management plan
An internal management plan is developed and implemented for safe handling of personal information.

- Encryption of personal information
Your personal information is password-protected and stored and managed in encrypted form. All data is encrypted for transmission and other important data is protected by separate security features.

- Technical measures against hacking
Personal information is protected by security software for the prevention of leakage, damage or tampering due to hacking or computer virus infection, and the software is periodically updated and tested. All systems are installed in access-controlled areas and technically and physically monitor and block access from outside.

- Limited access to personal information
We take necessary measures to control access to personal information by means of granting, modifying or canceling access to database systems that handle personal information, and a firewall system is employed to control unauthorized access from outside.

- Storage of access logs and prevention of data forging or tampering
We store and maintain a history of your access to our personal information processing system and use security features for your access log data not to be forged, tampered with, damaged, stolen or lost.

- Use of locks for document security
Documents and auxiliary storage media containing personal data are kept in safe, locked places.

- Prevention of unauthorized access
We have set up a separate physical location where personal information is stored and have established and implemented procedures for the control of access to the storage location.

 

8. Gathering of Opinions and Handling of Complaints

A. We value your opinion and feedback, and you are always entitled to have your questions answered in a serious fashion. We have set up a customer service hotline to effectively communicate with our customers.
[ Customer Service Center ] Contact number: 82-2-2230-3131

B. The customer service hotline is available from 09:00 a.m. to 06:00 p.m. All inquires by email, fax or mail will receive courteous responses within 24 hours after receipt thereof. However, if received after normal office hours or during weekends and holidays, such inquires will be answered on the following business day.

C. If you want to report a breach of your privacy or seek advice thereon, please contact:
- The Privacy Complaint Center (via https://privacy.kisa.or.kr or at 118);
- The Supreme Prosecutors' Office High-tech and Financial Crimes Investigation Division (via https://www.spo.go.kr or at 1301); or
- The National Police Agency Cyber Bureau (via https://ecrm.police.go.kr or at 182)

9. Privacy Officer

The Company has appointed the following departments and persons to be responsible for protecting its customers’privacy and personal information and for gathering their opinions and handling their complaints:

Privacy Officer
Appointed as: Chief Privacy Officer (CPO) Personal Information Manager Personal Information Handler
Name Lee, JaeWon Shim, Wook Gwon, Hyeongyu
Department Information Security Team Hotel & Leisure HR Team Hotel & Leisure HR Group
Title/Position Vice President Vice President Manager
Phone Number +82-2-2230-3131 +82-2-2230-3131 +82-2-2230-3131
Email Address comments.shilla@samsung.com comments.shilla@samsung.com comments.shilla@samsung.com

10. Privacy Protection for Children under the Age of 14

The Company does not collect any personal information of our member customers' children under the age of 14 in compliance with the Juvenile Protection Act. If we need to collect personal information of the minors under the age of 14 with respect to our hotel business, we will get consent from their legal representatives or guardians.

11. Transmission of Advertising Messages

A. We do not send you any advertising messages for commercial purposes so long as your unsubscription request is expressly given.

B. If we send any advertising message by email or otherwise for online marketing purposes such as presenting product information, we will ensure that in a plain and legible manner:
- 'The email's subject line communicates what the email is about, although it may not indicate “Advertisement”; and
- The body text contains the sender’s name, email address, phone number and mailing address, as well as instructions on how to unsubscribe, so that the recipient can readily unsubscribe from further advertisements.

C. Likewise, if we send you an advertising message for commercial purposes by fax or mobile text message or via non-email means, we will ensure that the sender’s name is indicated in such message, even if you have agreed to the receipt of advertising messages.

12. Linked Sites

A. We may provide you with links to websites or materials of other companies, in which case we assume no responsibility for and make no guarantee as to the usefulness of such websites and materials over which we have no control.
B. If you move to another website by clicking a link appearing on the Company’s website, we recommend that you carefully read the privacy policy of such website, as it is beyond the control of Hotel Shilla.

13. Posts

A. We value the comments, suggestions, opinions, statements and other content posted by our customers (collectively “posts”) and use our best efforts to protect such posts from being tampered with, damaged or deleted. Notwithstanding, this does not apply to the following:

- Spam-like messages (e.g., chain letters and advertisements);
- Posts that defame others by disseminating false information to slander them maliciously; and
- Posts that reveal the identity of other users without their consent, infringe on third parties’ copyrights or other rights or are irrelevant to the themes of the bulletin board.
- If a post is found to reveal the identity of other users, the Company may delete or correct part of such post in order to maintain and promote a healthy online community culture.
- If the content of a post is deemed movable to another section, the Company will provide a path in such posts to avoid misunderstanding or confusion.
- The Company may delete other posts deemed malicious or improper after giving express or individual warnings.

B.Essentially, you have rights to your posts and are responsible for them. It is difficult to protect information you disclose voluntarily via a post, so we recommend that you give careful consideration before such disclosure.

14.Changes to the Privacy Policy

If any change is made to this Privacy Policy by addition, deletion or correction due to a modification or revision in relevant laws, government policies or the Company’s internal regulations, or a change of security technology, the Company will post such change immediately on its website.

Privacy Policy version : v10.7
Enforcement Date : 25 April, 1998
Amended date : 27 July, 2007 [View previous version]
Amended date : 20 February, 2012 [View previous version]
Amended date : 1 August, 2013 [View previous version]
Amended date : 12 January, 2018 [View previous version]
Amended date : 30 November, 2018
Amended date : 11 February, 2020
Amended date : 2 March, 2020
Amended date : 1 April, 2020
Amended date : 25 February, 2022
Amended date : 13 January, 2023
Amended date : 2 March, 2023
Amended date : 15 June, 2023
Amended date : 3 August, 2023
Amended date : 22 August, 2023 [View previous version]
Amended date : 2 November, 2023 [View previous version]
Amended date : 5 December, 2023 [View previous version]
Amended date : 12 January, 2024 [View previous version]

 

This Privacy Policy shall come into full force and effect on the 12nd day of January 2024.