Hotel Illua Co., Ltd. (hereinafter referred to as “Hotel Illua”) places great importance on the personal information of Hotels Illua customers, “collects, uses, and provides personal information based on consent,” and “actively guarantees the rights of users (self-determination of personal information)”. Hotels Illua complies with all applicable laws, privacy regulations and guidelines that Hotels Illua is obliged to comply with.
1. Personal information Collection Scope and Collection Method
1. Personal Information Collection Scope
A. Hotel Illua collects minimum personal information needed to provide services.
B. Hotel Illua does not collect sensitive personal information (ethnicity and nationality, ideology and creed, place of birth and legal domicile, political tendency and criminal record, health state and sexual life and others) that could violate members’ basic human rights.
2. Personal Information Collection Method
Hotel Illua collects personal information using the following methods.
A. Written form, phone and fax, consultation bulletin, entry for sweepstakes
B. Supply from alliance company
C. Collection of the payment information point transaction information and others, generated when using the company
2. Disclosure and Sharing of Collected Personal Information
A. We will not use or disclose to any third party any of your personal information, without your consent or except as required by law, for any purposes other than those intended hereunder and specified herein.
B. In the event that the rights and obligations of a service provider fully assigned or transferred as a result of sale, merger or acquisition, we will inform you in advance of the detailed reasons and procedures for such assignment or transfer and ensure that you have the right to withdraw your consent to the use of your personal information.
C. Where your personal information is to be disclosed or shared, we will seek your consent in advance by notifying you by email or otherwise in writing of what items of such information will be disclosed or shared, whom the information will be disclosed to or shared with, why it should be disclosed or shared, and how and how long it will be protected and managed. The same procedures will apply if the information recipient is changed.
D. Your personal information may be disclosed without your consent in accordance with applicable provisions of relevant laws:
– when needed to perform a contract relating to the provision of services ;
– when duly and reasonably requested by competent authorities for investigation purposes ; or
– when made available in unidentifiable form for the compilation of statistics or for academic or market research purposes.
3. Outsourcing the Handling of Personal Information
The Company, for the provision of its services, has outsourced the handling of personal information on a contract basis as follows:
|Classfication||Entrusted||Entrusted Works||Personal Information Keeping Period and Period of Use|
|Information system operation and management||Studio Jt||Maintain and manage the homepage||Termination of the entrustment contract|
|Sanha Information Technology||Room reservation system management|
You have the option to accept or decline the installation of cookies and may set your web browser to accept all cookies, alert you whenever a cookie is stored, or disable or block the storage of cookies. Disabling or blocking the storage of cookies may limit your access to services requiring your login.
5. Personal information usage period & cancellation
1. Hotel Illua will dispose of members’ personal information without delay when the purpose for collecting personal information or purpose for receiving the information is achieved. Detailed timing for the destruction is as follows.
A. Room stay information (internal rules): Kept for two years to provide service in case of repeat visitation
B. Delivery information: When goods or services are delivered or provided
C. When collected for the survey, event and others: When the applicable survey, event and others are concluded
2. However, the hotel keeps records for a specific period of time when there is a need to do so due to the verification of the management obligatory relations pertaining to the transactions as follows in accordance to the regulations of the related laws such as the commercial law.
A. Record on the contract or registration withdrawal: 5 years
B. Record on the payment and supply of goods: 5 years
C. Record on the customer complaints or dispute resolution: 3 year
3. Disposal method
A. Personal information printed on paper: Grinding or incineration with grinder
B. Personal information saved as electronic file format: Delete by using technical method that does not resume record
6. Measures for Security of Personal Information
A. In handling your personal information, we use our best efforts to prevent such information from being lost, stolen, leaked, falsified or damaged by taking the following technical, administrative and physical measures for security assurance:
- Minimum number of information workers and training
Personal information is made accessible to the smallest possible number of individuals, and regular training is provided to such individuals.
- Regular in-house audits
In-house internal audits are conducted on a regular basis for the security of personal information. Internal management plans are developed and implemented for safe handling of personal information.
- Encryption of personal information
Your personal information is password-protected and stored and managed in encrypted form. All data is encrypted for transmission and protected by separate security features when deemed important. Technical measures against hacking: personal information is protected by security software for the prevention of leakage, damage or tampering duet to hacking or computer virus infection, and the software is periodically updated and tested. Every system is installed in an access-controlled area and technically and physically featured to monitor and block access from outside.
- Limited access to personal information
We take necessary measures to control access to personal information by means of granting, modifying or canceling access to the database system that handles personal information, and a firewall system is employed to control unauthorized access from outside.
-Storage of access logs and prevention of data forging or tampering
We store and maintain a history of your access to our personal information processing system and use security features for your access log data not to be forged, tampered, damaged, stolen or lost.
-Use of locks for document security
Documents and auxiliary storage media containing personal data are kept in safe, locked places. Prevention of unauthorized access: We have set up a separate physical location where personal information is stored and have established and implemented procedures for the control of access to the storage location.
7. Privacy Officer
The Company has appointed the following departments and persons to protect customers’ privacy and personal information, gather their suggestions and feedback and handle their complaints:
a. Responsible officer in charge of protection of personal information : management team
b. phone: 82-51-714-1390 Email : email@example.com
8. Privacy Protection for Children under the Age of 14
The Company does not collect any personal information of children under the age of 14 years in compliance with the Juvenile Protection Act. If we need to collect personal information from minors under the age of 14 years with respect to our hospitality services, we will obtain consent from their legal representatives or guardians.
9. Sending Advertising Information
1. Hotel Illua does not send advertising type of information for profit sake against customers’ explicit refusal to accept e-mail.
2. Hotel Illua takes measures on the spaces for the e-mail title and body so that the customers can easily recognize advertising type of information such as introduction to product and others for online marketing, via e-mail.
- Space for e-mail title: Text (advertisement) and sender’s name are indicated on the title.
- Space for the e-mail body: Sender’s name, e-mail address, phone number and address are listed that enables user to refuse to receive information. Methods for facilitating users’ notification of refusal to receive are listed.
3. Necessary measure such as marking sender’s name is taken when advertising type of information for the profit sake is sent to the customer who agreed to receive advertisement via a method other than e-mail such as faxㆍmobile phone and/or text messaging.
10. Linked Sites
A. We may provide you with links to websites or materials of other companies, in which case we assume no responsibility for and make no guarantee as to the usefulness of such websites or materials over which we have no control.
A. We value the comments, suggestions, statements and other messages posted by our customers (the “Posts”) and use our best efforts to protect such Posts from being tampered with, damaged or deleted. Notwithstanding, this does not apply to the following:
- Spam-like messages
- Posts that may defame others by disseminating false information to slander them maliciously; and
- Posts that reveal the identity of other users without their consent, infringe on third parties’ copyrights or other rights or are irrelevant to the themes of the message board.
- If a Post is found to reveal the identity of other users, the Company may delete or correct part of such Post in order to maintain and promote healthy online community culture.
- If the content of a Post is deemed movable to a different section, the Company will provide a path in such Post to avoid misunderstanding or confusion.
- The Company may delete any other Posts when deemed malicious or improper, after giving express or individual warnings.
B. Essentially, you have rights to your Posts and are responsible for them. It is difficult to protect information you disclose voluntarily by means of posting, so we recommend that you give careful consideration before such disclosure.
Enforcement date : 23 September 2021