■ Personal Information Processing Policy
The privacy policies set forth herein comply
with Saipan's laws and policies.
Micronesia Resort Incorporation (hereinafter
referred to as the "Company") values the customer's personal
information provided by you to use the service, and establishes and complies
with the privacy policy to actively protect the customer's personal
information. The company's personal information processing policy may be
changed in accordance with relevant laws or changes in the company's internal
policies, so it is notified as prescribed by relevant laws and regulations,
such as posting the changes on the relevant website to facilitate customer's
identification. The company complies with the personal information protection
regulations under the Act on Promotion of Information and Communications
Network Utilization, Information Protection, etc., and the personal information
protection guidelines under the Enforcement Decree of the Act.
Article 1 (Purpose of Processing Personal
Information)
The company processes personal information for
the following purposes. The personal information being processed will not be
used for any purpose other than the following purposes, and if the purpose of
use is changed, necessary measures such as obtaining separate consent pursuant
to Article 18 of the Personal Information Protection Act will be implemented.
1. Fee settlement due to contract performance
and service provision related to service provision
• Content provision, delivery of goods (goods
or prizes) or sending bills, financial transaction identification, purchase and
payment, mileage accumulation, fee collection, new service guidance, new
product or event information guidance, etc
2. Member management
• Identification, personal identification,
prevention of illegal use and unauthorized use of bad members due to the use of
membership services, confirmation of intention to join, restriction on the
number of memberships, confirmation of the consent of legal representatives,
confirmation of the identity of legal representatives later, preservation of
records for dispute settlement, handling civil complaints such as handling
complaints, and delivery of notices
3. Provide customized services to customers in
service delivery
• Development and specialization of new
services (products), provision of services based on demographic characteristics
and advertisement, identification of access frequency, statistics on members'
use of services, preparation of various statistical data related to work,
service development, delivery of advertising information such as events, gift
events, promotion events, sending advertisements, etc
4. Other
• Providing information such as services and
events provided by the company, information on events and partnerships held by
the company, service promotion, provision and utilization of information such
as telemarketing, DM, EM, surveys, and responses to requests for counseling
Article 2. Processing and retention period of
personal information
① The company processes and holds personal
information within the period of retention, use, or use of personal information
agreed upon when collecting personal information from the data subject
according to laws and regulations.
② Each of these personal information processing
and retention periods is as follows.
1. Membership and management: Provided, That
until the withdrawal of membership; in cases falling under the following
grounds, until the termination of the relevant grounds
1)Where an investigation, investigation, etc.
is in progress for violation of relevant laws and regulations, the relevant
investigation and investigation shall be completed until the completion of the
investigation
2)If the bond or debt relationship remains due
to the use of goods or services, until the settlement of the bond or debt
relationship
2. Provision of goods or services: completion
of the supply of goods and services, payment of charges, and settlement of
accounts; Provided, That in cases falling under any of the following grounds,
until the end of the relevant period
1) Records on transactions, such as labeling,
advertising, contract details, and implementation, under the Electronic
Commerce, etc. Act on Consumer Protection, etc
- Record of display and advertisement: 6
months
- Record of withdrawal of contract or
subscription, payment, supply of goods, etc.: 5 years
- Records on consumer complaints or disputes:
3 years
2) Keeping data confirming communications
under Article 41 of the Communications Secret Protection Act
- Subscriber telecommunication date and time,
start and end time, counterparty subscriber number, frequency of use, and
source station location tracking data: 1 year
- Computer communication, Internet log
records, access point tracking data: 3 months
3) Storing identification information under
Article 2 of the Enforcement Decree of the Act on Promotion of Information and
Communications Network Utilization and Information Protection, etc.: Six months
after the posting of information on the bulletin board is completed
Article 3 (Provision and sharing of personal
information to third parties)
① The company processes the customer's personal
information only within the scope specified in Article 1 (Personal Information
Processing Purpose), and provides and shares personal information to third
parties only if they fall under Articles 17 and 18 of the Personal Information
Protection Act, such as the consent of the data subject and special provisions
of the law.
② The Company provides and shares personal
information to third parties as follows only with the consent of the customer.
- The following persons are provided with
personal information.
Items to be shared by recipients to be shared
Holding the purpose of use and the period of use of the recipients to be shared
Micronesia Resort Inc. - Kensington Hotel
Saipan, InterPacific Resorts (Saipan) Corporation – Pacific Island Club, Suwaso
Corporation Dba. Coral Ocean Saipan, name, date of birth, address, phone
number, e-mail address, various points accumulated, approval and settlement of
use, freebies, promotional events, sending advertisements, etc. until
membership of various marketing activities companies is withdrawn
Article 4 (Consignment of Personal Information
Processing)
① In order to ensure smooth service provision
and improve service quality, the company can process customer personal
information by entrusting it to an external specialized company as follows, and
the consignment company, type of service, and scope of information to be
entrusted are notified through the website.
Subjects to be offered: Sangsang Soft Co., Ltd. PILIT Co., Ltd
Purpose of use: Establishment of homepage and
reservation system, operation and maintenance, operation of reservation site
Shared information: Total subscription
information
제공대상자 :Micronesia Resort Inc. - Kensington Hotel Saipan,
Interpacific Resorts (Saipan) Corporation – Pacific Island Club, Suwaso
Corporation Dba. Coral Ocean Saipan,
Purpose of Use: Various marketing activities
such as member information management, product reservation and reservation
management, provision of other services, accumulation of various points,
approval and settlement of use, gift/promotion events, and sending
advertisements
Shared information: ID, name, date of birth,
contact information, e-mail, mobile phone number
Article 5 (How Personal Information Is Used)
①In accordance with relevant laws, the Company
may collect, use, and disclose Customer's personal information for the
following purposes.
• Provision, billing and management of hotel
accommodation and other goods and services,
• Customer support and quality or personalized
service delivery at the Company's branches and through websites, applications,
commercial customer programs, third-party applications, goods or services, or
through future products and services to be developed by the Company,
• evaluation, analysis and improvement of the
functions of the company's website, application, or goods and services,
• Support concierge services on behalf of customers
(e.g. restaurants, attractions, and transportation deals),
• Management of loyalty, travel or discount
programs and company commercial customer programs,
• Manage content, giveaways, or other
promotions,
• fulfillment of contractual obligations to the
customer and anyone involved in their itinerary planning (e.g. travel agent,
group travel agent or your employer) and suppliers (e.g. royalties, travel or
discount programs from credit card companies, airlines and third parties),
• conducting market research, customer
satisfaction, quality assurance surveys,
• Perform marketing and promotional activities
and provide targeted advertising for goods, services, events or promotions that
customers may be interested in, and where legally permitted, the company may
work with other companies to provide you with advertising or marketing
information that you find relevant and useful.Company websites, applications
Alternatively, this may include advertisements
that appear on the company's email or other notice, or on the company's
website. The advertisements you view may include information collected by the
company or a third party and/or any work you have done on our website,
application, or third-party website
It can be based.
• Ensuring the safety and security of employees,
customers, and other visitors,
• Prevention, detection and investigation of
fraud, cyber accidents or other illegal activities,
• Contact you in connection with us, such as
updates to this policy or other significant legal or business changes,
• General record management,
• Implementation of legal and regulatory
requirements,
• Verification and evaluation of new products
and services,
• Processing credit transaction applications,
• performance of any other purpose disclosed
to you in accordance with relevant laws or with your consent; and
• If a customer makes a request regarding
their personal information in accordance with this policy, the specific
personal information can be used to identify the customer. Verification
procedures and personal information requested by the company may vary depending
on the sensitivity and nature of the request.
②If the Company, as a customer of the Company or
a subject doing business with us, processes the customer's personal
information, in accordance with the applicable legal obligations to the
Company, or in accordance with the applicable legal obligations of the Company,
its travel agent, or its employer, and/or suppliers (e.g., credit card
companies, airlines, and third-party royalties, travel or discount programs),
the Company processes the customer's personal information in accordance with
the Company's legitimate interests (as specified above).
③The Company uses and retains Customer's
personal information in accordance with the Company's legal and regulatory obligations
and risk management guidelines, only when necessary to achieve processing
objectives.
Article 6 (Disclosure of Personal Information)
① In some cases, the Company may disclose your
personal information. The Company makes such disclosures at any time in
accordance with applicable laws. Data protection laws in some jurisdictions
require prior consent from the Customer when transferring the Customer's
information from their home country to another country. Upon consent to this
Policy, the Customer agrees to transfer the Personal Information to the extent
required by the local law to which the Customer belongs and to another country
up to the limits mentioned in this paragraph and described in Article 5 above.
②In addition to Article 5, the situation in
which the company discloses additional personal information is as follows.
1. Company representatives, service providers,
and suppliers
Like most international hotel brands, a
company may outsource certain functions and/or information processing operations
to third parties. If you outsource your personal information processing
operations to third parties and provide your personal information to
third-party service providers, the company obliges these third parties to
protect their personal information using appropriate security measures under
the terms and conditions of this policy.
2. Identify consumers
If the company has the customer's personal
information, it can be released to other companies that have the information
about the customer. These companies can consolidate that information to better
understand the customer's preferences and interests so that the company can
better serve you. The customer's rights and how to exercise their obligations
can be found in Article 7.
3. Credit Certification
If a customer requests a credit transaction,
the customer's personal information will be used and disclosed to the relevant
third party in accordance with relevant laws to determine whether the customer
can accept and maintain the credit transaction.
4. business transfer
Depending on the progress of the Company's
business development, the Company may sell its hotel or other assets, or
discontinue the management or franchise of its Kensington branch. In these
circumstances, the Company may transfer the personal information collected
about the Customer or the right to use such personal information together as a
operating asset. In addition, in exceptional cases, the personal information
collected about the Customer or the right to use such information may be included
in the transferred asset, even if the Company or any substantial assets of the
Company are acquired.
Article 7 (Customer's rights, obligations, and
methods of exercise)
①The Customer may exercise the following
privacy-related rights against the Company at any time.
1. Request to view personal information
2. Request correction if there is an error,
etc
3. Request for deletion
4. Request for suspension of processing
②The exercise of rights under paragraph 1 will
be done without delay if you exercise it directly at the store or on its
website, or contact the person in charge of personal information management by
phone or e-mail.
③If a customer requests correction or deletion
of an error in personal information, the company will not use or provide such
personal information until the correction or deletion is completed.
④The exercise of rights under paragraph (1) may
be made through the client's legal representative, the person entrusted, etc.
In such cases, a notice on how to process personal information must be
submitted with a power of attorney in attached Form 11.
Article 8 (Personal Information Items to be
Processed)
①The company is processing the following privacy
items to serve customers.
1. The company is processing the following
privacy items to serve customers.
Required item selection for processing
purposes
Membership registration and management name,
date of birth, address, mobile phone number, e-mail address, ID, password, ipin
number anniversary, company name, company address, tourism purpose
Interest in payment approval information such
as goods or services provision name, date of birth, ID, password, address,
phone number, e-mail address, ipin number, card name, credit card number, bank
account information, past purchase details, etc
Information service usage records, access
logs, cookies, and access IP information created/collected during online
service use or processing
History of information purchase, exchange,
refund, repair, and consultation generated/collected during product purchase
and consultation
2. Customers' personal information is
collected through the homepage, written form, fax, telephone, e-mail, event
application, and delivery request, and the online site (brand homepage)
collects personal information only through the homepage. In addition,
membership information such as Kakao, Naver, and Apple is provided to provide a
simple subscription service using SNS accounts.
3. The Company does not collect sensitive
information (race, ethnicity, ideology, creed, place of origin, political orientation,
criminal records, health conditions and sex life, bio-information, etc.) that
may significantly violate the basic human rights of its customers.
② The company is not responsible for any
disadvantages caused by the customer's entry of information different from the
actual personal information or expressing a different intention among the
collected information in Paragraph 1. In particular, any e-mail service or any
mobile phone text service that includes important information that affects the
customer's benefit is not provided to customers who do not agree to the e-mail
or mobile phone text service, and the company is not responsible for this.
③The customer shall immediately request a change
or change the personal information directly from the site if the personal
information described has been changed. The company shall not be responsible
for any changes caused by the customer's failure to notify the company of the
changed personal information or change (request).
④Customers' personal information is collected
through the homepage, written form, fax, phone, e-mail, event application, and
delivery request, and online sites (brand homepage, shopping mall) collect
personal information only through the homepage.
⑤The Company does not collect sensitive information
(race, ethnicity, ideology, creed, place of origin, political orientation,
criminal records, health conditions and sex life, bio-information, etc.) that
may significantly violate the customer's basic human rights.
Article 9 (Matters concerning the
installation, operation and refusal of automatic personal information
collection devices)
The company uses "cookies" to
temporarily store and retrieve information about customers. Cookies identify
the customer's computer, but not personally identify the computer user. They
also have the option of accepting all cookies from the web browser option,
having them send a notification when they are installed, or rejecting all
cookies.
1. Purpose of Cookie: Cookies are information
sent by the company's server to the user's web browser and do not affect other
parts of the PC at all. When a customer accesses a company-related site, the
company's server computer reads cookies from the user's browser, so that the
service can be provided without additional input. It can also be used for
marketing such as analyzing access frequency or visit time, identifying users'
tastes and areas of interest.
2. How to refuse to set cookies: By choosing
the option of the web browser that the customer uses, you can allow all
cookies, go through confirmation every time you save them, or reject all
cookies.
- Example of setting up (for Internet Explorer): Tools at the top of
the Web browser > Internet Options > Privacy
Article 10 (Destruction of Personal
Information)
①When personal information becomes unnecessary,
such as the expiration of the personal information retention period or the
achievement of the purpose of processing, the company will destroy the personal
information without delay.
②If the retention period of personal information
agreed by the data subject has elapsed or the purpose of processing has been
achieved, the personal information needs to be preserved according to other
laws and regulations, the personal information is transferred to a separate
database (DB) or stored differently.
③The procedures and methods of destroying
personal information are as follows.
1. Disposal procedures The company will
destroy the customer's personal information that has been destroyed after
storing it for a certain period of time in accordance with internal policies
and other relevant laws and regulations.
2. How to destroy customer's personal
information printed on paper is destroyed by grinding or incineration, and the
personal information stored in the form of an electronic file is deleted using
a technical method that cannot be reproduced.
Article 11 (Measures to ensure the safety of
personal information)
The company is taking the following technical
measures to ensure safety so that personal information is not lost, stolen,
leaked, tampered with or damaged in handling customer's personal information.
1. Important data such as resident numbers and
passwords among customers' personal information is encrypted and stored, and
personal information is stored safely in a safe area of a double firewall.
2. In order to prevent leakage of customer
personal information due to hacking, the company uses a device that blocks
intrusion from outside, and each server has an intrusion detection system
installed to monitor intrusion 24 hours a day.
3. Employees handling personal information are
limited to the person in charge, and a separate password is assigned for this
purpose to update it regularly, and the compliance of the personal information
processing policy is emphasized through occasional training for the person in
charge.
4. Customers must not give their ID and
password to others, and log in to the company-related site and log out after
completing the use. Due to the customer's own carelessness or Internet
problems, personal information such as ID, password, and contact information
has been leaked
The company is not responsible for anything
(limited to the case of membership registration).
5. The computer room and data storage room
where the customer's personal information is stored are designed to control
access.
Article 12 (Personal Information Protection
Officer)
①The company is in charge of handling personal
information, and designates a person in charge of personal information
protection as follows to handle complaints and remedy damages from customers
related to personal information processing.
Privacy Commissioner
a name-signalling ceremony
the general manager of a position
Phone number +1-670-322-3311.
Privacy Officer
Name Chang-hoon Jang
Position IT Manager
Phone number +1-670-322-3311
이메일 changhoon.jang@kensingtonsaipan.com
②Customers can contact the personal information
protection manager and the department in charge for any personal information
protection inquiries, complaints, damage relief, etc. that occurred while using
the company's service. The company will respond to and process the data
subject's inquiries without delay.
Article 13 (Request for Access to Personal
Information)
The customer may request access to personal
information under Article 35 of the Personal Information Protection Act to the
person in charge of personal information protection described in Article 9. The
company will make efforts to expedite the data subject's request for access to
personal information.
Article 14 (Installation and operation of
video information processing equipment)
The company installs and operates video
information processing devices as follows.
1. Basis for installation of video information
processing equipment, purpose: Safety of facilities in companies and stores,
prevention of fire
2. Installation, number of installations,
location of installation, and scope of filming: Installation in major
facilities such as lobby, corridor, and subsidiary business sites. The scope of
filming is to photograph the entire space of major facilities
3. Manager, department in charge, and access
to video information: Name Choi Yong-shin, Sales & Marketing Team Leader
+1-670-322-3311
4. Video information shooting time, storage
period, storage place, and processing method Shooting time: 24 hours
Photographing storage period: 15 to 30 days from the time of shooting and
processing method stored and processed in the control room of the image
information processing device of the customer support team
5. Method and place of identifying video
information: Requires management manager
6. Measures for the request of the data
subject to view video information, etc.: An application shall be made by
requesting permission to view personal video information and confirm its
existence, and access shall be permitted only when the data subject itself is
photographed or when it is clearly necessary for the benefit of the name, body,
and property of the data subject
7. Technical, administrative, and physical
measures for the protection of video information: Establishment of an internal
management plan, control of access and restriction of access rights, safe
storage of video information, application of transmission technology, storage
of processing records and measures to prevent forgery and alteration, provision
of storage facilities and installation of locks, etc
Article 15 California Privacy Rights
If you live in California, you may also make
the following more specific requests for your personal information in
accordance with relevant laws.
• Access – Customers may request the Company to disclose the category
of personal information collected about their customers, the category of
sources from which personal information was collected, the category of personal
information sold or published, the business or commercial purpose of collecting
and selling personal information, the category of third parties to which we
shared personal information, and the specific personal information collected
about you in the past 12 months.
• Delete – Customers may ask us to delete the
personal information the company holds about the customer, subject to certain
exceptions.
• Rejects – Customers may ask the company not
to sell their personal information outside. For the purposes of this Privacy
Policy, "sell" means to sell, lend, take out, disclose, share, offer,
transfer, or communicate verbally, in writing or electronically, for money or
other consideration, in accordance with some exceptions to relevant laws.
Companies may also use cookies and related technologies that may be considered
to sell customers' personal information. For more information and how to reject
such technologies, see Article 7 above. Denies of cookie-based tracking for
advertising purposes are limited to the devices, websites, and browsers the
denial setting is deleted each time the browser is cached.
As with all consumers, regardless of where
they live, customers will not be discriminated against for exercising these
rights. For the purposes of these rights, personal information does not include
information about the company's job seekers, employees, and other employees,
information about employees and other representatives of third-party
corporations that we can communicate with, or information the company has
collected as a service provider for its customers.
California residents can exercise these rights
by emailing or calling the company. The company may, under its legal rights and
obligations, reject certain requests or partially fulfill the requests. For
example, a company can retain personal information for purposes such as keeping
taxes or other records, where legally permitted, to maintain active accounts,
process transactions, and support customer requests.
The company takes reasonable steps to identify
the customer and respond to the request. Verification procedures may vary
depending on the sensitivity of personal information and whether the customer
has a company account.
California residents can designate a
delegation representative to request on their behalf. When submitting a
request, ensure that the delegation representative can verify your eligibility
as a delegation representative and that the representative has the necessary
information to complete the verification process.
For the purposes of exercising these rights,
find out how the Company collects and uses Customer's personal information,
including the previous 12 months, as set forth in this Policy.
• For business and commercial purposes, the
Company may collect and use personal information categories (ID, date of birth,
contact, payment information, etc.), classification characteristics protected
by California or federal law (such as demographic information such as age and
gender), commercial information, biometric information, occupation or
employment information, internet or other electronic network activity
information, geolocation information, auditory, electronic or visual
information, inference). The Company collects such personal information from
the sources set forth in paragraph 4 of this Policy.
• To the extent permitted by relevant laws,
the Company may disclose these privacy categories for business and commercial
purposes.
• Companies may sell personal information
categories (ID, California customer records, demographic information,
commercial information, internet or other electronic network activities,
geolocation information, inference).
Article 16 Changes to this Policy
This policy is subject to change as the
company's business continues to change. For your reference, an effective date
is set at the end of the document in this policy.
Article 17 (Method of Remedy for Infringement
of Rights)
Micronesia Resort Incorporation is collecting
opinions from users regarding the protection of personal information and is
working on ways to deal with complaints. Users can report their complaints by
phone or e-mail by referring to the contact information of the personal
information management officer specified below, and the hotel will respond
quickly and sufficiently to users' reports. The data subject can inquire about
damage relief and counseling for personal information infringement from the
following agencies. The following institutions are separate from the company,
and if you are not satisfied with the company's handling of personal
information complaints and the results of the damage relief, or need more
detailed help, please contact us.
- Personal Information Dispute Mediation Committee: (No. of Country
Code) 118 (External No. 2)
- Information Protection Mark Certification
Committee: 02-580-0533~4
- Cybercrime Investigation Team of the Supreme
Prosecutors' Office: 02-3480-3562 (http://www.spo.go.kr )
- Cyber Terror Response Center, National
Police Agency: 1566-0112 (http://www.netan.go.kr )
Article 18 (Change of Personal Information
Processing Policy)
Date of enforcement of the Personal
Information Processing Policy: August 17, 2016
Last change date of personal information
processing policy: January 2, 2023