LOTTE

LOTTE
gnb close

Lifetime Value Creator

Privacy Policy

Privacy Policy

LOTTE Corp. (“the Company” hereinafter) places prime importance on customers’ personal information and complies with the “Act on the Promotion of Information and Communication Network Utilization and information Protection." The Company’s Privacy Policy explains for what use and how the personal information provided is used and what measures are taken to protect personal information. Any amendment to the Privacy Policy will be notified as an Announcement on the Company’s official website (or through personal notice).

* This Privacy Policy takes effect as of October 1, 2019.
  1. 1. Collection of Personal Information

    The Company collects the following personal information in order to operate the Sinmungo (Corporate Ethics Counseling Office) (“the Service” hereinafter):

    1. Mandatory information

      - Reporter’s name, email address, and mobile phone number

    2. Optional information

      - Reporter’s phone number and subject of complaint (company name and suspect’s name, department, and position/title)

    3. The following information may be created and collected while you use the Service or the Company processes reports:

      - Service usage records, access logs, cookies, and IP addresses

  2. 2. Use of Personal Information

    The Company uses the personal information collected for the following purposes:

    1. Providing the Service you request, verifying your identity, preventing malicious members’ unlawful use of and unauthorized access to the Service, complaint handling, and delivering notices
  3. 3. Method of Collecting Personal Information

    The Company collects the personal information you provide and the information automatically created by your computer, such as cookies and IP address data.

  4. 4. Period for Retention and Use of Personal Information

    In principle, the Company destroys personal information of users without delay when the purpose of its collection and use is achieved. However, if required by relevant laws and regulations, the Company will retain the information for a certain period as designated by those laws and regulations as follows:
    InfInformation to be retained: Personal information and complaint details provided when the complaint is reported

    1. Information to be retained: Personal information and complaint detail provided when the complaint is reported
    2. Governing law: Act on Consumer Protection in the Electronic Commerce Transactions (Records on consumer complaints or dispute mediation)
    3. Period: 3 years
  5. 5. Destruction of Personal Information

    In principle, the Company destroys your personal information as follows without delay when the purpose of its collection and use is achieved.

    1. Destruction procedure
      Once the purpose of its collection and use is fulfilled, the information you provided during the sign-up process or for other reasons is transferred to a separate database (or a filing cabinet for printed information). The information transferred is destroyed after being retained for the period specified by the Company’s policy and/or relevant laws and regulations (see Article 4. Handling and Retention of Personal Information). The information stored in the database is never used for any other purpose than being retained unless required by law.
    2. Due date of destruction
      If its retention period is over, the personal information shall be destroyed within five days from the end date of the retention period. If the personal information becomes unnecessary because the purpose of its collection and use is achieved, the Service is no longer provided, or the Company ends its business, the personal information shall be destroyed within five days from the date it is determined to be unnecessary.
    3. Destruction Method

      - The Company deletes personal information stored in the form of an electric file by using a technological method rendering that information to not be recoverable.
      - The Company destroys hard copies of personal information by shredding with a pulverizer or incinerating it.

  6. 6. Disclosure of Personal Information to Third Parties

    Under no circumstances does the Company use or provide your personal information to any other company/agency beyond the scope stipulated in the Collection of Personal Information and Use of Personal Information hereof, except the cases where you agree to the disclosure in advance or the disclosure is required by law.

    1. Provision of personal information to third parties
      The Company may provide or share your personal information with third parties to improve the Service. Before providing or sharing your personal information to third parties, the Company notifies you in writing or by email of those for whom your personal information is provided or shared with, specific information that is to be provided or shared, and the purpose of such provision or sharing, and then seeks to obtain your consent in writing, by email, or through agreement to the Terms of Use. If you do not agree, the Company never provides or shares your personal information with third parties. If any change is made to the relationship with the third parties that the Company provides or shares personal information with, or such relationship is terminated, the Company notifies you or asks for your consent in the same procedure.
    2. Current provision and sharing of personal information
      In order to process complaints and other grievances and communicate notices, the Company may provide its affiliates with the personal information that reporters provide when reporting complaints to the Corporate Ethics Counseling Office. The following personal information will be provided:
      Provision of personal information to third parties
      Third Party Information Provided Purpose Use and Retention Period
      All LOTTE affiliates Reporter’s name, phone number, mobile phone number and email address, subject of complaint (company name and suspect’s name, department and position/title) To process the complaints reported to the Corporate Ethics Counseling Office 3 years
  7. 7. Commissioning of Personal Information

    To provide the Service, the Company commissions external professional agents (“Subcontractors” hereinafter) to process personal information as follows. In order to secure safety of personal information, the Company supervises Subcontractors and ensures that they safely process personal information by strictly complying with the specified directions regarding prevention of use of personal information for other purposes than to perform the commissioned task, technical and administrative protection measures, prevention of recommissioning, management and supervision of Subcontractors, and liabilities for damage of personal information protection.

    1. Subcontractor: LOTTE Data Communication Company
    2. Commissioned task: Operating computer systems
    3. Retention period: The personal information provided shall be destroyed immediately after the purpose of its collection and use is fulfilled.
    4. If the commissioned task or Subcontractor is changed, the Company will disclose the changes in this Privacy Policy.
    5. Subcontractor: Daehong Communications
    6. Commissioned task: Operating the website (maintenance)
    7. Retention period: The personal information provided shall be destroyed immediately after the purpose of its collection and use is fulfilled.
    8. If the commissioned task or Subcontractor is changed, the Company will disclose the changes in this Privacy Policy.
  8. 8. Rights of Users
    1. You have the following rights to protect personal information, and you can exercise any of them at any time personally or through your legal representative:
      • - Access to personal information
      • - Requesting corrections of errors
      • - Requesting deletion
      • - Requesting suspension of treatment of personal information
    2. To exercise any of the rights, please fill in Form 8 of the Enforcement Decree of the Personal Information Protection Act, and send it to the Company by post, email or fax. The Company will process the request without delay.
    3. If you request the correction or deletion of your personal information, the Company will not use or provide the personal information until the requested correction or deletion is completed.
    4. In addition, if the wrong personal information is already provided to third parties, the corrected results of the personal information will be notified to those third parties as soon as possible.
    5. You can exercise your rights through your legal representative or delegate. In this case, you should submit power of attorney in the format of Form 8 of the Enforcement Decree of the Personal Information Protection Act.
  9. 9. Department and Personnel in Charge of Personal Information Protection

    The Company has designated the following division and personnel to protect personal information and process complaints:

    1. Personal Information Protection Chief
      • - Lee Jae Hong, Strategic Planning Team
      • - Phone: 02-750-7129
      • - Email: LOTTEaudit@LOTTE.net
    2. Personal Information Protection Manager
      • - Choi Ji Hyun, Management Audit Division
      • - Phone: 02-750-7129
      • - Email: LOTTEaudit@LOTTE.net

    You can report any complaints related to personal information protection by the Service to the above department or personnel. The Company will respond quickly and sincerely to your report.

    If you have anything to report or consult about matters related to the infringement of personal information protection or damage relief, please contact the following organizations, which are independent of the Company:

    1. ▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
      • - Tasks: Personal information infringement reports and requests for consultation
      • - Website : privacy.kisa.or.kr
      • - Phone: (No area code) 118
      • - Address: (138-950) 135, Jungdae-ro, Songpa-gu, Seoul, Korea Internet & Security Agency, Personal Information Infringement Report Center
    2. ▶ Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
      • - Tasks: Personal information infringement reports and requests for consultation
      • - Website : privacy.kisa.or.kr
      • - Phone: (No area code) 118
      • - Address: (138-950) 135, Jungdae-ro, Songpa-gu, Seoul, Korea Internet & Security Agency, Personal Information Infringement Report Center
    3. ▶ Supreme Prosecutor’s Office, Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
    4. ▶ National Police Agency, Cyber Terror Response Center: 1566-0112 (www.netan.go.kr)
  10. 10. Installation, Operation and Refusal of Automatic Personal Information Collector

    The Company uses cookies to save and retrieve your information whenever necessary.
    A cookie is a small text file that is transmitted to your web browser from the server operating the Company’s website and stored on your computer’s hard disk.
    The Company uses cookies for the following purposes:

    1. ▶ Use of Cookies

      - To analyze differences in access frequency and visiting hours between members and non-members
      - To understand users’ preferences and interests and follow their digital traces
      - To check users’ participation and visit time lengths in various events hosted by the Company in order to provide targeted marketing and customized services
      You have the right to select how to install cookies. In the cookie options of your web browser, you can set to allow all cookies, prompt you to confirm each time a cookie is to be saved, or block all cookies.

    2. ▶ Refusal of Cookies
      In the cookie options of your web browser, you can set to allow all cookies, receive a prompt to confirm each time a cookie is to be saved, or block all cookies.
      Example of setting the cookie option in Internet Explorer: Select Tools > Internet Options > Privacy
      Note that if you select to block all cookies, you may be unable to access the Service.
  11. 11. Measures to Protect Personal Information

    1. Minimization of the number of personal information managers and training for them
      To protect personal information, the Company designates personal information managers and minimizes the number of staff handling personal information.
    2. Technical measures against hacking and other attacks
      To prevent personal information from being disclosed due to hacking or virus attacks, the Company installs security programs and performs regular updates and maintenance on the installed security programs. The Company also installs systems in a place that does not allow any access from the outside, and monitors them technically and physically.
    3. Encryption of personal information
      The Company applies additional security measures to critical data, for example, by encrypting files and transferred data and activating the file lock function.
    4. Storage and forgery prevention of access records
      The Company saves and retains the access records to the personal information processing systems for 6 months at least, and it implements security functions to prevent any alteration, theft and loss of access records.
    5. Limited access to personal information
      The Company takes necessary measures to control access to personal information by assigning, updating and revoking authorities to the database systems that handle personal information. The Company also installs a firewall system to prevent unauthorized access from the outside.
    6. Locking mechanisms for document security
      The Company stores the documents and auxiliary storage media containing users’ personal information in a secure environment.
    7. Blocking unauthorized access
      The Company stores personal information physically in a separate location and controls access to the site by establishing and implementing access control procedures.
  12. 12. Previous/current privacy policy comparison (date of notice : September 24, 2019. date of enforcement : October 1, 2019.)
    개인정보처리방침
    Privacy Policy
    February 27, 2019 ~ September 30, 2019
    Privacy Policy
    October 1, 2019 ~
    Personal Information Protection Chief
    - Kim Tae Wan, Hospitality & Service Strategy Team
    Personal Information Protection Chief
    - Lee Jae Hong, Strategic Planning Team

    Please see here for previous privacy policy. (February 27, 2019 ~ September 30, 2019)