HOTEL LOTTE Co., Ltd. Privacy Policy - Privacy Policy

Article 1 Collection of Personal Information

The Company collects the minimum amount of personal information required for service provision.

In order to provide the following services, we collect the minimum amount of personal information through our website or using a paper form when customers sign up for membership or use a service.

Data subjects without a membership may use certain features, such as hotel search and viewing articles, as members do. When a data subject signs up for membership to use a personalized or membership service, such as membership-rate reservation, LOTTE HOTELS shall collect the minimum amount of personal information required for service use.

The methods we use to collect personal information are as follows.

When collecting personal information, we obtain the user's prior informed consent using the following methods:

- Collecting information directly from the user, who consents to the collection of personal information when signing up for membership or using a service
- Receiving personal information from partner services, organizations, etc.
- Collecting information through websites, application pages, e-mail, fax, phone, etc. in the course of providing customer service
- Collecting information from those who participate in online and offline events, etc.
- Collecting information on payments and points transactions generated during service use, etc.

The personal information collected from a data subject during service use is as follows.

The Company collects and uses personal information in accordance with Article 15 of the Personal Information Protection Act and other applicable laws and regulations, distinguishing between cases in which personal information is necessary to take measures at the request of a data subject in the course of complying with laws and regulations, or performing or concluding an agreement (personal information collected without consent of the data subject), and cases in which personal information is collected with the data subject’s consent.
Additional personal information may be collected only from the data subjects of the relevant service, such as individual service usage and event entries, within LOTTE HOTELS. Where additional personal information is collected, necessary measures will be taken, such as informing data subjects of the grounds for the processing of personal information.

Personal information collected without the consent of a data subject

Online services

Personal information collected without the consent of a data subjec : Category, Collection method, Items to be collected, Purpose of Collection, Retention period, Legal grounds
Category	Collection method	Items to be collected	Purpose of Collection		Retention Period	Legal grounds
Room Reservations	Website (Web/App)	Required	- Name (as indicated on the passport), contact information, email address - (When paying on-site) Credit card information (card type, card number, and expiration date)	- Provision of room reservation services - Sending announcements and information related to reservations - Provision of express check-in services - Processing customer complaints and other civil complaints, preventing abuse - (When paying on-site) Guarantee or penalty payment	Two years (If the reservation is canceled, five days from the date of cancellation)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Restaurant reservations (LOTTE HOTEL ST.PETERSBURG, LOTTE HOTEL YANGON)		Required	- Name (as indicated on the passport), contact information, email address	- Notification of reservation and provision of services	Five days	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Restaurant reservations (LOTTE HOTEL SEOUL, LOTTE HOTEL WORLD, LOTTE HOTEL ULSAN, LOTTE HOTEL JEJU, SIGNIEL SEOUL, SIGNIEL BUSAN)		Required	- Name (Korean or English), email address, contact information - Payment information (payment, discount applied, and date of payment)	- Identity verification for the provision of restaurant reservation services - Customer announcements - Securing effective channels of communication for handling complaints - Service satisfaction survey	Two years (Deleted after five days if the reservation is canceled)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Events	E-mail	Required	- Resident registration number	- When reporting taxes and public charges (over KRW 50,000)	When the report is completed	Article 15, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (Compliance with legal obligations) Article 24, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (As required by other statutes) Article 24-2, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (As required by other laws and presidential decrees) Article 21 of the Income Tax Act (Other Income) Article 127 of the Income Tax Act (Liability for Withholding Taxes)

Offline services

Personal information collected without the consent of a data subjec : Category, Collection method, Items to be collected, Purpose of Collection, Retention period, Legal grounds
Category	Collection method	Items to be collected	Purpose of Collection		Retention Period	Legal grounds
Restaurant reservations	Offline Telephone	Required	- Name (Korean or English), contact information - Payment information (payment, discount applied, and date of payment)	- Identity verification for the provision of restaurant reservation services - Customer announcements - Securing effective channels of communication for handling complaints - Service satisfaction survey	Two years (Deleted after five days if the reservation is canceled)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Currency exchange (foreign currency exchange)	Offline	Required	- Name (English), passport number , nationality	- Reporting currency exchange and foreign exchange	Five years	Article 15, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (Compliance with legal obligations) Article 24, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (As required by other statutes) Article 20 of the Foreign Exchange Transactions Act (Reporting and Inspections) Foreign Exchange Transactions Regulations Article 2-29 (Obligations of Currency Exchange Operators)
Events	In writing	Required	- Resident registration number	- When reporting taxes and public charges (over KRW 50,000)	When the report is completed	Article 15, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (Compliance with legal obligations) Article 24, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (As required by other statutes) Article 24-2, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (As required by other laws and presidential decrees) Article 21 of the Income Tax Act (Other Income) Article 127 of the Income Tax Act (Liability for Withholding Taxes)
Fitness Club Membership	In writing	Required	- Resident registration number	- Transfer and report at the time of transfer	When the report is completed	Article 15, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (Compliance with legal obligations) Article 24, Paragraph 1, Subparagraph 2 of the Personal Information Protection Act (As required by other statutes) Article 24-2, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (As required by other laws and presidential decrees) Article 82 of the Inheritance Tax and Gift Tax Act and Article 84 of the Enforcement Decree of the same Act (Report at the time of transfer or takeover)

Personal information collected with the consent of a data subject

Online services

Personal information collected with the consent of a data subject : Category, Collection method, Items to be collected, Purpose of Collection, Retention period, Legal grounds
Category	Collection method	Items to be collected	Purpose of Collection		Retention Period	Legal grounds
Rewards membership	Website (Web/App)	Required	- Name (Korean, English), date of birth, gender, mobile phone number, email address, ID, password, CI (connecting information for identifying the individual), DI (duplicate registration information) - Country (Koreans: automatically determined through identity verification; foreigners: manually entered)	- LOTTE HOTEL REWARDS membership sign-up and member management - Identity and personal verification to provide membership services - Securing effective channels of communication for various notifications and handling complaints	Upon membership withdrawal (However, CI will be retained for 90 days after membership withdrawal to prevent service misuse.)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Name (Korean, English), country, date of birth, mobile phone number, email address, ID	- Information related to domestic and overseas LOTTE HOTELS membership services through text message or e-mail - Provision of information on the Company’s discounts and new products, marketing usage, promotion information and participation, and advertisement information	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Anniversary name, anniversary date - Rewards membership number	- Providing LOTTE HOTEL REWARDS members with anniversary coupons and benefits - Identity and personal verification to provide membership services	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Credit card Sign up		Required	- Credit card information (card type, card number, and expiration date)	- Card information utilization services for a hotel room reservation	One year (If credit card information is deleted or membership is withdrawn, it shall be destroyed immediately)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Employee verification		Required	- Rewards number, company name, company email address	- Provide employee services	Collection From the date of consent One year	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
L.POINT integrated members		Required	- Name (English, Korean), country, date of birth, contact information (mobile phone number), email address, ID, CI (connecting information for identifying the individual) - Rewards number, LOTTE HOTELS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, IP/cookies information	- Room or golf course reservation and the provision of services on subsequent visits - Verification and personal identification to provide membership services - Accumulation and usage of points for services provided by the Company and provision of various other membership services such as discounts - Membership management and announcements - Securing effective channels of communication for handling complaints	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
L.POINT integrated members		Optional	- Name (English and Korean), country, date of birth, mobile phone number, e-mail, ID - Rewards number, LOTTE HOTELS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, IP/cookies information	- Information related to domestic and overseas LOTTE HOTELS membership services through text message or e-mail - Provision of information on the Company’s discounts and new products, marketing usage, promotion information and participation, and advertisement information	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Booker membership		Required	[LOTTE HOTEL REWARDS information] - Name (Korean, English), country, date of birth, gender, mobile phone number, email address, ID, password, Rewards membership number (automatically generated) [LOTTE Hotel Booker Club information] - Booker Club membership number (automatically generated), hotel, company name, company phone number, company address, email address - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, IP/cookies information	- Booker Club membership registration and member management - Identity verification and personal identification for Booker Club services - Provision of various membership services, including point accumulation, usage for services provided by the Company, and discounts - Various announcements - Securing effective channels of communication for handling complaints	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Booker membership		Optional	- Name (Korean, English), country, date of birth, mobile phone number, email address, ID, password, Rewards membership number (automatically generated), Booker Club membership number (automatically generated), hotel, company name, company phone number, company address, LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage history, IP/cookies information	- Provision of information related to domestic and overseas LOTTE HOTELS & RESORTS membership services, information on product discounts and new products of the Company, marketing purposes, event participation, and advertising information	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
SIGNIEL COLLECTION membership		Required	[LOTTE HOTEL REWARDS information] - Name (Korean, English), country, date of birth, gender, mobile phone number, email address, ID, password, Rewards membership number (automatically generated) [SIGNIEL COLLECTION information] - SIGNIEL COLLECTION membership number (automatically generated), address (home and work), product type, card issue selection - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history	- Identity and personal verification - Provision of membership services - Delivery of announcements and notifications to members - Annual fee payment - Processing inquiries and complaints and other civil complaints	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Employer’s name, job title	- Identity verification and recognition services for each member - Provision of personalized services	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	[LOTTE HOTEL REWARDS information] - Name (Korean, English), country, date of birth, gender, mobile phone number, email address, ID, password, Rewards membership number (automatically generated) [SIGNIEL COLLECTION information] - SIGNIEL COLLECTION membership number (automatically generated), address (home and work), product type, card issue selection - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history	- Notification of information related to membership services, hotel discount products, new products, marketing purposes, event information and participation, and advertising information via text message, e-mail, post, or telephone	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Mobile check-in		Required	[Rewards members] - Name (in English), e-mail, contact information, date of birth, nationality - Rewards number, stay and reservation records (including reservation numbers, periods of stay, room numbers, accommodation rates, and purchase amounts), vehicle number - Payment information (credit card information, expiration date)	- Identity and personal verification - Provision of services including hotel reservations, stay, customer relations, delivery of announcements - Processing customer complaints and other civil complaints	Two years	Personal Information Protection Act Article 15, Paragraph 1, Subparagraph 4 (Execution of the contract)
Mobile check-in		Required	[Non-member reservation] - Name (in English), e-mail, contact information, date of birth, nationality - Stay and reservation records (including reservation numbers, periods of stay, room numbers, accommodation rates, and purchase amounts), vehicle number - Payment information (credit card information, expiration date)		Two years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Restaurant reservations (LOTTE HOTEL SEOUL, LOTTE HOTEL WORLD, LOTTE HOTEL ULSAN, LOTTE HOTEL JEJU, SIGNIEL SEOUL, SIGNIEL BUSAN)		Optional	- Name (Korean or English), email address, contact information	- Notification of restaurant promotions and new menu items and use for marketing purposes	Two years	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Trevi Club membership		Required	[LOTTE HOTEL REWARDS information] - Name (Korean, English), country, email address, date of birth, gender, mobile phone number, ID, password, Rewards membership number (automatically generated) [Trevi Club information] - Trevi Club membership number (automatically generated), address (home and work), product type, card issue selection - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history, IP/cookies information	- Identity and personal verification - Provision of membership services - Notices and announcements for members - Annual fee payment - Processing inquiries and complaints and other civil complaints	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	[LOTTE HOTEL REWARDS information] - Name (Korean, English), country, email address, date of birth, gender, mobile phone number, ID, password, Rewards membership number (automatically generated) [Trevi Club information] - Trevi Club membership number (automatically generated), address (home and work), product type, card issue selection - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history, IP/cookies information	- Provision of information relating to LOTTE HOTELS, discounts, and new products - To use for marketing purposes		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Employer’s name, job title	- Identity verification and recognition services for each member - Provision of personalized services		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Membership verification online		Required	- E-mail - Service usage records (coupons and discounts), ID, password, IP/cookies information	- Identity and personal verification - Provision of membership services, sending announcements and information to members - Annual fee payment - Processing inquiries and complaints and other civil complaints	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Inquiries for the wedding hall		Required	- Name (as indicated on the passport), email address, contact information, country, requests	- Provision of reservation and customer assistance services	1 year (However, email and contact information will be retained for one month.)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Inquiries for the wedding hall		Optional	- Company name	- Provision of reservation and customer assistance services	1 year	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Convention Inquiries		Required	- Name (as indicated on the passport), email address, contact information, country, requests	- Provision of reservation and customer assistance services	1 year (However, email and contact information will be retained for one month.)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Convention Inquiries		Optional	- City, company name	- Provision of reservation and customer assistance services	1 year	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Joint event inquiries		Required	- Hotel, name (as indicated on the passport), email address, contact information, country, requests	- Provision of reservation and customer assistance services	1 year (However, email and contact information will be retained for one month.)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Joint event inquiries		Optional	- City, company name	- Provision of reservation and customer assistance services	1 year	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Service Academy Q&A		Required	- Name, e-mail, contact information - Requests (subject, details)	- Response to customer inquiries and provision of services	One year (However, email and contact information will be retained for one month.)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Customer voice		Required	- Name, email address, contact information	- Response to customer inquiries and provision of services - Processing customer complaints	Three years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Missing Rewards points inquiries		Required	- Hotel of stay, check-in/check-out, details, email address	- Response to customer inquiries and provision of services	One year from the date of consent to the collection	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Complaint report (reporting)		Required	- Complainant’s name, mobile phone number, email address	- Personal identification for using the e-People service - Fact-checking the details of the complaint report - Handling complaints, providing notification of the results of the complaint - Taking necessary actions in response to the complaint	Three years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Events	Website (web/app), e-mail	Required	- Name (Korean or English), email address, contact information	- Event winner announcement, delivery of notifications - Ensure a smooth communication channel for handling inquiries, complaints, etc.	Period of consent	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Events		Required	- Name (Korean or English), address	- Sending prizes to event winners	Period of consent	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
e-SHOP purchasing service		Required	- Name (Korean or English), contact information (mobile phone number) - Rewards number, Rewards points	- Identity verification for LOTTE HOTELS e-SHOP services - Securing effective communication channels for sending LOTTE HOTELS e-SHOP announcements and processing complaints	Two years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
e-SHOP purchasing service		Required	- Shipping information (person who made the order, recipient’s name, address, mobile phone number) - Payment record (credit card company, credit card number, payment and discount amount, payment date and time) - Accumulated points and usage (LOTTE Member card number or mobile phone number, Rewards points number)	- Product purchase and usage information - Respond to 1:1 inquiries	Two years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Points conversion		Required	[Naver Pay] - Korean name, points for conversion	- Points conversion service	Six months from the date of consent to the collection	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Points conversion		Required	[CJ ONE] - CJ ONE membership card number, Korean name, converted points	- Points conversion service	Six months from the date of consent to the collection	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Gifting Rewards points		Required	Name (English), email address, mobile phone number	- Rewards points gift request service between members	Two years from the date of consent to the collection	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Requesting an e-Voucher		Required	Name, e-mail	- Member voucher request services	Two years from the date of consent to the collection	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
SRC (Senior Residence & Care by LOTTE HOTELS & RESORTS, hereinafter referred to as “SRC”) service		Optional	- Residential area, interests, area of interest	- Provision of personalized membership services	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
SRC service (Sending newsletters)	Website (web)	Required	- E-mail	- Information on products related to services and SRC complex through newsletters (e-mail) - Provide information on events and participation, marketing use, and marketing information	Until the newsletter service (email) ends or when the customer unsubscribes	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
SRC service (1:1 Inquiry)	Website (web)	Required	- English name, e-mail - Inquiry details (if personal information is included)	- Response to customer inquiries and provision of services	For two years from the date of consent	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)

* When you sign up for L.POINT integrated membership, your English name will be automatically converted based on your Korean name. You may edit the name to the English name on your passport only once at [My Page > Edit Member Information].

Offline services

Personal information collected with the consent of a data subject : Category, Collection method, Items to be collected, Purpose of Collection, Retention period, Legal grounds
Category	Collection method	Items to be collected	Purpose of Collection		Retention Period	Legal grounds
Rewards membership	In writing	Required	- Name (English), date of birth, country, mobile phone number, e-mail, membership number, LOTTE HOTELS (including local and overseas locations) reservation and stay information, accumulated points and usage records	- Room or golf course reservation and the provision of services on subsequent visits - Verification and personal identification to provide membership services - Accumulation and usage of points for services provided by the Company and provision of various other membership services such as discounts - Membership management and announcements - Securing effective channels of communication for handling complaints	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Rewards membership	In writing	Optional	- Name (in Korean), name (in English) date of birth, country, mobile phone number, e-mail, membership number, LOTTE HOTELS (including local and overseas locations) reservation and stay information, accumulated points and usage records	- Provision of personalized membership services - Information related to domestic and overseas LOTTE HOTELS membership services through text message or e-mail - Provision of information on the Company’s discounts and new products, marketing usage, promotion information and participation, and advertisement information	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Room registration card	In writing	Required	- Name, date of birth, nationality, mobile phone number, e-mail, stay information	- Identity verification procedures, customer notifications - Processing complaints	Two years from date of stay	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Gender, country, city and province, phone number, departure date (check-out date), company name, job title, preference information, request information	- Personal identification and provision of recognition and personalized services		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- E-mail, mobile phone number	- Provision of information on discounted products, new products and marketing		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
SIGNIEL Club membership	In writing	Required	- Photo, name, date of birth, mobile phone number, home address	- Identity verification procedures, customer notifications - Processing complaints	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Gender, e-mail, work address, phone number, company name, job title, vehicle information	- Personal identification, provision of personalized services		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Address, phone number, mobile phone number, e-mail	- Provision of information on discounted products, new products and marketing		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Trevi Club Membership	In writing, via phone, fax, e-mail, partner company	Required	- Name (Korean/English), gender, date of birth, mobile phone number, address (home and work), mailing address, card type category, payment information (credit card information (card type, expiration date, and card number), account information (account number, account holder)), membership service usage history	- Identity and personal verification, provision of membership services, delivery of information and notifications to members, annual fee payment - Processing inquiries and complaints and other civil complaints	Until membership withdrawal (however, card information will be discarded once the purpose is fulfilled)	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Name (Korean/English), gender, date of birth, mobile phone number, address (home and work), mailing address, card type category, payment information (credit card information (card type, expiration date, and card number), account information (account number, account holder)), membership service usage history - Email, information on the recommender, company name, job title	- Provide personalized membership services		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Name (Korean/English), gender, date of birth, mobile phone number, address (home and work), mailing address, card type category, payment information (credit card information (card type, expiration date, and card number), account information (account number, account holder)), membership service usage history - Email, information on the recommender, company name, job title	- Provide information about membership, hotel discounts and new products, and marketing communications		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Fitness Club Membership	In writing, partner company	Required	- Name (Korean/English), photo, date of birth, mobile phone number, address (home, work), phone number (home, work), mailing address	- Identity and personal verification, provision of membership services, delivery of notifications to members (can be used for emergency contact in the event of an urgent need), annual fee payment - Processing inquiries and complaints and other civil complaints	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Gender, e-mail, company name, job title, vehicle information	- Personal identification, provision of personalized services	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Address, phone number, mobile phone number, e-mail	- Notifications of hotel discount products and new products, marketing purposes	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Family Club membership	In writing	Required	- Name (Korean/English), gender, date of birth, mobile phone number, e-mail, address (home or work), phone number (home or work), mailing address, wedding anniversary	- Identity and personal verification, provision of membership services, delivery of information and notifications to members - Processing inquiries and complaints and other civil complaints	Until membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
		Optional	- Name (Korean/English), gender, date of birth, mobile phone number, e-mail, address (home or work), phone number (home or work), mailing address, wedding anniversary	- Provide personalized membership services		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
		Optional	- Name (Korean/English), gender, date of birth, mobile phone number, e-mail, address (home or work), phone number (home or work), mailing address, wedding anniversary	- Provide information about membership, hotel discounts and new products, and marketing communications		Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Events	In writing	Required	- Name (Korean or English), email address, contact information - Products for delivery: Address	- Event winner announcement, delivery of notifications - Ensure a smooth communication channel for handling inquiries, complaints, etc.	Period of consent	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
Events	In writing	Required	- Name (Korean or English), address	- Sending prizes to event winners	Period of consent	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the data subject)
L.POINT	Offline	Required	- Name (Korean), L.POINT card number (mobile phone number)	- L.POINT accumulation and payment services	Five years	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Airline mileage	Offline	Required	- Name (English), date of stay, mileage number	- Airline mileage accumulation service	One year	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Cash receipt	Offline	Required	- Mobile phone number, cash receipt card number	- Cash receipt issuance	Five years	- Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract) - Article 162-3 of the Income Tax Act (Income tax reports)

Personal information collected from sources other than the data subjects (customers)

Personal information collected from sources other than the data subjects (customers) : Category, Items to be collected, Purpose of Collection, Retention Period, Legal grounds
Category		Items to be collected	Purpose of Collection	Retention Period	Legal grounds
L.POINT integrated membership sign-up	LOTTE Members Co., Ltd.	[Required] - Name, gender, date of birth, email address, mobile carrier, phone number (home, work, mobile), address (home and work), card number, CI, membership number, membership tier, Korean/foreigner, country code	- Provision of personal identification services L.POINT integrated members Provision of sign-up services	Upon membership withdrawal	Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Execution of the contract)
Social login sign-up	Kakao	[Required] - Date of birth, Kakao account (email address), year of birth, name, Kakao account (phone number) [Optional] - Gender	- Social login member Provision of sign-up services
	Naver	[Required] - User ID, mobile phone number, name, email address, gender, date of birth, year of birth, encrypted CI
	Apple	[Required] - Email address, phone number
	Google	[Required] - Name, email address, phone number, profile photo

Information and functionality access privileges in mobile devices

The Company accesses information and functionalities on the user's mobile device for mobile app services.

We notify and obtain the user's consent regarding required/optional access privileges when the app is first executed. Consent regarding optional access privileges may be obtained separately upon using a service that utilizes such access privileges.

For optional access privileges, the method of obtaining consent may vary depending on the iOS or Android OS version. App service usage is not restricted even if users do not agree to access privileges.

Information and functionality access privileges in mobile devices : Category, Access privileges, Purpose
Category		Access privileges	Purpose
Android	Required	Mobile device and app version	To collect device and app information for usability
	Optional	Notifications	To receive information on new packages and promotions
		Gallery	To attach file when saving Rewards online card and using Customer Voice
		Camera	When taking a photo for customer comments/inquiries
		Bluetooth	To use the mobile key service
		Contact information	To access and edit contacts when sharing a mobile key
iOS	Required	Mobile device and app version	To collect device and app information for usability
	Optional	Notifications	To receive information on new packages and promotions
		Gallery	To attach files when saving Rewards online card and using Customer Voice
		Camera	When taking a photo for customer comments/inquiries
		Bluetooth	To use the mobile key service
		Contact information	To access and edit contacts when sharing a mobile key

Article 2 Use of Personal Information

Article 3 Protection of Personal Information of Children under the Age of 14

Article 4 Processing Pseudonymized Information

Article 5 Additional Use ∙and Provision of Personal Information

Article 6 Personal Information Provision and Consignment

The Company does not provide personal information of a data subject to a third party without their consent except as required by law.

- In cases where extraordinary provisions are stipulated by law or where it is necessary to comply with legal obligations
- In cases where the data subject or their legal representative is unable to express their intention or they cannot give consent due to an unknown address or similar reasons, and it is deemed urgently necessary to protect the life, body, or property interests of the data subject or a third party
- In cases where the provision of personal information to the Company is required by law or at the request of a government authority, such as an investigative agency

Personal information is provided as follows for service usage.

The Company does not provide personal information to a third party without prior consent from the data subject. However, when a data subject has consented to the provision of personal information in order to use the services of a LOTTE HOTELS branch, external partners, e-People, etc., the Company may provide personal information to third parties. For the smooth provision of services, the Company only provides the minimum necessary personal information upon the data subject’s consent for the following cases, in accordance with Article 17 (Provision of Personal Information), Paragraph 1, Subparagraph 1 of the Personal Information Protection Act.

Personal information is provided as follows for service usage : 서비스명, 제공받는 자, 제공하는 개인정보 항목, 제공받는자의 이용목적, 제공받는 자의 이용 기간
Service name		Recipient	Personal information provided	Purpose of use by the recipient	Period of use by the recipient
LOTTE HOTELS branch service	Rewards membership / L.POINT integrated membership / Booker membership	Domestic and overseas branches of LOTTE HOTELS (https://www.lottehotel.com/global/ko/hotel-finder.html)	(Required) [Rewards membership] - Name (Korean, English), date of birth, country, mobile phone number, email address, ID, password, CI, DI, Rewards membership number (automatically created), LOTTE HOTELS (including domestic and overseas branches) reservation and stay information, accumulated points and usage history [L.POINT integrated members] - Name (in English and Korean), country, date of birth, contact information (mobile phone number), e-mail, user ID, Rewards membership number, LOTTE HOTELS (including domestic and overseas chains) reservation and usage information, points accumulation and usage records, and IP/cookies information [Booker Membership] - Name (Korean, English), country, date of birth, mobile phone number, email address, ID, password, Rewards membership number (automatically generated), Booker Club membership number (automatically generated), hotel, company name, company phone number, company address, LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage history, IP/cookies information	[Rewards Membership] - Provision of LOTTE HOTEL REWARDS membership recognition services - Provision of various membership services including the accumulation and use of LOTTE HOTEL REWARDS points, discounts, etc. - Provision of partner services [L.POINT Integrated Membership] - Provision of LOTTE HOTEL REWARDS membership recognition services - Used for LOTTE HOTEL REWARDS point use approval - Provision of partner services [Booker Membership] - Provision of LOTTE HOTEL REWARDS and Booker Club membership recognition services - Usage of LOTTE HOTEL REWARDS and Booker Club point use approval - Provision of partner services	Upon membership withdrawal
			(Optional) [Rewards Membership] - Name (Korean, English), country, date of birth, gender, mobile phone number, email address, ID [L.POINT integrated members] - Name (in English and Korean), country, date of birth, contact information (mobile phone number), e-mail, user ID, Rewards membership number, LOTTE HOTELS (including domestic and overseas chains) reservation and usage information, points accumulation and usage records, and IP/cookies information [Booker Membership] - Name (Korean, English), country, date of birth, mobile phone number, email address, ID, password, Rewards membership number (automatically generated), Booker Club membership number (automatically generated), hotel, company name, company phone number, company address, LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage history, IP/cookies information	- Provision of information related to domestic and overseas LOTTE HOTELS & RESORTS membership services, information on product discounts and new products of the Company, marketing communications, event information and participation, and advertising information via text messages and e-mails	Upon membership withdrawal
	Room registration card		- (Required) Name, date of birth, country, mobile phone number, e-mail, stay information - (Optional) Gender, country, city and province, phone number, departure date (check-out date), company name, job title, preference information, request information	- Provision of LOTTE HOTELS revisit services, recognition services, personalized services, and use for product notifications and marketing	Two years from date of stay
	Trevi Club membership	LOTTE HOTEL BUSAN	- (Required) [LOTTE HOTEL REWARDS] Name (Korean, English), country, date of birth, gender, mobile phone number, email address, ID, password, Rewards membership number (automatically generated) [Trevi Club information] Trevi Club membership number (automatically generated), address (home and work), product type, card issue selection, payment method (account and credit card information, etc.) - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history - IP/cookies information	Provision of membership services at domestic hotel branches Provision of partner services Delivery of notifications and information to members Processing inquiries and complaints and other civil complaints Settlement of legal disputes, etc.	Upon membership withdrawal
		LOTTE HOTEL BUSAN	- (Optional) Company name, job title	For identity verification and recognition services for each member To provide personalized services	Upon membership withdrawal
	Family Club membership	LOTTE HOTEL BUSAN	- Name (Korean/English), gender, date of birth, mobile phone number, e-mail, address (home or work), phone number (home or work), mailing address, wedding anniversary	- Identity verification and personal identification, provision of membership services, delivery of announcements and notifications to members - Processing inquiries and complaints and other civil complaintsz	Upon membership withdrawal
	Fitness Club membership	LOTTE HOTEL BUSAN	- (Required) Name (Korean/English), photo, date of birth, mobile phone number, address (home, work), phone number (home, work), mailing address, membership category, application receipt date, membership number, baseline date for billing the membership fee, deposit date - (Optional) Gender, vehicle information, e-mail address, employer’s name, and job title	- Provision of special benefits for fitness club members, provision of personalized services, use for product notifications and marketing	Upon membership withdrawal
	SIGNIEL Club Membership	LOTTE HOTEL BUSAN	- (Required) Photo, name, date of birth, mobile phone number, home address - (Optional) Gender, e-mail, work address, phone number, company name, job title, vehicle information	- Provision of membership services at domestic and overseas hotel branches, delivery of announcements and notifications to members - Processing inquiries and complaints and other civil complaints - Provision of personalized services, product notifications, and marketing purposes	Upon membership withdrawal
	SIGNIEL COLLECTION membership	LOTTE HOTEL BUSAN	[LOTTE HOTEL REWARDS information] Name (Korean and English), country, date of birth, gender, mobile phone number, e-mail, ID, password, Rewards membership number (automatically generated) [SIGNIEL COLLECTION information] - SIGNIEL COLLECTION membership number (automatically generated), address (home and work), product type, card issue selection - LOTTE HOTELS & RESORTS (including domestic and overseas locations) reservation and stay information, accumulated points and usage records, member services usage history	- Provision of membership services at domestic hotel branches - Provision of partner services - Delivery of announcements and notifications to members - Processing inquiries and complaints and other civil complaints	Upon membership withdrawal Upon
	SIGNIEL COLLECTION membership	LOTTE HOTEL BUSAN	- Employer’s name, job title	- Identity verification and recognition services for each member - Provision of personalized services Upon	Upon membership withdrawal
	Membership verification online	LOTTE HOTEL BUSAN	- Name (Korean/English), e-mail, phone number (mobile or home), date of birth, address (home or work), service usage history (coupons and discounts), ID, IP/cookies information	- Provision of member services and partner services, delivery of announcements and notifications to members - Processing inquiries and complaints and other civil complaints	Upon membership withdrawal
Mileage service	L.POINT	LOTTE Members Co., Ltd.	- Name, L.POINT card number (mobile phone number)	- L.POINT accrual and usage approval	Upon membership withdrawal
	LHW membership	The Leading Hotels of the World, Ltd.	- Name, address, e-mail	- Provision of membership services	Upon membership withdrawal
	LOTTE Duty Free Shop mileage	Domestic offline LOTTE Duty Free Shop (https://kr.lottedfs.com/business/branch-korea/list.do)	- Name (English), membership number, email address, and accrued points	- Used for LOTTE HOTEL REWARDS point use approval - Provision of partner services	Upon membership withdrawal
Points conversion service		Naver Financial Corporation	- Customer identification information, converted points	- Naver Pay points conversion service	Service usage period
Points conversion service		CJ Olive Networks, Inc.	- LOTTE HOTEL REWARDS number, CJ ONE membership card number, name (in Korean), LH Points balance and available points to convert	- Verification of membership and provision of points conversion services	Five years from viewing/converting points
Complaint report (reporting)		(1) The company you have designated as the subject of your report (2) The company identified as the subject of the report based on the content of your report (3) The parent company of the company identified as the subject of your report	- Complainant’s name, mobile phone number, email address	- e-People Fact-checking the details of the complaint report - Handling complaints, providing notification of the results of the complaint - Taking necessary actions in response to the complaint	Three years

Provision to third parties when transferring personal information overseas

Provision to third parties when transferring personal information overseas : Recipient of personal information, Receiving country for data transfer, Information officer and contact information, Date/time and method of personal information transfer, Personal information to be transferred, Purpose of using transferred personal information by recipient, Retention and usage period of the receiving party of personal information transfer, Legal grounds
Recipient of personal information	Receiving country for data transfer	Information officer and contact information	Date/time and method of personal information transfer	Personal information to be transferred	Purpose of using transferred personal information by recipient	Retention and usage period of the receiving party of personal information transfer	Legal grounds
Singapore Airlines Limited	Singapore	dpo@singaporeair.com.sg	- 1st - 10th of every month Transferred to Singapore Airlines internal network	- Name, KrisFlyer membership number, accumulated mileage, accommodation dates	- Mileage accrual	Seven years from membership withdrawal	Article 28-8, Paragraph 1 of the Personal Information Protection Act Subparagraph 1 (Separate consent for overseas transfer)

The data subject may refuse the transfer of their personal information overseas through the Company’s personal information protection manager or department in charge. In the event that the data subject refuses the transfer of their personal information overseas, the Company shall exclude the data subject’s personal information from such overseas transfer. However, in this case, the data subject may be restricted from using any of the Company’s services that require the transfer of personal information overseas.

In order to provide better service, we have some of our work carried out by third party service providers.

LOTTE HOTELS consigns some of the tasks necessary to provide services to third-party service providers and defines/manages/supervises matters that are necessary for them to process personal information safely, in accordance with the Personal Information Protection Act.

Furthermore, when a service provider subcontracts the processing of users’ personal information, the service provider obtains LOTTE HOTELS’ consent, where the subcontractor and the details of the subcontracted tasks are disclosed through the Privacy Policy.

If not using the services related to the work outsourced to contractors, the customer’s personal information is not provided to the contractor.

In order to provide better service, we have some of our work carried out by third party service providers.
Category	Third-party service providers	Re-trustee	Activities to be consigned	Personal information retention and usage period
Membership recruitment	Domestic and overseas branches (https://www.lottehotel.com/global/ko/hotel-finder.html)	-	Member recruitment service	Upon membership withdrawal or subcontractor contract termination
Information system operation and management	LOTTE Innovate Co., Ltd.	-	Operation and management of cloud service and computer system	Upon membership withdrawal or subcontractor contract termination
		AWS	Cloud service
		eTRIBE Co., Ltd.	Website development and operation
		Treasure Data	CDP Cloud Service
		North Star Consulting	CDP system development and operation
		GDSK Co., Ltd.	Tablo development and operation
		MEGAZONE CLOUD Corp.	SFMC operation
	MetanetX Co., Ltd.	Datadog, Inc.	Service monitoring and failure analysis system operation	Upon subcontractor contract Upon termination
	Korea Information & Communication Co., Ltd. (KICC)	-	Payment agency	Until the purpose is achieved
	KIS Information & Communication, Inc.	-
	NICE Information & Telecommunication	-
	NICE PAYMENTS	-	Payment agency	Upon subcontractor contract termination
		Meta-M	Customer Service
		HYOSUNG ITX	Customer support and refund processing
		NARA CREDIT	Notification and collection of outstanding charges
		SK m&service	Customer Service
		Dream Bay	Customer support processing
		Q-Office	Customer support processing
		Sejong Telecom	Operation of customer support processing system
	WITPLUS	-	e-SHOP development and operation	Upon subcontractor contract termination
	LOTTE Members Co., Ltd.	-	Integrated Membership System (L.POINT) Operational Tasks	Upon subcontractor contract termination
		LOTTE Innovate Co., Ltd.	System operation and IT equipment maintenance
		Transcosmos Korea Inc.	L.POINT customer support services
		Naver Corporation	Naver personal identification
		KG INICIS Co., Ltd.	Card personal identification
		NICE Information Service Co., Ltd.	Verification using a mobile phone, i-PIN, recognized common certificate, or PASS certificate
		Korea Mobile Certification Inc.	Verification using a mobile phone
		Shinhan Bank	Personal identification and identity verification using a Shinhan Bank certificate
		Smart Solutions Co., Ltd.	Kakao personal identification
	DOWHAT Co., Ltd.	-	Order trading system (OTS) Development and operation	Upon subcontractor contract termination
Sending e-mails Services	HumusOn	-	Sending e-mails	Upon subcontractor contract termination
Member recruitment and management	MG Networks	-	Trevi Club member recruitment and management	Upon membership withdrawal or subcontractor contract termination
Member recruitment and management	MG Networks	-	Rewards member management
Product manufacture and shipping	NURI Global Service Co., Ltd.	-	Sales and delivery of He:on products	Upon subcontractor contract termination
		Simmons-K Co., Ltd.	He:on bedding product manufacture and shipment
		Hyundai Decorations Co., Ltd.	He:on bedding product manufacture and shipment
		Haerim Corporation	He:on bedding product manufacture and shipment
		Linear Block	Frette product shipping
Social media operation	Kaya Media Corporation	-	Social media platform operation and event services agency	Upon subcontractor agreement termination
	Spoons Co., Ltd.	-
	The SMC Group Co., Ltd.	-
Event creation and execution	Dodamind Co., Ltd.	-	Using event creation tools to customers	Upon subcontractor contract termination
SPA operation and management	Les Nouvels Co., Ltd.	-	retreat SPA operation and management	Upon subcontractor contract termination
Housekeeping	AMPM Co., Ltd.	-	Cleaning rooms and public areas	Upon subcontractor contract termination
Housekeeping	Doing CNS Co., Ltd.	-	Cleaning rooms and shipping acquired items	Upon subcontractor contract termination
Concierge services	LOTTE Rental	-	Confirming customer arrival and departure, operating vehicles	Upon subcontractor contract termination
Special holiday sales	Special holiday sales vendor		Special holiday sales and shipping (Subcontractor: delivery)	Upon consignment agreement termination

The personal information processing work handled by overseas corporations is as follows.

LOTTE HOTELS consigns data storage and operation services to overseas corporations for more convenient customer service. You may refuse to allow your personal information to be handled by overseas corporations, and if you choose to do so, your service use may be restricted.

Overseas transfer of personal information

The Company consigns data storage and operation services to overseas corporations for more convenient customer service.

Overseas transfer of personal information : Recipient of personal information, Receiving country for data transfer, Information officer and contact information, Date/time and method of personal information transfer, Personal information to be transferred, Purpose of using transferred personal information by recipient, Retention and usage period of the receiving party of personal information transfer, Legal grounds
Recipient of personal information	Receiving country for data transfer	Information officer and contact information	Date/time and method of personal information transfer	Personal information to be transferred	Purpose of using transferred personal information by recipient	Retention and usage period of the receiving party of personal information transfer	Legal grounds
Overseas branches of the Company (https://www.lottehotel.com/global/ko/hotel-finder.html)		See details of information officer	- Data transfer via Oracle Corporation’s exclusive network when using Rewards/Booker membership services	- Personal information collected after obtaining consent, such as Rewards/Booker membership	- Approval of points use, provision of partner services and recognition services	Upon membership withdrawal	Article 28-8, Paragraph 1 of the Personal Information Protection Act Subparagraph 1 (Separate consent for overseas transfer)
		See details of information officer	-(Offline) Data transfer via Oracle Corporation’s exclusive network when signing up for Rewards membership and filling out a room stay card	- Personal information collected by receiving consent when signing up for Rewards membership or filling out a room stay card	- Consignment of personal information collection	Upon membership withdrawal	Article 28-8, Paragraph 1 of the Personal Information Protection Act Subparagraph 1 (Separate consent for overseas transfer)
Salesforce (Salesforce)	United States	https://www.salesforce.com/company/privacy/ Salesforce Data Protection Officer 415 Mission St., 3rd Floor San Francisco, CA 94105, USA E-mail: privacy@salesforce.com Phone: +1-844-287-7147	- Data transfer via the network for membership sign-up and changing member information on the following day	- Personal information collected by receiving customer consent during sign-up or during their stay (gender, age range, email address, contact information, nationality, country, language, Rewards ID, web push token, consent to receiving marketing information)	- Personalized marketing through Salesforce Marketing Cloud - Announcements and notifications	Until membership withdrawal	Article 28-8, Paragraph 1, Subparagraph 3 of the Personal Information Protection Act (Outsourcing and storage for the fulfillment of agreements)
Data Travel, LLC	United States	Laurent Idrac, COO lidrac@hapicloud.io	- When reservations and stay status (check-in, check-out, cancellation) are changed in the sales management system, the information is transferred through the network	- Personal information collected by receiving customer consent during sign-up or during their stay (name, Rewards ID, Rewards tier, email address, contact information, address, room reservation and stay information)	- Processing data and supporting normalization	Deleted after 14 days	Article 28-8, Paragraph 1, Subparagraph 3 of the Personal Information Protection Act (Outsourcing and storage for the fulfillment of agreements)
Sabre GLBL Inc.	United States	https://www.sabre.com/about/privacy/ Attn: Sabre’s Data Protection Officer 3150 Sabre Drive, Southlake, Texas 76092, USA Email: privacy@sabre.com Phone: +1-682-605-1000	Transferred via API interface when creating, modifying, cancelling a reservation within the reservation management system	Personal information collected with the customer’s consent during membership registration or stay (gender, date of birth, name, contact information, email address, address)	- Membership management and provision of services - Statistics analysis	Two years from the date of consent to collection (However, data will be discarded after five days if there is no consent.)	Article 28-8, Paragraph 1, Subparagraph 3 of the Personal Information Protection Act (Outsourcing and storage for the fulfillment of agreements)
Datadog, Inc.	United States	https://www.datadoghq.com/legal/privacy Datadog Data Protection Officer Datadog, Inc. 620 8th Avenue, Floor 45, New York, NY 10018 e-mail: privacy@datadoghq.com	Transmission via network at the time of service use - Date and time: Upon transfer of logs from the agent to Datadog SaaS - How to: API communication	- Internal identifier, service usage history (information on service usage including webpages viewed, stay duration, click events, login history, reservation history, etc.)	- Viewing and managing logs for service and system analysis	15 days from the date of collection	Article 28-8, Paragraph 1, Subparagraph 3 of the Personal Information Protection Act (Outsourcing and storage for the fulfillment of agreements)
Datadog, Inc.	United States			- Profile ID, session ID, Rewards membership number, IP, country name, city name	- Improvement of service quality and UX	30 days from the date of collection

The data subject may refuse the transfer of their personal information overseas through the Company’s personal information protection manager or department in charge. In the event that the data subject refuses the transfer of their personal information overseas, the Company shall exclude the data subject’s personal information from such overseas transfer. However, in this case, the data subject may be restricted from using any of the Company’s services that require the transfer of personal information overseas.

Article 7 Destruction of Personal Information

In principle, the Company immediately discards personal information when a member deletes their account. However, in the event that separate consent is obtained for the retention period for personal information by the data subject, as in the case of Section 1 (Collection of Personal Information) above, or if we are legally obligated to keep personal information for a certain period, we shall keep it securely for said period.

Personal information for which the purpose of collection and use has been achieved, such as membership withdrawal, service termination, and the maturity of the personal information retention period agreed upon by the data subject, is destroyed in a manner that does not allow the information to be reproduced. Information that is legally obligated to be retained for a certain period is also destroyed in a manner that does not allow its reproduction, without delay after the expiration of the period.

Electronic files are securely deleted using technologies and methods to prevent restoration and reproduction, and printouts, etc., are destroyed using methods such as shredding or incinerating.

Personal information retention in accordance with relevant laws

Personal information retention in accordance with relevant laws : Category, Applicable laws and regulations, Period, Items
Category	Applicable laws and regulations	Period	Items
Records of contracts, offer withdrawals, or the like	Act on Consumer Protection in Electronic Commerce, Etc.	Five years	Identification information, contract information, or withdrawal information
Records of payments and supply of goods, etc.		Five years	Identification information, contract information, or withdrawal information
Records of the handling of consumer complaints or disputes		Three years	Identification information, consumer dispute resolution information
Books and supporting documents stipulated by the tax law	Framework Act on National Taxes	Five years	Books and supporting documents
Records on electronic financial transactions	Electronic Financial Transactions Act	Five years	Transaction information
Service visit records	Protection of Communications Secrets Act	Three months	Service visit records (e.g., logs and IP, etc.)
Statements or other similar records	Commercial Law	Five years	Statements and other similar records
Records on processing income tax reports	Income Tax Act	Five years	Records on income tax reports
Records on currency exchanges (foreign currency exchange)	Foreign Exchange Act	Five years	Records on foreign exchange reports

Article 8 Possibility of Disclosure of Sensitive Information and Opting for Non-Disclosure

Article 9. Article 5 Rights and Obligations of Data Subjects and Their Legal Representatives and How to Exercise Them

A data subject (a member or their legal representative) may exercise the following rights regarding the protection of personal information at any time.
- - Request for access (viewing) to personal information
- - Request for correction of personal information
- - Request for deletion of personal information and withdrawal⁄termination of consent
- - Request for suspension of personal information processing
A customer may request to access, correct, delete, or suspend the processing of their personal information registered, or withdraw consent at any time. If the data subject is unable to exercise their rights personally, they may do so through an authorized legal representative.In such cases, the identity of the customer or the authority of the legal representative may be verified using an identification document, such as a resident registration card, driver’s license, or passport.
These rights may be exercised as follows after completing a personal information request form (access, correction⁄deletion, suspension of processing).
These requests will be processed promptly (within 10 days).
- - Offline members
  - · When making a request in person at a hotel, by email to the Membership Officer (lottehotelrewards@lotte.net) or by phone (+82-2-759-7671/7672/7673), personal information may be accessed, corrected, deleted, or its processing suspended after personal identification.
  - · For L.POINT members, requests can be made by contacting the L.POINT customer center (Tel. +82-1899-8900), which will be processed swiftly after personal identification.
- - For online members
  - and Rewards members, their personal information may be viewed, modified, or withdrawn by signing in to the LOTTE HOTELS & RESORTS website ( www.lottehotel.com ) and going to [Homepage > My Page].
  - · L.POINT integrated members may sign in on the LOTTE HOTELS & RESORTS website ( www.lottehotel.com ) and go to [My Page > Deactivate My Account > Deactivate L.POINT Membership]
  - to deactivate their membership online.
- - In addition to the department designated for the submission and processing of requests, such as viewing, data subjects may also request the deletion of their account, access to their personal information, etc. through the Personal Information Portal website of the Personal Information Protection Committee.
- * Data Subjects’ Rights Exercise service on the Personal Information Portal of the Personal Information Protection Committee → ① Website account deactivation ② Requests such as access to personal information
The right to request access to, suspension of processing, or deletion of personal information may be restricted pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
- - In cases where extraordinary provisions are stipulated by law or where it is necessary to comply with legal obligations
- - In cases where there is a risk of harming another person’s life or body, or a risk of unjustly infringing upon another person’s property or other rights
In the event that a data subject makes a request to correct an error in their personal information, such information is not to be used or provided until the correction is made. In addition, if incorrect personal information has been provided to a third party, LOTTE HOTELS shall notify the third party of the result of the correction to ensure the corrections are made.
- [Download Form]
  
  * When submitting a document, the customer is required to provide a handwritten signature.
  - - Personal Information (Access, Correction⁄Deletion, Suspension of Processing) Form [DOCX file] [HWP file] [PDF file]
  - - Authorization Letter [DOCX file] [HWP file] [PDF file]
How to Exercise Your Rights to Refuse to Consent to the Transmission of Advertising Information
- - To unsubscribe from e-mail notifications: Click Unsubscribe at the bottom of the e-mail
- - To unsubscribe from text notifications (SMS, LMS, MMS): Use the contact information for text notification unsubscribing at the bottom of the text message
- - To unsubscribe via our website: Edit Member Information > Consent/Decline to Request for Use for Marketing
- - To unsubscribe via the App: App Settings > Consent/Decline to Request for Marketing (Advertisement) Push Notifications
  - · Android: Settings > Google > Advertisements > Disable Personalized Ads
  - · iOS: Settings > Privacy > Advertisements > Turn on Restrict Ad Tracking

Article 10 Installation, Operation, and Opt-Out of Automatic Personal Information Collection Tools

We use cookies to ensure faster and more convenient use of our website and to provide personalized services.
- - Cookies are very small text files that are stored on the user’s PC by the user's web browser when the user accesses a website.
We use cookies for the following purposes:
- - We analyze the access frequency, visit hours, etc., of our guests (members and non-members) to understand their preferences and interests and to utilize such information as a benchmark for targeted marketing and the enhancement of services.
- - We track information about the Company and its services that users have viewed and shown an interest in, to provide personalized services on their next visit.
- - The processing of information collected by each service varies depending on the policies of said service, and users may prevent tracking or deny the use of cookies on their browser or refuse automated information collection through the methods provided by the service.

The following cookies are used:

- Required Cookies

· These cookies are required for website functionality and online services.

The following required cookies are used: Cookie , Purpose of use, Duration of use
Cookie	Purpose of use	Duration of use
incap_ses_*	Session integrity check	For the duration of the session or until the cookies are deleted
nlbi_*		For the duration of the session or until the cookies are deleted
visid_incap_*		One year or until the cookies are deleted
globalNetFunnel	Traffic control, server load balancing	For the duration of the session or until the cookies are deleted
NetFunnel_ID	Traffic control, server load balancing	For the duration of the session or until the cookies are deleted
analyticsCookie	Recording consent for analytic cookies	One year or until the cookies are deleted
checkCooKie	Recording consent for optional cookies	One year or until the cookies are deleted
essentialCookie	Recording consent for required cookies	One year or until the cookies are deleted
maketingCookie	Recording consent for marketing cookies	One year or until the cookies are deleted

- Analytic cookies

· These cookies are used to optimize design, performance, and efficiency, and to improve user experience.

The following Analytic cookies are used: Cookie , Purpose of use, Duration of use
Cookie	Purpose of use	Duration of use
MR	Recording search requests and result click data	Six days or until the cookies are deleted
SRM_B	User session management	One year or until the cookies are deleted
SM	User session management	For the duration of the session or until the cookies are deleted
_dd_s	Session Tracking and Sampling Control	For the duration of the session or until the cookies are deleted
VISITOR_PRIVACY_METADATA	Function execution related to the protection of visitors’ personal information	One year or until the cookies are deleted
datr	Security verification, debugging/testing	For the duration of the session or until the cookies are deleted
_clck	User experience analysis, UI/UX improvement	One year or until the cookies are deleted
_clsk	User experience analysis, UI/UX improvement	For the duration of the session or until the cookies are deleted
_hjSession_*	User behavior analysis, UX optimization	One day or until the user deletes cookies
_hjSessionUser_*	User behavior analysis, UX optimization	One year or until the cookies are deleted
__duetto	Pricing optimization, reservation analysis	One year or until the cookies are deleted
_fbp	Personalized advertising, retargeting	Three months or until the user deletes cookies
__Secure-3PAPISID	Video recommendation/personalization, ad targeting, maintaining user login	For the duration of the session or until the cookies are deleted
__Secure-3PSID		For the duration of the session or until the cookies are deleted
__Secure-3PSIDCC		For the duration of the session or until the cookies are deleted
__Secure-3PSIDTS		For the duration of the session or until the cookies are deleted
NID	Personalized search/advertising, user authentication, security enhancement	For the duration of the session or until the cookies are deleted
ar_debug	Ad performance measurement, retargeting	For the duration of the session or until the cookies are deleted
MUID	Ad performance measurement, user behavior analysis	One year or until the cookies are deleted
ANONCHK	Advertising and Marketing	One year
_ga	Ad performance measurement, conversion tracking, visitor analysis	One year or until the cookies are deleted
_ga_*		One year or until the cookies are deleted
_gat_UA-*		One minute or until the user deletes cookies
_gcl_au		Three months or until the user deletes cookies
_gid		One minute or until the user deletes cookies
VISITOR_INFO1_LIVE	Ad targeting and personalized content delivery	Six months or until the user deletes cookies
__Secure-YEC	Video recommendation/personalization, ad targeting, maintaining user login	One year or until the cookies are deleted
YSC		For the duration of the session or until the cookies are deleted
__Secure-ROLLOUT_TOKEN		Six months or until the user deletes cookies
LOGIN_INFO		Six months or until the user deletes cookies
CLID	Ad performance measurement, user behavior analysis	One year or until the cookies are deleted

- Marketing Cookies
- · These cookies are used to provide personalized marketing promotions, event information, participation opportunities, and advertising information based on the customer’s interests (website visits, usage patterns, interest in products and services, etc.).

User Control Rights and How to Exercise Them

- Users have the option to install cookies. In this way, users may allow all cookies, allow or block cookies individually whenever stored, or block the storage of all cookies by using the settings option in their web browser. However, a user who chooses not to install cookies may experience inconvenience when using the website and have difficulty using some services that require login.

User Control Rights and How to Exercise Them
Browser	How to Change Settings
Chrome	- Select “⁝” in the top right of the web browser > New Incognito window (Shortcut: Ctrl+Shift+N) - Select “⁝” in the top right of the mobile browser > New Incognito tab
Edge	- Select "..." in the top right of the web browser > New InPrivate window (Shortcut: Ctrl+Shift+N)
Safari	- Mobile Device Settings > Safari > Block All Cookies
Samsung Internet	- Select the "Tabs" icon at the bottom of the mobile browser > Turn on Secret Mode > Start

* The ways to change settings and the menus may vary slightly depending on the mobile OS version and the type and version of the web browser.

Personalized advertising uses visit records of users and their activity logs, search history, etc. (hereinafter “behavioral information”) for the service to provide personalized advertising to users.

Behavioral data items to be collected	User’s visit history, activity log, and search history on the service domain
Behavioral data collection methods	Automatically collected and sent when the user uses the service
Purpose of personal information collection	Provision of personalized advertisements and content based on the user’s interests and estimation of demographic characteristics
Retention and use period for behavioral data	Stored for one year and then destroyed
Legal Basis	Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the Data Subject)
How to exercise user control	- Web browser: Select whether to allow cookies or not - Mobile app 　· Android: ❶ Settings → ❷ Privacy → ❸ Ads → ❹ Reset Advertising ID or Delete Advertising ID 　· iOS: ❶ Settings → ❷ Privacy → ❸ Tracking → ❹ Turn off "Allow Apps to Request to Track"
How to remedy damage to user	Department in charge: Digital Marketing Representative Contact information: 02-771-1000

The collected non-identifiable behavioral information may be used for purposes such as online advertising through partners, including Google’s Google Analytics, Google Ads, Google DoubleClick, YouTube, and Firebase Crashlytics, Microsoft’s Microsoft Clarity and Microsoft Bing Ads, Meta (Facebook)’s Facebook Pixel, and Hotjar. The name or policies of each service may be subject to change depending on the circumstances of the company providing marketing or web analytics support services.

Collection Tool	Collector (Provider)	Collection Tool Type	Items Collected	Purpose of Collection
Google Analytics	Google	Analytics Cookies	Usage records such as session information and visit duration	Visitor analysis, traffic measurement, user behavior analysis
Google Ads	Google	Analytics Cookies	Usage records such as advertising ID, session information, visit duration, and ad click information	Ad targeting, retargeting, ad effectiveness analysis
Google DoubleClick	Google	Analytics Cookies	Usage records such as advertising ID, visit history, access duration, ad click information, and browser information	Ad targeting, remarketing, ad exposure/click analysis
YouTube	Google	Analytics Cookies	Usage records such as viewing history	Login authentication, security, ad personalization, video recommendations
Microsoft Clarity	Microsoft	Analytics Cookies	Session information	User behavior analysis, session replay
Microsoft Bing Ads	Microsoft	Analytics Cookies	Usage records such as advertising ID, visit duration, and ad click information	Ad targeting, retargeting, conversion tracking, advertising effectiveness analysis
Facebook Pixel	Meta (Facebook)	Analytics Cookies	Session information, browser information	Ad targeting, maintaining login status
Hotjar	Hotjar Ltd.	Analytics Cookies	Usage records such as visit history, click information, session information, and browser information	User behavior analysis, usability improvement, website performance analysis
Datadog RUM	Datadog	Analytics Cookies	Usage records such as page views, click events, browser information, and session information	User behavior analysis, session replay,traffic measurement
Firebase Crashlytics	Google (Firebase)	Analytics SDK	Usage records such as device information, app status, and OS information	App error and crash analysis, app stability improvement

The data subject may configure settings to allow or block behavioral information collected by third parties by changing cookie settings in the browser, etc.

The information is used as data to assess the customer’s participation level and frequency of visits in various events conducted by the Company to grant differentiated opportunities for participation and provide customized information based on individual interests.

Article 11 Measures to Ensure the Security of Personal Information

The Company makes the following efforts to safely manage the personal information of data subjects.

- We establish and implement internal management plans for personal information protection.
- We establish internal management plans for personal information, including matters related to the operation of personal information protection such as designation of a privacy officer, etc., and annually check whether these internal management plans are being implemented properly.
- We take access control and access authority restriction measures for personal information.
- In order to block illegal access to personal information, we have established and implemented standards for granting, modifying, canceling, etc. access to personal information handling systems, and we have installed and operate intrusion prevention systems and intrusion detection systems. In addition, we reduce the possibility of information leaks in personal information processing systems, by separating the external Internet network and the intranet for work PCs of employees authorized to download personal information.
- We take encryption measures to safely store and transmit personal information.
- Passwords, unique identification information, account numbers, card numbers, etc., are encrypted and stored as prescribed by laws and regulations. In addition, personal information is safely sent and received over the network through encrypted communication, etc.
- We take measures to store personal information access records and to prevent forgery or alteration.
- Personal information handlers maintain records of access, and the relevant access records are kept securely to ensure that the access records are not forged, altered, stolen, or lost.
- We install and update security programs for personal information.
- To prevent damage to personal information, the data is backed up frequently, and the latest antivirus software is used to prevent users’ personal information or data from being leaked or damaged.
- We take physical measures to safely store personal information.
- To prevent personal information from being leaked or damaged by hacking or computer viruses, etc., systems are set up in the areas with restricted access from outside, and access control procedures are established and operated.

Article 12 Privacy Officers

Category, Department name, Name, Contact information
Category	Department name	Name	Contact information
Chief Privacy Officer (CPO)	Information Protection Division	Head of Division Jaekwi Kim	Tel: +82-2-759-7844 E-mail: privacy@lotte.net
Privacy manager	Privacy Team	Director Seong-Woo Cho

Article 13 Matters Concerning the Operation and Management of Video Information Processing Devices (Stationary and Mobile)

1) Basis for installing video information processing devices and purpose of installation

The Company installs and operates video information processing devices (stationary and mobile) for the following purposes in accordance with Article 25, Paragraph 1 and Article 25-2, Paragraph 1 of the Personal Information Protection Act.

A. Stationary Video Information Processing Devices
- - Facility safety and management, fire prevention
- - Crime prevention for customer safety
- - Vehicle theft and damage prevention
- * For a parking lot with a capacity larger than 30 vehicles, devices may be installed and operated based on Article 6 Paragraph 1 of the Enforcement Regulations of the Parking Lot Act.
B. Mobile video information processing devices
- - Customer interviews and on-site response in the event of a complaint
- - Protection of the complaint manager

2) Number of video information processing devices, installation location, and scope of filming

The number of video information processing devices (stationary and mobile) that are operated by the Company, installation locations, and scope of filming are as follows. (As of January 2025)

A. Stationary video information processing devices

Stationary video information processing devices : Category, Quantity installed, Installation locations and scope of filming
Category	Quantity installed	Installation locations and scope of filming
SIGNIEL SEOUL	246	Inside and outside the hotel, parking lots, etc.
SIGNIEL BUSAN	314	Inside and outside the hotel, parking lots, etc.
LOTTE HOTEL SEOUL	638	Inside and outside the hotel, parking lots, etc.
LOTTE HOTEL WORLD	171	Inside and outside the hotel, parking lots, etc.
LOTTE HOTEL JEJU	333	Inside and outside the hotel, parking lots, elevators, etc.
LOTTE HOTEL ULSAN	116	Inside and outside the hotel, parking lots, elevators, etc.
L7 MYEONGDONG	135	Inside and outside the hotel, parking lots, etc.
L7 GANGNAM	225	Inside and outside the hotel, parking lots, etc.
L7 HONGDAE	247	Inside and outside the hotel, parking lots, lounges, ballrooms, etc.
L7 HAEUNDAE	176	Inside and outside the hotel, parking lots, event spaces, etc.
LOTTE City Hotel Mapo	177	Inside and outside the hotel, parking lots, etc.
LOTTE City Hotel Gimpo Airport	82	Inside and outside the hotel, parking lots, etc.
LOTTE City Hotel Guro	99	Inside and outside the hotel, parking lots, etc.
LOTTE City Hotel Myeongdong	171	Inside and outside the hotel, parking lots, etc.
LOTTE City Hotel Jeju	193	Inside and outside the hotel, parking lots, etc.
LOTTE City Hotel Ulsan	148	Inside and outside the hotel, parking lots, elevators, etc.
LOTTE City Hotel Daejeon	151	Inside and outside the hotel, parking lots, elevators, etc.

B. Mobile video information processing devices

When using a mobile video information processing device to capture images of a person or an object related to that person, we ensure that the data subject can easily recognize that they are being filmed by directly notifying them or displaying an LED indicator, etc.

Mobile video information processing devices : Category , Device type, Quantity installed, Installation locations and scope of filming
Category	Device type	Quantity installed	Installation locations and scope of filming
LOTTE HOTEL SEOUL	Wearable camera	1	Work site of the complaint manager
LOTTE HOTEL JEJU	Wearable camera	1	Work site of the complaint manager

3) Video information processing device manager and persons with access

A personal video information protection manager is employed to handle any inquiries related to personal video information and to protect your video information.

Video information processing device manager and persons with access :
Category			Department	information
Administrator		Primary	Information Protection Division	+82-2-759-7844
Administrator		Secondary	Privacy Team	+82-2-759-7844
Stationary	Person with access	SIGNIEL SEOUL	Safety Manager at each hotel branch	+82-2-3213-1131
		SIGNIEL BUSAN		+82-51-922-1301
		LOTTE HOTEL SEOUL		+82-2-759-7777
		LOTTE HOTEL WORLD		+82-2-411-7131
		LOTTE HOTEL JEJU		+82-64-731-4110
		LOTTE HOTEL ULSAN		+82-52-960-4110
		L7 MYEONGDONG		+82-2-6310-1062
		L7 GANGNAM		+82-2-2011-1020
		L7 HONGDAE		+82-2-2289-1003
		L7 HAEUNDAE		+82-51-7001-1005
		LOTTE City Hotel Mapo		+82-2-6009-1045
		LOTTE City Hotel Gimpo Airport		+82-2-6116-1030
		LOTTE City Hotel Guro		+82-2-6210-1045
		LOTTE City Hotel Myeongdong		+82-2-6112-1038
		LOTTE City Hotel Jeju		+82-64-730-1074
		LOTTE City Hotel Ulsan		+82-52-990-1160
		LOTTE City Hotel Daejeon		+82-42-333-1026
Mobile		LOTTE HOTEL SEOUL	Safety Manager	+82-2-759-7777
Mobile		LOTTE HOTEL JEJU	Concierge Manager	+82-64-731-4110

4) Matters related to consigning the installation, operation, management, etc. of video information processing devices

The Company consigns the installation, operation, management, etc. of video information processing devices as follows to provide services, and regulates necessary matters to ensure that personal information is managed safely when a consignment contract is signed in accordance with relevant laws.

Category, Consigned work, Subcontractor
Category	Consigned work	Subcontractor
SIGNIEL SEOUL	CCTV Operation	Proscom Co., Ltd.
SIGNIEL BUSAN		Proscom Co., Ltd.
LOTTE HOTEL SEOUL		Secure Agency
LOTTE HOTEL WORLD		Secure Agency
LOTTE HOTEL JEJU		Hu:corp
LOTTE City Hotel Jeju		Hu:corp
LOTTE HOTEL ULSAN		Freezone Co., Ltd.
LOTTE City Hotel Ulsan		Freezone Co., Ltd.
L7 MYEONGDONG		Angel Staff
L7 GANGNAM		Samkoo Inc.
LOTTE City Hotel Mapo
LOTTE City Hotel Gimpo Airport
L7 HONGDAE		KS Mate Co., Ltd.
L7 HAEUNDAE		S-Tec System
LOTTE City Hotel Guro		The Man
LOTTE City Hotel Myeongdong		Will & Vision
LOTTE City Hotel Daejeon		IBS Industry Corp.

5) Personal video information filming hours, retention period, storage site, and processing method

Filming hours, Retention period, Storage site
Filming hours	Retention period	Storage site
24 hours	Within 30 days from the filming date	Stationary	Security office at each branch
		Mobile	(Seoul Hotel) Office in charge of safety management
		Mobile	(Jeju Hotel) Office in charge of the concierge

Processing method : We document and manage matters related to the use of personal video information for purposes other than its intended use, disclosure to third parties, destruction, requests for access, etc. Upon expiration of the retention period, the information is permanently deleted in an irreversible manner (printed materials are disposed of through shredding or incineration).

* However, in exceptional cases, the retention period may be extended if the reason and duration of the extension are confirmed through relevant documentation for the following circumstances.
- If required for a criminal investigation, prosecution, or court-related tasks
- If there are special regulations in other laws
- Where necessary for litigation or dispute resolution arising from an incident

6) Matters related to the procedure for viewing personal video information and the location

- How to view : You may contact the person with access to personal video information at the relevant hotel branch to view the information.
- Viewing location: Surveillance camera storage site at each hotel branch

7) Measures regarding the data subject’s request to view personal video information

- If the data subject wishes to view, check the existence of, or delete their personal video information (hereinafter “view, etc.”), they may make a request to the video information processing device operator at any time. However, this is limited to personal video information in which the data subject is recorded and video information that is clearly necessary to protect the urgent life, body, or property interests of the data subject.
- If the data subject requests to view their personal video information, they may submit a request to verify the existence of, or to view their personal video information through the designated channel for personal video information (including electronic documents).
- When the Company receives a request from the data subject to view, confirm the existence of, or delete their personal video information, it shall take the necessary actions without delay (within 10 days). In such cases, the Company may verify the identity of the requester using their resident registration card, driver's license, passport, or other proof of identity, to confirm whether they are the data subject or an authorized representative.
- In the following cases, the data subject’s request to view personal video information may be denied. In such cases, the Company shall notify the data subject regarding the reason for the denial in writing, without delay (within 10 days).
- A. If it causes a serious disruption to a criminal investigation, sustainment of a public prosecution, or court case
- B. If the personal video information was deleted due to expiry of the retention period
- C. If there is a serious concern that fulfilling the data subject’s request to view the information may infringe upon another person’s privacy
- D. If there is another legitimate reason to deny the data subject’s request to view the information
- [Download Form]
  
  * When submitting a document, the customer is required to provide a handwritten signature.
  - - Request Form for Access to Personal Video Information (Confirmation of Existence, Access) [Word File] [HWP File] [PDF File]
  - - Authorization Letter [Word File] [HWP File] [PDF File]

8) Measures to ensure the security of personal video information

The Company takes the following administrative, technical, and physical protective measures concerning personal video information.

Measures to ensure the security of personal video information : Category, Contents
Category	Contents
Administrative protective measures	- Establishing and enforcing an internal management plan for safely processing personal video information • Designating a personal video information manager • Matters related to the roles and responsibilities of the personal video information manager and staff • Conducting training for the personal video information staff • Other matters related to the necessary measures for securing the safety of personal video information
Technical protective measures	- Access control for personal video information and restrictions to access - Implementation of technology for safely storing and transmitting personal video information - Measures for storing processing records and preventing manipulation and forgery
Physical protective measures	- Establishing a security office to safely store personal video information or installing locks

Article 14 Voluntary Personal Information Protection Measures

The Company does its utmost to safely manage the personal information of data subjects and makes additional efforts to protect personal information beyond the security measures required by the Personal Information Protection Act.

- We operate a dedicated personal information protection organization.
- · Currently, the Privacy Team, our dedicated personal information protection department, continuously performs administrative/technical/physical protective measures to ensure that all executives and employees across the Company properly comply with their obligations to protect users’ personal information.

- We undergo verification of our information protection activities from domestic and international certification bodies.

· We regularly undergo verification of our information protection activities from external organizations through ISO/IEC 27001, which is an international information protection certification, and ISMS, which is a domestic information protection certification.

Certificate Name, Certification Validity Period, Certification Body
Certificate Name	Certification Validity Period	Certification Body
ISMS (Information Security Management Systems Certification) [Standards under the domestic Network Act and Personal Information Protection Act]	June 7, 2023 - June 6, 2026	Korea Internet & Security Agency
ISO/IEC 27001 (Information Security Management Systems Certification) [International information security standard]	March 27, 2024 - March 26, 2027	Ace Certificate Institution

- We disclose information protection status, including information security investment and personnel.
- · To provide users with a safe usage environment and guarantee their right to know, we have been disclosing LOTTE HOTELS information protection status , including investment, personnel, certification, and activities, since 2022.

Article 15 Duty of Notification

Branch	Children
KOREA (SIGNIEL BUSAN/LOTTE HOTELS(except WORLD, JEJU)/L7 by LOTTE HOTELS(except CHUNGJANG)/LOTTE CITY HOTELS, LOTTE ARAI RESORT)	4-12 years old
SIGNIEL SEOUL/LOTTE HOTEL WORLD	0-12 years old
LOTTE HOTEL JEJU	4–12 years old (6th grade, elementary school)
L7 CHUNGJANG by LOTTE HOTELS	1-12 years old
LOTTE HOTEL GUAM	0-11 years old
LOTTE HOTEL MOSCOW	6-12 years old
LOTTE HOTEL ST.PETERSBURG	7-12 years old
LOTTE HOTEL VLADIVOSTOK	0-6 years old
LOTTE HOTEL SAIGON	5-11 years old
LOTTE HOTEL HANOI, LOTTE HOTEL YANGON, L7 WEST LAKE HANOI by LOTTE HOTELS	6-11 years old
NEW YORKER HOTEL by LOTTE HOTELS	0-17 years old

Cookie	Domain
MR, SRM_B	.c.bing.com
ANONCHK, SM, MUID, _clck, _clsk, CLID	clarity.ms
datr, _fbp	facebook.com
__Secure-3PAPISID, __Secure-3PSID. __Secure-3PSIDCC, __Secure-3PSIDTS, NID	google.com
ar_debug	googleadservices.com
_ga, _ga_, _gat_UA-, _gcl_au, _gid, ar_debug	google-analytics.com
__Secure-YEC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, YSC, __Secure-ROLLOUT_TOKEN, LOGIN_INFO	youtube.com
__duetto	duettocloud.com
_hjSessionUser_, _hjSession_	hotjar.com

Cookie	Domain
incap_ses_, nlbi_, visid_incap_*	.lottehotel.com
globalNetFunnel, NetFunnel_ID, analyticsCookie, checkCooKie, essentialCookie, maketingCookie	www.lottehotel.com