For any question on Oakwood Hotels, please leave your inquiries. This is not for a real-time booking, and your inquiry will be replied within 72 hours (working days).
Agree on the privacy policy
Reason for Revision
This Privacy Policy has been revised to reflect the addition of hotels operated by Hanmoo Convention Co., Ltd., incorporate the latest requirements of the Personal Information Protection Act, and update the information of the Personal Information Protection Officers.
Effective Date: December 15, 2011
Last Updated: November 27, 2024
Oakwood Premier Coex Center Seoul, Oakwood Premier Incheon, and Mercure Seoul Magok, operated by Hanmoo Convention Co., Ltd. (hereinafter referred to as "Hanmoo Convention"), highly value the protection of users' (or "customers'") personal information and make every effort to ensure that personal information provided by users is protected while using Hanmoo Convention's services.
Hanmoo Convention complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other applicable laws and regulations in order to protect the rights and interests of data subjects. We process personal information lawfully and manage it securely in accordance with applicable laws and regulations.
In accordance with Article 30 of the Personal Information Protection Act, Hanmoo Convention establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for the processing of personal information and to ensure that any related complaints can be handled promptly and efficiently. This Privacy Policy is published on our website so that customers can easily access and review it at any time.
If Hanmoo Convention revises this Privacy Policy, we will notify users of the changes, including the effective date, through notices, pop-up windows, or other appropriate means on our website so that users can easily review the revised content. We will also post and make the updated Privacy Policy available at our properties so that visiting customers can easily review the revised information at any time.
The personal information treatment policies of Oakwood have the following content:
1. Consent to Collection and Use of Personal Information, Etc
2. Consent to Provisions of Informaiton for Services
3. Provision of Personal Information to Third Parties
4. Retention and Use Period of Personal Information
5. Destruction of Personal Information, and the Procedures and Methods
6. Rights of Users and Legal Representatives, and the Exercise Methods
7. Technical, Managerial Measures for Protection of Personal Information
8. Personal Information Protection Manager
9. Collection of Opinions and Handling Complaints
10. Notification Obligations for Policy Changes

1. Consent to Collection and Use of Personal Information, Etc
Pursuant to the “Personal Information Policies” of Oakwood, customers’ consent to collecting, using, delegating for treatment, and providing to third parties their personal information is made when customers read and understand the details written on the “Consent to Collection, Use of Personal Information” attached to the “Registration Card” or the “Application for Membership Subscription,” etc., and then sign a written consent
Category | Required / Optional | Purpose of Use | Retention Period | Method of Collection | |
Membership Registration / Membership Enrollment | Required | Name, E-mail Address, Gender, Year of Birth | Identity verification, provision of membership benefits, notification of changes to the Terms and Conditions, delivery of notices, and handling of inquiries, consultations, and complaints | Immediately upon membership withdrawal | Website (SNS Account) |
Optional | Name, E-mail Address, Gender, Year of Birth | Provision of personalized services and promotional information | |||
Room Reservation | Required | Name, E-mail Address, Contact Number, Membership Number, Payment Information (Card Issuer, Cardholder Name, Card Number, Expiration Date) | Hotel reservation and customer service (including room reservation services, reservation notifications, handling customer complaints, and resolving legal disputes) | Five (5) years after check-out | Website |
Restaurant Reservation via Website | Required | Name, E-mail Address, Contact Number, User ID | Identity verification, restaurant reservation, and customer service | Immediately upon membership withdrawal | Website (SNS Account) |
Guest Registration | Required | Name, E-mail Address, Contact Number, Reservation Information, Guest Type, Unique Identification Information (Passport Number for Foreign Nationals), Payment Information (Card Issuer, Cardholder Name, Card Number, Expiration Date) | Customer identification, verification of payment method, provision of services, resolution of disputes and complaints, customer satisfaction surveys, and other purposes necessary for commercial transactions | Five (5) years after check-out | Registration Card |
Banquet Event Contract | Required | Name, E-mail Address, Contact Number, Company Name (Corporate Client), Payment Information (Card Issuer, Cardholder Name, Card Number, Expiration Date) | Identity verification, communication for service provision, delivery of notices, securing communication channels, use of paid services, product purchases, and payment collection for outstanding balances | Five (5) years after the event | Event Contract Form |
Voice of the Customer | Required | E-mail Address, Contact Number | Communication for service provision, response to inquiries, and delivery of notices | Three (3) years | Website |
Fitness Club Membership | Required | Name, Date of Birth, Photograph, Gender, Contact Number, Address, Vehicle Registration Number, Payment Information (including family members and employees of corporate members) | Identity verification for membership services, communication for service provision, delivery of notices, handling of complaints, and provision of personalized services | Five (5) years after membership withdrawal | Membership Application Form |
Optional | Reason for Membership Registration, Event Information | Provision of personalized services and promotional information | |||
Event Participation | Required | Name, E-mail Address, Contact Number | Identity verification, communication for service provision, delivery of notices, and handling of complaints | Six (6) months | SNS |
Online Job Application | Required | Name, E-mail Address, Contact Number, Educational Background, Work Experience, Date of Birth, Military Service Information | Identity verification and recruitment | In accordance with the Company's internal policies and regulations | E-mail, Recruitment Website |
Optional | Hobbies, Special Skills, Certifications | ||||
2. Provision and Sharing of Personal Information with Third Parties
Hanmoo Convention does not provide customers' personal information to third parties beyond the scope of the customer's consent. Where personal information is provided to a third party for the purpose of providing better services, Hanmoo Convention specifies the recipient of the personal information, the purpose of use, the items of personal information to be provided, and the retention and use period of such information by the recipient. However, the following cases are exceptions:
A. Where the customer has given prior consent
B. Where disclosure is required by applicable laws and regulations
Personal information may be provided where required by applicable laws, including the Protection of Communications Secrets Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Act on Real Name Financial Transactions and Confidentiality, the Credit Information Use and Protection Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Framework Act on Consumers, the Criminal Procedure Act, and other applicable laws. However, even where an administrative authority or an investigative agency requests personal information for administrative or investigative purposes, Hanmoo Convention will provide such information only where the request has been made in accordance with lawful procedures prescribed by applicable law, such as pursuant to a warrant or an official written request bearing the official seal of the head of the requesting authority.
C. Provision or Sharing of Personal Information with Business Partners
Hanmoo Convention may provide or share customers' personal information with its business partners in order to provide better services. In such cases, Hanmoo Convention will obtain the customer's separate consent by e-mail, through its website, by telephone, or in writing after specifying the recipient of the personal information, the purpose of use, the items of personal information to be provided, and the retention and use period. If the customer does not consent, Hanmoo Convention will neither provide nor share the customer's personal information with its business partners.
3. Entrustment of Personal Information Processing
Hanmoo Convention entrusts the processing of personal information to external service providers as set forth below in order to provide essential services to customers and enhance customer convenience.
When entrusting the processing of personal information, Hanmoo Convention enters into written agreements with the entrusted parties that stipulate compliance with applicable personal information protection laws and regulations, confidentiality obligations regarding personal information, prohibition of the provision of personal information to third parties, liability for damages in the event of incidents, the duration of the entrustment, and the obligation to return or destroy personal information upon completion of the entrusted services. Hanmoo Convention also manages, supervises, and provides appropriate training to ensure that the entrusted parties comply with these obligations.
Purpose of Entrustment | Entrusted Party | Retention and Use Period |
Information processing and system development, maintenance, and management | Oracle, NEPS, Crevision | Until the termination of the entrustment agreement |
Development, maintenance, and management of the website and room & restaurant booking system | C.O. Soft | |
Sending KakaoTalk Notification Messages (AlimTalk) | Solapi | |
Customer satisfaction surveys | Market Metrics |
4. Retention Period and Destruction of Personal Information
A. Retention Period of Personal Information
Hanmoo Convention will promptly destroy customers' personal information once the purpose of its collection and use has been fulfilled, such as when a customer withdraws membership or loses membership eligibility. Where personal information has been provided to a third party, Hanmoo Convention will also take necessary measures to ensure that such information is promptly destroyed by the relevant third party. Personal information retained by Hanmoo Convention will be used solely for retention purposes, and the retention periods are as follows:
- Records relating to contracts (registrations) or withdrawal of subscription: 5 years (pursuant to the Act on the Consumer Protection in Electronic Commerce, etc.)
- Records relating to payment and the supply of goods or services: 5 years (pursuant to the Act on the Consumer Protection in Electronic Commerce, etc.)
- Records relating to consumer complaints and dispute resolution: 3 years (pursuant to the Act on the Consumer Protection in Electronic Commerce, etc.)
- Identification and preference information for repeat visits and personalized services: 5 years
- Where the customer has given separate consent: For the period agreed upon by the customer
B. Procedures and Methods for Destruction of Personal Information
Hanmoo Convention will, in principle, promptly destroy personal information once the purpose of its collection and use has been achieved. The procedures and methods for destruction are as follows:
- Destruction Procedures
- Personal information provided by customers for the use of services will be retained for a certain period in accordance with internal policies and applicable laws and regulations (refer to the Retention Period and Use of Personal Information) after the purpose of collection and use has been fulfilled, and will then be destroyed.
- Personal information retained pursuant to applicable laws and regulations will not be used for any purpose other than those prescribed by such laws.
- Destruction Methods
- Personal information printed on paper will be destroyed by shredding or incineration.
- Personal information stored in electronic files will be permanently deleted using technical methods that prevent the recovery or restoration of the records.
5. Rights of Data Subjects and Methods of Exercising Their Rights
Users may, at any time, access, correct, request the suspension of processing, or request the cancellation of their membership by contacting the Personal Information Protection Officer via the website, telephone, or e-mail. If a customer requests the correction of inaccurate personal information, Hanmoo Convention will not use or provide the relevant personal information until the correction has been completed. If inaccurate personal information has already been provided to a third party, Hanmoo Convention will promptly notify the third party of the correction so that the necessary corrective measures can be taken.
Users may also request the suspension of the processing of their personal information. However, such requests may be denied where otherwise provided by applicable laws or regulations, where processing is necessary to comply with legal obligations, or where granting the request is likely to harm the life or body of another person or unfairly infringe upon the property or other rights and interests of others. In such cases, Hanmoo Convention will promptly notify the user of the reason for the denial.
Personal information that has been deleted or the membership of which has been terminated at the user's request will be processed in accordance with the "Retention Period and Use of Personal Information Collected by Hanmoo Convention" and will not be accessed or used for any purpose other than those specified therein.
6. Measures to Ensure the Security of Personal Information
A. Technical and Administrative Safeguards
Hanmoo Convention has established and implemented appropriate technical and administrative measures to ensure the security of personal information processed by the Company. The personal information processing system is protected by firewall systems, and access logs are separately backed up to prevent alteration or tampering. In addition, Hanmoo Convention has implemented the following technical safeguards to prevent the loss, theft, leakage, alteration, or damage of personal information caused by hacking or other security incidents:
- Encryption of customers' personal information
- Security measures using passwords and other authentication methods
- Measures to prevent computer viruses, including the installation and operation of antivirus software
- Secure transmission of personal information over networks through encryption algorithms and other security technologies
- Installation and operation of access control systems, including firewall systems
- Data backup and other technical measures necessary to ensure the security of personal information
B. Administrative Safeguards
Hanmoo Convention limits access to personal information to the minimum number of personnel necessary to perform their duties. Regular and ad hoc security training is provided to such personnel, and internal security is periodically reviewed to prevent the leakage of personal information. In addition, Hanmoo Convention has established procedures for the management of and access to personal information, requires its employees to comply with such procedures, designates authorized personnel with access rights, assigns user IDs and passwords, and requires passwords to be changed on a regular basis.
- Regular training for personnel responsible for processing personal information regarding their obligations under applicable personal information protection laws and regulations
- Internal audits conducted in accordance with procedures for personal information protection
- Physical access control to key protected areas, including server rooms and computer facilities
7. Technical, Managerial Measures for Protection of Personal Information
Oakwood prepares and takes technical, managerial measures to safely protect personal information in handling users’ personal information. The personal information processing system protects personal information with firewalls and keeps access records in separate backups to prevent them from being forged or altered.
Oakwood prepares for accidents by taking the following technical measures necessary to confirm security in order to prevent users’ personal information from being lost, stolen, released, or altered, or damaged by hacking, etc. from the website.
1) Encoding customers’ personal information
2) Security equipment with use of passwords, etc.
3) Measures to prevent computer viruses by installing and operating vaccine programs
4) Security equipment with which personal information can be safely conveyed on the network by use of cipher algorism
5) Installing, operating access control devices, including firewalls
6) Data backups, and any other technical measures necessary to obtain security
Oakwood limits persons who can handle customers’ personal information to the minimum required number of personnel, continuously provides regular or irregular security education with respect to the relevant personnel, and makes efforts to ensure that personal information is not disclosed by frequently checking internal security conditions. Also Oakwood prepares required procedures, etc. for access and control of customers’ personal information and cause our officers and employees to read and understand, comply with them. Further Oakwood designates persons authorized to get access to personal information and gives them IDs and passwords, and causes them to regularly renew the passwords.
1) Providing regular education regarding personal information protection obligations, etc. for personal information handling persons
2) Conducting internal audit procedures for personal information protection
3) Physically restricting access to major protective areas, including computer rooms
8. Personal Information Protection Officer
Hanmoo Convention designates the following departments and Personal Information Protection Officers to protect customers' personal information and handle complaints related to personal information. Customers may report any inquiries or complaints relating to the protection of personal information arising from the use of Hanmoo Convention's services to the Personal Information Protection Officer or the relevant department. Hanmoo Convention will promptly provide appropriate responses to all such reports.
A. Personal Information Protection Officer
Name / Position: Mr. Yong Goo Lee, General Manager
Affiliation: Oakwood Premier Coex Center Seoul
Tel: +82-2-3466-7003
E-mail: yklee@oakwoodpremier.co.kr
Name / Position: Mr. Soo Il Kim, General Manager
Affiliation: Oakwood Premier Incheon
Tel: +82-32-726-2100
E-mail: sikim@oakwoodpremier.co.kr
Name / Position: Ms. Yoon Jung Lee, General Manager
Affiliation: Mercure Seoul Magok
Tel: +82-2-2261-6000
E-mail: kevin.lee.1@accor.com
B. Personal Information Protection Manager (General)
Name / Position: Mr. Jae Woong Kim, Front Office Manager
Affiliation: Oakwood Premier Coex Center Seoul
Tel: +82-2-3466-7113
E-mail: jwkim@oakwoodpremier.co.kr
Name / Position: Mr. Jin Han Kim, Deputy General Manager
Affiliation: Rooms Division, Oakwood Premier Incheon
Tel: +82-32-726-2100
E-mail: jhkim@oakwoodpremier.co.kr
Name / Position: Mr. Hyun Min Kim, Front Office Manager
Affiliation: Rooms Division, Mercure Seoul Magok
Tel: +82-2-2261-6000
E-mail: hmkim@hmcon.co.kr
C. Personal Information Protection Manager (IT)
Name / Position: Mr. Yong Hyun Ahn, IT Manager
Affiliation: IT Team, Hanmoo Convention Co., Ltd.
Tel: +82-2-3466-7393
E-mail: yhan@hmcon.co.kr
9. Collection of Opinions and Handling Complaints
Oakwood highly appreciates and values customers’ opinions. Should customers have inquiries, if they directly visit or ask questions to the customer center, the customers’ voices in the website, etc., Oakwood will give prompt and accurate answers.
- Customer Center : Tel 02.3466.7000
- URL http://www.oakwoodpremier.co.kr
Should consultations for personal information infringements be necessary, a customer may refer inquiries to the following institutions.
- Personal Information Infringement Reporting Center : Tel (without a telephone exchange number)1336 / URL http://www.1336.or.kr
- Internet Crime Investigation Center of Supreme Prosecutors’ Office : Tel 02-3480-3600 / URL http://icic.sppo.go.kr
- Cyber Crime Investigative Service of National Police Agency : Tel 02-393-9112 / URL http://netan.go.kr
10. Notification Obligations for Policy Changes
These Personal Information Treatment Policies have been established on December 15, 2011. When there are additions, deletions, or changes of the content as a result of changes in the laws, policies, or security technologies, Oakwood will without delay notify the reasons for change, the content, etc. through the homepage of Oakwood Premier Coex Center..
- Version No. of Personal Information Treatment Policies : 2.0
- Notification Date of Personal Information Treatment Policies : 2011.12.31
- Implementation Date of Personal Information Treatment Policies : 2012.01.01

