Fairmont Ambassador Seoul (hereafter “the Hotel”), operated by Parc1 Hotel Management, attaches extremely high importance to the personal information of Customers (hereafter “Customers” or “Users”), and is committed to ensuring the thorough protection of all personal information supplied by Customers. The Hotel complies with all relevant privacy laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

 

Definitions

① The term “personal information” denotes information associated with a living individual, and includes the following:

1. Information that can in isolation be used to identify the individual, such as name, date of birth and photographic images
2. Information that cannot in isolation be used to identify the individual, but which can easily be used to identify the individual when combined with other information
3. Information that has been rendered anonymous and cannot be used to identify the individual without being processed into its original form using additional information

※ “Rendering anonymous” means deleting or replacing part or all of the personal information in question, so that the individual cannot be identified without the use of additional information.

② The term “Privacy Policy” denotes a policy that must be observed by the Hotel in order to allow Customers peace of mind when accessing services, by safely protecting valuable personal information.

In accordance with Article 30 of the Personal Information Protection Act, the Hotel shall establish a Privacy Policy and publish it on the Hotel website (www.fairmont-seoul.com), so that Customers may know, easily and at any time, how and for what purpose the personal information they provide is used, and what measures the Hotel is taking to protect their personal information.

 

Article 1 Scope of personal information collected

① The Hotel collects the personal information of Customers using lawful and fair means.
② Personal information collected by the hotel is limited to the minimum amount necessary for the provision of services. Sensitive personal information that may place the fundamental human rights of Customers at risk (such as race, religion, ideology, country of origin, legal domicile, political tendencies, criminal record, and details of health and sex life) is never collected. In cases where some sensitive personal information must be collected for the provision of specific services or programs, a separate request will be made to Customers for consent to collect such information.

 

Article 2 Purpose of handling personal information, and types of information handled

① The Hotel handles personal information for the following purposes. Personal information handled is not used for any other purpose than those specified below. If the Hotel plans to handle personal information for any other purpose, it shall seek additional consent from Customers in accordance with Article 18 of the Personal Information Protection Act.

1. Managing information about Hotel stays
   a. Establishment of personal identity in accordance with guest room reservations
   b. Establishment of efficient channels of communication for providing notifications and resolving complaints
   c. Compliance with the Tourism Promotion Act
2. Provision of goods or services
   a. Confirmation of personal identity, contract fulfillment and internal collection of statistics relating to the provision of guest room, dining, event and wedding services
   b. Delivery of items, provision of reservations and services, dispatch of contracts and invoices, provision of intellectual content, provision of customized services, payments, credit collection
   c. Customer satisfaction surveys
3. Marketing
   a. Development of new services and provision of customized services
   b. Advertising and marketing of new services, provision of information about events
   c. Provision of services, placement of advertisements and internal collection of statistics in accordance with demographic characteristics
4. Provision of a consultation and reporting center
   a. Advice and answers to questions regarding the use of the Hotel website or services
   b. Identification of complainant, confirmation of complaint, contact and notification for the purpose of investigation, notification of outcome

② Details of items of personal information handled by the Hotel, and purpose, period of retention and use, and method of collection for each item of information, are as follows:

③ In addition, the following items may be automatically created and collected in the process of accessing services or conducting business:

1. Service usage records
2. Visit records
3. Access records
4. Cookies
5. Web beacons
6. IP/MAC address information
7. Country codes
8. Payment records
9. Consultation call records

 

Article 3 Collection of personal information from third party sources

① Personal information may be collected from/supplied by the following third-party sources: The Accor room booking website (accor.com), the Fairmont room booking website (fairmont.com), the Ambassador Hotel Group member room booking website (ambatel.com), third-party on-line room booking sites, on- and off-line travel agencies, third-party on-line restaurant and F&B booking sites

② Purpose of handling: Room reservation (Accor room booking website, Fairmont room booking website, third-party on-line room booking sites, on- and off-line travel agencies); restaurant bookings and visits (third-party on-line restaurant and F&B booking sites)

③ Period of retention and use of personal information received:

④ User rights: Users have the right to request suspension of handling of personal information in accordance with Article 37 of the Personal Information Protection Act. These rights can be exercised as described in Article 9 of this policy.

 

Article 4 Provision of personal information to third parties

① If the Hotel provides the personal information of Customers to third parties in order to deliver better service, it shall clearly state the entity to which the information is being provided, how this entity will use the information provided, which items of information are to be provided, and for how long the entity will retain and use the information provided. Personal information shall only be provided to third parties for the following reasons:

1. When consent to provide information to third parties has been granted by the Customer
2. When information is requested by administrative or investigative bodies in accordance with other laws or legally-defined procedures
3. When required for payment or contract fulfillment when providing paid services

② Personal information is provided to third parties in order to provide hotel services to Customers or to fulfill contracts. Denial of consent to provide information to third parties may therefore result in restricted access to regular services.

③ Details of personal information provided by the Hotel to third parties are as follows:

 

Article 5 Retention, use and destruction of personal information

① Personal information will be retained and used until its retention period expires, until membership is cancelled or revoked, or until the purpose of its collection has been achieved. After this, it will be destroyed without delay.

② Regardless of Clause 1, personal information may be retained after the purpose of its collection has been achieved if required by law or by internal policy. In such cases, information shall be relocated to a separate database (or if in paper form, to another file storage unit) and retained based on the following conditions:

③ When the Hotel has provided the personal information of Customers to a third party, the third party shall destroy the personal information of Customers without delay in accordance with Clauses 1 and 2 of this article.

④ The Hotel uses the following methods to destroy personal information:

1. Information printed on paper is shredded using a shredder, or incinerated.
2. Information stored in electronic form is destroyed using technological methods that prevent recovery or restoration

 

Article 6 Outsourcing of the handling of personal information

① If the hotel outsources the handling of personal information to outside companies, it will regulate issues including compliance with relevant personal information laws, confidentiality, prohibition of sharing of information with third parties, liability in case of mishap, outsourcing periods and return or destruction of personal information at the end of the outsourcing period by means of an outsourcing contract. The Hotel will continuously manage and supervise the safe handling of outsourced information by the contractor by verifying compliance with the conditions of the outsourcing contract, and will ensure that the contractor immediately destroys all information held at the end of the outsourcing period.

② Details of personal information handling outsourced by the hotel are as follows:

③ The Hotel shall notify Customers of any changes or additions to contractors handling outsourced personal information via announcements on the Hotel website, printed letters, emails or text messages.

④ The Hotel provides information of any personal information handling, as specified in Clause 2 of this article, outsourced to overseas entities in Article 7: Overseas transfer of personal information.

 

Article 7  Overseas transfer of personal information

① The Hotel provides and outsources the handling of personal information collected from Customers overseas, as outlined below. Overseas contractors protect the personal information of users and conduct their outsourced tasks under strict controls, in accordance with the Privacy Policy.

② The Hotel provides personal information to overseas entities, with additional consent of users, in accordance with Clause 1.1 of Article 28-8 of the Personal Information Protection Act (Overseas Transfer of Personal Information). Details of information transferred overseas are as follows:

③ The Hotel provides personal information to overseas entities, for the purpose of outsourcing personal information handling in order to make and implement contracts with users, in accordance with Clause 1.3 of Article 28-8 of the Personal Information Protection Act (Overseas Transfer of Personal Information). Details of information transferred overseas are as follows:

 

Article 8 Protection of the personal information of children under 14

The Hotel does not collect the personal information of children under 14. When it is necessary to handle the personal information of children under 14 in order to provide goods or services, the Hotel shall obtain the consent of the legal guardian of the child, in accordance Article 22-2 of the Personal Information Protection Act. In such cases, the Hotel may collect and use the minimum amount of information required to seek the consent of the child’s legal guardian, directly from the child and without the agreement of their legal guardian.

 

Article 9 The rights and responsibilities of Customers and their legal representatives

① Customers and their legal representatives may at any time exercise the right to view, amend, delete, or demand the suspension of handling of, their own personal information, or of that of a child aged below the age of 14 for whom they are legal responsible. However, requesting deletion or suspension of handling of information may result in denial of access to some or all parts of certain services.

② Personal information collected by the Hotel can be viewed in the following ways:

1. By visiting businesses operated by Parc1 Hotel Management: information can be viewed, amended, or deleted, demands made for the suspension of information handling, and membership annulled.
2. By contacting a department responsible for privacy protection by postal letter, telephone or email, whereupon the requested measures will be taken without delay. However, requests for withdrawal from or cancellation of paid products or membership-based services will be handled according to the terms of the user agreements of those specific products or services.

③ The Hotel may deny requests to view, amend, or delete some or all parts of personal information in the following circumstances:

1. When viewing rights are denied or restricted by law
2. When a threat is posed to the life or health of another individual, or when a risk of infringing upon the assets or other interests of another individual exists
3. When the destruction date of personal information has passed and the information has been destroyed

④ When a Customer requests the correction of errors in personal information, the Hotel shall not use or provide the relevant information until corrections have been made. In cases where incorrect personal information has already been provided to a third party, the Hotel shall provide the corrected information to that party without delay and ensure that that party also adopts the corrected information.

⑤ The Hotel shall handle personal information that has been deleted or had its handling suspended at the request of a Customer in accordance with the terms of “Article 5: Retention, use and destruction of personal information,”  while ensuring that the information cannot be viewed or used for any other purpose.

⑥ Customers must enter their personal information in its most recent and accurate form. Customers bear sole responsibility for any mishap arising from the provision of inaccurate information. Entering false information, including personal information stolen from others, may result in annulment of membership or other unfavorable measures.

⑦ In addition to the right to have their own personal information protected, Customers bear a responsibility to protect themselves and to refrain from infringing upon the personal information of others. Customers must exercise caution in order to avoid disclosing their own personal information, including through the use of passwords, and to refrain from compromising the personal information of others, including through the posting of content online. Customers failing to uphold these responsibilities by compromising personal information of others that is handled, stored or sent via digital information networks, or violating, stealing or leaking the secrets of others, may be disciplined in accordance with laws including the Act on Promotion of Information and Communications Network Utilization and Information Protection.

 

Article 10 Installation and operation of automatic personal information collection devices, and refusal of consent for their use

① The Hotel uses cookies to store and retrieve Customer information on a regular basis. Cookies are small text files that are sent by the server used to operate the website to the Customer’s browser and stored on the hard disk of the Customer’s computer.

② The Hotel uses cookies for the following purposes:

1. To analyze the frequency of access and length of website visits of members and non-members, and to use collected information as a benchmark for delivering targeted marketing and improved services by gauging Customers’ tendencies and interests.
2. To trace interest shown in particular Hotel information and services and provide personalized services on subsequent visits.
3. To gauge degree of Customer participation and frequency of visits to various Hotel event-related pages, provide targeted opportunities to take part in competitions, and provide targeted information in accordance with interests.
4. Customers have the right to refuse the installation of cookies. By selecting certain options on their web browser, they may allow all cookies, confirm settings every time a cookie is saved, or reject all cookies.

   a. Select ‘Internet options” from the “Tools” menu.
   b. Click on the “Privacy” tab.
   c. In Internet domain settings, choose a level from among “Allow all cookies – Low – Medium – Somewhat high – High – Block all cookies.”
   d. Refusal to allow installation of cookies may cause difficulties in using certain services.

 

Article 11 Measures to ensure the safety of personal information

① The Hotel has devised the following technological and administrative methods to ensure the safety of Customers’ personal information and to prevent its loss, theft, disclosure, forgery, falsification or damage during handling:

1. Establishment and implementation of an internal management plan
   a. The Hotel has established and implemented an internal management plan for the safe handling of personal information.
   b. The Hotel uses a dedicated internal privacy protection body to monitor the implementation of privacy protection measures, verify compliance on the part of information handlers, and immediately rectify any problems discovered.
2. Installation and operation of access control devices
   The Hotel uses an intrusion prevention system to prevent unauthorized access from outside, and is working to acquire all technological devices possible for achieving system security.
3. Measures to prevent forgery and falsification of access records
   The Hotel stores and manages records of access to its personal information handling systems, and uses security functions to prevent the forgery and falsification of access records.
4. Encryption of personal information
   The personal information of Customers is password-protected, while files and transmitted data are encrypted or locked during storage and management. Important data is protected using additional security functions.
5. Anti-hacking measures
   a. The Hotel uses security programs to prevent damage from threats such as computer viruses. Privacy violations are prevented through regular updates and inspections of security programs.
   b.The Hotel uses encrypted communications to transmit personal information safely across networks.
   c. The Hotel makes every effort to ensure security, including through the use of intrusion prevention systems and vulnerability analysis systems on every server.
   d. The Hotel stores personal information and general data separately, on discrete servers.
6. Minimization and training of personal information handlers
   a. The Hotel restricts authorized access to employees involved in marketing, employees responsible for privacy protection and personal information management, and other employees whose work makes handling personal information inevitable.
   b. The Hotel provides regular internal and outside training regarding the adoption of new security technology and responsibility to protect privacy to employees handing personal information.
   c. The Hotel prevents the leaking of information by personnel by using written security pledges that are signed by all employees upon commencing employment at the Hotel. Internal procedures are used to confirm that privacy policies are being implemented and complied with by employees.
   d. The transfer of tasks between personal information handlers takes place in circumstances in which security is thoroughly maintained, with responsibility for privacy-related mishaps after joining and leaving the company clearly defined.
   e. The Hotel has designated computer rooms and data storage rooms as special protection zones, subjected to restricted access.

② The Hotel is not responsible for any issues arising due to mistakes on the part of Customers or the fundamental risks of using the Internet. Individual Customers are responsible for using an appropriately secure password to protect their personal information.

③ If personal information is found to be lost, leaked, falsified or damaged due to mistakes by Hotel personnel or technical errors, the Hotel shall immediately inform Customers of the incident and take appropriate measures in response.

 

Article 12 Links provided to other websites

① The Hotel may provide Customers with links to other hotel websites or materials. In such cases, the hotel cannot guarantee and is not responsible for the utility of websites, products, services or materials provided by third-parties, since the Hotel has no control over them.

② Once a user has migrated to a page on another website by clicking on a link included on the Hotel website, the Hotel has no connection to the privacy policy of the linked website. Customers are encouraged to check the privacy policies of any other websites visited.

 

Article 13 Viewing requests, opinion gathering, problems, and complaint handling relating to personal information

① The Hotel has designated the following privacy departments and officers in order to protect the personal information of Customers, receive and process requests for viewing, correction, deletion, suspended handling of personal information and membership cancellation, collect opinions, and handle problems and complaints.

② Users may report any privacy-related complaints arising during use of the Hotel’s services to the privacy departments listed in Clause 1.

③ Customers requiring any other assistance, reporting or advice in relation to privacy violations may contact any of the following bodies:

1. Privacy Violation Report Center (privacy.kisa.or.kr / 118)
2. Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
3. Cyber Investigation Department, Supreme Prosecutor’s Office (cybercid.spo.go.kr / 1301)
4. Electronic Cybercrime Report & Management System (ecrm.cyber.go.kr/minwon/main / 182)

④ Individuals whose rights or interests have been violated by administrative actions or nonfeasance on the part of a public body with regard to a request made in accordance with Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), or Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may request an administrative appeal in accordance with the terms of the Administrative Appeals Act.

Central Administrative Appeals Commission: www.simpan.go.kr / 110

Article 14 Amendments to the Privacy Policy

The Hotel reserves the right to amend the Privacy Policy in order to reflect changes in related laws, services or security technology. When such amendments are made, the Hotel shall provide notification of them on its website seven days before they come into effect. However, notification of amendments that significantly affect the rights of users, such as changes to personal information collected or purpose of use, shall be provided at least 30 days before the announced amendments come into effect.

Addendum

1.(Enforcement date) This Privacy Policy enters into force on 1 December 2024.