Skip to main content

Privacy Policy

LEGOLAND Korea Resort (the “Company”) hereby releases this Privacy Policy (this “Privacy Policy”) that it has established under Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and smoothly handle problems related to personal information.

The Company complies with major laws related to protection of personal information, such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and all other laws related to protection of personal information. In addition, the Company not only has established and complied with this Privacy Policy, but also has disclosed it on its website (www.LEGOLAND.kr) and its app (LEGOLAND Korea Resort) so that customers can easily inspect it at all times.

This Privacy Policy is subject to change in accordance with changes in relevant laws and guidelines or changes in the Company’s internal operation policy. Any change in this Privacy Policy will be notified on the Company’s website (www.LEGOLAND.co.kr).

This Privacy Policy contains the following information:

Article 1. Purpose of Collection and Use of Personal Information

Article 2. Items and Methods of Personal Information Collection

Article 3. Use of Collected Personal Information and Provision to Third Parties

Article 4. Entrustment of Processing of Personal Information

Article 5. Period of Retention and Use of Personal Information

Article 6. Procedure and Method of Destruction of Personal Information

Article 7. The Rights of Users and Their Legal Guardians and the Method of Exercising Such Rights

Article 8. Matters regarding Installment, Operation, and Refusal of Automatic Collection Device

Article 9. Notice for Changes in this Privacy Policy

Article 10. Measures to Secure the Safety of Personal Information

Article 11. Privacy Officer

Article 12. How to Withdraw Consent and Withdraw from Membership

Article 13. Effective Date for This Privacy Policy

 

Article 1. Purpose of Collection and Use of Personal Information; Collection Items*

The Company collects and uses personal information for the purposes set forth below. All information collected will not be used for purpose other than the following purposes, and the Company must obtain prior consent if it intends to change such purposes.

Purpose of Collection

Collection Items

Period of Retention/Use

Resort pass purchase

Afternoon Saver Ticket, 1 Day Admission Ticket, promotion coupons: Name, telephone, email address

Annual pass: Name, telephone, email address, area of residence (do, si), picture

3 years from the date of purchase

Hotel booking

Name, telephone, email address, area of residence (do, si)

3 years from the date of booking

Billing (payment)

Card type, (part of) card number

3 year from the date of payment

Provision of location-based service

Location information (For more details, see “Terms of Use of Location Information”)

3 year from the date the service is provided, or until the app is deleted

Confirmation of customer’s age and provision of birthday benefits

Date of birth

Until the app is deleted

Newsletter subscription and management

Name, date of birth, email address, country

Until the cancellation of subscription to news letter

Management of customer inquiries

Email address

3 year from the date a reply to a customer’s inquiry is sent to the customer

Marketing and advertising

Email address

3 year from the date of collection

Service improvement by analyzing service use record

IP address, cookie, access date and time, service use record, faulty use record

3 years from the date of collection

 

Article 2. Methods of Personal Information Collection*

The Company collects information that customers enter on the website or app of the Company; and in case of IP address, cookies, access date and time, service use record, and faulty use record, the Company collects such information by using an automatic information collection tool.

 

Article 3. Use of Collected Personal Information and Provision to Third Parties

The Company uses customer’s personal information within the scope notified in Article 1 (Purpose of Collection and Use of Personal Information) of this Privacy Policy or within the scope specified in the Terms of Service, and the Company does not use, or provide to a third party customer’s personal information beyond the said scope. Provided, however, that this will not apply to the following cases:

  • If users give a prior consent: As set forth in the table below, the Company may provide personal information after obtaining consent from users.

Recipient of Personal Information

Personal Information to Be Provided

Purpose of Use by Recipient

Period of Retention/Use of Personal Information

LG Uplus Co., Ltd.

Name, telephone, email address, contents of customer enquiries and consultations

Joint marketing with the Company

Until the period of the joint marketing agreement expires

 

 

 

 

Also, the Company provides personal information to overseas corporations as set forth below.

Recipient of Personal Information

Country Where Personal Information Is Transferred

Date and Time of Transfer of Personal Information and Method of Transfer

Items of Personal Information to Be Transferred

Purpose of Use of Personal Information

Period of Retention/Use of Personal Information

Merlin Entertainments Ltd. (Contact information of information management officer: **)

UK

Transfer from time to time from Salesforce server

Customer information: Name, date of birth, email address, country

Payment information: payment amount, date, etc.

Newsletter subscription application and management

Until the purpose is accomplished

  • If provision is required by law, or an investigation agency makes a request for the purpose of investigation in accordance with the procedure and method specified in law;
  • If for necessity of statistical study, academic research, or market research, information is provided after being processed in a form that a certain individual cannot be identified.

 

 

Article 4. Entrustment of Processing of Personal Information

The Company has entrusted personal information as set forth below for the purpose of service enhancement, and when the Company enters into an entrustment agreement, the Company makes sure that matters necessary for the safe management of personal information are stipulated therein under relevant laws and regulations. Any changes in the following matters will be notified by notice or through this Privacy Policy.

Service Provider

Entrusted Duties

Period of Retention/Use of Personal Information

KCP Eximbay

Payment processing and prevention of payment theft

Until entrusted duties are finished

The entrusted duties that are performed by overseas corporations are as set forth below.

Recipient of Personal Information

Country Where Personal Information Is Transferred

Date and Time of Transfer of Personal Information and Method of Transfer

Items of Personal Information to Be Transferred

Purpose of Use of Personal Information

Period of Retention/Use of Personal Information

Salesforce

Germany

Data transfer to a server simultaneously with the collection of the data

Name, Address, Phone Number, Email Address, Date of Birth, Gender, IP Address, Geo Location

Personal information storage, management and marketing use of the Company

Until entrusted duties are finished, or until an individual personally requests deletion

Accesso Technology Group, Plc.

UK

Data transfer when necessary for issuing tickets

Name, Address, Phone Number, Email Address, Date of Birth, Gender, IP Address, Geo Location

Ticket issuance

Adyen N.V.

Netherland

Data transfer upon payment request

Card type, (part of) card number

Payment processing and prevention of payment theft

Asia Pay Ltd.

Hong Kong

Ctrip Travel Holdings Ltd.Trip.com

(Taijung.chung@trip.com)

Hong Kong

Data transfer upon a request for purchasing a pass

Name, telephone, email address, area of residence (limited up to do or si), picture

Annual pass purchasing agency

 

 

Article 5. Period of Retention and Use of Personal Information*

Personal information is retained and used until the Company achieves the purpose of retention and use of personal information and once the purpose is accomplished, the information is destroyed without delay.

Provided, however, that if laws and regulations, including the Act on the Consumer Protection in Electronic Commerce, etc., require personal information to be retained for a certain period, the Company will safely store personal information for the relevant period under such laws and regulations and will not use such personal information for other purposes.

 

The Act on the Consumer Protection in Electronic Commerce, etc.

Record of cancellation, etc. of a contract or order: Retention for 5 years

Record of payment and supply of goods, etc.: Retention for 5 years

Record of handling a consumer complaint or a dispute: Retention for 3 years

 

 

Article 6. Procedure and Method of Destruction of Personal Information

User’s personal information will be destroyed without delay once the purpose of collection and use of personal information is achieved. The Company’s procedure and method of the destruction of personal information are as set forth below.

  • Destruction procedure: Information that a user enters to, among others, sign up for a membership will be moved, once the purpose is achieved, to a separate database (in the case of paper, to a separate document box), and then will be retained for a certain period before destruction in accordance with internal policy and other relevant laws for information protection, etc. Such personal information moved to a separate database will not be used for other purpose unless otherwise required by law.
  • Destruction method: Personal information printed on paper will be shredded by shredder or destroyed by incineration.
  • Personal information stored in the form of electronic file will be deleted by using a technical method that prevents the record from being recovered. 

     

 

 

Article 7. The Rights of Users and Their Legal Guardians and the Method of Exercising Such Rights

Users and their legal guardians of any user under the age of 14 may, at any time, view or amend the registered personal information of himself/herself or the child under the age of 14 and request cancellation of membership.

Users and their legal guardians may directly view or correct their personal information or cancel their subscription after going through a identity verification procedure by clicking “Change Personal Information” (or “Change Member Information” etc.) to view or correct their personal information or by clicking "Withdraw Subscription" to cancel their subscription (i.e., to cancel their consent).

Or users may, without delay, view or correct their personal information or cancel their subscription after going through an identity verification procedure if they make a request to the Privacy Officer in writing, by phone, or by email.

If a user requests to correct any error in his/her personal information, his/her personal information will not be used or provided before the correction is completed.

Also, if errored personal information has already been provided to a third party, the Company will promptly notify the result of the relevant correction to the third party so that the third party can also correct the relevant error.

The Company handles all personal information that has been terminated or deleted at a user’s request in accordance with Article 5 (Period of Retention and Use of Personal Information) and does not allow such personal information to be viewed or used for other purposes.

 

 

Article 8. Matters regarding Installment, Operation, and Refusal of Automatic Collection Device

The Company may install and operate a device that automatically collects information on user’s personal computer, including “cookie” that from time to time stores and discovers user’s information.

A cookie means character string information that a web server sends to a web browser for storage and then is sent back to the server at the server’s additional request. For instance, if you access the Company’s website, the Company is able to read the details of a cookie on your web browser and discover additional information (including your name) so as to provide service to you without you providing such additional information to the Company.

  • Purpose of use of cookie, etc.: Analyzing users’ frequency of access, visit time, etc.; understanding users’ tastes and area of interest and tracing users’ footsteps; conducting targeted marketing and providing customized services by understanding how many times users participate in various events and visit.
  • How to refuse cookie installation: All users have the right to choose cookie installation. On the menu of “Tools > Internet Options > Personal Information > Advanced” at the top of a web browser, you may accept all cookies, choose to receive notice when a cookie is installed, or refuse all cookies. If you reject cookie installation, you may have inconvenience in using services or the Company may have difficulty providing service to you.

 

Article 9. Notice for Changes in this Privacy Policy

If the Company intends to obtain consent from customers in order to use their personal information or provide such personal information to a third party beyond the scope notified at the time of collection thereof or beyond the scope specified in the Terms of Service or this Privacy Policy, the Company will announce in advance, via ‘Notice’, at least 7 days before the amendment to this Privacy Policy.

 

Article 10. Measures to Secure the Safety of Personal Information

In handling users’ personal information, the Company takes the following technical and administrative measures to secure the safety of the personal information so that such personal information will not be lost, stolen, leaked, altered, or damaged.

  • Encryption of personal information: User’s personal information is encrypted before it is stored and managed. Also, important data is protected by separate security functions, including encryption before storage and transmission.
  • Technical measures against hacking, etc.: The Company tries its best to prevent users’ personal information from being leaked or damaged by hacking, computer virus, etc. The Company installs its systems in areas where external access is restricted, backs up data from time to time in case personal information is damaged, and uses an up-to-date vaccine program to prevent users’ personal information or data from being leaked or damaged. Also, the Company makes sure that personal information is safely transmitted on networks by using encrypted communications, etc. In addition, the Company controls, via a firewall system, unauthorized access from external users and endeavors to have all technological devices in place to secure systemic security.
  • Minimum number of employees handling personal information and education for such employees: The Company takes administrative measures to comply with this Privacy Policy, including allowing only the person in charge to handle personal information, granting such person a separate password that has to be renewed regularly, and providing regular education on new security technology and on obligations to protect personal information.

 

 

Article 11. Privacy Officer and Staff in Charge of Personal Information

The Company has designated the following Privacy Officer and personal information division in order to protect customers’ personal information and handle customer’s complaints related to personal information.

Privacy Offer

Division and Staff in Charge of Personal Information Protection

Name: Jeong Il Lee

Title: Managing Director, Sales and Marketing Team

Email address: Joseph.lee@LEGOLAND.com

* You will be connected to the division in charge of personal information protection.

Name of division: Sales and Marketing Team

Name: Sue Young Huh

Email address: Sue.huh@LEGOLAND.com

  • You may report all complains related to personal information protection that occur while using the Company’s services to the Privacy Officer or the division in charge of personal information protection. The Company will promptly give a sufficient reply to matters reported by users. Also, if you want to report, or get advice on, infringement of personal information, you are advised to make inquiries to the following agencies.
  • Personal Information Infringement Report Center (http://privacy.kisa.or.kr/ 118)
  • Cyber Investigation Division, Supreme Prosecutors’ Office (http://www.spo.go.kr/ 1301)
  • Cyber Bureau, National Police Agency (http://cyberbureau.police.go.kr/ 182)
  • Personal Information Dispute Mediation Committee (http://www.kopico.go.kr / 02-2100-2499)

 

 

Article 12. How to Withdraw Consent and Withdraw from Membership

  • Users, at any time, may withdraw their consent that they have given for the collection, use, and provision of personal information when subscribing to a membership.
  • You may cancel subscription by clicking “cancel subscription” link at the bottom of a marketing email sent by the Company. Or if you contact the division in charge of personal information protection in writing, by phone, or by fax, your personal information will be destroyed without delay.

 

Article 13. Effective Date for This Privacy Policy

This Privacy Policy will take effect from August 1, 2020.

 

Date of Notice: August 1, 2020

Effective Date: August 1, 2020

 

Health