DMZ 평화관광

1. Purpose of Personal Information Processing

Paju-si processes personal information for following purposes. The processed personal information is not used beyond such purposes, and Paju-si will take necessary measures, such as obtaining an additional consent, pursuant to Article 18 of the [Personal Information Protection Act] in cases of any change in purpose of using the personal information.

DMZ Peace Tourism online reserver and visitor management and contact
DMZ Peace Tourism group member management and contact
1:1 inquirer management and contact

2. Personal Information File Registration Status

The purpose of processing the personal information file registered and publicized by Paju-si, its processing purpose, and retention period pursuant to Article 32 of [Personal Information Act] are as follows :

Personal Information File Registration Status
Name of Personal Information File	Grounds of Operation/Purpose of Processing	Particulars of Personal Information Recorded in Personal Information File	Retention Period
Reserver Information	Article 15-1(4) of Personal Information Protection Act / Reserver Management and Contact	Name, Date of Birth, Phone Number, Email(English homepage)	2 years
Visitor Information	Article 15-1(4) of Personal Information Protection Act / Visitor Management and Contact	Name, Date of Birth, Phone Number, Gender, Korean/Foreigner, Country/Region	2 years
Group Member Information	Article 15-1 of Personal Information Protection Act / Group Member Management and Contact	ID, Password, Name of Manager, Phone Number of Manager, Name of Manager, Email of Manager	2 years, Until Withdrawal
1:1 Inquirer Information	Data Subject Consent/Inquirer Management and Contact	Name, Phone Number, Email	2 years

3. Matters Regarding Processing of Personal Information of Child Under 14

In collecting the personal information of a child under 14, Paju-si collects minimum personal information necessary for conducting the service with consent of the legal representative.
In cases of collecting the personal information of a child for online reservation of DMZ Peace Tourism, Paju-si obtains a separate consent from the legal representative.
In collecting the personal information of a child under 14, Paju-si may collect request the child of minimum information, including name and contact of the legal representative. Paju-si shall also confirm the consent status of the legal representative by sending a text message to the legal representative on checking the consent posted on the Internet website.

4. Personal Information Processing and Retention Period

Paju-si processes personal information within the personal information retention and use period pursuant to the statutes or personal information retention and use period agreed by the data subject in collecting the personal information.
The processing and retention period of each personal information are as follows :
- Reserver Management and Contact : 2 Years
- Group Member Management and Contact : 2 Years or Until Withdrawal
- Visitor Management and Contact : 2 Years
- 1:1 Inquirer Management and Contact : 2 Years
Provided, where the retention of such personal information is mandatory by other statutes, the reservation system retains the member information for a certain period prescribed by the relevant statutes as follows :
- Records on Payment and Supply of Goods : 5 Years (Act on The Consumer Protection in Electronic Commerce)
- Records on Consumer Complaint or Dispute Settlement: 3 Years (Act on The Consumer Protection in Electronic Commerce)

5. Personal Information Collected and Used Without Consent of Data Subject

Paju-si collects and uses the personal information without consent of data subject in accordance with Article 15 of the [Personal Information Protection Act], and its legal grounds are as follows :

Personal information items
Particulars of Personal Information	Purpose of Collecting and Using Personal Information	Legal Grounds of Collection
Name, Date of Birth, Phone Number, Email(English homepage)	Reserver Management and Contact	Article 15-1(4) of Personal Information Protection Act
Name, Date of Birth, Phone Number, Gender, Korean/Foreigner, Country/Region	Visitor Management and Contact
ID, Password, Name of Manager, Phone Number of Manager, Name of Manager, Email of Manager	Group Member Management and Contact

6. Personal Information Destruction Procedure and Method

Paju-si destroys the personal information without delay when the personal information becomes unnecessary owning to the expiry of the retention period, attainment of the purpose of processing the personal information, etc.
Where the personal information is obliged to retain the personal information pursuant to other statutes after expiry of the retention period or attainment of the purpose of processing the personal information, the personal information (or personal information file) shall be retained by transferring to separate database or separating to a different storage place.
The procedure and method of destroying personal information are as follows :
- Destruction Procedure
  Paju-si establishes a personal information destruction plan for the personal information (or personal information file) to be destroyed. Paju-si selects the personal information (or personal information file) applying to grounds of destruction and destroys the personal information (or personal information file) by obtaining a consent from the privacy officer.
- Destruction Method
  Paju-si destroys takes measures to prevent revival of the personal information recorded and saved in a form of electronical file. The personal information recorded and saved on a paper document is destroyed by burning or crushing with a shredder.

7. Provision of Personal Information to Third Party

Paju-si provides the personal information to the Third Party only when applicable to Article 17 and Article 18 of the [Personal Information Protection Act], including the consent of the data subject, special legal regulations, etc.
To provide a smooth service, Paju-si provides minimum personal information by obtaining a consent from the data subject.
DMZ Peace Tourism Online Reservation Portal does not provide the personal information to the third Party. In cases of providing the personal information to the Third Party, the personal information will be processed by obtaining a consent from the data subject and will be disclosed in the Privacy Policy.

8. Entrustment of Personal Information Processing

For a smooth personal information performance, Paju-si entrusts the personal information processing as follows :

Entrustment of Personal Information Processing
Entrusted Party (Outsourcee)	Entrusted Matters	Remarks
IMPACSYS	Computing System Operation and Maintenance
NICE PAYMENTS	Online Payment Agency Service
HANJIN INFORMATION SYSTEMS & TELECOMMUNICATION	Text Message and Notification Message

In signing an entrustment contract, Paju-si states in documents, such as contract, on prevention of personal information processing for other purposes than the outsourced purpose, measures for securing safety, management, supervision, and compensation, etc., of the outsourcee in accordance with the Article 26 of the [Personal Information Protection Act] to supervise whether the outsourcee processes the personal information safely.
Any change in entrustment details and outsourcee will be made public by this Privacy Policy.

9. Measures for Ensuring Personal Information Safety

Paju-si takes following measures to secure safety of the personal information :

Managerial Safeguard Measures : Establishment and implementation of international management plan and regular employee education
Technical Safeguard Measures : Management of access to personal information processing system, etc., installation of access control system, encryption of personally identifiable information, and installation of security program
Physical Safeguard Measures : Control of access to computing room, data archive room, etc.

10. Installation and Operation of Automatic Personal Information Collection Tool and Denial Thereof

To provide an individually personalized service to users, Paju uses “Cookie” to save and load the information frequently.
Cookie is a small piece of information sent to the user’s computer browser by the server (http) used to run the website. Cookie is stored in the computer hard disk of the user.
The data subject may set web browser options to allow or block the cookie. Provided, you may be restricted from using the personalized service for refusing to accept cookies.
How to allow/block cookie in web browser
- Chrome : Click Settings in Web Browser > Click Privacy and Security > Delete Browsing Data
- Edge : Click Settings in Web Browser > Cookie and Site Permissions > Manage and Delete Cookies and Site Data

11. Rights and Obligations of Data Subject and Legal Representative and Exercising Methods

The data subject may exercise rights, including personal information access, correction, deletion, suspension of processing, withdrawal, refusal to automated decision, and explanation request, to Paju-si
※ Access, etc., to the personal information of a child under 14 shall be directly requested by the legal representative. The data subject who is a minor over 14 may exercise the personal information right or may have the legal representative to exercise the right.
The rights may be exercised to Paju-si via writing, email, FAX, etc., pursuant to Article 41-1 of the Enforcement Decree of the [Personal Information Protection Act], and Paju-si will take necessary measures immediately.
- The data subject may access or correct his or her personal information in “My Page” of the website or request access via “1:1 Inquiry” of the website.
  Download
- The data subject may withdraw his or her membership at any time to withdraw the consent on collection and use of personal information.
The right may be exercised by the legal representative, entrusted party, or other representatives of the data subject. In such cases, the data subject shall submit a power of attorney pursuant to Format No.11 in Annex of “Notification on Personal Information Processing Method.”
The data subject’s right to request access to personal information and suspension of personal information processing may be restricted pursuant to Article 35-4 and Article 37-2 of the [Personal Information Protection Act]
The erasure of personal information is not permitted where the said personal information shall be collected by other statutes.
When the access, correction, deletion, and suspension of processing are requested pursuant to the rights of data subject, Paju-si checks whether such is requested by the data subject or proper representative.
Paju-si may request access to personal information, etc., to the following department. Paju-si tries its best to process the personal information access requested by the data subject.
Department in Charge of Receiving and Processing Requests, Including Personal Information Access
- Department Name : Tourism Cooperation Division, Tourism Department
- Contact : 031-940-8343 031-940-4369 chk3036@korea.kr

12. Privacy Officer

Paju-si designates a privacy officer as follows for personal information processing, handling of complaint regarding personal information processing, and remedial compensation :

Privacy Officer
Category	Department (Headquarters) Name	Name / Position	Contact	Remarks
Privacy Officer (CPO)	Interior and Safety Bureau	Kim Taehoon, Chief	031-940-4023
Personal Information Protection Manager	Information and Communications Department	Kim Youngkyun	031-940-5332

The data subject may contact the privacy officer or department in charge regarding the personal information protection, complaint handling, and remedial compensation that happened during the use of service. Paju-si will answer and handle the inquiries of data subject without delay.

13. Remedies for Infringement of Rights and Interests of Data Subject

For remedy of personal information infringement, the data subject may request dispute settlement, consulting, etc., to the Personal Information Dispute Mediation Committee, Personal Information Infringement Report Center of Korea Internet & Security Agency, etc. For other personal information infringement, consulting, etc., please contact the following institutions :
- Personal Information Dispute Mediation Committee : 1833-6972 (without area code) (www.kopico.go.kr)
- Personal Information Infringement Report Center : 118 (without area code) (privacy.kisa.or.kr)
- Prosecution Service : 1301 (without area code) (www.spo.go.kr)
- Korean National Police Agency : 182 (without area code) (ecrm.cyber.go.kr)
When the rights or interests are infringed by dispositions or omission conducted by the head of the public institutions for the request pursuant to regulations on the Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), or Article 37 (Suspension of Processing of Personal Information of the [Personal Information Protection Act], he or she may claim an administrative appeal as prescribed by the Administrative Appeals Act.
Central Administrative Appeals Commission : 110 (without area code) (www.simpan.go.kr)

14. Changes in Privacy Policy

This Privacy Policy shall be effective from August 06, 2024.
Please refer to the following link for previous Privacy Policy.
- Applied from 2024. 07. 05 to 2024. 08. 05 (Click)