1. General Provisions

TRNVL (hereinafter "Company") complies with relevant laws such as the 「Personal Information Protection Act」 and the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.」, and does its best to safely manage users' personal information. This Privacy Policy explains how users' personal information is collected, used, stored, and destroyed in relation to the use of the website and services (hereinafter "Services") provided by the Company.

2. Personal Information Items Collected and Collection Methods

① Personal Information Items Collected

• During membership registration: Name, ID (email), password, mobile phone number, nationality, language, country of residence, etc.
• During reservation/payment: Reservation and guest/user information (name, contact information), payment method information (card company, partial card number, authorization number, etc.), receipt issuance information
• When using customer center: Inquiry content, email address, contact information, service usage records, consultation records
• When participating in marketing/events (optional): Name, contact information, email, SNS account, survey responses, etc.
• Automatically collected items: Service usage records, access logs, IP address, cookies, access device information (browser information, OS, device model name, etc.)

② Personal Information Collection Methods

• Website membership registration, reservation/payment pages, customer center inquiries/chat
• Event/promotion pages, surveys
• Information automatically generated and collected during service use

3. Purpose of Collecting and Using Personal Information

The Company uses the collected personal information for the following purposes.

• Member identification, sub ion confirmation, identity verification, and maintenance/management of service use qualifications
• Reservation and payment for travel/tour/hotel/beauty/vehicle/guide products, confirmation and notification of reservation details
• Providing customer support services such as handling customer inquiries, complaints, and delivering announcements
• Service usage statistics, usage pattern analysis, development of new services and improvement of existing services
• Providing event/promotion/advertising information (only with consent)
• Restricting use for members who violate laws and terms, dispute resolution, civil complaint handling, compliance with legal obligations

4. Retention and Use Period of Personal Information

In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is achieved. However, it may be retained exceptionally in the following cases.

① Retention by Company Internal Policy

• Records for preventing fraudulent use, dispute resolution, complaint handling, etc.: Up to 1 year after membership withdrawal

② Retention by Related Laws

• Records on contracts or sub ion withdrawal: 5 years
• Records on payment and supply of goods: 5 years
• Records on consumer complaints or dispute resolution: 3 years
• Records on labeling and advertising: 6 months
• Access records in e-commerce: 3 months

5. Provision of Personal Information to Third Parties

In principle, the Company does not provide users' personal information to outside parties. However, it may be provided exceptionally in the following cases, and in such cases, the procedures and standards prescribed by relevant laws are observed.

• When the user has explicitly consented to provision to third parties in advance
• When required by law or when requested by investigative agencies/supervisory agencies through procedures prescribed by law
• When provided to reservation target businesses (hotels, hospitals, tour operators, vehicle/guide companies, etc.) within the scope inevitably necessary for service provision

6. Entrustment of Personal Information Processing

The Company may entrust part of the personal information processing work to external specialized companies to improve services. When entrusting, the Company enters into an entrustment contract in accordance with relevant laws and manages and supervises to ensure that personal information is processed safely.

※ The actual names of entrusted companies and entrusted work details will be separately announced and reflected in this policy when confirmed.

7. Rights of Users and Legal Representatives and How to Exercise Them

• Users can request to view, modify, delete, or suspend processing of their personal information at any time.
• Users can request deletion of personal information through membership withdrawal, and the Company retains and destroys it within the scope prescribed by relevant laws.
• For children under 14 years of age, legal representatives can request viewing, correction, deletion, and suspension of processing of the child's personal information.
• Rights can be exercised through procedures determined by the Company such as customer center or email, and the Company will take necessary measures without delay.

8. Procedures and Methods for Destroying Personal Information

The Company destroys the information without delay when the personal information retention period has expired or the processing purpose has been achieved.

① Destruction Procedures

• When a user requests withdrawal or the retention period expires, it is retained for a certain period according to internal policies and related laws and then destroyed.

② Destruction Methods

• Electronic file format: Permanently deleted safely in a way that recovery and reproduction are impossible
• Paper documents: Destruction through shredding or incineration

9. Measures to Ensure Safety of Personal Information

The Company takes the following protective measures to safely manage users' personal information.

• Managing access rights to personal information and restricting to minimum personnel
• Encrypted storage of passwords and important information
• Retention of access records and measures to prevent forgery and alteration
• Installation of antivirus software and operation of security programs
• Regular security inspections and personal information protection training for executives and employees

10. Guide on Use and Refusal of Cookies

The Company may use cookies to provide more appropriate and useful services to users. Users can refuse or delete cookie storage through browser settings.

• Cookies are small text files stored on the user's device and can store access records and preference settings.
• Users can choose whether to allow cookies through browser option settings.

11. Personal Information Protection Officer and Contact Information

The Company designates a Personal Information Protection Officer as follows to collect user opinions and handle complaints related to personal information processing.

• Personal Information Protection Officer: (To be filled in later)
• Email: (To be filled in later)
• Customer Center: (To be filled in later)

For other reports or consultations on personal information infringement, you can contact related organizations such as the Personal Information Protection Commission and the Police Cyber Crime Report System.

12. Changes to Privacy Policy

This Privacy Policy may be revised according to changes in relevant laws, company policies, and service content, and the Company will announce in advance through website announcements when there are changes.

Announcement Date: 2025-01-01
Effective Date: 2025-01-01