Personal Information Processing Policy

Policy on Personal Information Processing

Paradise Casino Co. Ltd. (hereinafter referred to as the Company) values personal information of guests, or service users (hereinafter referred to as “information subjects”) and always makes the best efforts to protect the personal information of information subjects. Accordingly, the Company complies with the relevant laws and regulations such as the Personal Information Protection Act and other related laws and regulations to protect the rights of information subjects.

  1. Purpose of Collecting Personal Information; Information Collected; Period of Holding and Using the Information
  2. Processing of Personal Information of Children under 14 Years of Age
  3. Provision of Personal Information to a Third Party
  4. Delegation of Personal Information Processing
  5. Destruction of Personal Information
  6. Rights and Obligations of Information Subjects and Their Legal Guardians, and Method of Exercising the Rights
  7. Measures to Ensure the Security of Personal Information
  8. Installation, operation and refusal of device of automatic collection of personal information
  9. Basis of Determining Whether Additional Use, or Provision of Personal Information May Be Made
  10. Officers and Departments in Charge of Personal Information Protection
  11. Remedy for Infringement of Rights and Interests of Information Subjects
  12. Amendment of Personal Information Processing Policy

1. Purpose of Collecting Personal Information; Information Collected; Period of Holding and Using the Information

  1. The Company processes the personal information of information subjects as follows.

    Names of service Purpose of information collection, applicable statutes Type of information Information collected Period of holding and using the information
    Casino use Guest (foreigner) verification / Article 29 of Tourism Promotion Act, Article 5-2 of Specific Financial Information Act Essential information Name, guest number, date of birth, gender, passport number, nationality, address, contact information, occupation, owner of information 5 years from the final transaction date
    Q&A Identification of a guest, service and information provision, processing complaints, guest management (answer to a question by a guest etc.) Essential information Name, Email, password 3 years after the inquiry of a guest has been processed
  2. The Company retains personal information in accordance with the relevant laws and regulations as follows.

    Applicable statutes Information retained Period of holding the information
    Act on Consumer Protection in Electronic Commercial Transactions etc. Record on contracts, withdrawal of subscription, etc. 5 years
    Record of payment, supply of goods, etc. 5 years
    Record of consumer complaints, or dispute resolution 3 years
    Record on indication and statements 6 months
    Basic Act on National Tax Books and supporting documents for all transactions as prescribed under the tax law 5 years
    Act on Communication Confidentiality Protection Internet log 3 months
    Commercial Act Commercial ledgers and important documents related to business 10 years
    Sales slips, or similar documents 5 years
    Credit Information Act Record of collection, processing and use of personal credit information 3 years
    Specific Financial Information Act Information to verify the identity of a guest 5 years from the last transaction date

2. Processing of Personal Information of Children under 14 Years of Age

  1. In principle, we do not process personal information of children under 14 years of age.
  2. In exceptional cases, when it is necessary to process the personal information of children under the age of 14, the consent of a legal representative is validly obtained.

3. Provision of Personal Information to a Third Party

  1. We process the personal information of an information subject, only within the scope specified in the purpose of processing the personal information. We provide personal information to a third party only as specified in Articles 17 and 18 of the Personal Information Protection Act, including by obtaining the consent of the information subject and complying with the special provisions of the law and otherwise do not personal information of an information subject to a third party.

    Organizations to receive information Purpose of provision /
    applicable statutes
    Categories Information provided Period of information holding and use
    Korea Financial Intelligence Unit Collection and analysis of anti-money laundering information / Article 5(2) of the Act on Report, Use, etc. of Specific Financial Transaction Information Essential information Name of guest, guest number, date of birth, gender, number to verify actual name, nationality, address, contact information, occupation, owner of information 5 years
    National Tax Service Submission of payment statement and foreign exchange transaction details, tax exemption report on domestic source income / Article 164 and Article 156-2 of Income Tax Act Essential information Name of guest, nationality, number to verify actual name, address 5 years
    Customs Service Submission of foreign exchange transaction details, regular business report for companies engaged in currency exchange / Article 20 of Foreign Exchange Transactions Act (report, inspection) Essential information Name of guest, nationality, number to verify actual name 5 years
    Ministry of Culture, Sports and Tourism Submission of sales and other information / Article 30 of the Enforcement Decree of the Tourism Promotion Act Essential information Name of guest, nationality, number to verify actual name 5 years
    Bank of Korea Submission of Chips credit status / Article 18 of Foreign Exchange Transactions Act Essential information Name of guest, guest number 5 years
  2. In order to provide the service effectively, the Company obtains the consent of the information subject and provides it to a third party as follows, only in the minimum scope necessary.

    Hotels which receive the information Purpose of information provision Categories Information provided Period of holding and using the information
    Grand Walkerhill Seoul To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Paradise City To provide accommodation service Essential information To provide accommodation service Information destroyed immediately after the end of the service
    Paradise Hotel Busan To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Maison Glad Jeju To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Hotel Raum To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Jeju Central City Hotel To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Silla Stay Jeju To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Hotel With Jeju To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service
    Jeju Hotel The One To provide accommodation service Essential information Name of guest, nationality, gender, room class, arrival date, departure date, departure flight Information destroyed immediately after the end of the service

4. Delegation of Personal Information Processing

  1. If the Company delegates the processing of personal information to provide services, the Company discloses such delegation so that the information subject can easily make verification at any time. If the Company entrusts the work of promoting, or recommending goods or services, the Company provides additional instructions to the information subject in writing, or by other means.
  2. Paradise Casino Co. Ltd. entrusts personal information processing as follows to ensure effective processing of personal information.

    Companies which are entrusted with information Delegated works
    Paradise Tour Flight reservation
    ELUO CNC Development, maintenance and management of casino website
    Kyndryl Administration, maintenance and management of casino infrastructures
    Gifti Biz Production, maintenance and management of casino contents
    Grid System Management, maintenance and repair of casino system

5. Destruction of Personal Information

  1. If it is no longer necessary to hold personal information (the period of holding personal information has passed, the purpose of information processing has been achieved, etc.), the Company promptly destroys the relevant personal information.
  2. If personal information must continue to be preserved pursuant to other laws and regulations although the purpose of processing has been achieved, or despite the expiration of the period of the personal information retention consented to by the information subject, the personal information shall be transferred to a separate database, or preserved at a different storage location.
  3. The Company will destroy personal information recorded and stored in the form of electronic files so that it cannot be recovered, or reproduced. The Company destroys other records, printed materials, documents, etc. by shredding, or incineration.

6. Rights and Obligations of Information Subjects and Their Legal Guardians, and Method of Exercising the Rights

  1. Information subjects can exercise rights to view, correct, delete, or suspend processing of their personal information, request withdrawal of consent, and otherwise exercise their rights at any time.

    * For children under the age of 14, their legal guardians shall directly exercise the rights regarding the personal information rights. Information subjects who are minors over the age of 14 may directly exercise their rights regarding the personal information, or through a legal guardian.
  2. To exercise your rights, please contact the department in charge of personal information in writing or via email, and we will promptly take measures. The Company may restrict the rights of an information subject if there is a justifiable reason to do so, and the Company will promptly inform the information subject of the reason for such restriction.

7. Measures to Ensure the Security of Personal Information

  1. The Company is taking the following measures to ensure the security of personal information.

    • Minimizing the scope of the authority given to persons processing the personal information: For the protection of personal information, the authority given to persons in charge of personal information is minimized.
    • Regular trainings for officers in charge of personal information: We provide regular trainings to alert officers to the importance of personal information protection.
    • Regularly conducting internal inspections: The Company conducts regular self-inspections to ensure the security of personal information processing.
    • Establishment and implementation of an internal management plan: The Company has formulated and administers an internal management plan to securely process and manage personal information.
    • Encryption of personal information: The personal information and password of an information subject are stored and managed after encryption. Even during the transmission, the information is safely managed with use of a separate security function.
    • Technical measures against hacking, etc.: To prevent unauthorized disclosure or loss of personal information due to hacking, computer virus, etc., the Company installs a security program, periodically updates and inspects it, installs the system in an area where access from the outside is controlled, and monitors and blocks system breach technically and physically.
    • Restriction of access to personal information: Necessary measures are taken to control the access authority and the access to the personal information processing system, and unauthorized access from outside is controlled using an intrusion prevention system.
    • Storage of access record and prevention of forgery and falsification: The Company stores and manages the record of access to the personal information processing system and uses security functions to prevent access record from forgery, falsification, theft, or loss.
    • Use of locking devices for document security: Documents, auxiliary storage media, etc. containing personal information are stored in a safe place with a locking device.
    • Access control for unauthorized persons: The Company has a separate physical storage location where personal information is stored and has formulated and administers the access control procedure.

8. Installation, operation and refusal of device of automatic collection of personal information

  1. The Company uses cookies to store the information used by guests and retrieves it from time to time to provide individualized services to users.
  2. Cookies are a small amount of information which the server which is used to administer the website sends to the user’s computer browser and are sometimes stored on the hard disk of a user’s computer.

    • Purpose of use of cookies: Cookies are used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, whether or not the connection is secure, etc.
    • Installation, operation and refusal of cookies: A guest can refuse the storage of cookies in the settings menu of the guest’s web browser. If a guest refuses to store cookies, the guest may have not be able to use customized services.

9. Basis of Determining Whether Additional Use, or Provision of Personal Information May Be Made

  1. The Company may use and provide personal information without the consent of the information subject, taking into account the following matters to the extent reasonably related to the initial purpose of the information collection.

    • Whether the purpose of additional use and provision of personal information is related to the initial purpose of information collection.
    • Whether there is a possibility of additional use and provision of personal information based on the practice of information processing, or the circumstances in which the personal information was collected.
    • Whether the additional use and provision of personal information unfairly infringes on the interests of the information subject.
    • Whether necessary measures were taken to ensure security such as use of pseudonym, or encryption.

10. Officers and Departments in Charge of Personal Information Protection

The Company is responsible for overall work related to the personal information processing. In order to promptly process matters related to the personal information protection, such as resolution of a complaint by an information subject and providing relief related to the personal information processing, officers and departments in charge of personal information protection are designated as follows.

[Casino Walkerhill]

- Officer in charge of personal information protection

  • * Name: Chief Director Kim Jong-ju (Planning Team)
  • * Phone: 02-2204-3367
  • * Email: plan@paradian.com

- Department in charge of personal information protection

  • * Department: Planning Team
  • * Phone: 02-2204-3367
  • * Email: plan@paradian.com
[Casino Busan]

- Officer in charge of personal information protection

  • * Name: Managing Director Jeon Jae-yeong (branch manager)
  • * Phone: 051-749-3307
  • * Email: bs33@paradian.com

- Department in charge of personal information protection

  • * Department: Management Team
  • * Phone: 051-749-3307
  • * Email: bs33@paradian.com
[Casino Jeju Grand]

- Officer in charge of personal information protection

  • * Name: Chief Director Park Jun-beom (branch manager)
  • * Phone: 064-740-7704
  • * Email: jbpark@paradian.com

- Department in charge of personal information protection

  • * Department: Planning and Financial Team
  • * Phone: 064-740-7704
  • * Email: jbpark@paradian.com

11. Remedy for Infringement of Rights and Interests of Information Subjects

  1. To receive a remedy from personal information infringement, an information subject may request the Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center of Korea Internet and Security Agency, etc. for dispute resolution, consultation, etc. For other types of report and consultation regarding personal information infringements, please contact the following organizations:

    • Personal Information Dispute Mediation Committee: (no extension) 1833-6972 (www.kopico.go.kr)
    • Personal Information Infringement Report Center: (no extension) 118 (privacy.kisa.or.kr)
    • Supreme Public Prosecutors’ Office: (no extension) 1301 (www.spo.go.kr)
    • National Police Agency: (no extension) 182 (ecrm.police.go.kr)

12. Amendment of Personal Information Processing Policy

This Personal Information Processing Policy shall enter into force on December 6, 2023.