Privacy Policy

K-TripONE Privacy Policy

K-TripONE (hereinafter referred to as the "Company") establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect personal information of data subjects and to promptly and smoothly handle related grievances.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. Personal information being processed shall not be used for any purpose other than the following, and if the purpose of use changes, the Company will obtain separate consent in accordance with applicable laws.

1. Membership registration and management: Confirmation of intent to register, identification and authentication for membership services, maintenance and management of membership, prevention of fraudulent use, various notices and notifications, handling customer inquiries and grievances
2. Travel and service reservation: Travel product booking, airport protocol services, airport pickup and vehicle services, hotel and accommodation reservations, tour and experience program reservations, payment and settlement processing, reservation confirmation and customer guidance
3. Customer consultation and complaint handling: Identity verification of complainants, verification and processing of complaint details, contact and guidance for fact-finding, notification of processing results

Article 2 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the period of retention and use prescribed by law or within the period agreed upon when collecting personal information from data subjects.

② Personal information retention periods:

1. Membership registration and management: Until membership withdrawal (however, until the conclusion of relevant matters in cases of investigation for legal violations or existing creditor-debtor relationships)
2. Service reservation and payment information: Until completion of service provision and payment settlement

• E-Commerce Act: Display/advertising records 6 months, contract or subscription withdrawal records 5 years, payment and service supply records 5 years, consumer complaint and dispute resolution records 3 years
• Telecommunications Privacy Act: Access logs and access location information 3 months

Article 3 (Provision of Personal Information to Third Parties)

In principle, the Company processes personal information only within the scope of Article 1 and provides it to third parties only in the following cases:

When there is consent from the data subject, when there are special provisions in laws, when necessary for service provision

Recipients and items provided:

Article 4 (Entrustment of Personal Information Processing)

The Company entrusts personal information processing as follows for smooth business operations:

Article 5 (Rights of Data Subjects and Methods of Exercise)

Data subjects may exercise the following rights related to personal information protection against the Company at any time:

• Request to access personal information
• Request for correction in case of errors
• Request for deletion
• Request to suspend processing

The above rights can be exercised via email, phone, or written request.

Article 6 (Personal Information Items Processed)

Article 7 (Destruction of Personal Information)

The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the purpose of processing has been achieved.

• Electronic files: Deleted using methods that make recovery and reproduction impossible
• Paper documents: Shredded or incinerated

Article 8 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information:

• Administrative measures: Establishment and implementation of internal management plans, personal information protection training
• Technical measures: Access rights management, encryption of personal information, installation and operation of security programs
• Physical measures: Access control to server rooms and data storage facilities

Article 9 (Use of Cookies and Automatic Collection Technologies)

The Company uses cookies and similar automatic collection technologies to provide individually customized services to users.

Purpose of cookie use: Analysis of visit and usage patterns, service improvement, provision of customized services

Types of cookies used:

• Essential cookies: Cookies necessary for service operation, including login authentication, session maintenance, and security functions (Firebase Authentication)
• Analytics cookies: Cookies for website usage statistics and traffic analysis (Google Analytics 4 — _ga, _ga_*, etc., valid for up to 2 years)
• Functional cookies: Cookies for customized features such as language settings and user preferences

Third-party cookies: This service uses Google Analytics 4 (GA4) to collect service usage statistics. For details on Google’s data processing, please refer to Google’s Privacy Policy.

How to manage cookies: Users can refuse or delete cookie storage through web browser settings. Cookie settings for major browsers are as follows:

• Chrome: Settings → Privacy and Security → Cookies and Other Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Firefox: Settings → Privacy & Security → Cookies and Site Data

If you refuse cookie storage, some services such as login persistence and language settings may be limited.

Article 10 (Personal Information Protection Officer)

The Company designates a Personal Information Protection Officer as follows to oversee personal information processing and handle complaints and damage relief for data subjects related to personal information processing.

Article 11 (Request for Access to Personal Information)

Data subjects may submit requests for access to personal information to the department below.

Article 12 (Remedies for Infringement of Rights)

Data subjects may contact the following organizations for damage relief, consultation, etc. regarding personal information infringement.

• Personal Information Infringement Report Center: https://privacy.kisa.or.kr (Phone: 118)
• Personal Information Dispute Mediation Committee: https://www.kopico.go.kr (Phone: 1833-6972)

Article 13 (Legal Basis for Processing Personal Information)

We process personal data based on the following legal grounds:

• User consent: For location data, K-Fun services (constitution diagnosis, fortune telling, etc.)
• Performance of a contract: For K-Welcome Pass purchases, travel service reservations and provision
• Legal obligation: To fulfill obligations under applicable laws such as the E-Commerce Act and the Protection of Communications Secrets Act
• Legitimate interest: For service improvement, usage analytics, and security enhancement

For users subject to the EU General Data Protection Regulation (GDPR), personal data is processed based on the above legal grounds, and users have the right to withdraw their consent at any time.

Article 14 (Cookie Consent)

When you first visit our Service, you may be presented with a cookie consent banner allowing you to accept or manage cookie preferences. You may manage cookie preferences at any time through your browser settings.

Article 15 (AI Service Data Processing)

The Company provides AI-based services (travel chatbot, constitution diagnosis, fortune telling, etc.), and related data is processed as follows:

• Chat conversations may be analyzed to improve the AI travel assistant but are not used to train external AI models
• Input data for constitution diagnosis and fortune services is used solely to generate the service response and is not stored separately

Article 16 (Photo Data Processing)

When using image-based services such as Hanbok AI synthesis, uploaded photos are processed as follows:

• Uploaded images are used only for the requested synthesis feature and are not used for biometric identification or facial recognition
• Original images are automatically deleted after processing is complete
• Synthesized result images are retained for a limited period for user download and then deleted
• Images are not used for AI model training

Article 17 (Data Protection Officer)

The Company designates the following Data Protection Officer for the protection of data in global service operations:

Article 18 (Payment Information Processing)

Payment processing is handled entirely by PayPal. K-TripONE does not store or process credit card information. All financial information related to payments is managed by PayPal's security systems.

Article 19 (Data Breach Response)

In the event of a data breach, we will notify affected users and relevant authorities without delay in accordance with applicable laws. The notification will include the circumstances of the breach, the types of personal information affected, measures to minimize damage, and actions users can take.

Article 20 (Marketing and Newsletters)

The Company sends marketing emails and newsletters only with the prior consent of users. Users may opt out at any time by clicking the unsubscribe link at the bottom of the email or through account settings.

Article 21 (Minimum Age for Service Use)

This Service is intended for users aged 16 and above. Children under the age of 16 may not register for an account or provide personal information without the consent of a legal guardian (parent or guardian). If the Company becomes aware that personal information has been collected from a person under the age of 16, such information will be deleted immediately.

Article 22 (Changes to Privacy Policy)

This Privacy Policy is effective as of March 13, 2026.

Partner Company Personal Information Provision Consent Terms

You agree to the provision of personal information to partner companies as described below for the use of K-TripONE services.

Article 1 (Purpose of Consent)

The purpose of consenting to the provision of personal information to partner companies is to provide the minimum necessary personal information to the relevant partner companies in order to smoothly deliver K-TripONE travel services (hotel reservations, airport protocol, vehicle services, tour programs, etc.).

Article 2 (Items Provided)

• Required items: Name, contact information (phone number), email
• Additional items by service: Flight information, passport information (when required), hotel reservation information, boarding information, payment information

Article 3 (Recipients)

Article 4 (Retention Period)

The provided personal information shall be destroyed without delay after the completion of service provision. However, if retention is required by relevant laws, it shall be stored for the applicable period.

• Service usage records: Destroyed after service completion
• Payment-related records: Retained for 5 years per the E-Commerce Act
• Consumer complaint and dispute resolution records: Retained for 3 years

Article 5 (Right to Refuse)

Data subjects have the right to refuse consent to the provision of personal information. However, refusing consent may restrict the use of the relevant services.

Article 6 (Personal Information Protection)

Partner companies shall not use the provided personal information for purposes other than the stated purpose or provide it to third parties, and shall take necessary technical and administrative measures for the safe management of personal information.

Article 7 (Withdrawal of Consent)

Data subjects may withdraw their consent to the provision of personal information at any time. Upon withdrawal of consent, personal information provided to partner companies shall be destroyed without delay. Withdrawal of consent can be requested through the K-TripONE Operations Team (athc@allthathonorsclub.com, 1600-0595).

Contact Information