Personal Information Handling Policy

Fly Gangwon Co., Ltd. (hereinafter ‘the Company’ or ‘Fly Gangwon’) is committed to protecting your personal information, and maintains compliance with all related laws, statutes and regulations such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information. Through our Personal Information Handling Policy, we aim to inform you of the methods and uses for which the personal information you provide is used, and of what measures are taken to protect your personal information.


Our Personal Information Handling Policy is subject to change when required by revisions to laws, statutes and announcements, and in accordance with the internal policies and Terms of Service of the Company. When revisions are made, they will be published on the website (www.flygangwon.com).


Customers who use our services may choose to decline the following terms relating to the collection, use, furnishing, consignment and transfer overseas of personal information. Please be informed that if you decline the terms, you may not be able to use all or part of the services.


The Company retains customers’ personal information until the purpose of its collection has been achieved. After the purpose of its collection has been achieved, a customer’s personal information will be destroyed unless retention thereof is required by relevant laws, statutes and regulations.


This Personal Information Handling Policy is organized as follows:


Article 1. Personal information items and purpose of handling
Article 2. Methods of personal information collection
Article 3. Consent and methods of consent for personal information handling
Article 4. Handling and retention periods for personal information
Article 5. Installation and operation of automatic personal information collection devices, and matters regarding refusal of the same
Article 6. Furnishing and sharing personal information to and with third parties
Article 7. Consignment of personal information handling
Article 8. Overseas transfer of personal information
Article 9. Rights and obligations of information owners and methods of exercising the same
Article 10. Procedures and methods for destruction of personal information
Article 11. Measures to ensure the safety of personal information
Article 12. Personal information protection officer and handling department for complaints
Article 13. Duty of notification for changes to the personal information handling policy


Article 1. Personal information items and purpose of handling

Unless it is done with user consent or in accordance with the provisions of laws and statutes, users’ personal information will not be handled beyond the scope stated in the present article.

A. Managing members

Managing members
Item Mandatory/Optional Items handled Purpose of handling
Upon registration Mandatory ID, password, name (Korean and English), date of birth, sex, contact information, e-mail address User authentication and identification, preventing unauthorized use or abuse by abusive members, restricting membership and number of times of membership registration, preservation of records for dispute mediation, handling complaints and other grievances, conveying notices
Optional Name, address, contact information, event information Use in marketing and advertising (Separate consent from users is sought for the use of their personal information for marketing and advertising communications. Your use of the services will not be restricted if you decline to allow your personal information to be used in this manner.)
Less than 14 years old Mandatory In order to protect the personal information of children under the age of 14, membership is allowed only for those aged 14 or older. Therefore, the personal information of children is not collected. Compliance with laws in registering memberships for minors
Guests Mandatory Name, e-mail address, contact information Responding to inquiries from guests regarding ticket bookings and services

B. Bookings

Bookings
Item Mandatory/Optional Items handled Purpose of handling
Bookings Mandatory Name, sex, mobile phone number, e-mail address, date of birth (children and infants), itinerary (flight no., time of departure) (flight no., boarding time, fare) User authentication and identification, preventing unauthorized use or abuse by abusive members, restricting membership and number of times of membership registration, preservation of records for dispute mediation, handling complaints and other grievances, conveying notices
Optional Consent to receiving event info and discount info, etc. Use for purposes such as events or marketing, etc.
Payments Mandatory - Real-time account transfer: bank/ securities company code, account number, name, contact number.
- Credit card: credit card number, validity period, payer, contact number of the payer, date of birth, business license number
- Cash receipt: card number or contact number of the payer
- Simple payment: payer, contact number of the payer
- Overseas issuance card (DCC): Card number or contact number of the payer
Payments for purchase of tickets and payments for paid services

C. Providing air carriage services

Providing air carriage services
Item Mandatory/Optional Items handled Purpose of handling
International flights Mandatory Passport number, nationality, etc. Providing international air carriage services

D. Miscellaneous

Miscellaneous
Item Mandatory/Optional Items handled Purpose of handling
Participation in surveys and events Optional ID, name, address, contact information (mobile phone number, e-mail address) Sending of prizes, etc. for events, and participation in surveys to improve customer services
Automatically generated data Mandatory Service usage records, access logs, access IP data, payment records, etc. Data generated in the process of using services or processing data, used for management purposes to ensure the stable use of services by customers and in handling complaints

Article 2. Methods of personal information collection

The Company collects personal information through the following methods and processes.

• Registration as a member of the website

• Bookings and payments by members and guests

• Data generated in the process of use of services or processing of information

• Participation in surveys and events

Article 3. Consent and methods of consent for personal information handling

If the Company intends to collect, use or furnish your personal information, the Company will seek your consent (consent from legal guardian for children under 14 years) either online or through telephone, etc., using personal information handling consent forms, etc.

Article 4. Handling and retention periods for personal information

Handling and retention periods for personal information
Applicable personal information Reason for preservation Period of preservation
Records of contracts or cancellation of subscriptions, etc. Article 6 of the Act on the Consumer Protection in Electronic Commerce, etc. and Article 6 of the Enforcement Decree of the same act 5 years
Records of payment and supply of goods, etc. Article 6 of the Act on the Consumer Protection in Electronic Commerce, etc. and Article 6 of the Enforcement Decree of the same act 5 years
Records of customer complaint or dispute handling Article 6 of the Act on the Consumer Protection in Electronic Commerce, etc. and Article 6 of the Enforcement Decree of the same act 5 years
Records of website access Article 15-2 of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree of the same act At least 3 months
The records on Electronic Financial Article 22 of the Electronic Financial Transactions Act 5 years
The records on survey/event participation Prevention of fraudulent participation in events and acquisition of prizes 3 years

Article 5. Installation and operation of automatic personal information collection devices, and matters regarding refusal of the same

The Company uses ‘cookies’ to save and retrieve customer information as needed. Cookies are small packets of data sent by the website server to the customer’s browser, and are saved on the hard disk of the customer's computer. When a customer accesses a website, the Company’s computer reads cookies on the customer's computer, then finds additional customer information on the customer’s computer. This allows the system to recognize a customer when it visits the site without requiring the customer to enter additional information, and to provide customized services accordingly. The browser may be set to notify the customer when the customer's browser accepts cookies. Customer-related information saved in cookies disappears when a browser is closed or when a customer logs off.

Cookies recognize your computer, but do not personally recognize you.

Customers may either allow or disallow the installation of cookies. Most web browsers can be configured to either allow all cookies, prompt the user every time a cookie is saved, or refuse all cookies.

A. Refusing cookies

Through your web browser settings, you can choose to allow all cookies, prompt the user every time a cookie is saved, or refuse all cookies.

B. How to change cookie settings (in Internet Explorer)

• Go to the [Tools] menu and select [Internet Options].

• Click the [Personal Information] tab.

• Set [Personal Information Handling Level]. Please be informed that it may be difficult for the Company to provide you with services if you refuse all cookies.

Article 6. Furnishing and sharing personal information to and with third parties

The Company provides some of the personal information of customers who have given consent to furnishing of personal information to partner services through a “Personal Information Consent Form” to partners of the Company. If there are changes in the Personal Information items furnished to partners, or if the information is furnished to other companies, additional consent is obtained from the customer.

In addition, in the following exceptional cases the Company will provide users’ personal information where necessary for compliance with necessary laws and statutes, etc.

• Cases where necessary for preparation of statistics under the Statistics Act, academic research or market research, where personal information is processed in a manner preventing specific individuals from being recognized

• If there are special provisions in laws such as the Criminal Procedure Act

• Cases where personal information must be provided due to an order from a government agency (including quasi-governmental agencies) or the courts

Even in ‘cases where there are special provisions in the law’ where personal information has been requested by an administrative agency or investigative body for administrative or investigation purposes, the Company will not furnish customers’ personal information unconditionally. Information will be furnished according to lawful procedures and in accordance with legal provisions, such as when a warrant or a document affixed with the official seal of the head of the requesting agency is produced.

Article 7. Consignment of personal information handling

For compliance with laws, performance of contracts, improvements to services and facilitation of handling of business, etc., the Company consigns some of the work of personal information handling to outside specialist companies. When entering into consignment agreements, the relevant contracts, etc. specify that personal information may not be handled for purposes other than carrying out the work consigned, in addition to technical and administrative protective measures, restrictions on re-consignment, management and supervision of the consignee, and compensation for damages, etc., and the Company supervises the consignees to ensure the safe handling of personal information.

Consignment of personal information handling
Consignee Purpose of furnishing information Periods of use and retention
Infobip Kakaotalk notifications and SMS / LMS / MMS messages Until the purpose of its collection and use is achieved
KR Partners Payment gateway for ticket purchases
KICC Payment gateway for ticket purchases
NICE Information Service Authentication and verification

Article 8. Overseas transfer of personal information

Fly Gangwon consigns SITA, an air travel information systems provider, with the operation of our booking and air transport system. The following personal information will be transferred overseas for booking purposes. Users may opt to refuse the transfer of their personal information overseas. Pleased be informed that if you refuse the transfer of your personal information overseas, it may be difficult for you to use booking/ticketing and carriage services.

Consignment of personal information handling
Transferee Purpose of use Date, time and method of transfer Type of overseas transfer Items furnished Information Management Officer
SITA Maintaining the Fly Gangwon bookings system and maintaining booking records Transmission using public networks for membership registration and ticket booking
(processed with security protocol)
Consignment of personal information handling and storage of personal information Member number, ID, password, DI (redundant membership check data), contact information (mobile phone number, e-mail address), name, gender, date of birth, credit card information (credit card number, expiration date, issuing country, nationality), event info consent E-mail address :
servicedesk@sita.aero

Article 9. Rights and obligations of information owners and methods of exercising the same

A. Users may at any time demand to inspect their personal information collected and kept by the Company, and demand the correction of errors in their personal information. Users may also withdraw their consent to the collection, use or furnishing of personal information; provided, however, that for children less than 14 years old, their legal guardian may exercise the rights stated above regarding the child’s personal information.

B. For a legal guardian to exercise rights regarding personal information, the legal guardian must submit the Power of Attorney in ‘Annexed Form No. 11’ of the Enforcement Regulations of the Personal Information Protection Act either by fax or in paper form.

C. A user may, at any time, by ‘cancelling membership’, withdraw his consent to collection and use of personal information.

D. Users and their legal guardians may, at any time, demand suspension of handling for personal information handled by the Company; provided, however, that in the following cases, the Company may refuse a request to suspend handling.

• Cases where there are special provisions in the law, or where such handling is inevitably necessary to comply with legal obligations

• Cases where there is concern of harm to the life or body of other persons, or unfair violation of other persons’ property and other interests

• Cases where it is difficult to carry out a contract, such as furnishing services agreed upon with an information owner, without handling personal information, and where the information owner has not clearly stated intent to rescind the contract

< Method of inspection, correction and withdrawal of consent for personal information >

Log into the Company’s Internet website (www.flygangwon.com) and click ‘Modify Member Information’ to inspect information. Information may be corrected and consent may be withdrawn (withdrawal of membership) by clicking the ‘Modify Member Information’ and ‘Withdraw Membership’ buttons on the page shown. Further, users may request to inspect or correct personal information or withdraw consent by written document, telephone, e-mail or our Q&A page.

Article 10. Procedures and methods for destruction of personal information

A. When personal information is rendered unnecessary due to reasons such as lapse of retention period or achievement of the stated purposes for personal information handling, the Company destroys such personal information without delay.

B. For safe disposal, personal information is destroyed using the following methods.

• Documents, printouts and other personal information in paper form : Shredding or incineration

• Electronic files : Destruction using irreversible and irrecoverable methods

Article 11. Measures to ensure the safety of personal information

To ensure the safety of personal information and prevent loss, theft, leaks, falsification or damage, the Company has implemented the following countermeasures.

A. Technical measures for personal information protection

• We establish and apply access control measures to manage access privileges to personal information handling systems.

• We encrypt files and transmitted data, and store important data using separate security features.

• We establish and apply information leak prevention plans to prevent loss or theft of personal information.

• We use encryption algorithms for the safe transmission and use of personal information on networks.

• We use anti-virus programs to prevent damage from computer viruses.

B. Physical measures for personal information protection

• We have access restriction procedures for computer rooms and data rooms in place.

• To prevent information leaks, we have access control systems including CCTVs in place to restrict access by outside persons, and have a guard system operated by a security services provider.

C. Administrative measures for personal information protection

• We have established and are implementing a personal information protection policy for the safe handling of personal information.

• We collect personal information protection oaths and administer training to handlers of personal information.

• We carry out regularly scheduled inspection of personal information handling status and our consignees.

Article 12. Personal information protection officer and handling department for complaints

To protect customers’ personal information and handle complaints relating to personal information, the Company has appointed the following personal information protection officer and handling department for complaints.

A. Personal information protection officer

• Affiliation : Management management office

• Name : Team Leader Kim, Kang Bum

• Email address: gogofly@flygangwon.com

B. Personal information protection officer

• Affiliation : Information Service Team

• Name : Team Leader Yu, Kwang Jin

• Email address: gogofly@flygangwon.com

C. Personal information complaint handling department

• Fly Gangwon Co., Ltd. Information Service Team

• Telephone number : 033-680-0086

For personal information infringement reporting or counseling, please contact the following.

• Personal Information Violation Reporting Center (without area code) 118 (http://privacy.kisa.or.kr)

• Personal Information Dispute Mediation Committee 1833-6972 (http://www.kopico.go.kr)

• Supreme Prosecutors’ Office Department of Cyber Investigation (without area code) 02-3480-2000 (http://spo.go.kr)

• National Police Agency Cyber Safety Bureau (without area code) 182 (http://cyber.go.kr)

Article 13. Duty of notification for changes to the personal information handling policy

This personal information handling policy was drawn up on Nov 11, 2019. If there are additions, deletions or revisions to the policy in accordance with changes to laws, statutes, and policies or changes in security technologies, the reason for such changes and the details thereof will be published on the Company’s website prior to the enforcement of such revised personal information handling policy.