The CALT(City Airport Logis & Travel, Korea, the "Company") establishes and publishes the guidelines for the handling of personal information in order to protect the personal information of the main body of information in accordance with Article 30 of the Personal Information Protection Act and to swiftly and smoothly deal with the difficulties associated with it.
Article 1 (Personal information processing purpose)
The company processes personal information for the following purposes: The personal information being processed is not used for any other purpose than the following. In the event of a change in the purpose of use, the necessary measures will be implemented, such as receiving separate consent pursuant to Article 18 of the Privacy Act.
1. Join and manage website members
2. Reserve, pay, and settle a limousine ticket
3. Records preservation for settlement of disputes and complaints from users
4. Service-related consulting, service changes, or announcements
5. Service-related marketing and promotions
Article 2 (Personal information processing and retention period)
In principle, the customer's personal information is destroyed without delay when the purpose of personal information collection and utilization is achieved. However, the following information is retained for the period specified for the following reasons:
1 Reasons for the retention of information under the relevant laws
1. Records of contract or subscription withdrawal: 5 years
※ Evidence: Act on the Consumer Protection in Electronic Commerce, etc.
2. Records of payment and supply of goods: 5 years
※ The Act on Consumer Protection in Electronic Commerce, etc.
3. Records of consumer complaints or dispute handling: 3 years
※ The Act on Consumer Protection in Electronic Commerce, etc.
4. Until member withdrawal
Article 3 (Provided by a third party of personal information)
1 The company processes the personal information of the information subject only within the scope specified in Article 1 (For the purpose of personal information processing), and provides the personal information to a third party only when it falls under Article 17 of the Personal Information Protection Act, such as the consent of the information subject and the special provisions of the law. Exceptions apply in the following cases:
1. If the user agrees in advance
2. In case there is a request by the investigation agency according to the regulations of the Act or the procedures and methods set forth in the Act for investigation purposes;
3. In case a particular individual is provided to a government agency or research organization in a form that cannot be identified for statistical purposes, academic research, or market research;
Article 4 (Applications of personal information processing)
1 The company consigns personal information processing services for smooth processing of personal information as follows:
1. Limousine Bus Reservation Service
- Consigned person: Korea Smart Card
- Contents of consigned tasks: reservation, payment, and settlement of limousine buses
2 In accordance with Article 25 of the Personal Information Protection Act, the company sets out the responsibilities of preventing personal information handling other than consignment tasks, technical and administrative protection, restriction of re-commissioning, management, supervision of trustees, and damages in the documents, and oversees whether the trustees safely handle personal information.
Article 5 (Rights of information subject, duties, and methods of exercise)
1 The information entity may exercise its right to personal information protection in any of the following subparagraphs at any time:
1. Request to read personal information
2. Correct errors, etc.
3. Deletion request
4. Requesting suspension of processing
2 The rights under paragraph 1 may be exercised through written, telephone, e-mail, and facsimile transmission (FAX), and the company will take immediate action.
3 If the information subject requires correction or deletion of personal information errors, the company shall not use or provide the personal information until correction or deletion is completed.
4 The rights exercise under paragraph 1 may be done through the legal representative of the information body or through the agent, such as the person receiving the delegation. In this case, you must submit a letter of attorney according to the form 11 which is attached to the Enforcement Rules of the Privacy Act.
5 The information subject shall not violate the related statutes, such as the Personal Information Protection Act, and shall not violate the privacy and privacy of the information subject or other persons that the company is handling.
Article 6 (Information items processed)
The company processes the following personal information items:
1. Join a homepage member
Required: name, date of birth, ID, password, phone number, e-mail address
2. Limousine ticket
Required: date of birth, telephone number, credit card number, expiration date, two digits in front of the password, and six digits in front of the resident registration number.
3. During the process of using Internet service, the following personal information items can be automatically generated and collected.
.IP address, cookie, MAC address, service use record, visit record, defect record, etc.
Article 7 (disposal of personal information)
1 When personal information becomes unnecessary, such as the passage of the period of personal information retention and achievement of the purpose of processing, the company shall immediately destroy the personal information.
2 In the event that personal information must be retained under other laws despite the passage of the period of personal information retention agreed by the information entity or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored in a different location.
3 Procedure and method of personal information destruction is as follows.
1. Disposal Procedure
The company selects the personal information for which the reason for destruction has occurred and destroys the personal information after obtaining approval from the company's personal information protection manager.
2. Destruction method
The company destroys personal information recorded and stored in electronic file format by using low level format to prevent the company from replaying the records. The company destroys or destroys personal information recorded and stored in paper documents by shredding or incinerating them with shreddingers.
Article 8 (Protection of personal information safety measures)
The company takes the following measures to ensure the safety of personal information.
1. Management measures: internal management plan establishment and implementation, regular staff training, etc.
2. Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, and installation of security programs
3. Physical measures: Access control for computer rooms, data storage rooms, etc.
Article 9 (related to the installation, operation, and refusal of an automatic personal information collection device)
1 The company uses 'cookie' to store and call up user information to provide customized services to users.
2 Cookies are small amounts of information that the server used to run the website sends to the user's computer browser and are sometimes stored on a hard disk inside the user's PC computer.
A. For the purpose of using cookies: It is used to understand the type of visit and use, popular search terms, security access, etc. for each service and website visited by the user and to provide optimized information to the users.
B. Cookies Installation, Operation, and Rejection: Tools at the top of Web browser>Internet Options>Setting Options on the Privacy menu can reject cookie storage.
C. Refusing to save cookies may cause difficulties in using custom service.
Article 10 (Personal Information Protection Director)
1 The company is responsible for the overall handling of personal information and appoints a personal information protection manager to address complaints and remedy damages of the information body related to personal information handling as follows:
▶ Responsible for personal information protection
Statement: Lee Jin-ho
Position: Director of Management Support Headquarters
Contact us at <02-551-0586>, <02-551-0008>
※ Link to the department in charge of personal information protection.
▶ Division in charge of personal information protection
Department name: Future Strategy Team
Personnel: Choi Kyung Sik
Contact us at <02-551-0585>, <02-551-0008>
2 The person in charge of information can inquire the personal information protection manager and the department in charge of personal information protection related to personal information protection, complaints, and damages related to using the company's service (or business). The company will promptly respond to and deal with inquiries from the information body.
Article 11 (Reliberation of Rights)
The information body can inquire about the following agencies, such as remedies and counseling for personal information infringement.
<As an agency separate from the company, please contact us if you are dissatisfied with the company's own personal information handling and damage relief results or need more assistance.>
▶ Information breach reporting center (operating Korea Internet Agency)
- Affiliate operations: Report the violation of personal information and apply for consultation
- Homepage: privacy.kisa.or.kr
- Phone: 118 (without prefix)
- Address: 58324) The Personal Information Infringement Report Center on the 3rd floor of Jinheung-gil, Naju, South Jeolla Province (301-2 Light Garam-dong)
▶ Personal Information Dispute Resolution Commission
- Relevant business: Personal information dispute settlement application, group dispute settlement (private solution)
- Homepage: www.kopico.go.kr
- Phone: (No number) 1833-6972
- Address: (30171) Sejong-daero, Jongno-gu, Seoul
▶ Cyber Crime Investigation Team of the Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cybersecurity Bureau: 182 (http://cyberbureau.police.go.kr)
Article 12 (Installing and operating the Video Information Processing Unit)
1 The company installs and operates a video information processing device as shown below.
1. Base of Installation of Video Information Processing: Personal Information Protection
2. Purpose of Installation of Image Processing Equipment: Securing Passenger and Facility Safety Related to Limousine Bus Operation
3. Location of installation, range of filming: inside of the limousine vehicle, at the limousine ticket office
4. Management Manager, Department of Charge and Access to Video Information: Director of Video Information Processing, Transport Business Team
5. Time, storage period, storage location, handling method
- Filming time: 24 hours
- Storage period: 30 days from the start of filming
- Storage location and handling method: Store in the video information processing machine of the transport business team
6. Method and location of image information: Request to the management manager (Transportation Business Team)
6. Action on requests such as viewing video information of the information subject: The user shall apply for the personal image information, the resident registration bill, and shall be allowed only if the information subject is filmed or clearly required for the life, body and property interests of the information subject.
7. Technical, administrative, and physical measures for protecting image information: internal management plans, access control and access restrictions, safe storage and transmission of video information, safe storage of processing records and prevention of forgery, storage facilities and installation of locking devices, etc.