Indication of data processing
Collection of data
Period of data retention
※ Certain personal data is stored for longer than three years in accordance with applicable laws.
Purpose of processing
Destruction of personal data
Disclosure of personal data
Department in charge of privacy
1. Collected items
|Required||Name, contact, email, password||3 years|
• (*) Name: Korean, Chinese, English, Japanese, Vietnamese
• ※ Data generated via other service processes
- Service use records, access logs, cookies, accessed IP addresses, payment records, and use suspension records
2. Collection method
The Company collects personal data using the following methods.
1. To improve service quality, the Company collects personal data for the following purposes.
- Identification, personal identification, complaint handling, and notice delivery regarding ethical management violations
1. In general, once the purpose of storing the collected personal data has been met, the data is immediately destroyed. Personal data for which the purpose of collection and use has been met is transferred to a separate database, stored securely in accordance with internal regulations and applicable laws, and destroyed without delay when the specified time period expires. At this time, the personal data transferred to a separate database will not be used for any other purpose unless the user agrees otherwise or the law requires it.
2. If separate consent is obtained from the user regarding the storage period, the data is retained until the end of the agreed-upon period and then immediately destroyed. If specified by a superior court, however, a separate retention period is observed.
3. However, if it is necessary to retain personal data in accordance with applicable laws, such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, Etc., the personal data will be retained for a certain period of time. In this instance, the company stores data solely for storage purposes, and the retention period is as follows.
|Records on consumer complaints and dispute resolution||
Act on Consumer Protection in
Electronic Commerce, Etc.
1. The Company uses the user's personal data within the scope outlined in Article 2 (Collection of Personal Data) and Article 3 (Purpose of Collection and Use), and does not use it beyond its intended scope or provide it to third parties or companies without the user's consent.
The following, however, are exceptions.
(1) When the user consents beforehand;
Before disclosing a user's personal data to a third party, the Company informs the user of the following and obtains their consent.
(2) In the case of an investigative agency fulfilling its obligations under the relevant laws or requesting the disclosure of personal data in accordance with the procedures and methods specified by those laws for the purposes of an investigation;
(3) Acquisition of business, etc.
If there is a reason for business transfer, etc., and it is necessary to transfer the user's personal data, the Company notifies in advance the facts regarding the transfer of personal data in accordance with the procedures and methods specified in related laws, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, and allows users to withdraw their consent to the transfer of personal data.
2. In the following instances, personal data may be disclosed without the user's consent in accordance with applicable laws and regulations.
1. The Company consigns a portion of its tasks in order to improve and implement services, and stipulates that personal data can be managed securely in accordance with applicable laws and regulations during consignment contracts.
2. The Company's current personal data processors and their responsibilities are outlined below.
|Classification||Third party||Consigned task|
|Information system management||
Lotte Data Communication,
|Information system operation and maintenance|
|Easy Media||Promotional website operation and maintenance|
4. The Company conducts appropriate oversight within the scope of the entrusted tasks to ensure that the trustee faithfully fulfills the entrusted personal data so that the entrusted personal data can be managed securely.
1. Users can view, edit, and delete their registered data.
Personal data may be viewed or corrected only after identity verification has been performed by visiting a branch office or calling the Lotte Duty Free Customer Service Center (+82-2-1688-3000).
- In the case of programs operated by promotional sites, however, when the retention and use period agreed upon at the time of registration expires, the registered data is immediately deleted and cannot be accessed or modified.
2. If a user requests that an error in his or her personal data be corrected, the data will not be used or disclosed until the correction has been made.
1. Cookies are temporary files that are automatically created when you visit a website. It is a small amount of data that the server used to run the website sends to the user's browser and is also stored on the user's PC's hard drive.
2. The Company uses "cookies" to store and retrieve usage data in order to provide users with quick and useful services when they visit its website.
3. You have a choice regarding cookies, and you can configure your web browser to allow all cookies, to prompt you before saving a cookie, or to block all cookies. However, if the user refuses to accept cookies, there may be restrictions on use, such as the need to re-enter login data when using certain login-required services.
- The following describes how to specify whether or not to allow cookie installation in Internet Explorer.
• Internet Explorer browser
Modify settings via [Tools] > [Internet Options] > [Privacy] > [Advanced]
• Google Chrome browser
Modify settings via [Settings] > [Privacy and security] > [Cookies and other site data]
4. The Company is able to read the cookie's contents from the customer's browser, locate additional data on the customer's computer, and provide the service without additional input such as the connection name.
1. The Company uses Google Analytics, a Google-provided web log analysis tool, to improve user services.
Through cookies, Google Analytics collects data about the behavior of our website visitors; in this case, only non-identifying data that cannot be used to identify the user is collected. However, users may opt out of using Google Analytics by installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout) or by refusing cookie settings in the web browser.
Items of collected
Methods of collecting
Purpose of collecting
Period of retention/use
and how data is
|Collection and computation of web logs and demographic data based on anonymous cookie information, including promotional site GA.||
Analysis of how users utilize the website, using "cookies," which are text files stored on the user’s computer.
Information gathered via cookies is transferred to and stored on Google servers in the United States.
By using the Lotte Duty Free promotional site service, the customer consents to the use of all data generated through Google Cookies and Google Analytics, unless the customer separately declines to use Google Cookies.
|Google Analytics, a web analysis service provided by Google, Inc., is used to analyze and evaluate how customers use the services of the Lotte Duty Free promotional website and to identify customer needs in order to improve customer service in order to provide effective service by enhancing and personalizing the service.||
Google's Privacy Statement and Google Analytics's Terms of Service govern the processing of data collected via Google Analytics.
* Google Analytics Terms and Conditions: https://www.google.com/analytics/terms/kr.html
The following describes the method for blocking or allowing tailored advertisements via a web browser.
(1) Internet Explorer (Internet Explorer 11 for Windows 10)
(2) Microsoft Edge
(3) Google Chrome
1. The Company has implemented the following technical safeguards to prevent the loss, theft, unauthorized disclosure, alteration, or destruction of the user's personal data during processing.
2. The Company restricts access to personal data of users to a minimum number of employees.
Those who fall under the minimum number of employees are as follows.
4. Computer rooms and data storage rooms are designated as protected areas with restricted access.
5. The Company is not responsible for events that result from user error or inherent risks of using the Internet. Individual users are responsible for properly managing their ID and password to safeguard their personal data.
6. Moreover, if personal data is lost, leaked, falsified, or damaged due to an internal manager's error or a technical management accident, the Company will immediately notify the user and devise appropriate compensation measures.
1. According to the website's terms and conditions, children under the age of 14 are prohibited from using the Company's services.
2. If the Company must collect personal data from children under 14 years of age, it will comply with applicable laws and notices.
3. If a user requests that an error in his or her personal data be corrected, the data will not be used or disclosed until the correction has been made. In addition, if incorrect personal data has already been provided to a third party, the correction will be immediately communicated to the third party so that the correction can be implemented.
1. The Company makes every effort to ensure that users can access high-quality data securely. In the event of an accident involving the violation of protecting personal data, the Company assumes full responsibility. However, despite taking additional technical precautions, the Company cannot be held liable for data loss due to unforeseen incidents caused by basic network risks such as hacking and various disputes caused by user-generated content. The persons in charge of protecting and processing the user's personal data are listed below, and these persons respond promptly and truthfully to inquiries pertaining to personal data.
|Privacy Officer||Noh Jae-Seung||Marketing Division||+82-1688-3020||securityLDF@lottedfs.co.kr|
|Privacy Manager||Kang Jae-weon||Big Data Team||+82-1688-3000||securityLDF@lottedfs.co.kr|
2. The Company operates a customer service center to facilitate communication with users. The following are the contact details for the customer service center.
Lotte Duty Free Customer Service Center: +82-2-1688-3000
※ Over-the-phone consultations are available on weekdays from 9 AM to 6 PM.
3. In the case of an email or website inquiry, we will respond as quickly as possible in good faith.
- Website: https://www.lottedfs.com (Home > Customer Service > Contact)
※ 1:1 consultations are exclusive to online members and offline purchasers.
The following organizations can be contacted by users inquiring about damage relief and consultation for privacy violations.
The organizations listed below are separate from the company. If you are not satisfied with the results of the Company's complaint handling and damage relief, or if you require additional assistance, please contact these organizations.
KISA Privacy Infringement
Personal Information Dispute
Korea Computer Emergency
Response Team Coordination Center
Korea National Police Agency
Cyber Investigation Division
Duty of Notice