Privacy Policy

Privacy Policy

Effective Date: February 26, 2025

WIA Trip (hereinafter referred to as the “Company”) establishes and discloses the following privacy policy to protect the personal information of data subjects and to handle related grievances promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

  1. Website Membership Registration and Management
  • Processing personal information for the purpose of confirming intention to join, identifying and authenticating the individual for membership services, maintaining and managing membership qualifications, preventing misuse of services, and providing various notices and announcements.
  1. Provision of Travel Services
  • Processing personal information for the purpose of providing travel services, reservations, customized services, and identity verification.
  1. Use in Marketing and Advertising
  • Processing personal information for the purpose of developing new services (products) and providing customized services, providing opportunities to participate in events and advertising information, confirming the effectiveness of services, determining frequency of access, or statistics on members’ service usage.

Article 2 (Processing and Retention Period of Personal Information)

① The Company processes and retains personal information within the personal information retention and use period stipulated by law or within the personal information retention and use period agreed upon when collecting personal information from the data subject.

② Each personal information processing and retention period is as follows:

  1. Website Membership Registration and Management: Until website membership withdrawal
    However, until the end of the relevant reason in the following cases:
  • Until the end of the investigation if investigation or inquiry is in progress due to violation of relevant laws
  • Until the end of the complaint handling if complaint handling related to website use is in progress
  1. Provision of Travel Services: Until the completion of travel services and payment/settlement
    However, until the end of the relevant period in the following cases:
  • Records on labeling/advertising, contract details and fulfillment, etc. related to transactions according to the Act on Consumer Protection in Electronic Commerce, etc.
    • Records on labeling/advertising: 6 months
    • Records on contract or withdrawal of subscription, payment of price, supply of goods, etc.: 5 years
    • Records on consumer complaints or dispute handling: 3 years

Article 3 (Provision of Personal Information to Third Parties)

① The Company processes personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information) and provides personal information to third parties only in cases corresponding to Article 17 and Article 18 of the Personal Information Protection Act, such as consent of the data subject or special provisions of the law.

② The Company is currently not providing personal information of data subjects to third parties.

Article 4 (Outsourcing of Personal Information Processing)

① The Company outsources personal information processing as follows for smooth processing of personal information tasks:

  1. Payment Service
  • Recipient (outsourced party): OO Payment
  • Content of outsourced work: Processing travel service payments
  1. Hosting Service
  • Recipient (outsourced party): OO Cloud
  • Content of outsourced work: Website and system operation

② When concluding outsourcing contracts, the Company specifies in documents such as contracts the prohibition of processing personal information outside the purpose of performing the outsourced work, technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of the outsourced party, and matters concerning liability, including compensation for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the outsourced party processes personal information safely.

③ If the content of the outsourced work or the outsourced party changes, the Company will promptly disclose it through this privacy policy.

Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them)

① Data subjects may exercise rights such as requesting access, correction, deletion, and suspension of processing of personal information to the Company at any time.

② The exercise of rights under paragraph 1 may be made to the Company in writing, by e-mail, by fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.

③ The exercise of rights under paragraph 1 may be made through a legal representative of the data subject or an authorized agent. In this case, a power of attorney according to the form in Appendix 11 of the Notice on Personal Information Processing Methods (No. 2020-7) must be submitted.

④ Requests for access to personal information and suspension of processing may be restricted by the rights of data subjects under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

⑤ Requests for correction and deletion of personal information cannot request deletion if the personal information is specified as a collection target in other laws.

⑥ The Company confirms whether the person who requests access, correction, deletion, or suspension of processing is the person themselves or a legitimate agent.

Article 6 (Items of Personal Information Processed)

The Company processes the following personal information items:

  1. Website Membership Registration and Management
  • Required items: Email, password, name
  • Optional items: Contact information, address
  1. Provision of Travel Services
  • Required items: Email, name, payment information, passport information (for international travel)
  • Optional items: Contact information, address, travel preferences
  1. The following personal information items may be automatically generated and collected during the use of Internet services:
  • IP address, cookies, visit date and time, service usage records, device information

Article 7 (Destruction of Personal Information)

① The Company destroys the relevant personal information without delay when personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the processing purpose.

② If personal information needs to be preserved in accordance with other laws despite the expiration of the personal information retention period agreed upon by the data subject or the achievement of the processing purpose, the Company preserves the personal information by moving it to a separate database (DB) or changing the storage location.

③ The procedures and methods for destroying personal information are as follows:

  1. Destruction procedure
  • The Company selects personal information for which destruction reasons have occurred and destroys the personal information with the approval of the Company’s personal information protection officer.
  1. Destruction method
  • Information in electronic file form is processed using technical methods that cannot reproduce the records.
  • Personal information printed on paper is destroyed by shredding with a shredder or by incineration.

Article 8 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security of personal information:

  1. Administrative measures
  • Establishing and implementing internal management plans, regular employee training, etc.
  1. Technical measures
  • Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, etc., installation of security programs
  1. Physical measures
  • Access control for computer rooms, data storage rooms, etc.

Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

① The Company uses ‘cookies’ that store and retrieve usage information to provide individual customized services to users.

② A cookie is a small amount of information sent to the user’s computer browser by the server (http) used to operate the website and may be stored on the hard disk of the user’s PC computer.

  • Purpose of using cookies: They are used to provide optimized information to users by understanding the visiting and usage patterns of each service and website visited by users, popular search terms, secure connection status, etc.
  • Installation, operation, and refusal of cookies: You can refuse to store cookies through the option settings in the tools > Internet options > privacy menu at the top of your web browser.
  • If you refuse to store cookies, you may have difficulty using customized services.

Article 10 (Personal Information Protection Officer)

① The Company has designated a personal information protection officer as follows to be in charge of and responsible for personal information processing tasks and to handle complaints and damages from data subjects related to personal information processing:

  • Personal Information Protection Officer
  • Name: Yeon Sam-heum (筵三欽)
  • Position: Youth Protection Officer
  • Contact: +82-1599-1045, wia@wiatrip.com

② Data subjects may inquire about all personal information protection-related inquiries, complaints, and remedies for damages that occur while using the Company’s services (or business) to the personal information protection officer. The Company will respond to and handle inquiries from data subjects without delay.

Article 11 (Request for Access to Personal Information)

Data subjects may request access to personal information under Article 35 of the Personal Information Protection Act to the following department. The Company will endeavor to promptly process the data subject’s request for access to personal information.

  • Department receiving and processing requests for access to personal information
  • Department name: Customer Support Team
  • Person in charge: Personal Information Protection Manager
  • Contact: +82-1599-1045, wia@wiatrip.com

Article 12 (Remedies for Rights Infringement)

Data subjects may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, etc. to receive remedies for personal information infringement. Please contact the following agencies for reporting or consultation regarding other personal information infringement:

  1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
  2. Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
  3. Supreme Prosecutors’ Office: (without area code) 1301 (www.spo.go.kr)
  4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

For dispositions or omissions by the head of a public institution regarding requests based on the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act, those whose rights or interests have been infringed may request administrative appeals according to the Administrative Appeals Act.

※ For more information on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).

Article 13 (Changes to the Privacy Policy)

① This privacy policy is effective from February 26, 2025.

② Previous privacy policies can be viewed below:

  • Example: Applied from January 1, 2024 to February 25, 2025 (link)

Who we are

Our website address is: https://wiatrip.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When you contact us through our contact forms, we collect the information you provide to process your inquiries about our travel services. This information is used solely for the purpose of responding to your inquiry and is not shared with third parties.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Google Analytics to understand how visitors interact with our website. This helps us improve our services and provide a better user experience. Google Analytics uses cookies to collect information about your visit, including your IP address, which pages you visit, how long you spend on each page, and other information. This data is processed by Google and is subject to Google’s privacy policy.

Who we share your data with

We may share your personal data with third-party service providers that help us operate our travel services, such as payment processors, hotels, transportation providers, and tour operators. We only share the minimum information necessary for these providers to fulfill their services. All our partners are required to maintain the confidentiality and security of your data.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

For travel bookings and transactions, we retain your data for the period required by Korean law, typically 5 years for financial records.

What rights you have over your data

If you have an account on this site, or have made travel bookings, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

When you book international travel through our services, your necessary personal data may be transferred to relevant international partners such as hotels, airlines, and other service providers in your destination country.

Your contact information

For any privacy-related inquiries, please contact:

WIA Trip
Address: 5th Floor, 511-D01, 21 Magokjungang 6-ro, Gangseo-gu, Seoul
Phone: +82-1599-1045
Email: wia@wiatrip.com

Additional information

How we protect your data

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encrypted data transmission, secure server configurations, and limited access to personal information by our staff.

What data breach procedures we have in place

In the event of a data breach that might affect your personal information, we will notify you and the relevant authorities in accordance with applicable law. We have procedures in place to detect, report, and investigate such breaches and minimize any potential harm.

What third parties we receive data from

We may receive your personal information from third parties such as booking partners, travel agencies, and referral partners when you book our services through them. We treat this data with the same level of care as information collected directly from you.

What automated decision making and/or profiling we do with user data

We may use automated systems to analyze your preferences and booking patterns to provide personalized travel recommendations and offers. You can opt out of such personalized services by contacting our