Privacy Policy
TripMoney Co., Ltd. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws and regulations to protect the rights of data subjects, and processes and safely manages personal information legally. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, we hereby establish and disclose the following personal information processing policy to inform data subjects of the procedures and standards for processing and protecting personal information and to promptly and smoothly handle any complaints related thereto.
1. Purpose of personal information processing, items, and retention period
① The company collects and processes the minimum amount of personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following. If the purpose of use changes, necessary measures, such as obtaining separate consent, will be taken in accordance with Article 18 of the Personal Information Protection Act.
② The purpose of processing personal information files registered and disclosed by the company in accordance with Article 32 of the Personal Information Protection Act is as follows.
| Division | Purpose | Information collection items | Legal basis | Retention period |
|---|---|---|---|---|
| Currency exchange service | Identity identification and transaction history management for unmanned currency exchange services | (Required) Name, Resident Registration Number, Passport Number, Nationality, Gender, Date of Birth, Image at the Time of Exchange | Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Performance of Contract) | 5 years from the transaction date |
| Complaint handling | Confirmation of inquiries, requests, and inconveniences and response to processing results | (Required) Name, email address, phone number | ||
| Korea currency exchange | Daily limit management and customs reporting | (Required) Passport number, name, date of birth, passport expiration date, gender, copy of real name verification certificate | ||
| Foreign currency exchange | Daily limit management and customs reporting | (Required) Passport number, name, date of birth, passport expiration date, gender, resident registration number, driver's license number, copy of real name verification certificate | ||
| Purchase a prepaid card | Prepaid card purchase and customs office reporting (currency exchange history) | (Required) Passport number, name, date of birth, passport expiration date, gender, copy of real name verification certificate | ||
| Prepaid card recharge | Prepaid card recharge and customs office reporting (currency exchange history) | (Required) Passport number, name, date of birth, passport expiration date, gender, prepaid card number, copy of real name verification certificate | ||
| Prepaid card withdrawal | Prepaid card withdrawal | (Required) Prepaid card number | ||
| Mobile gift certificate | Purchase gift certificates | (Required) Passport number, name, date of birth, passport expiration date, gender, copy of real name verification certificate | Article 15, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act (Consent of the Data Subject) Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Performance of a Contract) | |
| Prevention of fraudulent use and identification of persons of interest under the Specific Financial Information Act | Prevention of fraudulent use and identification of persons of interest under the Specific Financial Information Act | (Required) Name, resident registration number, passport number, nationality, gender, date of birth, copy of real name verification certificate | Article 15, Paragraph 1, Subparagraph 4 of the Personal Information Protection Act (Performance of Contract) | 5 years from the transaction date |
2. Personal information processing and retention period
① The company processes and retains personal information within the retention and use period of personal information stipulated by law or agreed upon by the information subject at the time of collection of personal information.
② The processing and retention periods for each piece of personal information are as follows.
| Detail | Reason | Period |
|---|---|---|
| Records of contract or subscription cancellation, payment, and supply of goods, etc. | Electronic Commerce Act | 5 years |
| Records of consumer complaints or dispute resolution | Electronic Commerce Act | 3 years |
| Books and supporting documents for all transactions stipulated by tax laws | National Tax Basic Act | 5 years |
| Records of electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Records regarding identity verification | Information and Communications Network Act | 6 months |
| Records of collection, processing, and use of credit information | Credit Information Act | 3 years |
| Documents that can verify the actual name of the counterparty to a currency exchange transaction | Specific Financial Information Act | 5 years |
| Currency exchange transaction data | Foreign Exchange Transactions Act, Specific Financial Information Act | 5 years |
3. Matters concerning the procedures and methods for destroying personal information
① When personal information becomes unnecessary, such as when the retention period for personal information has expired or the processing purpose has been achieved, the company destroys the personal information without delay.
② If the personal information retention period has expired or the processing purpose has been achieved, but the personal information must be retained in accordance with other laws and regulations, the personal information will be transferred to a separate database (DB) or stored in a different location.
③ Procedures and methods for destroying personal information are as follows.
1) Destruction Procedure The company selects personal information for which a reason for destruction has arisen and destroys the personal information after receiving approval from the company's personal information protection officer.
2) Destruction Method The company destroys personal information recorded and stored in electronic file formats so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incinerating them.
4. Provision of personal information to third parties
① The company processes the personal information of the data subject only within the scope specified in the purpose of processing personal information, and provides personal information to third parties only in cases falling under Articles 15, 17, and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special provisions of the law. In other cases, the company does not provide the personal information of the data subject to third parties.
② The company may provide personal information to relevant organizations without the consent of the data subject as follows.
| Service | Recipient | Purpose of provision | Provided items | Retention period | Related evidence |
|---|---|---|---|---|---|
| TripMoney Service (unmanned currency exchange machine) | Korea Customs Service | Exchange ledger report | Name, unique identification information (passport number, resident registration number), nationality | 5 years from the transaction date | Article 17 of the Personal Information Protection Act |
5. Entrustment of personal information processing
① In order to ensure smooth processing of personal information, the company entrusts the processing of personal information as follows.
| Service | Fiduciary | Details of consignment work |
|---|---|---|
| TripMoney (unmanned currency exchange machine) | Kona I EZL | Prepaid card purchase/recharge Prepaid card withdrawal |
② When concluding a consignment contract, the company, in accordance with Article 26 of the Personal Information Protection Act, specifies in the contract or other documents matters related to the prohibition of processing personal information for purposes other than the performance of the consigned work, technical and administrative protective measures, restrictions on re-consignment, management and supervision of the consignee, and liability for damages, and supervises whether the consignee safely processes personal information.
③ In accordance with Article 26, Paragraph 6 of the Personal Information Protection Act, if the trustee re-entrusts the company with the processing of personal information, the company's consent is obtained.
④ If there is a change in the content of the consignment work or the consignee, we will disclose it without delay through this personal information processing policy.
6. Measures to ensure the security of personal information
The company is taking the following measures to ensure the security of personal information.
- Management measures: Establishment and implementation of internal management plans, operation of dedicated organizations, and regular employee training
- Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs
- Physical measures: Access control to computer rooms, archives, etc.
7. How to exercise the rights and obligations of the personal information protection manager, data subject, and legal representative
① The data subject may exercise his/her rights (hereinafter referred to as "exercise of rights"), including requesting access to, correction of, deletion of, suspension of processing of, or withdrawal of personal information, and requesting refusal or explanation of automated decisions, at any time.
② Rights may be exercised against the company through written documents, e-mail, facsimile transmission (FAX), etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ Rights may be exercised through a proxy, such as the data subject's legal representative or authorized representative. In this case, a power of attorney in the format of Appendix 11 of the "Notice on Personal Information Processing Methods" must be submitted.
④ The data subject's right to request access to and suspension of processing of personal information may be restricted under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ If personal information is specified as a subject of collection in other laws, you cannot request deletion of the personal information.
⑥ The data subject has consented to the fact that an automated decision will be made, has been notified in advance through a contract or other means, or is otherwise explicitly stipulated by law, refusal of the automated decision is not permitted, and only requests for explanation and review are permitted. - Furthermore, requests for refusal or explanation of an automated decision may be rejected if there is a legitimate reason, such as a risk of unjustified infringement on the life, body, property, or other interests of another person.
⑦ The company verifies whether the person exercising the right is the person himself or a legitimate agent.
⑧ The company may exercise its rights by contacting the departments listed below. The company will strive to ensure that data subjects' rights are promptly processed.
⑨ The company is responsible for overall management of personal information processing and has designated a personal information protection officer as follows to handle complaints and provide remedies to data subjects related to personal information processing.
▶ Personal Information Protection Manager - Name: Kim Jun-ki - Affiliation: Operations Headquarters / Managing Director - Email: info@tripmoney.kr
▶ Personal Information Protection Department (Department responsible for receiving and processing requests for access, etc.) - Department name: Service Development Team - Contact: (82)2-6959-3701 - Email: info@tripmoney.kr
⑩ The data subject may inquire about any personal information protection-related matters, including inquiries, complaints, and damage relief, that arise while using the company's services, to the personal information protection officer or responsible department. The company will promptly respond and process inquiries from the data subject.
8. Methods of Redress for Rights Infringement
① Data subjects may seek redress for personal information infringement by filing dispute resolution or consultation requests with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, or other organizations. For other inquiries regarding reporting or consultation on personal information infringement, please contact the organizations listed below.
1) Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2) Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
3) Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
4) National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
② The company guarantees the data subject's right to self-determination of personal information and strives to provide consultation and relief for damages resulting from personal information infringement. If you need to report or consult, please contact the department in charge below.
9. Operation and management of fixed video information processing equipment
| Service | Number of installations | Purpose of provision | Shooting time | Retention period | Storage location |
|---|---|---|---|---|---|
| TripMoney (Unmanned currency exchange machine) | 1 unit inside the device | Facility safety, fire prevention, theft, damage, and accident prevention | 24 hours | 30 days | Inside the kiosk machine |
① Basis for installation of fixed video information processing equipment, purpose of installation, number of units installed, installation location, and shooting range The company installs and operates fixed video information processing equipment for the following purposes in accordance with Article 25, Paragraph 1 of the Personal Information Protection Act.
※ Processing method: Permanently deleted in a way that makes restoration impossible when the storage period expires
② Personal video information management officer and measures to be taken in response to requests for confirmation method, location, and access to information.
1. In order to protect personal video information and handle complaints related to personal video information, we have appointed a personal video information manager and access authority as follows.
2. Verification method: You can verify by contacting the personal video information manager in advance and visiting this institution.
3. If you wish to view, confirm the existence of, or delete your personal video information, you may request it from the operator of the fixed video information processing device at any time. However, this request is limited to personal video information recorded by you.
| Department in charge | Manager | Contact |
|---|---|---|
| Research and Development Team | Research and Development Team Leader | (82)2-6959-3701 |
4. If you request to view, confirm the existence of, or delete personal video information, this organization will take the necessary measures without delay.
③ Measures to ensure the security Personal video information processed by this organization is securely managed through encryption and other measures. Furthermore, as an administrative measure to protect personal video information, this organization grants differentiated access rights to personal information. To prevent forgery or alteration of personal video information, the organization records and manages the creation date, purpose of viewing, viewer, and viewing date and time. Furthermore, locking devices are installed to ensure the physical security of personal video information.
10. Changes to the Privacy Policy
① This privacy policy applies from October 1, 2025.