Privacy Policy
LEGOLAND Korea Resort (the “Company”) hereby releases this Privacy Policy (this “Privacy Policy”) that it has established under Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle problems related to personal information.
The Company complies with major laws related to protection of personal information, such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and all other laws related to protection of personal information. In addition, the Company not only has established and complied with this Privacy Policy, but also has disclosed it on its website (www.LEGOLAND.kr) and its app (LEGOLAND Korea Resort) so that customers can easily inspect it at all times.
This Privacy Policy is subject to change in accordance with changes in relevant laws and guidelines or changes in the Company’s internal operation policy. Any change in this Privacy Policy will be notified on the Company’s website (www.LEGOLAND.co.kr).
This Privacy Policy contains the following information:
Article 1. Purpose of Collection and Use of Personal Information
Article 2. Items and Methods of Personal Information Collection
Article 3. Use of Collected Personal Information and Provision to Third Parties
Article 4. Entrustment of Processing of Personal Information
Article 5. Period of Retention and Use of Personal Information
Article 6. Procedure and Method of Destruction of Personal Information
Article 7. The Rights of Users and Their Legal Guardians and the Method of Exercising Such Rights
Article 8. Matters regarding Installment, Operation, and Refusal of Automatic Collection Device
Article 9. Notice for Changes in this Privacy Policy
Article 10. Measures to Secure the Safety of Personal Information
Article 11. Privacy Officer
Article 12. How to Withdraw Consent and Withdraw from Membership
Article 13. Effective Date for This Privacy Policy
Article 1. Purpose of Collection and Use of Personal Information; Collection Items*
The Company collects and uses personal information for the purposes set forth below. All information collected will not be used for purpose other than the following purposes, and the Company must obtain prior consent if it intends to change such purposes.
|
Purpose of Collection |
Collection Items |
Period of Retention/Use |
|
Resort pass purchase |
Afternoon Saver Ticket, 1 Day Admission Ticket, promotion coupons: Name, telephone, email address Annual pass: Name, telephone, email address, area of residence (do, si), picture |
3 years from the date of purchase |
|
Hotel booking |
Name, telephone, email address, area of residence (do, si) |
3 years from the date of booking |
|
Billing (payment) |
Card type, (part of) card number |
3 year from the date of payment |
|
Provision of location-based service |
Location information (For more details, see “Terms of Use of Location Information”) |
3 year from the date the service is provided, or until the app is deleted |
|
Confirmation of customer’s age and provision of birthday benefits |
Date of birth |
Until the app is deleted |
|
Newsletter subscription and management |
Name, date of birth, email address, country |
Until the cancellation of subscription to news letter |
|
Management of customer inquiries |
Email address |
3 year from the date a reply to a customer’s inquiry is sent to the customer |
|
Marketing and advertising |
Email address |
3 year from the date of collection |
|
Service improvement by analyzing service use record |
IP address, cookie, access date and time, service use record, faulty use record |
3 years from the date of collection |
Article 2. Methods of Personal Information Collection*
The Company collects information that customers enter on the website or app of the Company; and in case of IP address, cookies, access date and time, service use record, and faulty use record, the Company collects such information by using an automatic information collection tool.
Article 3. Use of Collected Personal Information and Provision to Third Parties
The Company uses customer’s personal information within the scope notified in Article 1 (Purpose of Collection and Use of Personal Information) of this Privacy Policy or within the scope specified in the Terms of Service, and the Company does not use, or provide to a third party customer’s personal information beyond the said scope. Provided, however, that this will not apply to the following cases:
- If users give a prior consent: As set forth in the table below, the Company may provide personal information after obtaining consent from users.
|
Recipient of Personal Information |
Personal Information to Be Provided |
Purpose of Use by Recipient |
Period of Retention/Use of Personal Information |
|
LG Uplus Co., Ltd. |
Name, telephone, email address, contents of customer enquiries and consultations |
Joint marketing with the Company |
Until the period of the joint marketing agreement expires |
|
|
|
|
|
Also, the Company provides personal information to overseas corporations as set forth below.
|
Recipient of Personal Information |
Country Where Personal Information Is Transferred |
Date and Time of Transfer of Personal Information and Method of Transfer |
Items of Personal Information to Be Transferred |
Purpose of Use of Personal Information |
Period of Retention/Use of Personal Information |
|
Merlin Entertainments Ltd. (Contact information of information management officer: **) |
UK |
Transfer from time to time from Salesforce server |
Customer information: Name, date of birth, email address, country Payment information: payment amount, date, etc. |
Newsletter subscription application and management |
Until the purpose is accomplished |
- If provision is required by law, or an investigation agency makes a request for the purpose of investigation in accordance with the procedure and method specified in law;
- If for necessity of statistical study, academic research, or market research, information is provided after being processed in a form that a certain individual cannot be identified.
Article 4. Entrustment of Processing of Personal Information
The Company has entrusted personal information as set forth below for the purpose of service enhancement, and when the Company enters into an entrustment agreement, the Company makes sure that matters necessary for the safe management of personal information are stipulated therein under relevant laws and regulations. Any changes in the following matters will be notified by notice or through this Privacy Policy.
|
Service Provider |
Entrusted Duties |
Period of Retention/Use of Personal Information |
|
KCP Eximbay |
Payment processing and prevention of payment theft |
Until entrusted duties are finished |
The entrusted duties that are performed by overseas corporations are as set forth below.
|
Recipient of Personal Information |
Country Where Personal Information Is Transferred |
Date and Time of Transfer of Personal Information and Method of Transfer |
Items of Personal Information to Be Transferred |
Purpose of Use of Personal Information |
Period of Retention/Use of Personal Information |
|
Salesforce |
Germany |
Data transfer to a server simultaneously with the collection of the data |
Name, Address, Phone Number, Email Address, Date of Birth, Gender, IP Address, Geo Location |
Personal information storage, management and marketing use of the Company |
Until entrusted duties are finished, or until an individual personally requests deletion |
|
Accesso Technology Group, Plc. |
UK |
Data transfer when necessary for issuing tickets |
Name, Address, Phone Number, Email Address, Date of Birth, Gender, IP Address, Geo Location |
Ticket issuance |
|
|
Adyen N.V. |
Netherland |
Data transfer upon payment request |
Card type, (part of) card number |
Payment processing and prevention of payment theft |
|
|
Asia Pay Ltd. |
Hong Kong |
||||
|
Ctrip Travel Holdings Ltd.Trip.com (Taijung.chung@trip.com) |
Hong Kong |
Data transfer upon a request for purchasing a pass |
Name, telephone, email address, area of residence (limited up to do or si), picture |
Annual pass purchasing agency |
Article 5. Period of Retention and Use of Personal Information*
Personal information is retained and used until the Company achieves the purpose of retention and use of personal information and once the purpose is accomplished, the information is destroyed without delay.
Provided, however, that if laws and regulations, including the Act on the Consumer Protection in Electronic Commerce, etc., require personal information to be retained for a certain period, the Company will safely store personal information for the relevant period under such laws and regulations and will not use such personal information for other purposes.
The Act on the Consumer Protection in Electronic Commerce, etc.
Record of cancellation, etc. of a contract or order: Retention for 5 years
Record of payment and supply of goods, etc.: Retention for 5 years
Record of handling a consumer complaint or a dispute: Retention for 3 years
Article 6. Procedure and Method of Destruction of Personal Information
User’s personal information will be destroyed without delay once the purpose of collection and use of personal information is achieved. The Company’s procedure and method of the destruction of personal information are as set forth below.
- Destruction procedure: Information that a user enters to, among others, sign up for a membership will be moved, once the purpose is achieved, to a separate database (in the case of paper, to a separate document box), and then will be retained for a certain period before destruction in accordance with internal policy and other relevant laws for information protection, etc. Such personal information moved to a separate database will not be used for other purpose unless otherwise required by law.
- Destruction method: Personal information printed on paper will be shredded by shredder or destroyed by incineration.
- Personal information stored in the form of electronic file will be deleted by using a technical method that prevents the record from being recovered.
Article 7. The Rights of Users and Their Legal Guardians and the Method of Exercising Such Rights
Users and their legal guardians of any user under the age of 14 may, at any time, view or amend the registered personal information of himself/herself or the child under the age of 14 and request cancellation of membership.
Users and their legal guardians may directly view or correct their personal information or cancel their subscription after going through a identity verification procedure by clicking “Change Personal Information” (or “Change Member Information” etc.) to view or correct their personal information or by clicking "Withdraw Subscription" to cancel their subscription (i.e., to cancel their consent).
Or users may, without delay, view or correct their personal information or cancel their subscription after going through an identity verification procedure if they make a request to the Privacy Officer in writing, by phone, or by email.
If a user requests to correct any error in his/her personal information, his/her personal information will not be used or provided before the correction is completed.
Also, if errored personal information has already been provided to a third party, the Company will promptly notify the result of the relevant correction to the third party so that the third party can also correct the relevant error.
The Company handles all personal information that has been terminated or deleted at a user’s request in accordance with Article 5 (Period of Retention and Use of Personal Information) and does not allow such personal information to be viewed or used for other purposes.
Article 8. Matters regarding Installment, Operation, and Refusal of Automatic Collection Device
The Company may install and operate a device that automatically collects information on user’s personal computer, including “cookie” that from time to time stores and discovers user’s information.
A cookie means character string information that a web server sends to a web browser for storage and then is sent back to the server at the server’s additional request. For instance, if you access the Company’s website, the Company is able to read the details of a cookie on your web browser and discover additional information (including your name) so as to provide service to you without you providing such additional information to the Company.
- Purpose of use of cookie, etc.: Analyzing users’ frequency of access, visit time, etc.; understanding users’ tastes and area of interest and tracing users’ footsteps; conducting targeted marketing and providing customized services by understanding how many times users participate in various events and visit.
- How to refuse cookie installation: All users have the right to choose cookie installation. On the menu of “Tools > Internet Options > Personal Information > Advanced” at the top of a web browser, you may accept all cookies, choose to receive notice when a cookie is installed, or refuse all cookies. If you reject cookie installation, you may have inconvenience in using services or the Company may have difficulty providing service to you.
Article 9. Notice for Changes in this Privacy Policy
If the Company intends to obtain consent from customers in order to use their personal information or provide such personal information to a third party beyond the scope notified at the time of collection thereof or beyond the scope specified in the Terms of Service or this Privacy Policy, the Company will announce in advance, via ‘Notice’, at least 7 days before the amendment to this Privacy Policy.
Article 10. Measures to Secure the Safety of Personal Information
In handling users’ personal information, the Company takes the following technical and administrative measures to secure the safety of the personal information so that such personal information will not be lost, stolen, leaked, altered, or damaged.
- Encryption of personal information: User’s personal information is encrypted before it is stored and managed. Also, important data is protected by separate security functions, including encryption before storage and transmission.
- Technical measures against hacking, etc.: The Company tries its best to prevent users’ personal information from being leaked or damaged by hacking, computer virus, etc. The Company installs its systems in areas where external access is restricted, backs up data from time to time in case personal information is damaged, and uses an up-to-date vaccine program to prevent users’ personal information or data from being leaked or damaged. Also, the Company makes sure that personal information is safely transmitted on networks by using encrypted communications, etc. In addition, the Company controls, via a firewall system, unauthorized access from external users and endeavors to have all technological devices in place to secure systemic security.
- Minimum number of employees handling personal information and education for such employees: The Company takes administrative measures to comply with this Privacy Policy, including allowing only the person in charge to handle personal information, granting such person a separate password that has to be renewed regularly, and providing regular education on new security technology and on obligations to protect personal information.
Article 11. Privacy Officer and Staff in Charge of Personal Information
The Company has designated the following Privacy Officer and personal information division in order to protect customers’ personal information and handle customer’s complaints related to personal information.
|
Privacy Offer |
Division and Staff in Charge of Personal Information Protection |
|
Name: Jeong Il Lee Title: Managing Director, Sales and Marketing Team Email address: Joseph.lee@LEGOLAND.com * You will be connected to the division in charge of personal information protection. |
Name: Ju Yeun Park Title : Sales and Marketing Team Email address: Judy.Park@LEGOLAND.com |
- You may report all complains related to personal information protection that occur while using the Company’s services to the Privacy Officer or the division in charge of personal information protection. The Company will promptly give a sufficient reply to matters reported by users. Also, if you want to report, or get advice on, infringement of personal information, you are advised to make inquiries to the following agencies.
- Personal Information Infringement Report Center (http://privacy.kisa.or.kr/ 118)
- Cyber Investigation Division, Supreme Prosecutors’ Office (http://www.spo.go.kr/ 1301)
- Cyber Bureau, National Police Agency (http://cyberbureau.police.go.kr/ 182)
- Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / 02-2100-2499)
Article 12. How to Withdraw Consent and Withdraw from Membership
- Users, at any time, may withdraw their consent that they have given for the collection, use, and provision of personal information when subscribing to a membership.
- You may cancel subscription by clicking “cancel subscription” link at the bottom of a marketing email sent by the Company. Or if you contact the division in charge of personal information protection in writing, by phone, or by fax, your personal information will be destroyed without delay.
Article 13. Effective Date for This Privacy Policy
This Privacy Policy will take effect from August 1, 2020.
Date of Notice: August 1, 2020
Effective Date: August 1, 2020
