Hotel Lotte Co., Ltd. (hereinafter referred to as “LOTTE Hotels”) places great importance on the personal information of LOTTE Hotels customers, “collects, uses, and provides personal information based on consent,” and “actively guarantees the rights of users (self-determination of personal information)”.

LOTTE Hotels complies with all applicable laws, privacy regulations and guidelines that LOTTE Hotels is obliged to comply with.

Hotel Lotte Co., Ltd. (hereinafter referred to as “Company”)(Modify) places great importance on the personal information of LOTTE Hotels & Resorts customers (hereinafter referred to as “LOTTE Hotels”)(Modify), “collects, uses, and provides personal information based on consent,” and “actively guarantees the rights of users (self-determination of personal information)”.

LOTTE Hotels complies with all applicable laws, privacy regulations and guidelines that LOTTE Hotels is obliged to comply with.

1. Collecting personal information

LOTTE Hotels collects the minimum amount of personal information required for service provision.

In order to provide the following services, we collect the minimum amount of personal information through our website or using a paper form when customers sign up for membership or use a service.

The personal information LOTTE Hotels collects from data subjects at the time they sign up for membership online (Rewards membership) is as follows.

“Name (English), country, date of birth, contact information, e-mail, ID, and password” are required information. If a data subject is under 19 years of age, he or she may not sign up for membership. “Name in Korean” is collected as an optional item.

1. Collecting personal information

The company(Modify) collects the minimum amount of personal information required for service provision.

In order to provide the following services, we collect the minimum amount of personal information through our website or using a paper form when customers sign up for membership or use a service.

The personal information LOTTE Hotels collects from data subjects at the time they sign up for membership online (Rewards membership) is as follows.

“Name (English), country, date of birth, contact information, e-mail, ID, and password” are required information.(Delete) If a data subject is under 19 years of age, he or she may not sign up for membership. “Name in Korean” is collected as an optional item.

1. Collecting personal information

See details of personal information collected for online services

Category : Rewards membership

Required Items

Items to be collected : Name (English), country, date of birth, contact information (mobile or home phone), e-mail, ID, password, Rewards membership number, information on LOTTE Hotels (including local and international chains) reservations and stays (including length of stay, room rate, and purchase amount), point accumulation and use history, discount history, and IP/cookie information, Mobile/e-mail account authentication

Purpose : Used for identity verification procedures for the LOTTE Hotel Rewards membership services

Provide various membership services, including discounts

Secure a channel for seamless communication for customer notifications and handling complaints.

Prevention of misuse and processing of legal disputes

Retention period : Until membership withdrawal

Optional Items

Items to be collected : Name (Korean), Required items to be collected

Purpose : Information relating to membership services, provision of personalized membership services and information on hotel discounts and new products, and use for marketing purposes

Retention period : Until membership withdrawal

1. Collecting personal information

See details of personal information collected for online services

Category : Rewards membership

Required Items

Items to be collected : Name (in English)(Modify), country, date of birth, contact information (mobile or home phone), e-mail, user ID, password, Rewards membership number, LOTTE Hotels (including domestic and overseas chains) reservation and service use information, points accumulation and redemption history, and IP/cookie information(Modify)

Purpose : Room or golf course reservation and the provision of services on subsequent visits,

Identity verification and personal identification, provision of various membership services such as accumulation and use of points and discounts, establishment of effective communication channels for notifying members and handling complaints, handling of legal disputes, etc.(Modify)

Retention period : Until membership withdrawal,

obligatory retention period by law(Add)

Optional Items

Items to be collected : Name (in English), country, date of birth, contact information (mobile or home phone), e-mail, user ID, password, Rewards membership number, LOTTE Hotels (including domestic and overseas chains) reservation and service use information, points accumulation and redemption history, and IP/cookie information(Modify)

Purpose : Provision of information related to domestic and overseas LOTTE Hotels membership services, information on product discounts and new products of the Company, marketing communications, event information and participation, and advertising information via text messages and emails(Modify)

Retention period : Until membership withdrawal, obligatory retention period by law (Modify)

1. Collecting personal information

Permissions to access information and features in apps on mobile devices

For mobile app services, LOTTE Hotels will access information and features on mobile devices.

Permissions to access information on mobile devices. In addition to the required permissions, users will be requested to grant optional permissions to the app when they try to use certain services.

Android OS and iOS may request optional permissions in different ways and no service restrictions or prohibitions will apply to the users who do not grant any permissions to the app.

Category : Android

Required Permission(Purpose)

· Mobile device and app version (Collection of device information and app information for convenience of usability)

Optional Permission(Purpose)

· Phone(Used when accessing to verify mobile phone status and device ID)

· Storage(Attach files when saving rewards online card and using customer feedback)

· Camera(Used when taking photos to inquire about customer feedback)

· Bluetooth(Used when using mobile key service)

· Location(Used to search for nearby hotels based on current location)

Category : iOS

Required Permission(Purpose)

· mobile device and App version

(Collection of device information and app information for convenience of usability)

Optional Permission(Purpose)

· Reminders

(Used to notify new packages and promotional information)

· Storage

(Attach files when saving rewards online card and using customer feedback)

· Camera(Used when taking photos to inquire about customer feedback)

· Bluetooth(Used when using mobile key service)

· Location(Used to search for nearby hotels based on current location)

1. Collecting personal information

Permissions to access information and features in apps on mobile devices

For mobile app services, The company(Modify) will access information and features on mobile devices.

Permissions to access information on mobile devices. In addition to the required permissions, users will be requested to grant optional permissions to the app when they try to use certain services.

Android OS and iOS may request optional permissions in different ways and no service restrictions or prohibitions will apply to the users who do not grant any permissions to the app.

Category : Android

Required Permission(Purpose)

· Mobile device and app version (Collection of device information and app information for convenience of usability)

Optional Permission(Purpose)

· Notifications(Used to notify new packages and promotional information)(Add)

· Phone(Used when accessing to verify mobile phone status and device ID)(Delete)

· Storage(Save rewards online cards, attach files when using customer feedback and live chat)(Modify)

· Camera(Used when taking photos to inquire about customer feedback and live chat(Modify)

· Bluetooth(Used when using mobile key service)

· Location(Used to search for nearby hotels based on current location)

· Contacts(Used to read and modify address book when using mobile key sharing)(Add)

Category : iOS

Required Permission(Purpose)

· Mobile device and app version (Collection of device information and app information for convenience of usability)

Optional Permission(Purpose)

· Notifications(Used to notify new packages and promotional information)

· Storage(Save rewards online cards, attach files when using customer feedback and live chat)(Modify)

· Camera(Used when taking photos to inquire about customer feedback and live chat(Modify)

· Bluetooth(Used when using mobile key service)

· Location(Used to search for nearby hotels based on current location)

· Contacts(Used to read and modify address book when using mobile key sharing)(Add)

1. Collecting personal information

See details of personal information collected offline

Category : Rewards membership

Required Items

Items to be collected : Name on passport (English), date of birth, country, mobile phone number, e-mail, membership number, information on LOTTE Hotels (including local and overseas chain hotels) reservations and stays (including length of stay, room rate, and purchase amount), accumulation and use of points, discount details

Purpose : Identity verification and personal identification, provision of various membership services such as accumulation and use of points and discounts, establishment of effective communication channels for notifying members and handling complaints, handling of legal disputes, etc.

Retention period : Until membership withdrawal

Optional Items

Items to be collected : Required items to be collected, name (in Korean)

Purpose : Personalized services

Retention period : Until membership withdrawal

Optional Items

Items to be collected : Required and optional items to be collected

Purpose : Notification on information related to membership services, hotel discount products, new products, and use for marketing purposes

Retention period : Until membership withdrawal

1. Collecting personal information

See details of personal information collected offline

Category : Rewards membership

Required Items

Items to be collected : Name (in English), date of birth, country, mobile phone number, e-mail, membership number,  LOTTE Hotels (including domestic and overseas chains) reservation and service use information, points accumulation and redemption history(Modify)

Purpose : Room or golf course reservation and the provision of services on subsequent visits,

Identity verification and personal identification, provision of various membership services such as accumulation and use of points and discounts, establishment of effective communication channels for notifying members and handling complaints, handling of legal disputes, etc. (Modify)

Retention period : Until membership withdrawal, obligatory retention period by law (Add)

Optional Items

Items to be collected : Name (in English), date of birth, country, mobile phone number, e-mail, membership number,  LOTTE Hotels (including domestic and overseas chains) reservation and service use information, points accumulation and redemption history(Modify)

Purpose : Provision of information related to domestic and overseas LOTTE Hotels membership services, information on product discounts and new products of the Company, marketing communications, event information and participation, and advertising information via text messages and emails(Modify)

Retention period : Until membership withdrawal, obligatory retention period by law (Add)

2. Use of personal information

- Personal identification, checking the intention to sign up for membership, identity and age verification, prevention of misuse, membership management

　· Verification of whether a child is under 14 years of age, or verification of personal identification at the time a legal representative exercises his/her rights

(In principle, LOTTE Hotels does not collect any personal information from children under 14 years of age.)

2. Use of personal information

- Personal identification, checking the intention to sign up for membership, identity and age verification, prevention of misuse, membership management

　· Verification of whether a child is under 14 years of age, or verification of personal identification at the time a legal representative exercises his/her rights

(In principle, The company(Modify) does not collect any personal information from children under 14 years of age.)

3. Provision and consignment of personal information

- LOTTE Hotels does not provide personal information of a data subject to a third party without his/her consent, or except as required by law.

Personal information is provided as follows for service partnership.

LOTTE Hotels does not provide personal information to a third party without prior consent from the data subject. However, if the data subject has consented to the provision of personal information for the purpose of using the services of chain LOTTE Hotels, partner companies, etc., personal information is provided to third parties.

See details of provision for service partnership

Service name : Chain LOTTE Hotels service, Rewards membership/Booker membership

Recipient : Domestic and overseas chain hotels of LOTTE Hotels

(https://www.lottehotel.com/global/en/hotel-finder.html)

Personal information provided :

Rewards information: Name (English), date of birth, country, mobile phone number, e-mail, membership number, information on LOTTE Hotels (including local and overseas chain hotels) reservations and stays (including length of stay, room rate, and purchase amount), point accumulation and usage history, discount history

Optional items: Name (Korean)

Booker information: Hotel, company name, company phone number, company address, e-mail

Information on LOTTE Hotels (including local and international chains) reservations and stays (including length of stay, room rate, and purchase amount), point accumulation and use history, discount history, and IP/cookie information

Purpose of use by the recipient :

Approval of point redemption, provision of partner services, provision of recognition services, notification on products, and use for marketing purposes

Period of use by the recipient : Until membership withdrawal

Service name : Mileage service, Lotte Duty Free Shop

Recipient : Lotte Duty Free shops in Korea (branches)

(http://kr.lottedfs.com/KOREA)

Personal information provided : Name on passport, e-mail, membership number, and accumulated points

Purpose of use by the recipient :

Approval of Rewards point redemption, provision of partner services

Period of use by the recipient : Until membership withdrawal

3. Provision and consignment of personal information

The company(Modify) does not provide personal information of a data subject to a third party without his/her consent, or except as required by law.

Personal information is provided as follows for service partnership.

The company(Modify) does not provide personal information to a third party without prior consent from the data subject. However, if the data subject has consented to the provision of personal information for the purpose of using the services of chain LOTTE Hotels, partner companies, etc., personal information is provided to third parties.

See details of provision for service partnership

Service name : LOTTE Hotels Chain service(Modify), Rewards membership/Booker membership

Recipient : Domestic and overseas chain hotels of LOTTE Hotels (https://www.lottehotel.com/global/en/hotel-finder.html)

Personal information provided :

[Rewards membership]

Name, date of birth, country, contact information (mobile or home phone number), e-mail, user ID, password, Rewards membership number, LOTTE Hotels (including domestic and overseas chains) reservation and service use information, points accumulation and redemption history

[Booker membership]

Hotel, company name, company phone number, business address, e-mail(Modify)

Service name : LOTTE Hotels Chain service(Modify), Lotte Duty Free Shop

Recipient : Domestic LOTTE DUTY FREE locations (physical stores)

(https://en.lottedfs.com/business/branch-korea/list.do)

(Modify)

Personal information provided: Name on passport, membership number, email, and available points

Purpose of use by the recipient : 'Approval of point redemption(Modify),Partnership service provision

Period of use by the recipient : Until membership withdrawal, obligatory retention period by law(Add)

3. Provision and consignment of personal information

See details of transfer of personal data overseas

LOTTE Hotels consigns data storage and operation services to overseas corporations for more convenient customer service. You may refuse to allow your personal information to be handled by overseas corporations, and if you choose to do so, your service use may be restricted.

Receiving party of personal data transfer : Company’s overseas chain hotels

(https://www.lottehotel.com/global/en/hotel-finder.html)

Personal data to be transferred :

Rewards information: Name (English), date of birth, country, mobile phone number, e-mail, membership number, Lotte Hotel (including domestic and overseas chain hotels) reservation and stay information (including length of stay, accommodation fee, purchase amount), points accumulated and used history, discount history (Optional) Name (Korean)

Booker info: Hotel, business name, business phone number, business address, email Lotte Hotels (including domestic and overseas chain hotels, hereinafter referred to as “Lotte Hotels”) reservation and stay information, point accumulation and use details, discount details, IP/cookie information

Retention and usage period of the receiving party of personal data transfer : Immediately after withdrawal from membership unless it is required by the law to keep the personal information

Personal data to be transferred : Join Rewards: (Required) Passport name (English), date of birth, nationality, mobile phone number, email (Optional) Name (Korean)

Room stay card: (Required) Name, gender, date of birth, nationality, mobile phone number, email (optional) contact information (home/work), departure date, country, city, company name, position

Retention and usage period of the receiving party of personal data transfer : Obligatory retention period by law, until Membership withdrawal

3. Provision and consignment of personal information

See details of transfer of personal data overseas

The company(Modify) consigns data storage and operation services to overseas corporations for more convenient customer service. You may refuse to allow your personal information to be handled by overseas corporations, and if you choose to do so, your service use may be restricted.

Receiving party of personal data transfer : Company’s overseas chain hotels

(https://www.lottehotel.com/global/en/hotel-finder.html)

Personal data to be transferred : Personal information collected with the consent of Rewards/Booker Membership (Modify)

Retention and usage period of the receiving party of personal data transfer : Until membership withdrawal, obligatory retention period by law (Modify)

Personal data to be transferred : Personal information collected with the consent of the customer at the time of membership registration or filling out registration card (Modify)

Retention and usage period of the receiving party of personal data transfer :

Until membership withdrawal,

obligatory retention period by law(Modify)

4. Destruction of Personal Information

In principle, LOTTE Hotels destroys personal information without delay upon membership withdrawal. However, in the event that separate consent is obtained for the retention period for personal information by the data subject, as in the case of Section 1 (Collection of Personal Information) above, or if we are legally obligated to keep personal information for a certain period, we shall keep it securely for said period.

Personal information for which the purpose of collection and use has been achieved, such as membership withdrawal, service termination, and the maturity of the personal information retention period agreed upon by the data subject, is destroyed in a manner that does not allow the information to be reproduced. Information that is legally obligated to be retained for a certain period is also destroyed in a manner that does not allow its reproduction, without delay after the expiration of the period.

Electronic files are securely deleted using technologies and methods to prevent restoration and reproduction, and printouts, etc., are destroyed using methods such as shredding or incinerating.

LOTTE Hotels stores the personal information of online members who have not used LOTTE Hotels services for more than one year separately from other information.

4. Destruction of Personal Information

In principle, The company(Modify) destroys personal information without delay upon membership withdrawal. However, in the event that separate consent is obtained for the retention period for personal information by the data subject, as in the case of Section 1 (Collection of Personal Information) above, or if we are legally obligated to keep personal information for a certain period, we shall keep it securely for said period.

Personal information for which the purpose of collection and use has been achieved, such as membership withdrawal, service termination, and the maturity of the personal information retention period agreed upon by the data subject, is destroyed in a manner that does not allow the information to be reproduced. Information that is legally obligated to be retained for a certain period is also destroyed in a manner that does not allow its reproduction, without delay after the expiration of the period.

Electronic files are securely deleted using technologies and methods to prevent restoration and reproduction, and printouts, etc., are destroyed using methods such as shredding or incinerating.

The company(Modify) stores the personal information of online members who have not used LOTTE Hotels services for more than one year separately from other information.

5. Rights and obligations of data subjects and their legal representatives and how to exercise them

- In the event that it is difficult for a data subject to exercise his/her rights, he/she may authorize a legal representative, and LOTTE Hotels may verify the legitimacy of the legal representative.

(A power of attorney according to Form No. 11 of the Public Notification on the Method of Processing Personal Information must be submitted.) [Download form]

5. Rights and obligations of data subjects and their legal representatives and how to exercise them

- In the event that it is difficult for a data subject to exercise his/her rights, he/she may authorize a legal representative, and the company(Modify) may verify the legitimacy of the legal representative.

(A power of attorney according to Form No. 11 of the Public Notification on the Method of Processing Personal Information must be submitted.) [Download form]

6. Operation and use of cookies, such as Internet access files

LOTTE Hotels uses cookies for the following purposes:

- To track information about and services of LOTTE hotels that users viewed and showed an interest in, to provide personalized services on their next visit.

- To verify the extent of members’ participation and visit times in various events hosted by LOTTE Hotels, in order to offer specific opportunities for entry, and to provide individualized information according to their individual interests.

6. Operation and use of cookies, such as Internet access files

The company(Modify) uses cookies for the following purposes:

- To track information about and services of the company(Modify) that users viewed and showed an interest in, to provide personalized services on their next visit.

- To verify the extent of members’ participation and visit times in various events hosted by the company(Modify), in order to offer specific opportunities for entry, and to provide individualized information according to their individual interests.

7. Measures to ensure the security of personal information

LOTTE Hotels makes the following efforts to safely manage the personal information of data subjects.

- Measures are taken to store personal information access records and prevent forgery or alteration.

Personal information handlers and users who access the personal information processing system maintain records of access in the personal information handling system, and the relevant access records are kept securely so that the personal information handlers and users who access the personal information processing system access records are not forged, altered, stolen, or lost.

7. Measures to ensure the security of personal information

The company(Modify) makes the following efforts to safely manage the personal information of data subjects.

- Measures are taken to store personal information access records and prevent forgery or alteration.

Personal information handlers(Modify) maintain records of access in the personal information handling system, and the relevant access records are kept securely so that the personal information handlers and users who access the personal information processing system access records are not forged, altered, stolen, or lost.

8. Privacy Officers

LOTTE Hotels appoints privacy officers as follows to protect members’ personal information, to collect their opinions and handle complaints about such information:

8. Privacy Officers

The company(Modify) appoints privacy officers as follows to protect members’ personal information, to collect their opinions and handle complaints about such information: