Exquisite Culinary Adventures

■ Personal Information Processing Policy

The privacy policies set forth herein comply with Saipan's laws and policies.

Micronesia Resort Incorporation (hereinafter referred to as the "Company") values the customer's personal information provided by you to use the service, and establishes and complies with the privacy policy to actively protect the customer's personal information. The company's personal information processing policy may be changed in accordance with relevant laws or changes in the company's internal policies, so it is notified as prescribed by relevant laws and regulations, such as posting the changes on the relevant website to facilitate customer's identification. The company complies with the personal information protection regulations under the Act on Promotion of Information and Communications Network Utilization, Information Protection, etc., and the personal information protection guidelines under the Enforcement Decree of the Act.

Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act will be implemented.
1. Fee settlement due to contract performance and service provision related to service provision
• Content provision, delivery of goods (goods or prizes) or sending bills, financial transaction identification, purchase and payment, mileage accumulation, fee collection, new service guidance, new product or event information guidance, etc
2. Member management
• Identification, personal identification, prevention of illegal use and unauthorized use of bad members due to the use of membership services, confirmation of intention to join, restriction on the number of memberships, confirmation of the consent of legal representatives, confirmation of the identity of legal representatives later, preservation of records for dispute settlement, handling civil complaints such as handling complaints, and delivery of notices
3. Provide customized services to customers in service delivery
• Development and specialization of new services (products), provision of services based on demographic characteristics and advertisement, identification of access frequency, statistics on members' use of services, preparation of various statistical data related to work, service development, delivery of advertising information such as events, gift events, promotion events, sending advertisements, etc
4. Other
• Providing information such as services and events provided by the company, information on events and partnerships held by the company, service promotion, provision and utilization of information such as telemarketing, DM, EM, surveys, and responses to requests for counseling

Article 2. Processing and retention period of personal information
① The company processes and holds personal information within the period of retention, use, or use of personal information agreed upon when collecting personal information from the data subject according to laws and regulations.
② Each of these personal information processing and retention periods is as follows.
1. Membership and management: Provided, That until the withdrawal of membership; in cases falling under the following grounds, until the termination of the relevant grounds
1)Where an investigation, investigation, etc. is in progress for violation of relevant laws and regulations, the relevant investigation and investigation shall be completed until the completion of the investigation
2)If the bond or debt relationship remains due to the use of goods or services, until the settlement of the bond or debt relationship
2. Provision of goods or services: completion of the supply of goods and services, payment of charges, and settlement of accounts; Provided, That in cases falling under any of the following grounds, until the end of the relevant period
1) Records on transactions, such as labeling, advertising, contract details, and implementation, under the Electronic Commerce, etc. Act on Consumer Protection, etc
- Record of display and advertisement: 6 months
- Record of withdrawal of contract or subscription, payment, supply of goods, etc.: 5 years
- Records on consumer complaints or disputes: 3 years
2) Keeping data confirming communications under Article 41 of the Communications Secret Protection Act
- Subscriber telecommunication date and time, start and end time, counterparty subscriber number, frequency of use, and source station location tracking data: 1 year
- Computer communication, Internet log records, access point tracking data: 3 months
3) Storing identification information under Article 2 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.: Six months after the posting of information on the bulletin board is completed

Article 3 (Provision and sharing of personal information to third parties)
① The company processes the customer's personal information only within the scope specified in Article 1 (Personal Information Processing Purpose), and provides and shares personal information to third parties only if they fall under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the law.
② The Company provides and shares personal information to third parties as follows only with the consent of the customer.
- The following persons are provided with personal information.
Items to be shared by recipients to be shared Holding the purpose of use and the period of use of the recipients to be shared
Micronesia Resort Inc. - Kensington Hotel Saipan, InterPacific Resorts (Saipan) Corporation – Pacific Island Club, Suwaso Corporation Dba. Coral Ocean Saipan, name, date of birth, address, phone number, e-mail address, various points accumulated, approval and settlement of use, freebies, promotional events, sending advertisements, etc. until membership of various marketing activities companies is withdrawn


Article 4 (Consignment of Personal Information Processing)
① In order to ensure smooth service provision and improve service quality, the company can process customer personal information by entrusting it to an external specialized company as follows, and the consignment company, type of service, and scope of information to be entrusted are notified through the website.
Subjects to be offered: Sangsang Soft Co., Ltd. PILIT Co., Ltd
Purpose of use: Establishment of homepage and reservation system, operation and maintenance, operation of reservation site
Shared information: Total subscription information
제공대상자 :Micronesia Resort Inc. - Kensington Hotel Saipan, Interpacific Resorts (Saipan) Corporation – Pacific Island Club, Suwaso Corporation Dba. Coral Ocean Saipan,
Purpose of Use: Various marketing activities such as member information management, product reservation and reservation management, provision of other services, accumulation of various points, approval and settlement of use, gift/promotion events, and sending advertisements
Shared information: ID, name, date of birth, contact information, e-mail, mobile phone number

Article 5 (How Personal Information Is Used)
①In accordance with relevant laws, the Company may collect, use, and disclose Customer's personal information for the following purposes.
• Provision, billing and management of hotel accommodation and other goods and services,
• Customer support and quality or personalized service delivery at the Company's branches and through websites, applications, commercial customer programs, third-party applications, goods or services, or through future products and services to be developed by the Company,
• evaluation, analysis and improvement of the functions of the company's website, application, or goods and services,
• Support concierge services on behalf of customers (e.g. restaurants, attractions, and transportation deals),
• Management of loyalty, travel or discount programs and company commercial customer programs,
• Manage content, giveaways, or other promotions,
• fulfillment of contractual obligations to the customer and anyone involved in their itinerary planning (e.g. travel agent, group travel agent or your employer) and suppliers (e.g. royalties, travel or discount programs from credit card companies, airlines and third parties),
• conducting market research, customer satisfaction, quality assurance surveys,
• Perform marketing and promotional activities and provide targeted advertising for goods, services, events or promotions that customers may be interested in, and where legally permitted, the company may work with other companies to provide you with advertising or marketing information that you find relevant and useful.Company websites, applications
Alternatively, this may include advertisements that appear on the company's email or other notice, or on the company's website. The advertisements you view may include information collected by the company or a third party and/or any work you have done on our website, application, or third-party website
It can be based.
• Ensuring the safety and security of employees, customers, and other visitors,
• Prevention, detection and investigation of fraud, cyber accidents or other illegal activities,
• Contact you in connection with us, such as updates to this policy or other significant legal or business changes,
• General record management,
• Implementation of legal and regulatory requirements,
• Verification and evaluation of new products and services,
• Processing credit transaction applications,
• performance of any other purpose disclosed to you in accordance with relevant laws or with your consent; and
• If a customer makes a request regarding their personal information in accordance with this policy, the specific personal information can be used to identify the customer. Verification procedures and personal information requested by the company may vary depending on the sensitivity and nature of the request.
②If the Company, as a customer of the Company or a subject doing business with us, processes the customer's personal information, in accordance with the applicable legal obligations to the Company, or in accordance with the applicable legal obligations of the Company, its travel agent, or its employer, and/or suppliers (e.g., credit card companies, airlines, and third-party royalties, travel or discount programs), the Company processes the customer's personal information in accordance with the Company's legitimate interests (as specified above).
③The Company uses and retains Customer's personal information in accordance with the Company's legal and regulatory obligations and risk management guidelines, only when necessary to achieve processing objectives.

Article 6 (Disclosure of Personal Information)
① In some cases, the Company may disclose your personal information. The Company makes such disclosures at any time in accordance with applicable laws. Data protection laws in some jurisdictions require prior consent from the Customer when transferring the Customer's information from their home country to another country. Upon consent to this Policy, the Customer agrees to transfer the Personal Information to the extent required by the local law to which the Customer belongs and to another country up to the limits mentioned in this paragraph and described in Article 5 above.
②In addition to Article 5, the situation in which the company discloses additional personal information is as follows.
1. Company representatives, service providers, and suppliers
Like most international hotel brands, a company may outsource certain functions and/or information processing operations to third parties. If you outsource your personal information processing operations to third parties and provide your personal information to third-party service providers, the company obliges these third parties to protect their personal information using appropriate security measures under the terms and conditions of this policy.
2. Identify consumers
If the company has the customer's personal information, it can be released to other companies that have the information about the customer. These companies can consolidate that information to better understand the customer's preferences and interests so that the company can better serve you. The customer's rights and how to exercise their obligations can be found in Article 7.
3. Credit Certification
If a customer requests a credit transaction, the customer's personal information will be used and disclosed to the relevant third party in accordance with relevant laws to determine whether the customer can accept and maintain the credit transaction.
4. business transfer
Depending on the progress of the Company's business development, the Company may sell its hotel or other assets, or discontinue the management or franchise of its Kensington branch. In these circumstances, the Company may transfer the personal information collected about the Customer or the right to use such personal information together as a operating asset. In addition, in exceptional cases, the personal information collected about the Customer or the right to use such information may be included in the transferred asset, even if the Company or any substantial assets of the Company are acquired.
Article 7 (Customer's rights, obligations, and methods of exercise)
①The Customer may exercise the following privacy-related rights against the Company at any time.
1. Request to view personal information
2. Request correction if there is an error, etc
3. Request for deletion
4. Request for suspension of processing
②The exercise of rights under paragraph 1 will be done without delay if you exercise it directly at the store or on its website, or contact the person in charge of personal information management by phone or e-mail.
③If a customer requests correction or deletion of an error in personal information, the company will not use or provide such personal information until the correction or deletion is completed.
④The exercise of rights under paragraph (1) may be made through the client's legal representative, the person entrusted, etc. In such cases, a notice on how to process personal information must be submitted with a power of attorney in attached Form 11.

Article 8 (Personal Information Items to be Processed)
①The company is processing the following privacy items to serve customers.
1. The company is processing the following privacy items to serve customers.
Required item selection for processing purposes
Membership registration and management name, date of birth, address, mobile phone number, e-mail address, ID, password, ipin number anniversary, company name, company address, tourism purpose
Interest in payment approval information such as goods or services provision name, date of birth, ID, password, address, phone number, e-mail address, ipin number, card name, credit card number, bank account information, past purchase details, etc
Information service usage records, access logs, cookies, and access IP information created/collected during online service use or processing
History of information purchase, exchange, refund, repair, and consultation generated/collected during product purchase and consultation
2. Customers' personal information is collected through the homepage, written form, fax, telephone, e-mail, event application, and delivery request, and the online site (brand homepage) collects personal information only through the homepage. In addition, membership information such as Kakao, Naver, and Apple is provided to provide a simple subscription service using SNS accounts.
3. The Company does not collect sensitive information (race, ethnicity, ideology, creed, place of origin, political orientation, criminal records, health conditions and sex life, bio-information, etc.) that may significantly violate the basic human rights of its customers.
② The company is not responsible for any disadvantages caused by the customer's entry of information different from the actual personal information or expressing a different intention among the collected information in Paragraph 1. In particular, any e-mail service or any mobile phone text service that includes important information that affects the customer's benefit is not provided to customers who do not agree to the e-mail or mobile phone text service, and the company is not responsible for this.
③The customer shall immediately request a change or change the personal information directly from the site if the personal information described has been changed. The company shall not be responsible for any changes caused by the customer's failure to notify the company of the changed personal information or change (request).
④Customers' personal information is collected through the homepage, written form, fax, phone, e-mail, event application, and delivery request, and online sites (brand homepage, shopping mall) collect personal information only through the homepage.
⑤The Company does not collect sensitive information (race, ethnicity, ideology, creed, place of origin, political orientation, criminal records, health conditions and sex life, bio-information, etc.) that may significantly violate the customer's basic human rights.

Article 9 (Matters concerning the installation, operation and refusal of automatic personal information collection devices)
The company uses "cookies" to temporarily store and retrieve information about customers. Cookies identify the customer's computer, but not personally identify the computer user. They also have the option of accepting all cookies from the web browser option, having them send a notification when they are installed, or rejecting all cookies.
1. Purpose of Cookie: Cookies are information sent by the company's server to the user's web browser and do not affect other parts of the PC at all. When a customer accesses a company-related site, the company's server computer reads cookies from the user's browser, so that the service can be provided without additional input. It can also be used for marketing such as analyzing access frequency or visit time, identifying users' tastes and areas of interest.
2. How to refuse to set cookies: By choosing the option of the web browser that the customer uses, you can allow all cookies, go through confirmation every time you save them, or reject all cookies.
- Example of setting up (for Internet Explorer): Tools at the top of the Web browser > Internet Options > Privacy

Article 10 (Destruction of Personal Information)
①When personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing, the company will destroy the personal information without delay.
②If the retention period of personal information agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information needs to be preserved according to other laws and regulations, the personal information is transferred to a separate database (DB) or stored differently.
③The procedures and methods of destroying personal information are as follows.
1. Disposal procedures The company will destroy the customer's personal information that has been destroyed after storing it for a certain period of time in accordance with internal policies and other relevant laws and regulations.
2. How to destroy customer's personal information printed on paper is destroyed by grinding or incineration, and the personal information stored in the form of an electronic file is deleted using a technical method that cannot be reproduced.

Article 11 (Measures to ensure the safety of personal information)
The company is taking the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with or damaged in handling customer's personal information.
1. Important data such as resident numbers and passwords among customers' personal information is encrypted and stored, and personal information is stored safely in a safe area of a double firewall.
2. In order to prevent leakage of customer personal information due to hacking, the company uses a device that blocks intrusion from outside, and each server has an intrusion detection system installed to monitor intrusion 24 hours a day.
3. Employees handling personal information are limited to the person in charge, and a separate password is assigned for this purpose to update it regularly, and the compliance of the personal information processing policy is emphasized through occasional training for the person in charge.
4. Customers must not give their ID and password to others, and log in to the company-related site and log out after completing the use. Due to the customer's own carelessness or Internet problems, personal information such as ID, password, and contact information has been leaked
The company is not responsible for anything (limited to the case of membership registration).
5. The computer room and data storage room where the customer's personal information is stored are designed to control access.

Article 12 (Personal Information Protection Officer)
①The company is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages from customers related to personal information processing.

Privacy Commissioner
a name-signalling ceremony
the general manager of a position
Phone number +1-670-322-3311.

Privacy Officer
Name Chang-hoon Jang
Position IT Manager
Phone number +1-670-322-3311
Email changhoon.jang@kensingtonsaipan.com

②Customers can contact the personal information protection manager and the department in charge for any personal information protection inquiries, complaints, damage relief, etc. that occurred while using the company's service. The company will respond to and process the data subject's inquiries without delay.
Article 13 (Request for Access to Personal Information)
The customer may request access to personal information under Article 35 of the Personal Information Protection Act to the person in charge of personal information protection described in Article 9. The company will make efforts to expedite the data subject's request for access to personal information.

Article 14 (Installation and operation of video information processing equipment)
The company installs and operates video information processing devices as follows.
1. Basis for installation of video information processing equipment, purpose: Safety of facilities in companies and stores, prevention of fire
2. Installation, number of installations, location of installation, and scope of filming: Installation in major facilities such as lobby, corridor, and subsidiary business sites. The scope of filming is to photograph the entire space of major facilities
3. Manager, department in charge, and access to video information: Name Choi Yong-shin, Sales & Marketing Team Leader +1-670-322-3311
4. Video information shooting time, storage period, storage place, and processing method Shooting time: 24 hours Photographing storage period: 15 to 30 days from the time of shooting and processing method stored and processed in the control room of the image information processing device of the customer support team
5. Method and place of identifying video information: Requires management manager
6. Measures for the request of the data subject to view video information, etc.: An application shall be made by requesting permission to view personal video information and confirm its existence, and access shall be permitted only when the data subject itself is photographed or when it is clearly necessary for the benefit of the name, body, and property of the data subject
7. Technical, administrative, and physical measures for the protection of video information: Establishment of an internal management plan, control of access and restriction of access rights, safe storage of video information, application of transmission technology, storage of processing records and measures to prevent forgery and alteration, provision of storage facilities and installation of locks, etc
Article 15 California Privacy Rights
If you live in California, you may also make the following more specific requests for your personal information in accordance with relevant laws.
• Access – Customers may request the Company to disclose the category of personal information collected about their customers, the category of sources from which personal information was collected, the category of personal information sold or published, the business or commercial purpose of collecting and selling personal information, the category of third parties to which we shared personal information, and the specific personal information collected about you in the past 12 months.
• Delete – Customers may ask us to delete the personal information the company holds about the customer, subject to certain exceptions.
• Rejects – Customers may ask the company not to sell their personal information outside. For the purposes of this Privacy Policy, "sell" means to sell, lend, take out, disclose, share, offer, transfer, or communicate verbally, in writing or electronically, for money or other consideration, in accordance with some exceptions to relevant laws. Companies may also use cookies and related technologies that may be considered to sell customers' personal information. For more information and how to reject such technologies, see Article 7 above. Denies of cookie-based tracking for advertising purposes are limited to the devices, websites, and browsers the denial setting is deleted each time the browser is cached.
As with all consumers, regardless of where they live, customers will not be discriminated against for exercising these rights. For the purposes of these rights, personal information does not include information about the company's job seekers, employees, and other employees, information about employees and other representatives of third-party corporations that we can communicate with, or information the company has collected as a service provider for its customers.
California residents can exercise these rights by emailing or calling the company. The company may, under its legal rights and obligations, reject certain requests or partially fulfill the requests. For example, a company can retain personal information for purposes such as keeping taxes or other records, where legally permitted, to maintain active accounts, process transactions, and support customer requests.
The company takes reasonable steps to identify the customer and respond to the request. Verification procedures may vary depending on the sensitivity of personal information and whether the customer has a company account.

California residents can designate a delegation representative to request on their behalf. When submitting a request, ensure that the delegation representative can verify your eligibility as a delegation representative and that the representative has the necessary information to complete the verification process.

For the purposes of exercising these rights, find out how the Company collects and uses Customer's personal information, including the previous 12 months, as set forth in this Policy.

• For business and commercial purposes, the Company may collect and use personal information categories (ID, date of birth, contact, payment information, etc.), classification characteristics protected by California or federal law (such as demographic information such as age and gender), commercial information, biometric information, occupation or employment information, internet or other electronic network activity information, geolocation information, auditory, electronic or visual information, inference). The Company collects such personal information from the sources set forth in paragraph 4 of this Policy.
• To the extent permitted by relevant laws, the Company may disclose these privacy categories for business and commercial purposes.
• Companies may sell personal information categories (ID, California customer records, demographic information, commercial information, internet or other electronic network activities, geolocation information, inference).

Article 16 Changes to this Policy
This policy is subject to change as the company's business continues to change. For your reference, an effective date is set at the end of the document in this policy.

Article 17 (Method of Remedy for Infringement of Rights)
Micronesia Resort Incorporation is collecting opinions from users regarding the protection of personal information and is working on ways to deal with complaints. Users can report their complaints by phone or e-mail by referring to the contact information of the personal information management officer specified below, and the hotel will respond quickly and sufficiently to users' reports. The data subject can inquire about damage relief and counseling for personal information infringement from the following agencies. The following institutions are separate from the company, and if you are not satisfied with the company's handling of personal information complaints and the results of the damage relief, or need more detailed help, please contact us.
- Personal Information Dispute Mediation Committee: (No. of Country Code) 118 (External No. 2)
- Information Protection Mark Certification Committee: 02-580-0533~4
- Cybercrime Investigation Team of the Supreme Prosecutors' Office: 02-3480-3562 (http://www.spo.go.kr )
- Cyber Terror Response Center, National Police Agency: 1566-0112 (http://www.netan.go.kr )

Article 18 (Change of Personal Information Processing Policy)
Date of enforcement of the Personal Information Processing Policy: August 17, 2016
Last change date of personal information processing policy: January 2, 2023