Privacy Policy of Loso Co., Ltd. (hereinafter referred to as "the Company")
Loso Co., Ltd. (hereinafter referred to as "the Company") values the protection of customer's personal information and complies with the relevant laws and regulations, including the "Act on Promotion of Information and Communications Network Utilization and Information Protection" and the "Personal Information Protection Act," regarding the protection of personal information. This Privacy Policy provides information related to the Company's handling of personal information and explains the rights that customers have and how to exercise them.
The following contact information of the Personal Information Protection Manager and the responsible person can be used if there are any inquiries regarding personal information during the use of the Company's services. The information below includes data collected through online forms and information received through email, telephone, text messages, and SNS messages from our employees, sales representatives, and product planners.
- Information on Collection and Use of Personal Information
[Members]
Category
Purpose of Collection and Use
Items of Collection and Use
Retention and Use Period
Information collected upon member registration
Service registration and usage
[Required]
Name, email address, password, mobile phone number
Until member withdrawal
(Note: Personal location information is used only once and promptly destroyed after use.)
Purchase records will be processed according to accounting and tax-related information retention periods.
Personal identification for service registration
[Required]
Name, contact information, international number, email address
Simplified member registration
[Required]
Email address, nickname, mobile phone number (additional input)
Prevention of illegal and unauthorized use, and service analysis
[Required]
Automatically generated information - device information (device type, OS version), usage history (IP address, cookies, service usage history, etc.)
Information collected during service usage
(Applicable to both members and non-members)
Common for all product purchases
[Required]
Reservation information (passport name, email address, mobile phone number)
Hotel/activity product purchases
[Required]
Traveler information (name, email address, mobile phone number, English name for overseas products, gender/date of birth/passport information if necessary)
Activity product usage - Usage time, start date/end date (for certain products)
Pick-up service product usage - Hotel name, local arrival and departure information (airport, flight name, date/time if necessary)
Air ticket reservation/purchase
[Required]
Passenger information (name, gender, date of birth, nationality, visa copy, etc., proof of fare required if necessary for overseas products)
Purchases of overseas products - English name, passport number, passport expiration date, issuing country
Credit card payment - Cardholder name, card number, expiration date, first two digits of the security code, installment period, card type (individual/family/corporate), date of birth (for domestic products)
Cash payment - Cash receipt, mobile number, business registration number
Rental car product reservation/purchase
[Required]
Reservation information (main driver's name, email address, mobile phone number, date of birth, driver's license type)
Customer center inquiries
[Required]
Email, phone number, reservation number
Information collected when using payment services
(Applicable to both members and non-members)
Payment and fee settlement
[Required]
Credit card payment - Card company, card number, installment months
Bank transfer - Bank name, remitter name
Bank deposit - Bank name, account number, depositor name
Refund - Refund account information (bank name, account number, depositor name)
Until the purpose of using personal information is achieved
(Note: However, based on relevant laws, it may be retained for a maximum of 5 years.)
- Provision of Personal Information
We use the personal information of our members within the scope notified in the "Information on Collection and Use of Personal Information" and do not provide it to others beyond this scope. However, to provide quality services, we may seek the member's consent to provide necessary information to third parties during the product reservation and purchase process.
Recipients: Overseas product operators, land agencies, accommodations, rental car companies, airlines, GDN services, railways, shipping operators, reservation systems, vehicle and shuttle service operators, overseas guides, and other cooperating companies and service agencies within reasonable business scope of Loso Co., Ltd.
- Entrustment of Personal Information
(2) Identity verification: Gabia message
(3) Data storage: Amazon Web Services Inc.
(4) Data processing: Google, Microsoft
- Retention and Use Period, Destruction Procedure and Method of Personal Information
The retention and use period of collected personal information is from the time of service contract agreement (membership registration) until the termination of the service contract (withdrawal request). In principle, the company promptly destroys the relevant information once the purpose of personal information collection and use is achieved.
However, if it is necessary to retain the information under the relevant laws, the company will retain member information for a certain period as specified below:
[Retention of Personal Information according to the Relevant Laws]
Information Held
Retention Period
Basis Law
Records related to payment of fees and supply of goods
5 years
Act on Consumer Protection in Electronic Commerce, etc.
Records of contracts or withdrawal of offers, etc.
5 years
Records of handling consumer complaints or disputes
3 years
Records of advertisements
6 months
Records of location information
6 months
Telecommunications Privacy Act
[Destruction Procedure]
After the purpose is achieved, the user's personal information is transferred to a separate database (or a separate file for paper documents) and stored for a certain period based on internal policies and reasons for information protection specified by other relevant laws (refer to 4.1). Afterward, the information is destroyed. The transferred personal information is not used for purposes other than those agreed upon by the member or permitted by law.
[Destruction Method]
Personal information printed on paper is shredded or incinerated, and electronic files of personal information are destroyed using technical or physical methods that cannot reproduce records. Physical destruction is conducted once a year as a principle, and the files are destroyed in bulk the year after the usage period ends.
[Introduction of Personal Information Validity Period System]
After the final use of Loso Travel's brand services, the personal information of customers (long-term non-using members) who have not used the services for one year is separated and securely managed. Customers who fall under this category may receive notifications via email at least 30 days before the data is separated and stored. After a certain period based on the reasons for information protection specified by other relevant laws (refer to 4.1), the separated personal information is destroyed.
- Customer's Rights and Obligations
[Customer's Rights]
Customers can request modifications, withdrawal of consent, deletion, and access to collected information at any time. However, withdrawal of consent or deletion may limit some or all of the service usage. The personal information collected by Loso Co., Ltd. can be verified through the following methods:
Category
Method to Verify Collected Personal Information
Webpage (including mobile)
Log in > My Page
For information not directly accessible through the website or app, customers can confirm it through customer service representatives chat, or email (tripper.korea@gmail.com). Customers can withdraw their consent for the collection and use of personal information through membership withdrawal. However, some or all of the services may be restricted upon such a request. In addition, if there are special provisions in the law or it is necessary to comply with legal obligations, if there is a concern about harming others' life and body or infringing upon others' property and other interests unjustly, or if the performance of the contract becomes difficult due to not processing personal information, including cases where the information subject has not clearly expressed their intention to terminate the contract, withdrawal of consent, deletion, or suspension of processing may be difficult.
Until the requested processing is completed, the information will not be used or provided to others. Moreover, if incorrect personal information has been provided to third parties due to reasonable circumstances, the Company will promptly notify the third party to withdraw consent, delete the information, or suspend processing.
[Customer's Obligations]
Customers have an obligation to protect their personal information, and the Company is not responsible for any problems that arise from the customer's own negligence or security measures prescribed by relevant laws, such as transfer, lease, loss, or unauthorized access while using ID (email address), password, or access medium, or hacking using methods or technologies beyond the control of the Company on the Internet. Customers should keep their personal information up-to-date, and they are responsible for any issues arising from inaccurate information input. In case of registering as a member using someone else's personal information or using someone else's ID for payment processing, customers may lose their membership status and may be subject to penalties in accordance with relevant laws. Customers are responsible for maintaining the security of their ID, password, and other information, and they cannot transfer or lend them to third parties. Customers have an obligation to cooperate with periodic security activities according to the Company's personal information protection policy.
- Internet Connection Information File Settings and Personalized Advertising Notice
Loso Co., Ltd. may collect and store information automatically generated during the service usage process and device information that cannot identify individuals to provide personalized and efficient services to each customer.
[Cookie]
A cookie is a small text file sent to and stored on the user's device when accessing a website to ensure efficient and secure web usage. When revisiting the website after the cookie is stored, the website recognizes the user's device and automatically retrieves past settings and usage history. Additionally, it analyzes information such as visited service details, service access time and frequency, and generated or provided (input) information during service usage to provide specialized services (including advertisements) tailored to the customer's preferences and interests. Customers have the option to manage cookies. They can allow all cookies, receive confirmation each time a cookie is saved, or refuse to save all cookies through their web browsers.
[Personalized Advertising]
Loso Co., Ltd. strives to avoid irrelevant and unnecessary ad exposure by better understanding customers, especially to specialize in services according to various brands. To increase the exposure of informative ads reflecting customer interests, online user activity information is used. However, behavior information classified under sensitive categories such as race, religion, sexual orientation, and medical history is not used for personalized advertising.
Personalized ads based on online behavioral information utilize 'cookies' or 'ad identifiers (ADID/IDFA)' to provide personalized ads by utilizing behavioral information that includes but is not limited to web browsing history, app usage history, purchase and search history, and user preferences, interests, and tendencies.
Entities Providing Advertisements and Purpose: Google, Facebook, Kakao, Naver - Providing personalized ads based on user interest through website visit history, search history, and ad identifiers.
Users can reject receiving such personalized ads at any time, and in this case, random ads will be displayed instead.
- Technical and Administrative Measures for Personal Information Protection
Loso Co., Ltd. has implemented the following measures to protect travelers' personal information:
Encryption Storage: Personal information, including unique identifiers required by law, passwords, payment information, telephone numbers, and emails, are encrypted and stored. Additionally, encrypted communication channels are used for transmission. Secure Management: Intrusion prevention systems and threat detection systems are used to prevent leakage and damage of personal information due to hacking, viruses, etc. The latest antivirus programs are utilized to prevent personal information or data from being leaked or damaged, and personal information is securely transmitted via encrypted communication. Minimization of Personal Information Handlers: The minimum number of employees handling personal information is managed, and the internet connection for PCs with access to downloadable personal information is blocked to reduce the risk of personal information leakage. Regular and irregular education is conducted to enhance awareness of personal information protection among employees.
- Personal Information Protection Manager and Agency Contact Information
Loso Co., Ltd. has designated and operates a personal information protection manager and contact person responsible for overseeing tasks related to customers' personal information, as well as handling complaints and remedies related to personal information. For all inquiries, complaints, and requests related to personal information protection arising from the use of services provided by the individualized specialized brands of Loso Co., Ltd., please contact the following:
Personal Information Protection Manager
Name: Ryu Gun-woo Email: tripper.korea@gmail.com
For reporting or consultation on personal information infringement, the following agencies can be contacted: ▶ Personal Information Infringement Report Center: 118 (no area code needed) / (Website: privacy.kisa.or.kr) ▶ Cyber Crime Investigation Unit, Supreme Prosecutors' Office: 1301 (no area code needed) / (Website: www.spo.go.kr) ▶ Cyber Investigation Division, National Police Agency: 182 (no area code needed) / (Website: http://ecrm.cyber.go.kr ▶ Personal Information Dispute Mediation Committee: 1833-6972 (no area code needed) / (Website: www.kopico.go.kr)
- Obligation of Notice
If the privacy policy is amended, the company will promptly notify users through the notice section on the website or via email, ensuring that users can easily be informed of the changes.
first Notice Date: July 21, 2023.