Privacy Policy
Version 1.0 | Effective Date: February 1, 2026
1. Purpose of Personal Information Collection and Use
Da-woo House Guesthouse ("we", "us", or "the Company") collects personal information for the following purposes:
- Reservation Management: Processing, confirming, and managing accommodation reservations; allocating rooms; providing check-in/check-out instructions.
- Identity Verification: Verifying guest identity for accommodation registration as required by Korean law (Tourism Promotion Act).
- Payment Processing: Processing payments, refunds, deposits, and managing payment records for tax and accounting purposes.
- Communication: Sending reservation confirmations, check-in instructions, important notices, and responding to inquiries.
- Service Improvement: Analyzing usage patterns to improve our services and guest experience.
- Loyalty Program: Managing points, coupons, and rewards for registered users.
- Legal Compliance: Complying with applicable laws including tax regulations, immigration reporting requirements, and consumer protection laws.
- Dispute Resolution: Handling complaints, disputes, and refund requests.
- Marketing (with consent): Sending promotional emails, special offers, and newsletters to users who have opted in.
2. Personal Information Items Collected
Required Information
| Item | Purpose |
|---|---|
| Full name (as on passport) | Guest identification, reservation record |
| Passport number | Identity verification (Tourism Promotion Act), accommodation registration |
| Email address | Reservation confirmation, check-in instructions, account management |
| Phone number | Emergency contact, check-in coordination |
| Country of residence | Room allocation optimization, currency display, immigration compliance |
| Gender | Dormitory allocation (female-only dormitory management) |
| Preferred contact method & details | Pre-arrival communication (KakaoTalk, LINE, WhatsApp, WeChat, Email, etc.) |
| Reservation information | Check-in/out dates, room type, number of guests, reservation code |
| Payment identifiers | PayPal order/transaction IDs, bank transfer references (no full card numbers stored) |
Optional Information
| Item | Purpose |
|---|---|
| Special requests | Providing customized service (early check-in, extra bedding, etc.) |
| Review content & photos | Publishing guest reviews on the website (with consent) |
| Marketing consent | Promotional communications |
Automatically Collected Information
- IP address (at signup/login/reservation) - for security and fraud prevention
- Device information (browser type, OS) - for service optimization
- Access logs and timestamps - for security monitoring
- Cookie identifiers - for session management and preferences
3. Retention and Destruction of Personal Information
Personal information is retained for the duration of the business relationship and destroyed thereafter, unless retention is required by law:
| Category | Retention Period | Legal Basis |
|---|---|---|
| Transaction/payment records | 5 years | Act on the Consumer Protection in Electronic Commerce |
| Contract/subscription records | 5 years | Act on the Consumer Protection in Electronic Commerce |
| Consumer complaint/dispute records | 3 years | Act on the Consumer Protection in Electronic Commerce |
| Access/login logs | 3 months | Protection of Communications Secrets Act |
| Accommodation registration records | 3 years | Tourism Promotion Act |
| Tax-related records | 5 years | National Tax Framework Act |
| Marketing consent records | Until withdrawal | Personal Information Protection Act |
4. Provision of Personal Information to Third Parties
We may share personal information with the following third parties only as necessary for the stated purposes:
| Recipient | Purpose | Items Shared | Retention |
|---|---|---|---|
| PayPal (Pte. Ltd.) | Payment processing | Reservation code, payment amount | Per PayPal's privacy policy |
| Email service provider (Resend / SMTP) | Sending reservation confirmations, notifications | Email address, guest name, reservation details | Until email delivery confirmed |
5. Outsourcing of Personal Information Processing
We outsource the following personal information processing tasks:
| Service Provider | Task |
|---|---|
| Resend / SMTP Provider | Email delivery for reservations, notifications, and marketing |
| AWS S3 / Cloud Storage | Storage of review photos and media files |
| Cloud Hosting Provider | Website hosting, database management, and server infrastructure |
We ensure that outsourced parties comply with applicable data protection laws through contractual agreements that include provisions for data security, restricted use, and prompt destruction upon completion of services.
6. Destruction Procedure and Methods
When personal information reaches the end of its retention period or when the purpose of processing has been achieved, we destroy the information without delay:
- Electronic files: Permanently deleted using technical methods that make recovery impossible (secure deletion, overwriting).
- Printed documents: Shredded or incinerated.
- Encrypted data: Encryption keys are destroyed, rendering the data unrecoverable.
If retention is required by law beyond the original purpose, the data is moved to a separate database (or physical storage) and destroyed upon expiry of the legal retention period.
7. Rights of Data Subjects
You (the data subject) may exercise the following rights at any time:
- Right to Access: Request access to your personal information held by us.
- Right to Correction: Request correction of inaccurate or incomplete personal information.
- Right to Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Right to Suspend Processing: Request suspension of processing of your personal information.
- Right to Withdraw Consent: Withdraw consent for optional data processing (e.g., marketing) at any time.
To exercise these rights, please contact our Privacy Officer (see Section 10). Requests will be processed within 10 business days. If a request is denied, we will notify you of the reason.
Note: Exercising the right to deletion or suspension of processing may result in inability to use certain services (e.g., account login, new reservations). We cannot delete information required by law during its mandatory retention period.
8. Measures to Ensure Safety of Personal Information
We implement the following technical, administrative, and physical measures:
Technical Measures
- Encryption: Sensitive data (passport numbers, phone numbers, email addresses) is encrypted at rest using AES-256-GCM encryption. Passwords are hashed using bcrypt.
- HTTPS/TLS: All data transmitted between the user and our servers is encrypted using TLS 1.2 or higher.
- Hashing for Search: Searchable fields use SHA-256 hashes to allow lookup without exposing plaintext.
Administrative Measures
- Access Control: Access to personal information is restricted based on role (Guest, Manager, Master). Only authorized personnel may access sensitive data.
- Audit Logging: All access to, modifications of, and deletions of personal information are recorded in audit logs with timestamps, user IDs, and IP addresses.
- Staff Training: Personnel handling personal information receive regular training on data protection practices.
Physical Measures
- Server Security: Database and application servers are hosted in secure data centers with access controls.
- Backup: Regular encrypted backups are maintained with restricted access.
9. Cookies, Log Files, and Opt-Out
Cookies
We use cookies for the following purposes:
- Essential cookies: Session management, authentication state, locale/language preference. These are necessary for the website to function.
- Functional cookies: Remembering user preferences (language, theme).
We do not use advertising or analytics cookies that track users across websites.
Opt-Out
You may opt out of non-essential cookies through your browser settings:
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy
Note: Disabling essential cookies may prevent you from using key features such as login and reservation.
Server Logs
Our servers automatically record access logs including IP addresses, request timestamps, URLs visited, and browser information. These logs are retained for 3 months for security monitoring purposes and then destroyed.
10. Privacy Officer
For questions, requests, or complaints regarding your personal information, please contact our Privacy Officer:
Privacy Officer: Da-woo House Management
Email: dawoohongdae@gmail.com
Phone: +82 10 8676 6858
Address: 12, Wausan-ro 29na-gil, Mapo-gu, Seoul, Republic of Korea
You may also file a complaint with the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972
- Personal Information Infringement Report Center: 118
- Supreme Prosecutors' Office Cyber Investigation Division: 1301
- National Police Agency Cyber Bureau: 182
11. Changes to This Privacy Policy
This privacy policy may be updated from time to time. When changes are made:
- The updated policy will be posted on this page with a new version number and effective date.
- Significant changes will be notified via email to registered users and/or a prominent notice on our website at least 7 days before taking effect.
- Continued use of our services after the effective date constitutes acceptance of the updated policy.
Current Version: 1.0
Effective Date: February 1, 2026
Last Updated: February 1, 2026