Privacy policy

All personal information processed by Midas Hotel&Resort (hereinafter referred as "The Company") is collected, retained and processed according to relevant laws or the consent of the subject of information. The Company takes the protection of users' personal information very seriously, and has tried its best to ensure that users of the website (including mobile web / app) provided by The Company can safely use The Company's services at all times. The Company will inform you how the personal information provided by the member is being used and which action The Company has made through the Privacy policy.

  1. 1. Collection • use items, purpose, possession and use period of personal information
  2. 2. Providing and sharing of collected personal information with third parties
  3. 3. Consignment of personal information processing business
  4. 4. Personal information collection by cookies
  5. 5. Retention period and destruction of personal information
  6. 6. User's rights and duties and how to exercise them
  7. 7. Measures to ensure the safety of personal information
  8. 8. 8. Feedback and complaints handling
  9. 9. The officer in charge of Personal Information Protection
  10. 10. Collecting personal information of children under 14
  11. 11. Sending advertising information
  12. 12. Link Site
  13. 13. Posts
  14. 14. Modification of Privacy policy

Collection • use items, purpose, possession and use period of personal information

  1. A. The Company collects the following mandatory personal information for membership, e-commerce service provision when signing up for membership.
    e-commerce service provision when signing up for membership.
    Item purpose period
    ID, password, name, date of birth, sex, email, identification by mobile phone number, membership service provision, hotel deal contract and delivery membership withdrawal or 5 years after stay
  2. B. The Company collects the following personal information selectively when signing up for membership.
    The Company collects the following personal information selectively when signing up for membership.
    Item purpose period
    English name, general number, whether to agree to marketing or not product and service introduction, customer satisfaction survey membership withdrawal or 5 years after stay
    Child information (under 14 years old)
    Legal Representative Information (Name, Contact)
    KIDS JAM Service provision
    (Separate terms and conditions)
    one year after using the service
  3. C. In the case of online members, The Company might collect IP information, cookie information, service use records, payment information (credit card number, account number, payment approval number by communication operator, etc.) only for the purpose of online member service provision and financial transaction confirmation during the process of service use.
  4. D. The Company collects personal information through membership of the homepage, written, fax, telephone, consultation bulletin board, event application and collection method of the generated information.

2. Providing and sharing of collected personal information with third parties

  1. A. The Company shall neither use nor disclose personal information of the customer beyond the noticed range in "Purpose of collecting and use of personal information" except for the consent of the customer or the regulations of related laws.
  2. B. If the rights and obligations of the service provider are fully succeeded and transferred such as sale, merger and acquisition, the reasonable causes and procedures shall be noticed in advance and the optional right to withdraw consent to customer's personal information will be given.
  3. C. When requesting user’s consent, providing or sharing personal information, the Company will go through the process to ask for consent on the questions including who the provider is, what personal information items are provided or shared, why such personal information should be provided or shared, and until when and how they will be protected and managed, through written notification or by email individually. If there is a change of the provider, it will be notified or asked for consent by the same procedure.
  4. D. In the following cases, it is possible to provide personal information without the consent of the customer according to the provisions of relevant laws and regulations.
  1. - Implementation of contracts for the provision of services
  2. - If there is a request from the investigating agency under the provisions of relevant laws or procedures and methods prescribed in the Act for purpose of investigation.
  3. - When it is processed into the form in which the specific individual can’t be identified for statistic creation, academic research, or market survey

3. Consignment of personal information processing business

For the implementation of the service, The Company entrusts the following personal information processing tasks to external professional companies.

For the implementation of the service, The Company entrusts the following personal information processing tasks to external professional companies.
The person who is entrusted (the consignee) Commissioning work
Daekyo CNS computer business consignment
Homepage management by Sanha information technology Inc
Daekyo D & S Resort Management
Creativision Viral Marketing (SNS)

4. Personal information collection by cookies

  1. A. Operation of cookie

    The Company operates cookies for the convenience of users. The information that The Company collects through cookies includes member ID, access IP, and so on. The information that the Company collects through cookies is used for the maintenance of login status and customized individual advertising services.

  2. B. Installation / operation and rejection of cookies

    The customer has the option to install cookies, and can allow all cookies by setting options in the web browser, go through authentication whenever a cookie is saved, or refuse to store cookies. But, if you refuse to store cookies, there might be partial restrictions on the services in which login is required.

5. Retention period and destruction of personal information

  1. A. The Company will keep your personal information until the purpose of collecting personal information or the purpose of being provided is achieved, and when the purpose is achieved or the agreed period expires, we destroy them without delay. Specific time for destruction is as follows.
    1. Membership Information: When you leave the membership or are dismissed from membership
    2. Delivery Information: When the goods or services are forwarded or provided
    3. When collected for the purpose of questionnaire, event, etc.: When such a questionnaire, event etc. are finished
    4. Personal authentication Information: When user's identity is verified
    5. Despite of the principle of immediate destruction when the above purpose of collecting personal information is accomplished, if there is a need to retain for a certain period due to transaction dispute settlement in accordance with relevant laws and internal regulations, we retain information for a certain period as follows.
    1. 1) Act on Consumer Protection in Electronic Commerce etc.
      • - Records on contract or withdrawal of subscription: 5 years
      • - Records on payment and supply of goods: 5 years
      • - Records on consumer complaints or disputes: 3 years
    2. 2) Statement or similar documents under Communications
      • Secret Protection Act : 5 years
    3. 3) Commercial
      • statement or similar documents: 5 years
  2. B. How to destroy
    1. Personal information printed on paper: Shredding by a shredder or shredding entrusted to professional company
    2. Personal information stored in an electronic file: Deletion by using a technical method that can not reproduce the record
    3. - Storage medium such as HDD, USB memory, etc.: Completely physically shred

6. User's rights and duties and how to exercise them

  1. A. Customer might request to view, correct, delete, suspend processing or withdraw consent from registered customer's information at any time. If you wish to view, correct or delete personal information, suspend processing, or withdraw consent, please click "Member Information" to view or correct it directly, or contact to the main number (031-589-5600) or the person in charge of personal information by letter, call or email, we will proceed with the identification process and take action without delay.
  2. B. When the customer requests the correction of errors in personal information, the relevant personal information is not used or provided until the correction is completed. Also, if wrong personal information has already been provided to a third party, we will take actions for the correction is made by notifying the result to the third party without delay.

7. Measures to ensure the safety of personal information

The Company takes the following technical, managerial, and physical measures which ensure the safety of personal information in order to prevent loss, theft, leakage, alteration, or damage of personal information when handling the customer's personal information.

  1. Minimized number of personal information processing staff and the training
    Minimize the designation of personal information staff and implement regular training.
  2. Perform regular self-audits
    Regular self-audits are performed to ensure the safety of personal information processing.
  3. Establishment and enforcement of internal management plan
    An internal management plan is established and implemented for the safe handling of personal information.
  4. Encryption of personal information
    Your personal information is password-protected and stored and managed in encrypted form. All data is encrypted for transmission and other important data is protected by separate security features.
  5. Limited access to personal information
    Take necessary measures to control access to personal information by means of granting, modifying or canceling access to database systems that handle personal information, and a firewall system is employed to control unauthorized access from outside.
  6. Storage of access logs and prevention of data forging or tampering
    Maintain and manage the records of access to the personal information processing system for at least six months and use security features to prevent forgery, theft and loss of access records.

8. Feedback and complaints handling

  1. A. The Company values ​​your opinions and you have the right to always receive sincere answers from your questions. We have set up a customer consultation phone for smooth communication with customers.

    【Customer consultation processing center】 Telephone number: 031-589-5600

  2. B. Telephone consultation is available from 9:00 am to 6:00 pm. We will respond to your inquiries by email, fax or mail within 24 hours of receipt. However, after working hours or on weekends and holidays, it is the principle to handle inquiries in the following day.
  3. C. If you need to report or consult about other infringement on personal information, please contact the following organizations.
    1. Personal Information Infringement Report Center (www.118.or.kr / 118)
    2. Advanced Criminal Investigation Division of Supreme Prosecutors' Office (www.spo.go.kr / 02-3480-2000)
    3. Cyber ​​Terror Response Center of the National Policy Agency (www.ctrc.go.kr / 02-392-0330)

9. The officer in charge of Personal Information Protection

In order to protect customer's personal information and take charge of collecting opinions and complaints about personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.

Chief Privacy Officer / Privacy Management Admistrator
Chief Privacy Officer / Privacy Management Admistrator
Division Chief Privacy Officer Privacy Management Admistrator
Name Kim Jong-Hee Park Jae-Sung
Team ICT Support Department ICT Planning Team
Spot Head of a Department Section Chief
E-mail jonghee@daekyo.co.kr jaesung@daekyo.co.kr
Call 080-222-0909

10. Collecting personal information of children under 14

When collecting personal information of children under 14, the Company obtain the consent of the legal representative for processing. To obtain the consent of the legal representative, we might collect the name, contact information, etc. of the legal representative from the child. However, the collected personal information of the legal representative is used only for the purpose of collecting the personal information of the child, and if your consent is not obtained within 5 days, the personal information will be automatically destroyed.

11. Sending advertising information

  1. A. The Company will not transmit commercial information for commercial purposes against customer's expressed intention to reject receiving.
  2. B. When the Company sends the advertisement information by email for online marketing such as product information guide, the following items are attached to the email subject line and the body line so that the customer can easily recognize it.
    1. Email subject line: The phrase of (advertisement) might not be displayed in the subject line, but the main content is displayed in the body line of email.
    2. Email body line: The name, email address, telephone number, and address of the sender are displayed so that the user can make an intention to reject receiving. We specify the method in which user can easily express the intention of opt-out, respectively.
  3. C. When sending the customer who agrees to receive the advertisement, advertising information for commercial purposes through the method other than email, such as facsimile or mobile phone text transmission, we take necessary measures such as indicating the name of the sender.

12. Link Site

  1. A. The Company might provide customers with links to other companies' websites or data. In this case, Midas Hotel&Resort has no control right over external sites and data, so we are not responsible for and can't guarantee the usefulness of the services or data provided.
  2. B. If you click the link that the Company contains and move to the page of other site, please check the policy of the new site because the personal information processing policy of the relevant site is not related to Midas Hotel&Resort.

13. Posts

  1. A. The Company values ​​the customer's post and we try our best effort by preventing its alteration, damage or deletion for protection. However, this is not the case in the following cases.
    1. Spam posts (e.g., lucky letters, specific site ads, etc.)
    2. Disseminate false facts to slander others and to undermine the honor of others
    3. The disclosure of the identity of another person without consent, the infringement of third party's right such as copyright infringement, other post of which contents is different from the topic of bulletin board
    4. In order to activate the desirable bulletin board culture, the Company might delete certain parts or post them by modifying them with the sign when disclosing the identity of persons who do not consent.
    5. If it is possible to move to a bulletin board of another topic, we make it clear there should be no misunderstanding by revealing the move paths of relevant post.
    6. In other cases, it might be deleted after an explicit or separate warning.
  2. B. Fundamentally, the author is responsible for all rights and responsibilities related to the post. In addition, since information that is voluntarily disclosed through the post is hard to be protected, please consider it before the information disclosure.

15. Modification of Privacy policy

  1. In case of addition, deletion or modification of contents according to legal enactment, amendment, governmental policy change, change of company internal policy, or security technology change, we will inform the modified contents through the homepage without delay.
  2. Privacy policy enforcement date: March 31, 2017
  3. The Privacy Policy of Midas Hotel&Resort website is effective from March 31, 2017.