Privacy Policy
This Privacy Policy discloses how the Korea Tourism Organization (hereinafter “KTO”) processes your, or the user’s, personal information in accordance with the Personal Information Protection Act (hereinafter “Protection Act”) and relevant laws to provide a better understanding of your rights and handle related disputes in a swift and convenient manner.
This policy has been in effect since April 12, 2008 and was last updated on February 29, 2024. Further revisions and updates will be notified through the VISITKOREA website and/or app (hereinafter “VISITKOREA”).
- 01. Purpose of Collection and Use of Personal Information
- 02. Period of Retention and Use of Personal Information
- 03. Collected and Processed Personal Information04. Provision of Personal Information to Third Parties
- 05. Entrustment of Processing Your Personal Information
- 06. Destruction of Personal Information
- 07. Your Rights, Legal Representation, and Exercising Your Rights
- 08. Safeguards to Protect Personal Information
- 09. Automatic Collection of Personal Information and Your Rights to Refuse
- 10. Privacy Officers
- 11. Access to Personal Information
- 12. Changes to the Privacy Policy
Article 1. Purpose of Collection and Use of Personal Information
-
① The KTO collects and processes the minimum amount of personal information required for the purposes below. Collected information is not used for any other purposes than what is stated in this Privacy Policy.
② In accordance with Article 32 of the Protection Act, the KTO collects and processes personal information data for the following purposes:
• Personal Information Data File Name: VISITKOREA Member Information
• Purpose: Manage and provide VISITKOREA membership services
Article 2. Period of Retention and Use of Personal Information
-
① The KTO processes and retains your personal information according to the Protection Act with your consent upon collecting your personal information.
② Collected personal information is processed and retained as below:
• Basis for processing and retention: Your consent
• Retention period: From the day of consent to the time of membership termination
Article 3. Collected and Processed Personal Information
The KTO collects and processes the following personal information:
-
① VISITKOREA Membership Registration and Service
• (Mandatory) Email address, password, gender, date of birth, country/region, social media account for identity verification (applies to social login members)
• (Optional) Mailing address② The following information may be automatically generated and collected when using VISITKOREA online services.
• IP address, cookies, user history, visited pages, location information based on GPS and IP address
Article 4. Provision of Personal Information to Third Parties
The KTO does not disclose your personal information to third parties except under the following events:
-
① Where a separate consent has been obtained
② When it is deemed necessary by other regulations or laws
Article 5. Entrustment of Processing Your Personal Information
-
① In accordance with Article 26 of the Protection Act, the KTO thoroughly monitors the entrusted party to safely manage and protect your personal information when processing and to only process your personal information for the entrusted task.
② Your personal information is entrusted as below:
• Entrusted party: Uniess Inc.
• Entrusted task: VISITKOREA operation and management③ Change of the entrusted party or entrusted task will promptly be announced through this Privacy Policy.
Article 6. Destruction of Personal Information
-
① The KTO will promptly dispose of all personal information upon expiration of the retention period, achieving the intended purpose, or in any event the collected personal information is deemed unnecessary.
② In the event when processing your personal information is deemed necessary even after the retention period or achieving the intended purpose due to other laws, your personal information, or its data file, will be moved and kept in a separate database or storage.
③ Personal information is disposed according to the following procedure and method:
1. Procedure
Personal information deemed no longer necessary will be relocated to a separate database (or document if obtained in a written form). It will then be stored for a certain period of time established by internal policy or other laws before the complete destruction.
2. Method
Personal information recorded and saved electronically will be destroyed and become inaccessible. Personal information recorded in non-electronic forms will be destroyed by shredding or incinerating.
Article 7. Your Rights, Legal Representation, and Exercising Your Rights
-
① You have the right to request KTO to access, modify, delete, or suspend from processing your personal information at any time.* Children under 14 can exercise their rights through a legal representative only. Minor individuals who are 14 years or older can exercise their rights directly or through a legal representative.
② In accordance with Paragraph 1 of Article 41 of the Enforcement Decree of the Personal Information Protection Act, you may exercise your rights to the KTO by submitting a request through email or in writing and the KTO will process it in a timely manner.
③ You may exercise your rights through a legal representative or a person delegated by yourself. To do so, you must submit an Annexed Form No. 11 of the Enforcement Regulations of the Protection Act.
④ Your request to access your personal information or suspend from processing your personal information may be limited or denied in accordance with Paragraph 4 of Article 35 and Paragraph 2 of Article 37 of the Protection Act.
⑤ As for your rights to request to modify or delete your personal information, you may not request to delete if other laws prescribe your personal information should be collected.
⑥ Upon your request to access, modify, delete, or suspend from processing your personal information, the KTO shall verify if it is a request from self or from a legally authorized entity.
Article 8. Safeguards to Protect Personal Information
The KTO has established administrative, technical and physical measures necessary for ensuring the safety of your personal information according to Article 29 of the Protection Act as follows:
-
1) Minimize and train personnel
The minimum required number of personnel is designated and trained to handle personal information.
2) Establish and enforce internal management system
An internal management system is established and planned to ensure safety while processing personal information.
3) Encrypt personal information
Personal information is saved and transferred as encrypted data or the equivalent thereof.
4) Technical measures against cyberattacks
The KTO uses security programs and regularly performs update maintenance to prevent from leak and damage of personal information due to virus, malware, and cyberattacks. The system server is installed and monitored technically and physically in a controlled area.
5) Limited access to personal information
Measures are taken to control access to the personal information database by limiting authorization to access, modify, and terminate personal information from the database. A firewall system is used to restrict unauthorized access to the database.
6) Keep access log and prevent from unauthorized modification
Personal information database access records are logged and archived for at least one year. Access logs are protected by a security function to prevent from unauthorized modification, theft, and loss.
7) Safeguard data in a secured storage
Documents and data with personal information are stored in a password-secured or locked storage.
8) Restrict unauthorized access
Personal information is stored in a physically separated location that is restricted from unauthorized access.
Article 9 Automatic Collection of Personal Information and Your Rights to Refuse
-
① The KTO uses cookies to save and recall user information in order to provide a more personalized service.
② Cookies are very small information files that are sent to your browser and saved on your device by the website’s http server.
• Purpose of cookies: To provide personalized services based on your preference, visited pages, browsing patterns, search history, security, and more.
• Cookie settings: You can use the browser option to allow or block cookies.
• Personalized services may not be available if you block cookies.
Article 10 Privacy Officers
The KTO designates privacy officers and working-level staff to protect personal information and handle complaints related to personal information processing as follows:
-
Chief Privacy Officer
• Name: Ko Bongkil
• Department/Position: Digital Cooperation Department / Executive Director
Privacy Protection Supervisor
• Department: Digital Infrastructure Team
• Name: Seo Seung Yeon
• Contact: +82-33-738-3527, [email protected]
Service Staff
• Department: International Digital Marketing Team
• Email: [email protected]
Article 11 Access to Personal Information
In accordance with Article 35 of the Protection Act, you can request to access your personal information to the following person in charge. The KTO will administer to your request as swiftly as possible.
- • Department: International Digital Marketing Team• Admin: Kim So-dam• Contact: +82-33-738-3494, [email protected]
Article 12 Changes to the Privacy Policy
This Privacy Policy is in effect from February DD, 2024.
Previous versions of the Privacy Policy can be read from below:
JOIN THE VISIT KOREA
Newsletter
Sign up for our newsletter and receive exclusive deals, insider tips, and destination
inspiration. Unlock Korea and join our mailing list today!