Lotte Duty Free ("Company”) adheres to the Personal Information Protection Act, and the Privacy Policy of the Company is available on the first page of the Lotte Duty Free promotional website (“PR website”). The Company informs any revisions to the Privacy Policy of the PR website via its official website.
Indication of data processing
Collection of data
※ Read the privacy policy for details.
Period of data retention
※ Certain personal data is stored for longer than three years in accordance with applicable laws.
Purpose of processing
※ Read the privacy policy for details.
Destruction of personal data
※ Read the privacy policy for details.
Disclosure of personal data
Department in charge of privacy
1. Items of personal data
Classification | Items | Retention | |
---|---|---|---|
Consultation/reporting/ checking cases of ethical violations |
Required |
Name, password, email address, phone number, contents of consultation/report (e.g. type of report, title, description) |
3 years |
Consultation/reporting/ checking cases of unfair transactions |
Required |
Name, password, email address, phone number, contents of consultation/report (e.g. type of report, title, description) |
|
STAR★UPS program application |
Required | Name, password, email address, phone number | |
CHEER♥UPS program application |
Required | Name, phone number |
* Data generated via other service processes
- Service use records, access logs, cookies, accessed IP addresses
2. Collection method
The Company collects personal data via the following channels:
1. In general, once the purpose of storing the collected personal data has been met, the data is immediately destroyed.
2. If separate consent is obtained from the user regarding the storage period, the data is retained until the end of the agreed-upon period and then immediately destroyed.
If specified by a superior court, however, a separate retention period is observed. In this instance, the Company stores data solely for storage purposes, and the retention period is as follows.
Classification | Retention | |
---|---|---|
Records on consumer complaints and dispute resolution |
Act on the Consumer Protection in Electronic Commerce |
3 years |
1. The Company uses the user's personal data within the scope outlined in Article 1 (Purpose of Collection) and Article 2 (Collection of Personal Data), and does not use it beyond its intended scope or provide it to third parties or companies without the user's consent. The following, however, are exceptions.
(1) When the user consents beforehand;
Before disclosing a user's personal data to a third party, the Company informs the user of the following and obtains their consent.
- Recipients of personal data
- Purpose of use of personal data by the recipient
- Items of personal data provided
- Period of retention and use of personal data by the recipient
- Disadvantages followed by refusing or disagreeing the right to refuse the transfer of personal data
(2) In the case of an investigative agency fulfilling its obligations under the relevant laws or requesting the disclosure of personal data in accordance with the procedures and methods specified by those laws for the purposes of an investigation;
(3) Acquisition of business, etc.
If there is a reason for business transfer, etc., and it is necessary to transfer the user's personal data, the Company notifies in advance the facts regarding the transfer of personal data in accordance with the procedures and methods specified in related laws, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, and allows users to withdraw their consent to the transfer of personal data.
2. In the following instances, personal data may be disclosed without the user's consent in accordance with applicable laws and regulations.
- In accordance with the provisions of the law or in accordance with the procedures and methods established by the law for the purpose of investigation, if a request is made by an investigative agency.
- If required for statistical writing, academic research, or market research, processing and providing an individual's data in an unidentifiable format.
1. The Company consigns a portion of its tasks in order to improve and implement services, and stipulates that personal data can be managed securely in accordance with applicable laws and regulations during consignment contracts.
2. The Company's current personal data processors and their responsibilities are outlined below.
Classification | Third party | Consigned task |
---|---|---|
Information system management | Lotte Data Communication, Easy Media |
Information system operation and maintenance |
Promotional website management | Easy Media |
Promotional website operation and maintenance |
3. To ensure the safety of personal data protection when entering into a consignment contract, strict compliance with privacy-related regulations and responsibilities in the event of an accident are clearly specified, and the contract's terms are stored physically and electronically. If the company is changed, the name of the new company will be reflected on the privacy policy screen.
4. The Company conducts appropriate oversight within the scope of the entrusted tasks to ensure that the trustee faithfully fulfills the entrusted personal data so that the entrusted personal data can be managed securely.
1. Users can view, edit, and delete their registered data.
Users can view, edit, and delete the personal data regarding reports on ethical violations or unfair transactions via the “Check Status” menu on the website.
- In the case of programs operated by promotional sites, however, when the retention and use period agreed upon at the time of registration expires, the registered data is immediately deleted and cannot be accessed or modified.
2. If a user requests that an error in his or her personal data be corrected, the data will not be used or disclosed until the correction has been made.
3. Users may consult about their rights on personal data by each service via the following channels.
Classification | Contact |
---|---|
Ethical violations Reports on unfair transactions |
LDFSETHICS@lottedfs.co.kr/ 02-3707-9436 |
STAR★UPS CHEER♥UPS |
1688-3000 |
1. The Company uses "cookies" to store and retrieve usage data in order to provide users with quick and useful services when they visit its website.
2. A user has a choice regarding cookies and can configure the web browser to allow all cookies, to prompt before saving a cookie, or to block all cookies.
However, if the user refuses to accept cookies, there may be restrictions on use, such as the need to re-enter login data when using certain login-required services.
Classification | Route |
---|---|
Microsoft Edge browser |
Modify settings via [Settings] > [Site permissions] > [Cookies and site permissions] > [Cookies and site data] |
Google Chrome browser | Modify settings via [Settings] > [Privacy and security] > [Cookies and other site data] |
3. The Company is able to read the cookie's contents from the user's browser, locate additional data on the user's computer, and provide the service without additional input such as the connection name.
4. The Company uses Google Analytics, a Google-provided web log analysis tool, to improve user services.
Through cookies, Google Analytics collects data about the behavior of our website visitors; in this case, only non-identifying data that cannot be used to identify the user is collected. However, users may opt out of using Google Analytics by installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout) or by refusing cookie settings in the web browser.
Classification | Route |
---|---|
Items collected | Service use records and access logs (e.g. browsing history) |
Method | Automatically collected when the user uses the services |
Purpose | To provide personalized services based on the analyzed user’s interest |
Retention & use period |
Processing of the data collected via Google Analytics complies with the Google Privacy & Terms and the Google Analytics Terms of Service. * Google Privacy & Terms: google.com/intl/ko/policies/privacy * Google Analytics Terms of Service: google.com/analytics/terms/kr.html |
The Company implements the following technical safeguards to prevent the loss, theft, unauthorized disclosure, alteration, or destruction of the user's personal data during processing.
1. Establishment and implementation of internal data management plans
- The Company establishes and implements data management plans to protect the user’s personal data.
2. Minimization and education of the staff managing personal data
- The Company minimizes the number of staff managing personal data and provides regular training to protect the data.
3. Limited access to personal data
- The Company limits the access to personal data by granting, changing, and deleting the authority to access the database system for personal data processing, and prevents external unauthorized access to the data by using an intrusion prevention system.
4. Retention of access records and data forgery prevention
- The Company stores and regularly examines the access records of the personal data processing system according to the related law.
5. Personal data encryption
- The Company encrypts user’s data to store and manage it according to the related law.
6. Technical measures against hacking and other cyberattacks
- The Company installs antivirus programs to prevent personal data leakage and damages resulting from such leakage due to hacking and viruses, regularly updates and examines the programs to install the system in the controlled area against external access, and technically and physically observes and blocks possible security issues.
7. Access control of an unauthorized party
- The Company separately designates a physical place for the personal data management system that stores user’s data, establishes access control procedures, and manages access to the system.
1. The Company designates the following departments and people in charge to protect user’s data and process user’s complaints regarding their personal data.
Classification | Name | Department | Contact, E-Mail |
---|---|---|---|
Privacy Officer | Noh Jae-Seung | Marketing Division |
1688-3000 securityLDF@lotte.net |
Privacy Manager | Kang Jae-weon | Big Data Team |
2. Contact the KISA Privacy Infringement Report Center, the Electronic Cybercrime Report & Management System of the Korean National Police Agency, and other agencies to consult about other privacy issues.
Institution | Contact | Website |
---|---|---|
KISA Privacy Infringement Report Center | 118 | privacy.kisa.or.kr |
Personal Information Dispute Mediation Committee | 1833-6972 | www.kopico.go.kr |
Electronic Cybercrime Report & Management System of the Korean National Police Agency | 182 | ecrm.police.go.kr |
Prosecution Service Cyber Investigation Division | 1301 | www.spo.go.kr |
This privacy policy takes effect as of Dec 12, 2023. If there are any additions, deletions, or changes to the content, a notice will be posted on the website at least seven days prior to the amendment. In addition, the Company assigns revision dates to the privacy policy, making it easy to determine whether it has been updated.
Privacy Policy Ver. 1.6