LOTTE AUTO GLOBAL Privacy Policy
Lotte Rental Co., Ltd. (hereinafter referred to as the “Company”) values the personal information of its online and offline members (hereinafter referred to as “Users”) and complies with personal information protection laws, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Credit Information Use and Protection Act, and the Personal Information Protection Act. This Privacy Policy explains in detail the purposes and methods of using the personal information provided by Users and the measures implemented to protect such information.
Article 1 (Status of Personal Information Processing)
① The Company processes Users' personal information for the following purposes. Personal information being processed is not used for purposes other than those specified below. In the event of any changes to the processing purposes, separate consent will be obtained in accordance with Article 18 of the Personal Information Protection Act.
② Personal Information Processed Without Subject’s Consent
Purpose of Collection | Items Collected | Retention Period | Legal Basis |
Member Service Operation | Name, Mobile Phone Number, ID, Password, Email Address, Nationality | Until membership withdrawal | Article 15, Paragraph1, Subparagraph 4 of the Personal Information Protection Act |
Membership registration | Business registration certificate (sole proprietor) Representative’s name, date of birth | Until membership withdrawal or loss of membership qualification | Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act |
Membership Registration (seller) | Representative’s name, Address, Phone Number, Fax Number(manager), Name, Mobile Phone Number, Email Address | Until membership withdrawal or loss of members hip qualification | Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act |
Vehicle Order | ID, Name, Order Details, Mobile Phone Number, Email Address, Nationality | 5 years | Article 15, Paragraph 1, subparagraph 4 of the personal information Protection Act |
Product inquiry (1:1 Inquiry) | Name, Email Address | Until membership withdrawal | Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act |
③ Personal Information Processed with Subject’s Consent
Category | Items Collected | Retention Period | Legal Basis |
Processing personal information for service promotion and sales offers | Name, phone number, email address | Until membership withdrawal or consent withdrawal | Ariticle 15, paragraph 1, subparagraph 1 of the personal information protection act |
Article 2 (Procedures and Methods for Destroying Personal Information)
① The Company destroys personal information without delay once the purpose of collection is achieved or the retention and usage period agreed upon has expired. However, records that must be retained according to relevant laws, such as the Act on Consumer Protection in Electronic Commerce, will be stored for the specified period before destruction.
② Personal information that must be retained for a certain period under relevant laws is as follows:
Legal Basis | Purpose | Retention Period |
Act on Consumer Protection in Electronic Commerce | Record of contracts or withdrawal of offers | 5 years |
Records of payments and supply of goods | 5 years | |
Records of consumer complaints or dispute resolution | 3 years | |
Records of display/advertisements | 6 months | |
Protection of Communications Secrets Acts | Website visit records | 3 months |
Framework Act on National Taxes | Books and evidentiary documents related to all transactions specified by tax laws | 5 years |
③ The procedures and methods for destroying personal information are as follows:
1) Destruction Procedures
Information collected during membership registration and service use is automatically destroyed from the system after achieving its purpose and after retention for the period stipulated by internal policies and relevant laws. Personal information collected offline is manually destroyed upon the expiration of the retention period or when its purpose is achieved.
2) Destruction Methods
Personal information recorded and stored in electronic files is destroyed using methods that prevent its recovery, and personal information recorded and stored in paper documents is shredded or incinerated.
Article 3 (Outsourcing of Personal Information Processing Tasks)
① The Company outsources the following personal information processing tasks to ensure efficient handling of such tasks
Outsourced Party (service Provider) | Outsourced Tasks |
Lotte Innovate Co., Ltd | System Maintenance and repair |
Myungseong Shipping Co., Ltd., Able Global Logistics Co., Ltd., CIG Shipping Co., Ltd. | Vehicle export forwarding |
MTS Company Co., Ltd. | Sending KakaoTalk notifications |
② When entering into outsourcing contracts, the Company specifies matters such as prohibition of processing personal information for purposes other than the intended tasks, technical and managerial safeguards, restrictions on re-outsourcing, management and supervision of the service provider, and liability for damages in accordance with Article 26 of the Personal Information Protection Act. The Company monitors the service provider to ensure safe handling of personal information. In cases where the outsourced party further re-outsources the tasks, prior consent from the Company is obtained.
③ The Company has approved the following re-outsourcing arrangements:
Outsourced Party (Service Provider) | Re-outsourced Party | Re-outsourced Tasks |
Myungseong Shipping Co., Ltd. | Shingwang TLS Co., Ltd., Changil Transfer Co., Ltd. | Inland vehicle transport |
Ables Global Logistics Co., Ltd. | Shingwang TLS Co., Ltd., DK, INEX carrier, Sung San Carrier | Inland vehicle transport |
Article 4 (Measures to Ensure the Security of Personal Information)
① The Company takes the following measures to ensure that Users' personal information is not lost, stolen, leaked, altered, or damaged during processing:
1) Establishment and Implementation of Internal Management Plans
The Company establishes and implements internal management plans annually in accordance with the "Standards for Ensuring the Security of Personal Information."
2) Minimization and Training of Personal Information Handlers
Lotte Rental Co., Ltd. restricts access to Users' personal information to the minimum number of personnel and conducts regular training. The authorized personnel include:
a. Personnel directly involved in marketing tasks with Users
b. The Personal Information Protection Officer and personnel responsible for managing personal information
c. Other individuals who inevitably need to process personal information due to work
3) Access Restrictions to Personal Information
Access to the personal information processing database system is controlled by granting, changing, or revoking access rights. Unauthorized access from external sources is prevented using intrusion prevention and blocking systems.
4) Encryption of Personal Information
Users' personal information is encrypted during storage and management. Secure transmission over networks is ensured using encryption algorithms.
5) Retention and Prevention of Tampering with Access Records
Access records to personal information processing systems are securely stored and managed for two years, as required by law.
6) Technical Measures Against Hacking and Other Threats
To prevent leakage or damage to personal information due to hacking or computer viruses, the Company installs security programs, updates them regularly, and implements technical measures to block unauthorized external access.
7) Control of Unauthorized Access
Data centers and document storage areas are designated as protected zones, and access to these areas is strictly controlled.
Article 5 (Installation, Operation, and Rejection of Automatic Information Collection Devices)
① The Company uses "cookies" to store and retrieve User information as needed to provide personalized services and convenience.
② Cookies are small pieces of data sent by the website server (http) to the User's browser and stored on the User's PC or mobile device.
③ Users can configure their web browser settings to allow, block, or delete cookies. However, refusing to store cookies may result in difficulties using customized services.
1). Allowing/Blocking Cookies on Web Browsers
a. Chrome: Web browser settings > Privacy and Security > Clear browsing data
b. Edge: Web browser settings > Cookies and site permissions > Manage and delete cookies and site data
2). Allowing/Blocking Cookies on Mobile Browsers
a. Chrome: Mobile browser settings > Privacy and Security > Clear browsing data
b. Safari: Device settings > Safari > Advanced > Block all cookies
c. Samsung Internet: Mobile browser settings > Internet usage history > Clear browsing data
Article 6 (Rights, Duties, and Methods of Exercising Rights of Information Subjects and Legal Representatives)
① Users may exercise their rights (hereinafter referred to as “exercise of rights”) regarding their personal information, including requests for access, correction, deletion, suspension of processing, withdrawal of consent, objections to automated decisions, or explanations.
② The exercise of rights can be conducted through written requests, email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will address such requests without delay.
③ Rights may also be exercised through legal representatives or authorized agents of the information subject. In such cases, a power of attorney form, as prescribed in Appendix 11 of the "Notification on the Method of Processing Personal Information," must be submitted.
④ The right to request access to or suspension of processing personal information may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If other laws explicitly require the collection of specific personal information, the deletion of such information cannot be requested.
⑥ The Company verifies whether the requester is the information subject themselves or a legitimate agent.
⑦ The exercise of rights can be directed to the <Personal Information Protection Officer or the Personal Information Management Department>, and the Company will make efforts to process such requests promptly.
Article 7 (Personal Information Protection Officer and Management Department)
① The Company assumes overall responsibility for the processing of personal information and has designated the following Personal Information Protection Officer to address user complaints and provide remedies related to personal information processing.
1). Personal Information Protection Officer
a. Name: Inbok Jeon
b. Position: Head of Information Security Division
c. Email: privacy_rental@lotte.net
2). Customer Service Department for Personal Information
a. Department: CS Team
b. Contact: +82-2-3404-9734
c. Email: kanghyuk.yoo@lotte.net
② Users may direct inquiries, complaints, or requests for remedies related to personal information protection to the Personal Information Protection Officer and the management department while using the Company's services. The Company will respond promptly and address user inquiries without delay.
Article 8 (Remedies for Violation of Rights)
① Users may seek remedies for personal information infringement by requesting dispute resolution or consultation from the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, or other organizations. For further inquiries or reports regarding personal information infringement, please contact the following institutions:
1). Personal Information Infringement Report Center (privacy.kisa.or.kr / Dial 118 without area code)
2). Personal Information Dispute Mediation Committee (www.kopico.go.kr / +82-2-1833-6972)
3). Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / Dial 1301 without area code)
4). Cyber Security Bureau, Korean National Police Agency (https://ecrm.police.go.kr/minwon/main / Dial 182 without area code)
② The Company ensures Users' rights to self-determination regarding their personal information and strives to provide consultation and remedies for personal information infringement. For further assistance, please contact the <Personal Information Protection Officer or the Personal Information Management Department>.
Article 9 (Changes to the Privacy Policy)
① This Privacy Policy was established on 2024/12/24 and is subject to updates or modifications in case of changes in government policies or security technologies. Any additions, deletions, or modifications will be announced in advance through the "Notice" section of the Company’s website.
② Previous versions of the Privacy Policy can be accessed by selecting the version at the top of this page.