Shortcut to THE SHILLA
Shortcut to main menu
Shortcut to text

현재 페이지 위치 : > Privacy Policy

Privacy Policy

We, Shilla HM Co., Ltd. (also hereinafter referred to as the “Company”), use our efforts to protect your privacy and personal information, and to that end the Company is committed to complying with the Promotion of the Use of Information and Communication Networks and Protection of Information Act (the “Information and Communication Networks Act”), the Privacy Protection Act and all other relevant laws and regulations. This Privacy Policy is posted for public access on the Company’s website (http://www.shillastay.com), so you can be well informed of what we do to protect your personal information. This Privacy Policy may be revised or updated from time to time to reflect changes to pertinent laws, government policies or the Company’s internal regulations. We ensure you will be informed of such revisions or updates in a timely manner in order that you can be readily aware thereof.

Our Privacy Policy is as follows:

Date implemented: 2013-10-15
Last updated date: 2020-04-08

1.Collection of Personal Information; Purposes of Collection; Information to Be Collected’ and Method of Collection

A. When you attempt to sign up for Company membership, we collect the following personal information as may be required to identify you and provide accommodation and food and beverage services:

Item Purpose Period
Full name, username, password, date of birth, e-mail address, nationality, contact number, mailing address, and billing and check-in information To confirm your identity; provide membership services; take reservations; and deliver the hotel’s goods Five (5) years after your last stay.

B. When you sign up for Company membership, we selectively collect the following personal information from you:

Item Purpose Period
Full name, e-mail address, contact number and anniversaries To offer benefits for anniversaries, promote products and services; and conduct customer satisfaction surveys Until withdrawal from membership or for five (5) years after your last stay

C. When you are using online membership services, we may collect such information as your IP address, cookies, service-use history and billing information (i.e., credit card number, back account number, gift card number, mobile-service payment authorization code, etc.), only for the purposes of making such services available and verifying your financial transactions.
D. We collect your personal information by means of written notices, facsimile or phone communications, online message boards, promotional events and/or through other approaches for collection of created information.

2. Disclosure and Sharing of Collected Personal Information

A. We will not use or disclose to any third party any of your personal information, without your consent or except as required by law, for any purposes other than those intended hereunder and specified herein.
B. In the event that the rights and obligations of a service provider fully assigned or transferred as a result of sale, merger or acquisition, we will inform you in advance of the detailed reasons and procedures for such assignment or transfer and ensure that you have the right to withdraw your consent to the use of your personal information.
C. Where your personal information is to be disclosed or shared, we will seek your consent in advance by notifying you by email or otherwise in writing of what items of such information will be disclosed or shared, whom the information will be disclosed to or shared with, why it should be disclosed or shared, and how and how long it will be protected and managed. The same procedures will apply if the information recipient is changed.
D. Your personal information may be disclosed without your consent in accordance with applicable provisions of relevant laws:
– when needed to perform a contract relating to the provision of services;
– when duly and reasonably requested by competent authorities for investigation purposes ; or
– when made available in unidentifiable form for the compilation of statistics or for academic or market research purposes.

3. Outsourcing the Handling of Personal Information

The Company, for the provision of its services, has outsourced the handling of personal information on a contract basis as follows:

Contractor (Outsourced to) Outsourced Service
Samsung SDS Operation and maintenance of the computer system
Valexservice Operation of CCTV systems (Dongtan, Jeju, Mapo, Cheonan, Seocho)
KS MATE Operation of CCTV systems (Yeoksam)
IBS Facility Team Operation of CCTV systems (Seodaemun, Ulsan, Gwanghwamun, Guro, Samsung)
Wooji Facility Team Operation of CCTV systems (Haeundae)
WAD Operation of Dining Reservation System
Standard Networks Co., Ltd Product promotion and LMS for Shilla Rewards expiry points information.

4. Disclosure of Personal Information to Third Parties

Recipient(Disclosed to) Purpose of Disclosure Information to Be Disclosed Period of Disclosure
Hotel Shilla Co., Ltd. To integrate the booking system and provide related services Full name, username, password, date of birth, e-mail address, contact number, mailing address and billing information Five (5) years after your last stay

5. Collection of Personal Information by Use of Cookies

A. Use of cookies
We make use of cookies for the convenience of users. The information we collect through cookies may include your username and IP address and is used to keep you logged in and display personalized advertising messages.
B. Installation and Use of Cookies; and Refusal of Installation/Use
You have the option to accept or decline the installation of cookies and may set your web browser to accept all cookies, alert you whenever a cookie is stored, or disable or block the storage of cookies. Disabling or blocking the storage of cookies may limit your access to services requiring your login.

6. Retention and Disposal of Personal Informational

A. The Company will retain your personal information until the purposes of collection or disclosure of such information are accomplished and will destroy your personal information immediately when such purposes are accomplished or upon the expiration of the retention period permitted by consent. The times when we are required to destroy your personal information are as follows:
- Your membership information is destroyed when you unsubscribe/withdraw or are dismissed from Company membership.
- Your delivery information is destroyed when an intended product or service has been delivered or provided.
- Your information we have collected for a survey or promotional event is destroyed when such survey or event is over.
- The information we have used to identify you is destroyed when your identity has been verified.
- Notwithstanding the foregoing, in case any of your personal information needs to be retained under relevant or internal regulations, we may retain such information for a period of:
(i) Five (5) years if it pertains to the revocation of contracts or subscriptions;
(ii) Five (5) years if it relates to the supply of goods or services and payments therefore; or
(iii) Three (3) years if it pertains to the handling or resolution of complaints or disputes.

B. If applicable, your personal information will be destroyed in accordance with the following procedures and methods:
- Paper-printed information is destroyed with a paper shredder or through a shredding service provider.
- Electronically stored information is permanently deleted in a technically irretrievable manner.

7. Rights and Obligations of Users and Exercise of Rights

A. You have the right at any time to view, correct or delete your registered personal information, have it corrected or deleted, have its processing suspended or withdraw your consent to the use and disclose thereof, directly on the Membership Information page of our website or by contacting our Privacy Officer in writing, by phone (at 02-2233-3131) or by email, in which case we will forthwith respond after identity verification.

B. If you request that we correct an error in your registered personal information, such information will not be employed or disclosed until such correction is made accordingly. Where any incorrect part of your personal information has been disclosed to any third party, we will have it corrected by giving immediate notice to such third party.

8. Measures for Security of Personal Information

A. In handling your personal information, we use our best efforts to prevent such information from being lost, stolen, leaked, falsified or damaged by taking the following technical, administrative and physical measures for security assurance:
- Minimum number of information workers and training
Personal information is made accessible to the smallest possible number of individuals, and regular training is provided to such individuals.
- Regular in-house audits
In-house internal audits are conducted on a regular basis for the security of personal information.
Internal management plans are developed and implemented for safe handling of personal information.
- Encryption of personal information
Your personal information is password-protected and stored and managed in encrypted form. All data is encrypted for transmission and protected by separate security features when deemed important. Technical measures against hacking: personal information is protected by security software for the prevention of leakage, damage or tampering duet to hacking or computer virus infection, and the software is periodically updated and tested. Every system is installed in an access-controlled area and technically and physically featured to monitor and block access from outside.
- Limited access to personal information
We take necessary measures to control access to personal information by means of granting, modifying or canceling access to the database system that handles personal information, and a firewall system is employed to control unauthorized access from outside.
-Storage of access logs and prevention of data forging or tampering
We store and maintain a history of your access to our personal information processing system and use security features for your access log data not to be forged, tampered, damaged, stolen or lost.
-Use of locks for document security
Documents and auxiliary storage media containing personal data are kept in safe, locked places.
Prevention of unauthorized access: We have set up a separate physical location where personal information is stored and have established and implemented procedures for the control of access to the storage location.

9. Gathering of Suggestions and Handling of Complaints

A. We value your suggestions and feedback, and you are always entitled to have your questions answered in a sincere fashion. We provides a customer service hotline to communicate effectively and seamlessly with our customers.
【Customer Service Center】
o Contact number: 82-2-2230-3131
B. The customer service hotline is available from 09:00 a.m. to 06:00 p.m. All inquiries by email, fax or mail will receive courteous responses within 24 hours after receipt thereof. However, if received after normal office hours or during weekends or holidays, such inquiries will be answered on the following business day.
C. If you would like to report a breach of your privacy or seek advice thereon, please do not hesitate to contact:
- The Privacy Complaint Center (via privacy.kisa.or.kr or at 118);
- The Supreme Prosecutors' Office High-tech and Financial Crimes Investigation Division (via www.spo.go.kr or at 1301);
- The National Police Agency Cyber Bureau (via www.ctrc.go.kr or at 182).

10. Privacy Officer

The Company has appointed the following departments and persons to protect customers’ privacy and personal information, gather their suggestions and feedback and handle their complaints:

Classification

Person in charge of protection of personal information

Person responsible for protection of personal information

Full Name Donghun Shin Jongyun Kim
Organization HR HR
Position Team Leader Manager
Phone 82-2-2230-0382 82-2-2230-6200
Email donghun01.shin@shillastay.com jongyun0.kim@shillastay.com

11. Privacy Protection for Children under the Age of 14

The Company does not collect any personal information of children under the age of 14 years in compliance with the Juvenile Protection Act. If we need to collect personal information from minors under the age of 14 years with respect to our hospitality services, we will obtain consent from their legal representatives or guardians.

12. Transmission of Commercial Information

A. We do not send you any advertising information for commercial purposes so long as your unsubscription request is expressly given.
B. If we send any advertising message by email or otherwise for online marketing purposes such as presenting product information, we will ensure that in a plain and legible manner:
- The email’s subject line communicates what the email is about, although it may not indicate “aAdvertisement,”and
- The body text contains the sender’s name, email address, phone number and mailing address, as well as instructions on how to unsubscribe, so that the recipient can readily unsubscribe from further advertisements.
C. Likewise, if we send you an advertising message for commercial purposes by fax or mobile text message or via non-email means, we will ensure that the sender’s name is indicated in such message, even if you have agreed to the receipt of advertising information.

13. Linked Sites

A. We may provide you with links to websites or materials of other companies, in which case we assume no responsibility for and make no guarantee as to the usefulness of such websites or materials over which we have no control.
B. If you have moved to a certain page of another website by clicking a link appearing on the Company’s website, we recommend that you carefully read the privacy policy of the website, now that it may have nothing to do with the Company.

14. Posts

A. We value the comments, suggestions, statements and other messages posted by our customers (the “Posts”) and use our best efforts to protect such Posts from being tampered with, damaged or deleted. Notwithstanding, this does not apply to the following:
- Spam-like messages (e.g., chain letters and advertisements);
- Posts that may defame others by disseminating false information to slander them maliciously; and
- Posts that reveal the identity of other users without their consent, infringe on third parties’ copyrights or other rights or are irrelevant to the themes of the message board.
- If a Post is found to reveal the identity of other users, the Company may delete or correct part of such Post in order to maintain and promote healthy online community culture.
- If the content of a Post is deemed movable to a different section, the Company will provide a path in such Post to avoid misunderstanding or confusion.
- The Company may delete any other Posts when deemed malicious or improper, after giving express or individual warnings.
B. Essentially, you have rights to your Posts and are responsible for them. It is difficult to protect information you disclose voluntarily by means of posting, so we recommend that you give careful consideration before such disclosure.

15. Changes to the Privacy Policy

If any change is made to this Privacy Policy by addition, deletion or correction due to an amendment or revision in relevant applicable laws, government policies or the Company’s internal regulations, or a change of security technology, the Company will inform you of such change immediately by posting a notice on its website.

Version number of Privacy Policy: v5.1
Enforcement date: 15 October 2013

Amended date: 30 January 2015 [View previous version]

Amended date: 15 May 2015 [View previous version]

Amended date: 23 Jan 2017 [View previous version]

The above Privacy Policy of the Shilla HM website will go into effect on 8 April 2020.