Prohibition of Unauthorized Collection of E-mail Addresses

Privacy Policy

Home

LOTTE PROPERTY & DEVELOPMENT Inc abides by the relevant guideline and jurisdiction of 「the Personal Information Protection Regulations」such as 「Act on the Protection of Personal Information」, 「Act on Promotion of Information and Communication Network Utilization and information Protection, etc」 and considers customer’s privacy important and does its best to protect the personal information the customers provide it online while they use its service.

The company informs the customers the purpose and method of using their personal information based on Privacy Policy and the measures it takes to protect their privacy.

The company encourages the customers to read this policy whenever they want by making it public on its website and mobile service, and if the Privacy Policy changed, it will be noticed by web/mobile service’s notice. This Privacy Policy applies to LOTTE PROPERTY & DEVELOPMENT, LOTTE WORLD TOWER & MALL, workflex, SKY31Convention, Residence web/mobile service and it can be changed due to the changes in the relevant guideline and jurisdiction of 「the Personal Information Protection Regulations」 or the company’s inside policy

[Indication of Processing of Major Personal Information (Labeling)]

Purposes of Processing of Personal Information
Period of Retention of Personal Information
Processing items of Personal Information
Personal Information
personal video information
Outsourcing and Overseas Transfer of Personal Information Processing
Provision of Personal Information to Third Party
Automatic Personal Information Collection Tool and Rejection thereof
Destruction of Personal Information
Rights and Obligations of Data Subjects and Exercising thereof
Measures to Ensure Safety of Personal Information
Personal Information Protection Manager
Remedial Procedure for Infringement of Rights
video processing system
Revision of Personal Information Management Policy

Article1 (Purposes of Processing of Personal Information)

The company processes customer’s personal information to provide various convenient internet services.
The company collects and uses personal information based on the following and if the purpose is changed, we will do the necessary management based on the policy of article 18, Persional Information Protection Act.

A. Customer confirmation, Reply to inquiry due to customer inquiry
B. Complaint handling and to prevent corrupted use and unauthorized use of members (Including LOTTE PROPERTY & DEVELOPMENT's Internal complaint system and Voice of Partners)
C. Use for marketing and advertising (Purpose of providing services such as various events / events, exhibitions / performances, coupons, new product information, etc.)
D. Notice and information guidance related to event (Event information guide, reception completion guide, record guide, granularity, description, uploading of photos, delivery of finish record card, etc.)
E. Delivering goods (T-shirt delivery for event, delivering plaque and prize money)
F. Carry out survey targeting participating volunteers
G. Confirm whether the legal representative agrees when collecting personal information of children under 14 years of age
H. Providing information on other quality services and organizing contests

Article2 (Processing of Personal Information and Period of Retention)

The Company destroys Personal Information without delay when the purpose of a collection or provision of Personal Information is achieved.
As a rule, the information will immediately be destroyed when the purpose of collecting or providing personal information is achieved. However, when the information is required by the relevant jurisdiction to be held, it will be held for a certain period of time, and the company will use the information only for the retention purpose. (However, According to Article 15-2 of the Communications Secret Protection Act, the company can retain name, contact information, and Email for 12 months to offer confirmation materials of communication fact)

개인정보의 처리 및 보유기간 내용에 관한 표
Category	Retention reason	Retention period
LOTTE PROPERTY & DEVELOPMENT website	reference for conduction of business	1 year
	In case of receiving VOP(Voice of Partners)	1 year
	In case of integration of LPOINT membership services	Destroy immediately at the end of the session
LOTTE WORLD TOWER & MALL website	In case of receiving Voice of Customer	Destroy immediately if purpose of collection or provided accomplished
	In case of receiving Biz inquiry	Destroy immediately if purpose of collection or provided accomplished
	In case of receiving request for membership service for employees	Destroy by January 1st, the following year after leaving membership service for employees or L.POINT
	In case of receving order for waiting of restaurant service	1 year
	In case of receiving order for reservation of restaurant service	1 year
	In case of receiving order for to-go of restaurant service	1 year
SKY31 convention website	Inquiry	Destroy immediately if the reservation canceled
SKY31 convention website	In case of signing a contract	5 years (According to National Tax Basic Law and Corporate tax law)
workflex website	Inquiry	Destroy in 1 month after application for consultation
	In case of signing a contract	5 years (According to National Tax Basic Law and Corporate tax law)
	In case of access system registration	Until the purpose is accomplished(Destroy within the following 1 month after the contract expires)
Common	Information about customer’s complaints and disputes settlement	3 years (According to National Tax Basic Law and Corporate tax law)
	Information about payment and goods supply	5 years (According to National Tax Basic Law and Corporate tax law)
	Information collected for survey and event	Until the purpose is accomplished(Destroyed immediately in 1 month after termination)

Article3 (Processing items of Personal Information)

The company collects and uses the customer’s personal information as below to provide various convenient internet services.

개인정보의 처리 및 보유기간 내용에 관한 표
Category	Contents	Required Information
LOTTE PROPERTY & DEVELOPMENT website	In case of receiving internal complaint system	(Essential) name, phone number, e-mail address
	In case of receiving VOP(Voice of Partners)	(Essential) name, phone number, e-mail address
	In case of integration of LPOINT membership services	(Essential) name, ID, PW, Customer ID, phone number, CI
LOTTE WORLD TOWER & MALL website	In case of proceeding event	(Essential) name, gender, phone number, address, e-mail address, nationality(in case of foreigner), blood type, history of disease, size of top
	In case of participation of children under age 14	(Essential) a legal representative’s name, contact information
	In case of receiving Voice of Customer	(Essential) name, contact information, e-mail address
	In case of receiving Biz inquiry	(Essential) name, phone number, e-mail address
	In case of receiving request for membership service for employees	(Essential) name, phone number, picture for business photo
	In case of receving order for waiting of restaurant service	(Essential) phone number
	In case of receiving order for reservation of restaurant service	(Essential) name, phone number
	In case of receiving order for to-go of restaurant service	(Essential) phone number
SKY31 CONVENTION website	Inquiry	(Essential) name, corporate name, wire-wireless phone number, e-mail address, inquiry and contract details
SKY31 CONVENTION website	In case of signing a contract	(Essential) name, corporate number(for corporate customer), birth number(for regular customers), phone number, e-mail address
workflex website	Inquiry	(Essential) name, corporate name, e-mail address, phone number
workflex website	In case of signing a contract	(Essential) name, address, phone number, date of birth, e-mail address, corporate name

Article4 (Provision of Personal Information to Third Party)

LOTTE PROPERTY & DEVELOPMENT does not use or provide without the customer’s prior consent or provide the information to the third parties.
However, followings are exceptions.

A. When the user agreed to provide the information previously
B. When the investigative agency and supervisory authority require for the information for the purpose of investigation based on the process and method of the relevant jurisdiction
C. When necessary to settle charges for service provision
D. When the personal information is needed for fulfillment of contract
E. When there is sufficient evidence that it is necessary to disclose user information that causing mental or physical damage to others thus legal action against it should be taken
F. When the information is provided to the third parties like external organization and group in the form of unidentifiable state for making statistics, marketing analysis and market research
G. When the personal information is needed for fulfillment of contract related to provision of service but extremely difficult to obtain normal consent due to economic or technical reason

Article5 (Outsourcing and Overseas Transfer of Personal Information Processing)

The company consigns the personal information task to the agent as below and takes necessary measures to make sure the information is safely managed according to the relevant jurisdiction. - Followings are the purpose of consignment.

the purpose of consignment
Agent	Task	Retain and Use period
LOTTE Members, Inc	Operate L.POINT Membership	Destroy immediately if the Membership withdrawal or expulsion
LOTTE Data Communication Company	Operate computing system	Destroy immediately at the end of the contract
Daehong communications	Do business for event	Until the purpose is accomplished
LOTTE Shopping	Do business for operating LOTTE WORLD MALL	Destroy immediately at the end of the contract
BAT(Arkitypecompany)	Collect event customer information	Until the purpose is accomplished
The man	Security service(parking)	1 year
S-Tec system	Security service(security)	1 year
Proscom	Security service(security)	1 year

Article6 (Destruction of Personal Information)

The Company will destroy the information without delay once the purpose of collecting and using personal information has been achieved. However, if it is required to be stored according to other related laws, the personal information is moved to a separate database or stored in another storage location. The destruction procedure and method are as follows.

A. Destruction procedure
- - The information entered at the time of the inquiry will be transferred to another DB (another document box in the case of paper) after the purpose has been achieved and destroyed after being stored for a certain period based on the internal policy and other information protection grounds according to related laws (retention and refer to usage period)
- - The personal information separately transferred to the DB will not be used for any other purpose other than the possession unless it is required by law.
B. Destruction method
- - The personal information output on paper is shredded by a shredder or destroyed through incineration.
- - Personal information stored in the form of electronic files will be deleted using technical methods that do not allow the recording to be replayed.

Article7 (Installation and Operation of Automatic Personal Information Collection Tool and Rejection thereof)

The company uses cookies that stores information related to users and find it frequently. A cookie is a very small text file sent to the browser on users computer by the server used to operate the company's website and stored on users computer's hard disk.

A. Purpose of using cookie
- - Save selected research customization point choose by individual and used for configuration which the user requires.
B. How to reject setting cookies
- 1) How to set cookies (In case of using Explorer 9.0 or higher)
  Click Start> Control Panel> Internet Options. Click the "Personal Information" tab. Adjust the meter in "Settings" and set the level that allows cookies that suit users.
- 2) How to see received cookies (In case of using Explorer 9.0 or higher)
  Click Start> Control Panel> Internet Options. Click the General tab. Click the "Settings" button in "Search History". Click the “View File” button to confirm.
- 3) How to reject setting cookies (In case of using Explorer 9.0 or higher)
  Click Start> Control Panel> Internet Options. Click the "Personal Information" tab. Set the meter in "Settings" to a higher level and set it to "Block all cookies""".

Article8 (Rights and Obligations of Data Subjects and Exercising thereof)

A. The information subject (user), the legal representative of a child under the age of 14, may exercise the rights related to personal information protection (request to view personal information, request correction if there is an error, request deletion, request suspension of processing) at any time, and the procedure is as follows.
- 1) Online members' personal information can be viewed, corrected, or deleted through the process, that is [LOTTEWORLDTOWER&MALL Hompage] > [MyPage] > [profile(integration of L.POINT (http://www.lpoint.com))] and if a request is made to the person in charge of personal information management by e-mail or in writing, we will read, correct, or delete it after confirming the identity.
- 2) If the information subject (user) or the legal representative of a child under the age of 14 requests correction or deletion of an error in personal information, the company does not use or provide the personal information until the correction or deletion is completed.
B. Customer’s consent to the collection, use and provision of the personal Information through membership registration can be withdrawn at any time. To withdraw consent, click the "Membership Withdrawal Application" on the LPOINT site (http://www.lpoint.com) or contact the person in charge of personal information management in writing, phone call, or e-mail. And we will take necessary measures without delay, such as deleting your personal information.
However, if the company needs to preserve the member's personal information according to the laws or the terms and conditions, the processing may be restricted. In this case, the member must reveal his or her ID and identification information for identification, and withdrawal may result in some restrictions on the service or unavailability of some services.
C. The exercise of rights pursuant to “A” can be done through an agent, such as a legal representative of the information subject or a person who has been delegated. In this case, the information subject(user) must submit a power of attorney in accordance with the form of Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.
D. The information subject(user) has the right to have their personal information protected, as well as the duty to protect it themselves and not to infringe on other people's information.
- 1) The information subject(user) has responsible of the accidents caused by incorrect information entered by themselves and for problems when entering false information, such as stealing other people's information.
- 2) The information subject(user) should be careful not to damage the personal information of others, including posts, in accordance with the relevant laws and regulations so that personal information, including passwords, is not leaked.

Article9 (Measures to Ensure Safety of Personal Information)

The company considers following managerial, technical and physical measures to protect personal information from being lost, stolen, disclosed, distorted, or damaged when dealing with customer’s personal information.

A. Managerial Measures
- 1) Minimization and education of personal information handlers
  We limit the personal information handlers of the company to the minimum and take measures such as regular education for those who process personal information to make them aware of the importance of protecting personal information.
- 2) Formulation and implementation of internal control regulations
  We have formulated and implemented internal control regulations for the safe processing of personal information.
- 3) Perform regular self-audits
  In order to ensure the safety related to the processing of personal information, we carry out self-audits on a regular basis (once every six months)
B. Technical Measures
- 1) Encryption of personal information
  Personal information such as resident registration number, name, contact information, bank account number, credit card number, etc. provided by the customer is encrypted by a secure encryption algorithm and stored and managed.
- 2) Measures for hacking etc
  The company operates an intrusion prevention system 24 hours a day to prevent the leakage of customer's personal information due to intrusion of the company information communication network such as hacking, and personal confidential information is encrypted communication etc. Through this, personal information can be safely transferred over the network.
- 3) Storage of connection records and Preventing forgery • modulation
  We store and manage the records connected to the personal information system for over a year, and use security functions to prevent the connection records from being forged, altered, stolen or lost.
C. Physical Measures
- 1) Physical monitoring and blocking.
  We have set up data processing room, document storage room, etc. that store personal information in areas where access from the outside is controlled, and physically monitor and block them to control the entry and exit of unauthorized persons.

Article10 (Personal Information Protection Manager)

The company does its best to make sure customers can safely use its service. The customers can reports any kinds of complaints related to personal information protection of service to those managers below. The company will respond quickly and sincerely to them.

Managers in charge of Personal Information
	Chief Privacy Officer of Information Protection	Person in charge of Personal Information Protection	Person in charge of Personal Information Protection (workflex)	Person in charge of Personal Information Protection (SKY31 Convention)	Person in charge of Personal Information Protection (LOTTE TOWER & MALL Website)	Person in charge of Personal Information Protection (Residence)
Name	Kwang-Hee Son	Min-Kyu Ham	Minjung Kim	Seung-Chan Lee	So-Hyun Yu	Min-ji Park
Team	Information Security Division	Information Security Division	Shared Space	Shared Space	Marketing	Residence
Position	Managing Director	Associate	Associate	Associate	Associate	Associate
Email	khson@lotte.net	mkham@lotte.net	kim_minjeong@lotte.net	seungchan@lotte.net	sohyunyu@lotte.net	mjpark99@lotte.net
Telephone	02-3213-5600	02-3213-5607	02-3213-5965	02-3213-9002	02-3213-5108	02-3213-5907

Managers in charge of Personal Information
	Chief Privacy Officer of Information Protection	Person in charge of Personal Information Protection
Name	Kwang-Hee Son	Min-Kyu Ham
Team	Information Security Division	Information Security Division
Position	Managing Director	Associate
Email	khson@lotte.net	mkham@lotte.net
Telephone	02-3213-5600	02-3213-5607

Managers in charge of Personal Information
	Person in charge of Personal Information Protection (workflex)	Person in charge of Personal Information Protection (SKY31 Convention)
Name	Min-jung Kim	Seung-Chan Lee
Team	Shared Space	Shared Space
Position	Associate	Associate
Email	kim_minjeong@lotte.net	seungchan@lotte.net
Telephone	02-3213-5965	02-3213-9002

Managers in charge of Personal Information
	Person in charge of Personal Information Protection (LOTTE WORLD TOWER & MALL Website)	Person in charge of Personal Information Protection (Residence)
Name	So-Hyun Yu	Min-ji Park
Team	Marketing	Residence
Position	Associate	Associate
Email	sohyunyu@lotte.net	mjpark99@lotte.net
Telephone	02-3213-5108	02-3213-5907

Article11 (Remedial Procedure for Infringement of Rights)

Customers can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency, and Personal Information Infringement Reporting Center in order to receive relief from personal information infringement.
In addition, please refer to the organizations below when reporting or counseling are needed to resolve other Personal information violation problem

- Personal Information Violation Report Center (http://www.118.or.kr / 118)
- Personal Information Dispute Coordination Committee (http://www.kopico.go.kr / 1833-6972)
- Cyber-crime Investigation Division of Supreme Prosecutor’s Office (http://www.spo.go.kr / 1301)
- Cyber Crime Reporting System Police Agency (http://ecrm.cyber.go.kr / 182)

Article12 (Operation Management Policy of Video Processing System)

LOTTE P&D inform subject(user) of the purpose and method of the video through ‘LOTTE PROPERTY & DEVELOPMENT Inc Guidelines for closed circuit television’.