Skip to content

Handling Policy Of Private Information

Please confirm the handling policy of private information handling for kt mobile rental service.

Chapter 1 General Provisions

  1. “Personal information” refers to the information of a living individual such as symbols, letters, sound and images that may identify a specific individual with a name, customer identification number, etc. (including when the information alone cannot identify a specific individual, but may do so when simply combined with other available information).
  2. Act on the Promotion of Information and Communications Network Utilization and Information. This personal information handling policy applies to the use of roaming inbound services provided by KT Corp. (hereinafter referred to as “the Company”), including but not limited to all available services offered by the Company regardless of types of services or accessible wired/wireless terminals.
  3. The KT Roaming Inbound homepage, roaming.kt.com (hereinafter referred to as “the homepage”) takes seriously every relevant process from collection, use and storage to destruction of personal information, and strives to protect the rights and interests of customers by complying with provisions under the Act on the Promotion of Information and Communications Network Utilization and Information.
  4. The homepage notifies customers of the purposes of the collection and use of the personal information they provide and the measures taken to protect the personal information through the Handing Policy of Personal Information, and publishes the Personal Information Handling Policy on the first page of the homepage for convenient viewing at all times.
  5. The homepage complies with the various laws relating to personal information protection. If the Personal Information Handling Policy is amended, customers will be informed of such amendments via notification or a separate notice.

Chapter 2 Personal Information Collected and Purpose of Use

  1. Pursuant to the relevant laws, the Company uses the personal information of customers within the scope clearly stated in the membership application and the terms of service, and notifies customers of the scope of such collection and purpose of use in advance.
  2. The Company collects minimal personal information and does not collect any personal information that is likely to clearly breach the human rights of customers, including but not limited to information on ethnicity, nationality, ideology, creed, home, legal domicile, political affiliation, criminal records and health conditions.
  3. The Company collects personal information in each of the following categories, for the following purposes.
Personal Information Collected and Purpose of Use
Category Content
Identification Information Name, customer identification number (passport number or foreigner registration number), birthdate, nationality, expected date of visiting Korea, domestic arrival city, domestic departure city, service use period (used in account verification processes for using services)
Contact Information Address, telephone number (mobile/ landline), email address (to apply for/edit/ cancel online reservation services, process or manage reservation processes, view reservations, secure communication about inquiries or complaints relating to use)
Other Hours of using the homepage, usage records, login data, cookies, access IP data, location data, etc. (may be collected when created in the course of entering data to make an online reservation)

※ The aforementioned information includes updated or modified information as well as information upon membership subscription.

Chapter 3 How to Collect Personal Information

The Company collects personal information through the homepage or roaming customer service center. Personal information is collected by a tool to collect the data created when customers or their agents log in onto or use the homepage, contact the customer service center via phone or facsimile to confirm identity, enter a special gift event, provide affiliates with personal information, or use mobile phone rental reservation services.

Chapter 4 Use of Collected Personal Information & Disclosure to Third Parties

  1. Pursuant to the relevant laws, the Company uses the personal information of customers within the scope specified under the Collection of Personal Information & Purpose of Use of the Membership Application, Terms of Service and Personal Information Handling Policy or stated under the Terms of Service.
  2. The Company does not disclose the personal information of customers to third parties. If the Company discloses the information to a third party as specified under Section 4 below in the future, the Company shall obtain written consent in advance, via email or by posting in the homepage. When there is a special provision of relevant laws (such as Communication Confidentiality Protection Act, Electric Communication Business Law, Framework Act on National Taxes), exceptions can be made for cases of disclosure according to the regulations and procedures provided under the law.
  3. Pursuant to the Terms of Service and the Personal Information Handling Policy, Customers may give consent in any of the following methods with respect to collection or use of personal information of customers making an online reservation or assignment of handling services.
    • A.When the customer logs into the homepage via PC, tablet or mobile device and filling out the online reservation application, he/she should check the content of the consent to the Personal Information Handling Policy posted in the homepage and click the “I Agree” button.
  4. In the event of changes in the alliance or transfer or merger of the Company’s operations in part or whole, the Company provides or uses personal information as specified below.
    • A.Affiliation: The Company may offer or share the personal information of customers to or with affiliates in order to provide better services. In such cases, customers will be notified in advance, in writing or via email, of who the affiliates are, which personal information categories are given, why such personal information has to be offered or shared and/or until when the information is protected and managed so that they can give consent. If customers do not agree, the Company will not offer or share their personal information to or with affiliates. If affiliation changes or ends, customers will be notified through the same procedure and asked for consent.
    • B.Transfer of Operation, etc.: If part or all of an operation is transferred or the rights and duties of a service provider are relocated or taken over due to a merger, etc., such an incident shall be reported to customers or posted on the front page of the homepage for at least 30 days in order to guarantee the rights of customers with respect to personal information protection. However, notification in writing, via email or through other means can be replaced by at least one-time publication in two or more central daily newspapers (regular daily newspapers if the majority of customers live in a specific location) if customers are missing contact information due to no fault of their own, or if there is a justifiable reason not to give notifications such as a natural disaster.

Chapter 5 Assignment of Handling Processes of Personal Information

  1. The Company has outsourced the following processes to handle personal information in order to smoothly execute applications of the online reservation maker (hereinafter referred to as “the Reservation Maker”), check reservations, provide customers with convenient services and manage customer accounts.
    Assignment of Handling Processes of Personal Information
    Subcontractor Outsourced Processes
    kt ds Maintain and control the reservation system of the KT Roaming Inbound homepage
    kt is/kt cs Manage rentals and operate the roaming customer center
    NEXBRAIN Co., Ltd. Operate and manage the KT Roaming Inbound homepage
    KRP kt roaming inbound webpage payment agency services
  2. The Company requires subcontractors to comply with laws and guidelines relating to personal information protection and regulations on protecting personal information & confidentiality, prohibition from offering information to a third party, assumption of responsibility in the event of an accident, and the duty to return or destroy personal information immediately after the outsourcing period ends.

Chapter 6 Personal Information Retention & Usage Periods

  1. The Company keeps and utilizes the personal information of customers within the period during which services are offered to customers (hereinafter referred to as “the Service Period”) or when a dispute is processed. However, the Company conserves the information according to the relevant law if there is one. The scope of the Service Period and dispute processing period is as follows.
    • A.Service Period: This is defined as the period of service subscription, from the day of subscription through the day of cancellation or the dispute processing period.
    • B.Dispute Processing Period: Personal information is retained for up to 6 months after service cancellation in order to prepare for any dispute over settlement of charges, overpayment, etc. In the event that there is an overdue balance, overpayment or any other charge-related disputes, personal information is kept until the dispute is resolved.
  2. Among the personal information of a customer who has cancelled the service, the following categories of information are retained according to provisions under Chapter 85-3 of the Framework Act of National Taxes, and utilized when required by law or to check the eligibility of returning customers for subscription fee discounts.
    • A.Categories of Information Conserved: name, customer identification number (passport number/ foreigner registration number), birthdate, telephone number (mobile/landline), charge history (billed amount, V.A.T. amount, payments, statement dates, payment dates), payment methods, payer name, used services, discounted amounts & reasons, statement address, etc.
    • B.Retention Period: 5 years
  3. Data about electronic communication provided by the Communication Confidentiality Protection Act are kept according to the following rules.
    • A.Name, passport number and mobile phone number required to provide data to confirm communication facts: 12 months
    • B.Subscriber’s electronic communication dates, time to begin and end electronic communication, the other party’s subscription number such as caller and receiver numbers, usage frequency and location of transmitting base stations: 12 months
    • C.Log records of computer communication or Internet and tracking data of access points to check the location of information and communications terminals: 3 months
  4. Other categories are conserved according to provisions under the laws relating to e-commerce and credit information.
    • A.Records of indications and/or advertisements: 6 months
      (Pursuant to the Act on Consumer Protection in e-Commerce)
    • B.Records of contracts or subscription cancellations: 5 years
      (Pursuant to the Act on Consumer Protection in e-Commerce)
    • C.Records of balance payments and supplies of commodities, etc.: 5 years
      (Pursuant to the Act on Consumer Protection in e-Commerce)
    • D.Records of processing complaints or disputes by consumers: 3 years
      (Pursuant to the Act on Consumer Protection in e-Commerce)
    • E.Records of collecting, handling and/or using credit information: 3 years
      (Pursuant to the Act on the Use and Protection of Credit Information)

Chapter 7 How to Destroy Personal Information

As a rule, the Company promptly destroys personal information based on the set retention and usage periods once the purpose of its collection and use has been accomplished. The scope of destruction targets and the destruction procedures and methods are as follows.

  1. Destruction Target
    • A.Information of reservation makers whose conservation period has expired based on the retention period or relevant laws.
  2. Destruction Procedure and Method
    • A.Personal information entered in the homepage by customers to use roaming services is transferred to a separate database (a separate file cabinet for paper information) after the purpose of its collection has been achieved, and is kept for a specified period of time according to the information protection reasons (see Retention & Use Period) provided by the internal guidelines and other relevant laws before its destruction.
    • B.Personal information transferred to the separate database is not used for purposes other than those specified unless stipulated otherwise under the law.
    • C.Personal information written or printed on a paper form such as a subscription application is shredded by a shredder or incinerated. Personal information stored in electronic file formats such as a database is deleted using a technical method that will prevent its recovery.

Chapter 8 Rights of Users & Legal Agents and How to Exercise Rights

The Company shall faithfully respond to demands from customers (including legal guardian for children under 14) if customers demand to view or edit their personal information. Customers may cancel reservations and withdraw their consent on the collection, use, assignment or provision of personal information, whereas the Company may immediately correct or delete personal information if a need to correct or delete the respective personal information is acknowledged (e.g., the information is deemed to have contained errors or its conservation period has elapsed).

  1. If customers demand to view, verify or correct their personal information:
    • A.Any customer using the online reservation feature can view reservation information on the homepage.
    • B.If a customer demands via email or phone that his or her personal information be corrected or deleted, necessary measures shall be taken immediately after the identification is confirmed.
      [Legal Opinion: Please consider establishing regulations on how to confirm identification and how to authorize legal agents for viewing or verification.]
    • C.f a request to view, verify or correct part or all of the personal information is refused for a justifiable reason, the customer shall be notified and the reason shall be explained.
    • D.A legal guardian (either parent) may withdraw consent to the collection, use or provision of personal information of a child under 14, and demand to view the personal information provided by the child under 14 or correct any errors.
  2. Cancellation of Reservations and Withdrawal of Consent to the Collection, Use, Assignment or Provision of Personal Information
    • Customers may delete their personal information entered on the View Reservations page of the homepage and withdraw their consent to the collection, use or provision of the personal information.
  3. Handling of Deleted Personal Information
    • The Company handles personal information deleted at the request of a customer who has made a reservation according to the provisions under the “Retention & Use Periods of Personal Information Collected by the Company,” and prohibits the information from being viewed or used for other purposes.

Chapter 9 Installation & Operation of Automatic Personal Information Collector and Matters Relating to Refusal

The Company may install and operate cookies to find and save information of a reservation maker if necessary for operating the homepage or roaming reservation system. Cookies are small test files that are sent by the server used in operating the Company’s website and roaming reservation system to the browser of the reservation maker, and are saved to the hard disk of the reservation maker’s computer. The reservation maker may determine whether to allow or refuse the collection of information via cookies using the security policy of the web browser.

  1. The information collected by the cookies and the purpose of its collection are as follows.
    • A.Information Collected: access IP, access log, service usage data such as used contents
    • B.Purpose of Collection: identifying log-ins, making & viewing reservations
  2. The reservation maker has options regarding the installation of cookies. Therefore, the level of information collection by cookies may be adjusted by setting options in the web browser.
    • A.Go to [Internet Options] → [Security] → [Custom Level] in the [Tool] menu of the web browser and set the level of information collection via cookies.
    • B.Through the procedure presented above, customers may check cookies whenever they are saved, or decline to save any cookies. However, if the customer refuses to install the cookies, he or she may experience difficulties using the service.

Chapter 10 Technical & Administrative Protection Measures for Personal Information

The Company has established the following technical and administrative measures in order to secure reliability to prevent the personal information of customers from being lost, stolen, leaked, falsified or damaged.

  1. Technical Protection Measures
    • A.The personal information of customers is protected by a password, and files or transmitted data of important information are protected by separate security features, such as coding and locking.
    • B.An anti-virus program is used in the homepage to prevent damage by computer viruses. The anti-virus program is regularly updated. When a new virus is discovered, the program will immediately implement and apply countermeasures to prevent personal information from being exposed.
    • C.A security device (SSL) is adopted to safely transmit personal information and personal authorization data on the network.
    • D.In order to prevent the personal information of customers from being leaked by hackers, etc., a system is installed in the areas where outside access is restricted, a device is used to block trespassing, and an intruder detection system is set up for 24-hour monitoring.
  2. Administrative Protection Measures
    • A.The Company has established necessary procedures to manage and have access to the personal information of customers, requires all of its employees and partners to understand and comply with them, and periodically inspects to ensure compliance.
    • B.The Company limits the number of staff handling personal information of customers to the minimum and controls their access authority. By regularly providing internal and external outsourced training classes regarding the acquisition of new security technologies and duties to protect personal information, the Company trains the staff to abide by the law and policy. The staff members who handle personal information are as follows:
      • Staff who directly or indirectly deal with customers and execute operations relating to reservations
      • Staff who are in charge of operations related to the management and protection of personal information, including the Personal Information Protection Manager and Personal Information Protection Administrator
      • Staff who are inevitably required to handle such personal information in the course of their duties
    • C.All affiliates and employees of KT Roaming Inbound Service are required to sign the Information Protection Pledge to prevent the disclosure of information (including personal information) before working, and are frequently reminded of their duty to protect personal information. Internal procedures have been developed and enforced to monitor compliance.
    • D.Operations of personal information handlers are thoroughly taken over under tight security. Liabilities for any violation of personal information after starting or leaving the job have been clearly provided.
    • E.The Company is not responsible for any incidents occurring due to personal error – such as a customer’s unawareness or misunderstanding of matters already posted on the website or announced – or the fundamental risks of the Internet.

Chapter 11 Personal Information Protection Division & Contact Information

The Company has designated the following relevant division and Personal Information Protection Manager in order to protect the personal information of customers and process complaints relating to personal information. Customers can report any complaints with respect to personal information protection, which may occur while making an online reservation on the homepage, to the division or manager in charge. The Company shall promptly process the complaints and reply.

  1. Personal Information Protection Division and Contact Information
    • A.Personal Information Protection Manager: Team Head Myeong-guk Woo
    • B.Personal Information Protection Administrator: Section Chief Geon-min Kim
    • C.Division: Roaming Marketing Team, Roaming & Data Division, Department of Marketing Strategy, KT
    • D.Contact: within Korea 1588-0608, outside Korea +82-2-2190-0901
  2. Responsibilities of the Personal Information Protection Manager
    • A.Set up and enforce major guidelines, policies and systems relating to personal information protection
    • B.Build an internal control system to prevent the disclosure, misuse or overuse of personal information
    • C.Audit the state of administration in the personal information protection sector and inspect training
    • D.Establish and execute the personal information protection training plan
    • E.Enact and amend the Personal Information Handling Policy
    • F.Prevent and respond to violations of personal information security
    • G.Other operations required to protect information
  3. For any inquiries or questions about breaches of personal information security, please contact one of the following agencies.

Chapter 12 Notification of Personal Information Handling Policy

  1. Date of Notification: March 15, 2016
  2. Enforcement Date: March 15, 2016