• Membership
    • HOME
    • Privacy policy

    Privacy policy

    Change History

    Parnas Hotel Co., Ltd. (hereinafter referred to as the "Hotel") operates the Westin Seoul Parnas website (thewestinseoulparnas.com, hereinafter referred to as the "Website"). To protect the freedom and rights of data subjects, Parnas Hotel Co., Ltd. (hereinafter referred to as the "Hotel") complies with the Personal Information Protection Act and related laws and regulations, lawfully processing and safely managing personal information. Accordingly, pursuant to Article 30 of the Personal Information Protection Act, the Hotel establishes and discloses the following personal information processing policy to inform data subjects of the procedures and standards for personal information processing and to promptly and smoothly address any complaints related thereto.

    Purpose of processing personal information, items collected, retention and use period

    The website collects and uses personal information to the minimum extent necessary to provide services.

    Collection and use of personal information: Table consisting of categories, collection purpose, collection items, and retention and use period.
    division Purpose of collection Collection items Retention and use period
    Westin website access history Provide optimized information to users by identifying visit and usage patterns, popular search terms, and whether access is secure. Access history (access date and time, browser information, screen resolution, access path) Automatic destruction after 1 year of storage
    Website inquiry form Responding to customer inquiries and handling complaints Name, email, contact information, inquiry details Automatically destroyed after 1 year of storage in the website CMS (DB) and public mail

    Some features of this website, such as room reservations (Marriott Bonvoy), membership sign-up (Parnas Rewards, The Parnas), and event and food and beverage reservations, are provided through external linked sites. When using these features, your personal information is collected and processed in accordance with the privacy policies of each linked site.

    Procedures and methods for destroying personal information
    1. The hotel destroys personal information without delay when the personal information becomes unnecessary, such as when the retention period for personal information expires or the processing purpose is achieved.
    2. The procedures and methods for destroying personal information are as follows:
      1. Destruction procedures
        • After the hotel achieves the purpose of collection and use, the information is stored for a certain period of time in accordance with internal policies and other relevant laws and regulations for information protection, and then destroyed.
        • When personal information becomes unnecessary, such as when the retention period for personal information expires or the processing purpose is achieved, the personal information will be destroyed without delay.
        • Website access history (information collected through Google Analytics) is automatically deleted after one year.
      2. How to destroy
        • Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in electronic file format is deleted using a technical method that renders it unrecoverable.
    3. If personal information must be retained in accordance with other laws and regulations, the personal information will be retained for the period specified in the relevant laws and regulations.
      In case of personal information preservation: Table consisting of contents, retention period, and related laws
      detail Retention period Related laws
      Service visit history 3 months Article 15-2 of the Communications Secrets Protection Act
    Provision of personal information to third parties
    1. The hotel processes the personal information of the data subject only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law. In other cases, the personal information of the data subject is not provided to third parties.
    2. The hotel may provide personal information to relevant organizations without the consent of the data subject as follows:
      Collection and use of personal information: Table consisting of recipient, purpose of provision, items provided, and retention and use period.
      Recipient Purpose of provision Provided items Retention and use period
      Police station, prosecutor's office, court in charge Performance of statutory obligations Materials requested by courts and investigative agencies In accordance with the provisions of relevant laws and regulations
    3. In accordance with the relevant laws and regulations of the "Personal Information Processing and Protection Guidelines in Emergency Situations" jointly announced by the relevant ministries, the hotel may provide personal information to relevant organizations without the consent of the data subject in the event of an emergency such as a disaster, infectious disease, an incident or accident that poses an imminent danger to life or body, or an imminent loss of property.
    Entrustment of personal information processing
    1. The hotel entrusts the processing of personal information to an external company for website maintenance and inquiry processing system operation. Information about the trustee is as follows.
      Trustee: Pentabreed
      Consignment work: Website CMS operation and maintenance
    2. When entering into a consignment contract, the hotel, in accordance with Article 26 of the Personal Information Protection Act, specifies in the contract or other document matters related to the prohibition of processing personal information for purposes other than the performance of the consigned work, technical and administrative protective measures, restrictions on re-consignment, management and supervision of the consignee, and liability for damages, and supervises whether the consignee safely processes personal information.
    3. In accordance with Article 26, Paragraph 6 of the Personal Information Protection Act, the hotel's consent is obtained when the trustee re-entrusts the company's personal information processing work.
    4. If there are any changes to the content of the consignment work or the consignee, we will disclose such changes without delay through this personal information processing policy.
    Measures to ensure the security of personal information

    The hotel is doing its best to safely manage customers' personal information and prevent it from being lost, stolen, leaked, altered, or damaged, and is taking the necessary technical, managerial, and physical measures.

    Establishment and implementation of internal management plan
    To ensure the safe handling of personal information, the hotel has established and implemented an internal management plan.
    Minimizing and training personal information handlers
    We are doing our best to manage personal information by minimizing the number of people handling personal information and providing periodic training to those handling it.
    Restrict access to personal information
    We are taking measures to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information.
    Storage of access records and prevention of falsification
    To facilitate response in the event of a personal information breach, we store and manage access records (web logs, summary information, etc.) to the personal information processing system for at least two years, and use security features to prevent access records from being falsified, stolen, or lost.
    Encryption of personal information
    Your personal information (name, mobile phone number, email, etc.) is stored and managed in an encrypted form.
    Technical measures against hacking, etc.
    To prevent personal information leakage and damage due to hacking or computer viruses, the hotel installs security programs and conducts periodic updates and inspections. The system is installed in an area with controlled access from the outside and is monitored and blocked technically and physically.
    Access control for unauthorized persons
    We have established and are operating access control procedures for the physical storage location of the personal information system that stores personal information.
    Account Management Plan
    Public email accounts are only accessible to a minimal number of people and are managed securely, including through periodic password changes.
    Matters concerning the installation, operation, and rejection of automatic personal information collection devices
    1. The hotel may use Google Analytics to collect website usage statistics, which may include the use of cookies and referrers.
      • Cookies: Used to determine visit and usage patterns, popular search terms, and secure access (can be set in the browser)
      • Referrer: To check the inflow path (search engine, external link, etc.)
      • For statistical analysis and to provide customized information, and is not directly linked to personal information.
    2. Cookies are small pieces of information that the server (http) used to operate the website sends to the user's computer browser and are also stored on the hard disk of the user's PC computer.
      • Purpose of cookie use: To provide optimized information to users by identifying visit and usage patterns, popular search terms, and secure access status for each service and website visited by users.
      • Cookie installation/operation and rejection: You can reject cookie storage through the web browser settings > Privacy and security > Delete internet usage history settings.
    3. If you refuse to store cookies, you may experience difficulties using customized services.
    Matters concerning the international transfer of personal information
    1. When using Google Analytics services, the company collects access records (access time, browser information, screen resolution, inflow path, etc.), and during this process, the information may be stored on Google's overseas servers (e.g., in the United States).
    2. The company manages to ensure that appropriate protective measures are implemented in accordance with the service use agreement with Google.

      This website does not collect any personal information other than access records. In cases where consent for overseas transfer is required pursuant to Article 28-8 of the Personal Information Protection Act, separate notification and consent will be obtained through an individual consent procedure.

    Rights, obligations, and exercise methods of data subjects and legal representatives
    1. Data subjects may exercise their rights to access, correct, delete, suspend processing, and withdraw personal information at any time.
    2. You may exercise your rights through a proxy, such as the data subject's legal representative or authorized representative. In this case, you must submit a power of attorney in the format of Appendix 11 of the "Notice on Personal Information Processing Methods."
    3. Requests for access to personal information, etc., may be submitted to the department below. We will strive to promptly process requests for access to personal information.
      Department responsible for receiving and processing requests for personal information access, etc.
      • Department Name: DX Strategy Team
      • Phone number: 02-559-7444
      • Email: it_security@parnas.co.kr
    Personal Information Protection Manager
    1. The hotel is responsible for overall management of personal information processing and has designated a personal information protection officer as follows to handle complaints and provide remedies to data subjects related to personal information processing.
      Personal Information Protection Manager
      • Name: Han Man-hwan
      • Position: Managing Director
      • Contact: 02-559-7321
      • Email: it_security@parnas.co.kr
      Personal Information Complaints Handling Department
      • Department Name: DX Strategy Team
      • Contact: 02-559-7444
      • Email: it_security@parnas.co.kr
    2. Data subjects may inquire about any personal information protection-related issues, complaints, or damage relief that arise while using the hotel's services (or business) by contacting the Personal Information Protection Officer or the relevant department. The hotel will promptly respond and address all inquiries.
    3. Data subjects may seek redress for personal information infringements by filing dispute resolution or consultation requests with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, or other organizations. For other inquiries regarding reporting or consultation of personal information infringements, please contact the organizations listed below.
      1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
      2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
      3. Supreme Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)
      4. National Police Agency: 182 (ecrm.cyber.go.kr)
    Changes to the Privacy Policy
    1. This Privacy Policy takes effect on June 16, 2025. Any changes will be announced in advance on the website.