1. Collectionㆍpurpose of personal information, items and methods of collection

1. A. The Company collects the following mandatory personal information for membership, e-commerce service provision when signing up for membership.

   e-commerce service provision when signing up for membership.

   Item	purpose	period
   ID, password, name, date of birth, sex, email, identification by mobile phone number.	membership service provision, hotel deal contract and delivery, using services of TeuniTeuni Adventure and Kids JAM	membership withdrawal or 5 years after stay

2. B. The Company collects the following personal information selectively when signing up for membership.

   The Company collects the following personal information selectively when signing up for membership.

   Item	purpose	period
   English name, general number, whether to agree to marketing or not	product and service introduction, customer satisfaction survey	membership withdrawal or 5 years after stay
   Child information (under 14 years old) Legal Representative Information (Name, Contact)	KIDS JAM Service provision (Separate terms and conditions)	one year after using the service
   Child information (under 14 years old) Legal Representative Information (Name, Contact)	TeuniTeuni Adventure Service provision (Separate terms and conditions)	one year after using the service

3. C. The company essentially collects the following personal information for reservation services.
   1. Item - Reserved Information: Name, Email, Contact / Purchase Information: Name
   2. Purpose - Schedulitney Adventure Service Reservation
   3. Holding period - 5 years after accident, and delete in a recoverable way for 5 years elapsed
4. D. In the case of online members, The Company might collect IP information, cookie information, service use records, payment information (credit card number, account number, payment approval number by communication operator, etc.) only for the purpose of online member service provision and financial transaction confirmation during the process of service use.
5. E. The Company collects personal information through membership of the homepage, written, fax, telephone, consultation bulletin board, event application and collection method of the generated information.
6. F. Notwithstanding the principle of immediate destruction when achieving the purpose of collecting personal information above, if it is necessary to retain it for a certain period of time due to the handling of disputes related to transactions according to relevant laws and internal regulations, it shall be kept as follows:
   1. 1) Act on Consumer Protection in Electronic Commerce, etc.
      • - Records on the withdrawal of contracts or subscriptions : 5 years
      • - Records of payment and supply of goods : 5 years
      • - Records of consumer complaints or disputes : 3 years
   2. 2) Communication secret protection law
      • Records of visits : 3 months
   3. 3) Commercial law
      • Slips or similar documents : 5 years

2. Providing and sharing of collected personal information with third parties

1. A. The Company shall neither use nor disclose personal information of the customer beyond the noticed range in "Personal information collectionㆍuse items, purpose, retention and period of use" except for the consent of the customer or the regulations of related laws.
2. B. If the rights and obligations of the service provider are fully succeeded and transferred such as sale, merger and acquisition, the reasonable causes and procedures shall be noticed in advance and the optional right to withdraw consent to customer's personal information will be given.
3. C. When requesting user’s consent, providing or sharing personal information, the Company will go through the process to ask for consent on the questions including who the provider is, what personal information items are provided or shared, why such personal information should be provided or shared, and until when and how they will be protected and managed, through written notification or by email individually. If there is a change of the provider, it will be notified or asked for consent by the same procedure.
4. D. In the following cases, it is possible to provide personal information without the consent of the customer according to the provisions of relevant laws and regulations.

1. - Implementation of contracts for the provision of services
2. - If there is a request from the investigating agency under the provisions of relevant laws or procedures and methods prescribed in the Act for purpose of investigation.
3. - When it is processed into the form in which the specific individual can’t be identified for statistic creation, academic research, or market survey

3. Consignment of personal information processing business

In accordance with the Privacy Act, the Company specifies information on responsibilities such as prohibition of personal information processing, technicalㆍadministrative protection measures, re-entrustment restrictions, managementㆍsupervision of contracts, and supervises whether the trustee handles personal information safely at the conclusion of the consignment contract.

4. Personal information collection by cookies

1. A. Operation of cookie

   The Company operates cookies for the convenience of users. The information that The Company collects through cookies includes member ID, access IP, and so on. The information that the Company collects through cookies is used for the maintenance of login status and customized individual advertising services.

2. B. Installation / operation and rejection of cookies

   The customer has the option to install cookies, and can allow all cookies by setting options in the web browser, go through authentication whenever a cookie is saved, or refuse to store cookies. But, if you refuse to store cookies, there might be partial restrictions on the services in which login is required.

5. Retention period and destruction of personal information

1. A. The Company will keep your personal information until the purpose of collecting personal information or the purpose of being provided is achieved, and when the purpose is achieved or the agreed period expires, we destroy them without delay. Specific time for destruction is as follows.
   1. Membership Information: When you leave the membership or are dismissed from membership
   2. Delivery Information: When the goods or services are forwarded or provided
   3. When collected for the purpose of questionnaire, event, etc.: When such a questionnaire, event etc. are finished
   4. Personal authentication Information: When user's identity is verified
   5. Despite of the principle of immediate destruction when the above purpose of collecting personal information is accomplished, if there is a need to retain for a certain period due to transaction dispute settlement in accordance with relevant laws and internal regulations, we retain information for a certain period as follows.
   1. 1) Act on Consumer Protection in Electronic Commerce etc.
      • - Records on contract or withdrawal of subscription: 5 years
      • - Records on payment and supply of goods: 5 years
      • - Records on consumer complaints or disputes: 3 years
   2. 2) Statement or similar documents under Communications
      • Secret Protection Act : 5 years
   3. 3) Commercial
      • statement or similar documents: 5 years
2. B. How to destroy
   1. Personal information printed on paper: Shredding by a shredder or shredding entrusted to professional company
   2. Personal information stored in an electronic file: Deletion by using a technical method that can not reproduce the record
   3. - Storage medium such as HDD, USB memory, etc.: Completely physically shred

6. User's rights and duties and how to exercise them

1. A. Customer might request to view, correct, delete, suspend processing or withdraw consent from registered customer's information at any time. If you wish to view, correct or delete personal information, suspend processing, or withdraw consent, please click "Member Information" to view or correct it directly, or contact to the main number (031-589-5600) or the person in charge of personal information by letter, call or email, we will proceed with the identification process and take action without delay.
1. Name : Kim Uhyeon
2. Team : Customer Policy Office
3. Duty : Deputy Head of Department
4. contact : 080-223-0909 / uhyeon@daekyo.co.kr
2. B. When the customer requests the correction of errors in personal information, the relevant personal information is not used or provided until the correction is completed. Also, if wrong personal information has already been provided to a third party, we will take actions for the correction is made by notifying the result to the third party without delay.

7. Measures to ensure the safety of personal information

The Company takes the following technical, managerial, and physical measures which ensure the safety of personal information in order to prevent loss, theft, leakage, alteration, or damage of personal information when handling the customer's personal information.

1. Minimized number of personal information processing staff and the training
   Minimize the designation of personal information staff and implement regular training.
2. Perform regular self-audits
   Regular self-audits are performed to ensure the safety of personal information processing.
3. Establishment and enforcement of internal management plan
   An internal management plan is established and implemented for the safe handling of personal information.
4. Encryption of personal information
   Your personal information is password-protected and stored and managed in encrypted form. All data is encrypted for transmission and other important data is protected by separate security features.
5. Limited access to personal information
   Take necessary measures to control access to personal information by means of granting, modifying or canceling access to database systems that handle personal information, and a firewall system is employed to control unauthorized access from outside.
6. Storage of access logs and prevention of data forging or tampering
   Maintain and manage the records of access to the personal information processing system for at least six months and use security features to prevent forgery, theft and loss of access records.

8. Collection of opinions and the remedies for infringement of rightsㆍinterests

1. A. The Company values ​​your opinions and you have the right to always receive sincere answers from your questions. We have set up a customer consultation phone for smooth communication with customers.

   【Customer consultation processing center】 Telephone number: 031-589-5600

2. B. Telephone consultation is available from 9:00 am to 6:00 pm. We will respond to your inquiries by email, fax or mail within 24 hours of receipt. However, after working hours or on weekends and holidays, it is the principle to handle inquiries in the following day.
3. C. If you need to report or consult about other infringement on personal information, please contact the following organizations.
   1. Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
   2. Advanced Criminal Investigation Division of Supreme Prosecutors' Office (www.spo.go.kr / 1301)
   3. Cyber ​​Terror Response Center of the National Policy Agency (cyberbureau.police.go.kr / 182)
   4. Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

9. The officer in charge of Personal Information Protection

In order to protect customer's personal information and take charge of collecting opinions and complaints about personal information, the Company has designated the relevant department and the person in charge of personal information protection as follows.

10. Collecting personal information of children under 14

When collecting personal information of children under 14, the Company obtain the consent of the legal representative for processing. To obtain the consent of the legal representative, we might collect the name, contact information, etc. of the legal representative from the child. However, the collected personal information of the legal representative is used only for the purpose of collecting the personal information of the child, and if your consent is not obtained within 5 days, the personal information will be automatically destroyed.

11. Sending advertising information

1. A. The Company will not transmit commercial information for commercial purposes against customer's expressed intention to reject receiving.
2. B. When the Company sends the advertisement information by email for online marketing such as product information guide, the following items are attached to the email subject line and the body line so that the customer can easily recognize it.
   1. Email subject line: The phrase of (advertisement) might not be displayed in the subject line, but the main content is displayed in the body line of email.
   2. Email body line: The name, email address, telephone number, and address of the sender are displayed so that the user can make an intention to reject receiving. We specify the method in which user can easily express the intention of opt-out, respectively.
3. C. When sending the customer who agrees to receive the advertisement, advertising information for commercial purposes through the method other than email, such as facsimile or mobile phone text transmission, we take necessary measures such as indicating the name of the sender.

12. Link Site

1. A. The Company might provide customers with links to other companies' websites or data. In this case, Midas Hotel&Resort has no control right over external sites and data, so we are not responsible for and can't guarantee the usefulness of the services or data provided.
2. B. If you click the link that the Company contains and move to the page of other site, please check the policy of the new site because the personal information processing policy of the relevant site is not related to Midas Hotel&Resort.

13. Posts

1. A. The Company values ​​the customer's post and we try our best effort by preventing its alteration, damage or deletion for protection. However, this is not the case in the following cases.
   1. Spam posts (e.g., lucky letters, specific site ads, etc.)
   2. Disseminate false facts to slander others and to undermine the honor of others
   3. The disclosure of the identity of another person without consent, the infringement of third party's right such as copyright infringement, other post of which contents is different from the topic of bulletin board
   4. In order to activate the desirable bulletin board culture, the Company might delete certain parts or post them by modifying them with the sign when disclosing the identity of persons who do not consent.
   5. If it is possible to move to a bulletin board of another topic, we make it clear there should be no misunderstanding by revealing the move paths of relevant post.
   6. In other cases, it might be deleted after an explicit or separate warning.
2. B. Fundamentally, the author is responsible for all rights and responsibilities related to the post. In addition, since information that is voluntarily disclosed through the post is hard to be protected, please consider it before the information disclosure.

14. Modification of Privacy policy

1. In case of addition, deletion or modification of contents according to legal enactment, amendment, governmental policy change, change of company internal policy, or security technology change, we will inform the modified contents through the homepage without delay.
2. Notification Date : May 31, 2024
3. Enforcement Date : June 07, 2024
4. See past privacy policies (March 31, 2017 ~ April 30, 2021)
5. See past privacy policies (May 1, 2021 ~ September 27, 2021)
6. See Past Privacy Policies (September 28, 2021 ~ June 6, 2024)