Personal Information Handling Policy
Article 1. Purpose of Dealing with Personal Information
The company shall deal with personal information for the following purposes. Processed information is not used for any purpose other than usage listed below, and if there are changes in the purposes, necessary actions such as receiving additional agreements will be implemented in accordance with the article 18 of the Personal Information Protection Act.
1. Homepage Membership Management
WITHGO shall deal with personal information for the purposes of checking intention for joining membership, identification and verification according to membership service, maintaining and managing qualification for membership, identity verification according to the limited identity verification system, preventing illicit use of service, notifications and notices, handling difficulty, and record preservation for dispute mediation.
2. Service Provision
WITHGO shall deal with personal information for the purposes of service provision, customized service provision, identity verification, and payment/settlement.
3. Marketing and Advertisements
WITHGO shall deal with personal information for the purposes of new service development and customized service provision, events and ads information provision and participation opportunities provision, service provision according to statistical features and ad posting, service validity checking, access frequency checking, and statistics on members' service usage history.
Article 2. Collection and Use of Personal Information
1. Collected Personal Information
- 1) If a customer makes a reservation to use the luggage delivery and storage service, the company shall collect personal information for the service at minimum.
- 2) When the customer applies for the service, personal information including 'name, email. SNS id, phone number, and card information' is collected as essential items.
- 3) Additional collection of personal information can happen in the process of using individual services, and event and giveaway application. In this case, the company shall inform the customer of 'the collected personal information items, purpose of collecting personal information, and retention period' and receive consent of the customer when the information is collected.
- 4) IP address, cookies, service usage history, device information, and location information can be generated and collected in the process of using the service.
2. Use of the Collected Personal Information
The company shall use the personal information only for the purposes listed below including membership management, effective service development/provision and improvement, and safe Internet environment building.
- 1) The company shall use personal information for the purposes of checking intention to use the service and customer identification.
- 2) The company shall use personal information for the purposes of new service development and the existing service improvement such as usage statistics and analysis of service visit and use records, in addition to the existing service such as contents provision.
- 3) The company shall use personal information for the purposes of service restriction to members who violates laws and terms, prevention and restriction for activities hindering normal operation including illicit use, delivery of notification such as revision of agreements, record preservation for dispute mediation, customer protection and service operation such as civil complaint handling.
- 4) The company shall use personal information for the purposes of identity verification, payment and service provision according to paid service.
- 5) The company shall use personal information for the purposes of marketing and promotions such as event information and participation opportunities provision and ad information provision.
- 6) The company shall use personal information for analyzing service use record and access frequency, service usage statistics, providing customized service according to the analysis and statistics, and ad posting.
- 7) The company shall use personal information to build service environments where customers can use the service safely in terms of security, privacy and safety.
Article 3 (Handling Personal Information and Retention Period)
- 1. The company shall retain the personal information for the period that members use the service and use the information for service provision and handling civil complaints.
- 2. In principle, the company shall immediately destroy the personal information after achieving the purpose of collection and use of personal information. Exceptionally, if it is necessary to preserve the information in accordance with the relevant laws such as 'The Act on the Consumer Protection in the Electronic Commerce Transactions, etc.', the company shall retain the information for the specific period defined by the laws. The information is used only for the purpose. The others comply with the laws and the preservation period is as follows:
- 1) Delivery related information
- Preservation Purpose : Enforcement Ordinance and the Article 6 of 'The Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
- Preservation Period: 5 years
- 2) Payment
- Preservation Purpose : Enforcement Ordinance and the Article 6 of 'The Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
- Preservation Period: 5 years
- 3) Records on handling complaints or dispute settlement
- Preservation Purpose : Enforcement Ordinance and the Article 6 of 'The Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
- Preservation Period: 5 years
- 4) Delivery reservation
- Preservation Period: 2 years (Reservation information of non-member: 3 months)
- 1) Delivery related information
Article 4 (Provision of the Personal Information to Third Parties)
In principle, the company shall not deal with the personal information beyond the original purposes nor provide the information to third parties. However, the personal information can be provided to third parties in the following cases:
- 1) In case that the company received a consent from the data subject.
- 2) In case that there are specific rules in other laws
- 3) In case that a data subject or legal representatives is not able to declare one's intention or prior consent can not be received due to incorrect address, in which provision of the information to third parties is definitely considered to be necessary for urgent physical and financial benefits of the data subject or the third parties.
- 4) In case that it is necessary for statistics and academic research and the personal information is provided in unidentified forms.
- 5) In case that business specified in other laws can not be done unless the personal information is used beyond the original purposes or provided to third parties, with review and decision by the relevant protection committee.
- 6) In case that it is necessary to provide the information to foreign countries or international organizations to comply with treaties or international agreements.
- 7) In case that it is necessary for a criminal investigation, prosecution and maintaining the prosecution.
- 8) In case that it is necessary for court case.
- 9) In case that it is necessary for execution of the sentence, custody, and protective disposition.
Article 5 (Outsourcing Handling of Personal Information)
- 1. The company shall specify prevention of handling personal information other than the purposes of outsourcing, technological and managerial protection measures, limitation in re-outsourcing, management and supervision of the outsourcing company, liability for damages, etc. in the contract when making an outsourcing contract in accordance with the article 25 of the Personal Information Protection Act and supervise whether the outsourcing company deals with the personal information safely.
- 2. If there is any change in the outsourcing work or company, the company will immediately inform the change through this policy.
Article 6 (Collection of Personal Information Using Cookies)
- 1. The company partly operates cookies to provide better services. Cookies are small amount of information transmitted from the website servers to the computer browser of users, which include the website information visited by the user and personal information of the visitor. Cookies are able to identify the computer browser of the data subject, but not able to identify the data subject, through which the company collects the encrypted personal information.
- 2. Each data subject has a right of choice by coordinating options of web browser; receiving all cookies or sending a separate notice when the cookies are installed or denying all cookies. However, if the data subject denies cookies, there might be difficulty in using the website.
Article 7 (Rights and Obligations of Data Subject and How to Execute Rights and Obligations)
- 1. A data subject is able to execute the following rights related to personal information protection anytime.
- 1. Request for disclosure of personal information
- 2. Request for correction in case of error
- 3. Request for disposal of personal information
- 4. Request for suspension of handling personal information
- 2. Execution of the rights according to the clause 1 can be requested in writing, telephone, email, and fax, which shall be immediately responded by the company.
- 3. If a data subject requested correction or disposal about error of personal information, the company shall not use or provide the personal information until it is completely corrected or disposed.
- 4. The rights according to the clause 1 can be executed through legal representatives or entrusted delegates of the data subject. In this case, the power of attorney should be submitted after the form of annex No. 11 in the enforcement regulation of the Personal Information Protection Act.
- 5. A data subject should not invade personal information or privacy of others or themselves by breaking the relevant laws such as the Personal Information Protection Act.
- 6. The company’s website shall not collect personal information of children under 14 years old.
Article 8 (Personal Information Items Processed)
The company shall process the following personal information:
- 1. Homepage membership joining and management
- Mandatory Items: Name, id, password, email, and phone number
- Selective Items: Gender, address, etc.
- 2. The following items can be automatically generated and collected in the process of using the Internet.
- IP address, cookies, service usage history, visiting history, and defective use history, etc.
Article 9 (Process and Method of Personal Information Disposal)
Personal information of customers shall be immediately disposed after the retention period has passed or the purpose of handling personal information has been achieved. The disposal process and method of the personal information is as follows:
- 1. Disposal Process
- 1) The information entered by customers to join the membership is disposed after being retained for a specific period upon achievement of the purpose of collecting information in accordance with the retention period (Refer to the use and retention period of the personal information) by the internal policy and relevant laws.
- 2) Personal information is not used for other purposes unless it is required by laws.
- 2. Disposal Method
- 1) Personal information printed in documents is disposed by a paper shredder or incineration.
- 2) Personal information saved in the electronic file is permanently deleted in a technically unrecoverable manner.
Article 10 (Measures to Secure Safety of Personal Information)
The company has taken the following measures to secure safety of personal information:
- 1. Managerial measures: Establishing internal management plans, regular staff training, etc.
- 2. Technical measures: Management of access right of the personal information handling system, encrypting installation information of the access control system, installation of security programs, etc,
- 3. Physical measures: Designation of control areas such as computer room, archives, etc.
Article 11 (Personal Information Security Officer)
- 1. The company has appointed staff responsible for personal information security to protect personal information of users and deal with difficulties related to personal information as follows:
- 1) Personal Information Security Officer
Name: Yun Chang-gi / e-mail: ckyun@withgotrip.com - 2) Department dedicated for personal information protection
Name of Department: Information Security Team / e-mail: info@withgotrip.com
- 1) Personal Information Security Officer
- 2. A data subject is able to ask the personal information security officer and the department about inqury related to personal information protection, handling complaints and damage relief. The company will immediately answer and respond to the inquiry.
Article 13 (Request for Personal Information Disclosure)
A data subject is able to request disclosure of personal information in accordance with the article 35 of the Personal Information Protection Act to the following department. The company will make efforts to process the request by the subject.
- Department receiving and dealing with the request for personal information disclosure
- Name of Department: Customer Service Team
- e-mail : service@withgotrip.com
Article 13 (Remedy of Infringement on Rights and Interests)
The company shall quickly respond to report of users. Please ask the following agencies if you need to report other infringement on personal information or consultation.
- Personal Information Dispute Mediation Committee(www.kopico.go.kr/1833-6972)
- Privacy Infringement Report Center(privacy.kisa.or.kr/118)
Article 14 (Privacy Policy)
This Privacy Policy is applied as of the 1st of March, 2020.