Programs
|
FAQ
|
Notice Board
Notice on the Collection and Use of Personal Information
Korea Gap Year Co., Ltd. (hereinafter referred to as "the Company") is committed to protecting your personal information and ensuring the rights of information subjects. The Company complies with relevant provisions of the "Personal Information Protection Act" and the standards of the "Act on Promotion of Information and Communications Network Utilization and Information Protection."
The Company has established a privacy policy to inform you of the purposes and methods by which the personal information you provide is used, and the measures taken to protect personal information. If the privacy policy is amended, it will be announced through the website's notice board.
1. Purpose of Collecting and Using Personal Information
(1) The Company collects the minimum necessary personal information from customers for business processing and will not use the provided personal information for any purpose other than the intended one without separate consent. The collected personal information is used for the following purposes.
① Execution of contracts related to service provision and settlement of fees arising from service provision
- Reservation of gap year programs and provision of related services, provision of content, purchase and payment of fees, reservation of tickets and accommodation, verification of entry and exit information, confirmation and consultation of reservation details, delivery of goods or bills, identity verification for financial transactions and financial services, fee collection, etc.
② Customer management
- Verification of identity and personal identification in accordance with customer management and service usage, prevention of improper use by delinquent members and unauthorized use, confirmation of membership intention, restriction on usage and number of uses, age verification, confirmation of legal representative's consent for collection of personal information of children under 14 years of age, record preservation for dispute resolution, handling complaints and civil affairs, delivery of notices, etc
③ Others
- Delivery of notices, confirmation of intentions, securing a smooth communication path for handling complaints, informing about new services/new products or events, understanding access frequency, and generating statistics on service usage by members.
(2) The Company will notify customers in advance and seek their consent if the collection items, usage purposes, or uses of personal information change.
2. Items of Personal Information Collected and Methods of Collection
(1) The Company collects the personal information of customers through lawful procedures and legal standards, collecting only the minimum information necessary for service use. The collection and use are restricted by the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act. Personal information is collected through website membership registration, application forms, written forms, etc.
(2) The items and purposes of the information provided for the provision of gap year program services are as follows.
[Table 1] Required Information for Membership Registration
|
Category |
Personal Information |
Purpose |
Retention and Use Period |
|
Required Information |
Name (in Korean and English), Date of Birth, Gender, Login ID, Password, Password Question and Answer, Home Phone Number, Home Address, Mobile Phone Number, Email (E-mail), Service Usage Records, Access Logs, Access IP Information, Payment Records, News Mail, Registration Path, SMS Reception Status, Passport Information (Passport Number, Passport Expiry Date, Nationality), Refund Account Information (Bank Name, Account Holder, Account Number) |
Membership registration and member service provision, consultation, service application, refund, etc |
Until the service is terminated, however, if it is necessary to retain it for a certain period according to the provisions of laws such as the Commercial Act, it will be retained for the period specified by the relevant laws. |
|
|
Legal Guardian's Name, Relationship, Contact Information, Family Relationship Proof Documents |
Confirmation information for membership service under 14 years of age |
|
|
Optional Information |
Areas of Interest, Registration Path |
Provision of additional services, customized services |
|
[Table 2] Optional Items for Program Reservations
|
Personal Information |
Purpose |
Retention and Use Period |
|
Reservation Name (in Korean and English), Date of Birth, Gender, Contact Information, Email Address, Address, Passport/Visa Status, Passport Information (English Name, Passport Number, Passport Expiry Date), Health Status, Emergency Contact |
Program reservation and consultation, determining eligibility for departure |
Service provision and retention period specified by relevant laws |
3. Period of Retention and Use of Personal Information
Customer personal information is retained and used only for the period during which the Company provides services to the customer or for the period of dispute resolution. If there is a request for deletion or withdrawal of consent, the information will be destroyed without delay. However, if retention is necessary according to the provisions of relevant laws, it will be securely retained for the period specified by the relevant laws as follows:
- Records related to contracts or withdrawal of subscription: 5 years (according to the Act on Consumer Protection in Electronic Commerce)
- Records related to payment and supply of goods: 5 years (according to the Act on Consumer Protection in Electronic Commerce)
- Records related to consumer complaints or dispute resolution: 3 years (according to the Act on Consumer Protection in Electronic Commerce)
4. Provision and Sharing of Personal Information with Third Parties
The Company uses customers' personal information within the scope of the purposes notified in the "Collection Purpose and Use of Personal Information" section and the service terms and conditions and does not use or provide it beyond this scope without customer consent. In particular, the following cases require special attention in the use and provision of personal information:
(1) The Company may provide or share customers' personal information with affiliated companies to offer better services. In such cases, customers will be individually notified by written or electronic mail about the affiliation partner, the personal information items to be provided or shared, the reason for providing or sharing the information, and the period and method of protection and management. Consent will be sought beforehand, and if customers do not agree, their information will not be provided or shared with the affiliate. Changes or termination of affiliations will be notified and consent will be obtained through the same procedure.
|
Service Area |
Recipient |
Provided Items |
Purpose of Use |
|
Air/Sea |
Hana Tour, Modu Tour, and domestic and international airlines |
English Name, Date of Birth, Gender, Contact Information (Email/Mobile), Passport Information (English Name, Passport Number, Passport Expiry Date), Airline, Mileage Information |
Airline ticket reservation and determining eligibility for departure |
|
Travel Insurance |
Travel Insurance Service Providers Name |
Date of Birth, Gender, Passport Number |
Subscription to travel insurance (overseas travel products) |
(2) Details and Status of Outsourced Personal Information Tasks
|
Outsourced Company (Trustee) |
Purpose of Outsourced Tasks |
|
Galaxia Communications Co., Ltd. |
Provision of integrated electronic payment services |
(3) Transfer of business in the event of a sale, merger, or transfer of all or part of the business, or in the case of succession through inheritance or merger, the Company will notify customers to ensure their rights related to personal information are protected. The Company provides personal information as detailed below to enhance service quality. The Company does not disclose customer personal information to unrelated companies or institutions. However, there are exceptions where personal information may be shared as follows:
- When requested by relevant authorities for investigative purposes under laws such as the Criminal Procedure Act, the Act on Real Name Financial Transactions and Confidentiality, and the Act on the Use and Protection of Credit Information.
- When provided in a non-identifiable form for statistical, academic research, or market research purposes to advertisers, partners, and research organizations
- When requested in accordance with procedures stipulated by relevant laws.
- When requested by relevant institutions for certified superior products by the Ministry of Culture and Tourism.
- When necessary for settlement of fees related to service provision, or in cases where the terms of use or operating principles of Korea Gap Year are violated.
- When deemed necessary provide personal information to take legal action for mental or material damage caused by using Korea Gap Year services.
- For campaigns, promotions, or events, information may be provided to outsourced companies, with prior customer consent obtained specifying the type of information, purpose of use, and duration.
In exceptional cases where information is provided under legal requirements or investigative authority requests, the Company will notify the affected parties whenever possible. However, notification may not always be feasible due to legal constraints. The Company will make every effort to ensure information is not provided indiscriminately against the original purposes of collection and use.
5. Provision and Sharing of Personal Information
Customer personal information may be utilized for the purposes of providing customized gap year program guidance and consultation as follows:
(1) Personal information provided by customers who use the Company’s gap year programs and related services may be used to offer various customized services if the customer has consented to the provision and sharing of their personal information. This information may be used to promote and inform customers about the Company’s gap year programs and diverse tailored services.
(2) The Company may share personal information to develop new technologies or provide better services. In such cases, users will be informed prior to the collection or provision of information about the organizations or entities with whom their personal information will be shared, the type of information required, the reasons for its necessity, and the methods and duration of its protection and management. The Company will obtain consent from users before sharing any personal information and will not collect or share additional information without user consent.
6. Procedure and Method for Destroying Personal Information
The company, in principle, destroys collected personal information without delay once the purpose of its use and storage period has been achieved. The procedure and methods for destruction are as follows:
(1) Destruction Procedure
Personal information entered by customers for membership registration and service use is transferred to a separate database (or a separate document file in the case of paper) after the purpose has been achieved. It is then stored for a certain period according to internal policies and other relevant laws and regulations (refer to the retention and use period) before being deleted or destroyed. Personal information transferred to a separate database is not used for purposes other than retention, except as required by law.
(2) Destruction Method
- Personal information printed on paper: Destroyed using a shredder.
- Personal information stored in electronic file format: Deleted using technical methods that ensure the information cannot be recovered or reproduced
7. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
To provide personalized services, the Company uses ‘cookies’ and similar devices to store and retrieve your information. A cookie is a small amount of information transmitted from the website to your computer browser. When you log in to the website, the server reads the contents of the cookie from your browser and uses it to provide services based on additional information found on your computer. Cookies are used to offer useful and convenient personalized services. Cookies are employed for the following purposes:
(1) Purpose of Using Cookies
- When registering as a member, cookies are set during login and deleted upon logout. They are used to verify the login status.
- Cookies are used to analyze access frequency, visit duration, and usage patterns of members and non-members, to understand user preferences and interests, track behavior, and conduct targeted marketing and personalized service provision..
You have the option to control cookie installation. You may configure your web browser to accept all cookies, prompt you when a cookie is set, or reject all cookies.
(2) How to Refuse Cookies For example, to refuse cookies, you can configure your web browser settings to accept all cookies, prompt you for each cookie, or reject all cookies. Example settings (for Internet Explorer): Click [Tools] at the top of the web browser > Click [Internet Options] in the menu > Adjust the privacy settings under the [Privacy] tab. Note, however, that refusing cookies may hinder the provision of services.
8. Rights and Duties of the Personal Information Subject
Personal information subjects have the following rights related to the protection of their personal information:
- Request for access to personal information (including information on the source, purpose of processing, and usage history of personal information collected from the subject or others).
- Request for correction of errors.
- Request for deletion of personal information.
- Request to cease processing.
Rights related to the above items can be exercised through written communication or email to the Company, and the Company will act promptly. The personal information subject must ensure that they do not infringe upon the personal information or privacy of themselves or others beyond the scope of applicable personal information protection laws.
9. Methods for Viewing, Correcting, and Deleting Personal Information
To view or correct your personal information, log in to the Company’s website, and click on [Personal Information Modification] in My Page to view or amend your information. Additionally, you may request viewing, correction, or deletion of personal information via email to the Customer Center or Personal Information Manager, and necessary actions will be taken after verifying your identity. The Company will not use or provide personal information until corrections are completed. If incorrect personal information has been provided to a third party, the Company will promptly notify the third party of the correction results to ensure that the correction is made. Personal information that is deleted or terminated upon request by the user or legal guardian will be processed according to the retention and usage periods specified in the "Retention and Usage Period of Collected Personal Information" and will not be used for other purposes.
How to Request Viewing, Correction, or Deletion of Personal Information
Please complete and send the 'Personal Information Access, Correction, Deletion, and Processing Suspension Request Form' via email (help@koreagapyear.com). Your request will be processed promptly after verifying your identity
10. Withdrawal of Consent for Collection/Use/Provision of Personal Information
You may withdraw your consent for the collection, use, and provision of personal information at any time after registration. To withdraw consent(Account Cancellation), you can request it via email to the Company's operational email (help@koreagapyear.com), or submit a written request to the Customer Center or the Personal Information Manager. The Company will promptly process your request.
11. Protection of Personal Information for Children Under 14
For children under the age of 14, services can be used through a legal representative (parent, legal guardian, or custodian), and only the minimum necessary personal information is collected for service execution. Legal representatives of children under 14 can request access to, correction of, or withdrawal of consent for the collection, use, provision, and outsourcing of the child’s personal information. Personal information of children under 14 will not be provided or shared with third parties without the consent of the legal representative.
12. Technical and Administrative Measures for Personal Information Protection
(1) Technical Measures
- Customer personal information is protected by passwords, and important data is secured through encryption of files and transmission data or the use of file-locking features.
- The Company adopts security devices (SSL or SET) that use encryption algorithms to safely transmit personal information over the network.
- To guard against hacking and other external intrusions, each server is equipped with intrusion prevention systems and vulnerability analysis systems to ensure comprehensive security.
(2) Administrative Measures
- The Company limits access to personal information to the minimum number of authorized personnel. This minimum number includes:
Individuals involved in program reservations/payments, service execution contracts, and related tasks.
Personnel directly engaged in marketing activities with users.
The Personal Information Manager and staff are responsible for personal information management.
Others who, due to their job duties, must handle personal information.
- At the time of employment, all staff are required to sign a security pledge to prevent information leaks by individuals. The Company has established internal procedures to audit compliance with the personal information processing policy.
- The transfer of duties related to personal information handling is conducted under strict security, with clear responsibilities defined for personal information incidents before and after employment.
- The Company is not responsible for issues arising from individual user errors or inherent internet risks. Users are responsible for managing their IDs and passwords appropriately.
- In the event of data loss, leakage, alteration, or damage due to internal staff errors or technical management issues, the Company will promptly inform you of the facts and seek appropriate measures and compensation.
13. Personal Information Complaint Services
To protect customer personal information and address complaints related to personal data, the Company has designated the following department and Personal Information Manager:
- Customer Service Department: Customer Center
- Phone: 02-318-2553
- Email: help@koreagapyear.com
- Personal Information Manager:
- Name: Choi Da-young
- Phone: 02-318-2553
- Email: help@koreagapyear.com
You may report any personal information protection-related complaints to the Personal Information Manager or the relevant department. The Company will respond promptly to user complaints. For further issues related to personal information breaches or consultations, please contact the following organizations:
14. Notification of Changes to Personal Information Processing Policy
Changes to the policy will be notified through the website before implementation, with version number and revision date clearly indicated. Important changes will be emailed to customers.
Final Revision Date of Personal Information Processing Policy
November 22, 2017
*In case of Mistranslation the Korean Version applies
HOME
