Enjoy telecommunication services with a rental phone without worrying about incoming call rate.
1. "Personal information" refers to the information pertaining to a living individual such as name, resident registration number and other image-related personal identification information (as long as it can serve as personal identifier when associated with other information, even though the information alone is not good enough to identify a specific individual).
2. T roaming I/B rental and the relevant services (hereinafter, the “Service”) deem customers’ personal information very important and therefore comply with personal information protection rules pursuant to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act. In addition, the “Service” notifies the customers of how and for what purposes their personal information will be used while making continuous efforts to protect customers’ personal information in an effective and active manner.
3. The personal information processing policy is disclosed on the main page of inbound services at the following website (www.sktroaming.com), making it easier for customers to read the content.
4. For the continuous improvement of personal information policy, the “Service” has necessary procedures in place to revise personal information processing policy.
5. If the personal information processing policy is revised, the revision will be disclosed on the main page of inbound services at its website (www.sktroaming.com) from 7 days before the implementation together with reasons for revision and details.
1. The following information are being collected and used as “required consent” items to provide essential services and “optional consent” to provide selective services according to customers’ individual needs and interests. The services can be used without optional consent.
2. Sensitive personal information that may infringe on basic human rights (race/ethnicity, ideology/faith, place of birth/legal domicile, political orientation, criminal records, health status, sexual life etc.) is not subject to collection.
|Required Items||Purpose of Collection/Use|
|Name||- To provide and respond to short-term mobile phone rental and the relevant services|
|Credit Card Information|
|Local or Overseas Contact Information|
|Passport, ID or Overseas License Number (1)|
|Optional Items||Purpose of Collection/Use|
|Name (English)||- For customers making a reservation at T Roaming IB Website (www.sktroaming.com)
- For customer authentication when a mobile phone or router is picked up at SKT roaming center following rental reservation
|Email address||- For customers making a reservation at T Roaming IB Website (www.sktraoming.com)
- For sending reservation confirmation, inquiring reservation details and sending urgent notifications regarding roaming pricing
|Overseas contact information|
3. The “Service” can collect and use auto-created information that can be collected without user consent pursuant to the relevant laws (i.e., the information that are automatically created upon service contract implementation such as logs, billing and payment records) and payment information (payment details, paid/overdue status, back payment etc.) for the purposes specified in the required consent items. With customers’ consent to the optional items, they can also be used for the specified purposes.
4. The personal information collected for the services can be processed into unidentifiable statistical data for use and provisioning.
The “Service” has a separate process for customer consent to personal information collection and use and let customers sign on the consent form. Once signing on the consent form, the customers will be deemed to have expressed their consent to personal information collection and use.
Customers have the right not to consent to personal information collection and use and there will be no disadvantages even though they choose not to consent. However if they do not consent to the required items, the services may not be available or service provisioning will be restricted according to the purpose of use.
The “Service” collects customers’ personal information via service application procedures.
To provide better services, customers’ personal information can be supplied to or shared with affiliated parties. Prior to supplying or sharing personal information, however, customers will be notified in advance via individual mails or emails to go through consenting process of who will be the affiliated parties, what kind of personal information will be supplied or shared, why such personal information need to be supplied or shared and by when and how the information will be protected or managed. Without customer consent, the information will not be supplied to or shared with affiliated parties. The same procedures will be repeated for notification and obtaining customer consent when affiliated relationship is modified or terminated.
B. Sale or M&A
If service provider’s rights and obligations need to be transferred to another party due to full or partial sale of the services, merger or inheritance etc., the developments will be notified to assure customers’ rights to personal information protection.
A. Personal information necessary for contractual implementation to provide services and yet substantially difficult to obtain consent for economic or technical reasons
B. If necessary for payment and settlement arising from the service provisioning
C. If regulated by other laws such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act, the Act on Real Name Financial Transactions and Guarantee of Secrecy, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act etc.
Note: Even if there are regulations in other laws and accordingly administrative or investigative authorities request the submission of customers’ personal information for administrative or investigative purposes, customers’ personal information will not be provided without conditions. Personal information will be provided in due process according to the legal provisions only with the issue of warrant or official letter of the authorities concerned.
For the commissioned personal information processing, the Service Agreement is signed to ensure that the commissioned party comply with laws and regulations relating to personal information protection and perform other obligations such as confidentiality of personal information, prohibition against supply to a third party, liabilities in case of incidents, commissioned period, return or discarding of personal information after processing.
• Commissioned Parties of Personal Information Processing for the Service
The list of commissioned parties is subject to change according to service changes or contractual period and changes will be notified in advance.
|Commissioned Party||Commissioned Services|
|Service Ace||- Processing service applications after collecting customer information when applications are made via roaming center
- Providing 50% rental price discount promotion to re-users after checking service reuse based on passport number/name/nationality
|Korea Health Industry Development Institute (KHIDI)||- Processing service applications after collecting customer information when mediphone rental service applications are made via affiliated hospitals|
Customers can view or modify their personal information according to the procedures established by the “Service.”
If a customer requests view, proof or modification of his/her customer information, the “Service” will sincerely respond to the customer’s request. If any personal information is found incorrect or retained longer than specified and therefore needs to be modified or deleted, the “Service” will do so without any delay.
Also, customers can withdraw their consent to personal information collection, use and provisioning according to the procedures established by the “Service.”
The Company can retain and use customers’ personal information for 188 days from service termination. The personal information will be discarded immediately in case of the followings: if a customer withdraws his/her consent to personal information collection and use; if the purpose of collection/use has been achieved or the retention/use period is elapsed; or if there are any justifiable reasons such as business closure.
Note: The personal information can be retained for a certain period of time if it is deemed necessary for payment and settlement, litigation or dispute purposes.
Also if it is necessary to retain customers’ personal information pursuant to the relevant laws such as the Commercial Law, the Framework Act on National Taxes, the Protection of Communications Secrets Act, the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., and the Use and Protection of Credit Information Act, the Company will retain the information for the period of time specified by the relevant laws. In this case, the Company will retain the information only for the specified purposes and the retention period will be as follows:
1. Records relating to credit information collection/processing and use: 3 years (Use and Protection of Credit Information Act)
2. Subscriber’s telecommunication date/time, start/end time, communication number, counterparty’s subscriber number, location tracking data for the information communication devices connected to the communication network that need to be presented as communication confirmation data: 12 months (Protection of Communications Secrets Act)
3. Logs and IP address etc. that need to be presented as communication confirmation data: 3 months (Protection of Communications Secrets Act)
Once the purpose of use is fulfilled, the personal information will be discarded irrevocably according to the retention and use period. The discarding procedures, methods and timing are as follows:
A. Discarding Procedures and Timing
Customers’ personal information registered upon service application will be deleted or discarded according to the Company’s internal policies and other relevant laws once the purpose of use is fulfilled, e.g., service termination. Generally, unless there are debtor and creditor relationships, customers’ personal information collected at the time of service application and managed in electronic forms will be deleted immediately after customer withdrawal from membership. However, the information can be retained for a specific period of time before being deleted if further retention is notified in advance and agreed by individual customers or if it is necessary under the relevant laws.
B. How to Discard
The personal information written down in application forms or printed out in papers will be shredded by a shredder, incinerated or dissolved via chemical treatment; the personal information stored in electronic forms will be deleted using technologies to make it irreproducible.
If personal information collection/use/provisioning is subject to a minor aged 14 or younger, the Company needs to obtain consent from his/her legal representative according to the relevant laws. In this case, the Company may request the child to submit minimal information on his/her legal representative such as name etc. to obtain consent.
The legal representative of a minor aged 14 or younger can request view, modification and deletion of the child’s personal information and upon such a request, the Company will take necessary actions immediately.
Customers must enter up-to-date and correct personal information to prevent any inadvertent incidents. Customers will be held liable for any incidents arising from incorrect information entry and they can disqualify for membership if they enter false information including an illegal use of other’s name.
Customers have the rights to personal information protection while at the same time having the obligations to protect their own information and not to violate others’. Customers need to be very careful not to make their own personal information (e.g., password) leaked out or violate others’ personal information such as postings. If they fail to fulfill these obligations or infringe on others’ information, they can be penalized pursuant to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Personal information auto collection devices are not in use.
2. If full or partial services are transferred to another party or the rights and obligations need to be transferred due to merger or inheritance, the developments will be notified to customers individually via mail or email and the same will also be announced concurrently on the main page of inbound website (www.sktroaming.com) for not less than 30 days. However, if customer contact address is not identifiable without negligence or if there are any justifiable reasons such as natural disasters, mail or email notification can be replaced with the main page disclosure at the inbound website (www.sktroaming.com).
3. To obtain consent from the legal representative of a minor aged 14 or younger with regard to personal information collection, use or provisioning to a third party, the personal information processing policy can be notified to the legal representative in various ways: by phone, fax or mail; let the child deliver the details to his/her legal representative; sending an email to the legal representative with a hyperlink connected to the personal information processing policy of the website (www.skitroaming.com); or by way of other reasonable methods to inform the policy to the legal representative (e.g., mobile phone authentication etc.).
The “Service” is applying technological and administrative measures to protect customer’s personal information.
A. Technological Measures
The “Service” is applying the following technologies to secure safety in processing customer’s personal information to make sure that they are not lost, stolen, divulged, forged, falsified or damaged:
- Personal information is encrypted for file or data transmission and critical data is protected with additional security features using file lock functions.
- The “Service” is using vaccine programs to avoid damages from computer viruses. The vaccine programs are updated periodically and if a new virus emerges, the vaccine will be provided immediately after its release to preclude any violation of personal information.
-Intrusion prevention system and vulnerability analysis system are in place for each server to prevent against external attacks like hacking and ensure system security.
B. Administrative Measures
The major systems and equipment operated by the “Service” have acquired certifications from external professional organizations such as certification for information protection management system, ensuring safe protection of personal information.
The “Service” has customer information access and management procedures in place, making sure that its employees are well informed of and comply with them.
Only a minimum number of human resources are authorized to access customer information. The authorized personnel include the followings:
- Marketing personnel directly dealing with users
- Personal Information Protection Supervisor and Officer in charge of personal information protection duties
- Other personnel who need to handle personal information for business purposes
- In case of computer-based customer information processing, the “Service” designates the personnel authorized to access customer information and assigns them ID and password for data access with regular password update.
- Regular in-house trainings and third-party commissioned trainings are provided to the employees dealing with personal information with regard to new security technologies and personal information protection duties.
-New employees need to sign on information security pledge or personal information protection pledge to prevent against information leakage. Internal procedures are also in place to audit the implementation of personal information processing policy and employee compliance.
- Upon resignation, employees need to sign on confidentiality pledge to make sure that any personal information attained at work not be damaged, violated or divulged.
- Functional takeover of personal information processing personnel is conducted under the strictly secure environment and they are held liable for any incidents associated with personal information after recruitment and resignation.
- IT room and data storage room are designated as special protection areas with access control implemented.
- When payment information such as customer credit card number and bank account number are collected for service agreement or service provisioning, necessary measures are taken for customer authentication.
- The Company is not liable for any incidents arising from individual users’ mistakes or underlying risks pertaining to the Internet. Each customer is responsible for the protection of their own personal information with appropriate management of their ID and password.
- In addition, easy-to-guess passwords should be avoided and passwords should be changed periodically.
- Especially if our website is accessed from a public PC, customers need to log out and close our website before moving on to another website. Otherwise, customer information such as ID and password can be vulnerable to exposure via another browser.
- If there are any incidents relating to personal information loss, leakage, falsification, manipulation or damage due to the mistakes of internal administrator or technological/administrative errors, the “Service” will immediately inform customers of such developments and take appropriate actions including compensations.
The Company deems customer feedbacks very important. For any inquiries, please contact our customer center. We will promptly get back to you. Refer to the following contact details of customer center:
ㅇ Phone : 02-6343-9000 (T roaming customer center)
ㅇ Cyber : Inquiries can be made at www.tworld.co.kr via customer center.
The Company is makings its best efforts to protect personal information, making sure that customers can use the services safely. If any personal information incident occurs in violation of what’s been notified to customers, Personal Information Protection Supervisor will take all the responsibilities. Personal Information Processing Supervisor and Officer are as follows and they will address any personal information related inquiries in a prompt and sincere manner:
Personal Information Protection Supervisor: Jae-won Lee
Personal Information Protection Officer: Soi Kim
Responsible Department: Affiliation & Roaming Business Team
With regard to personal information collection, use and provisioning for a minor aged 14 or younger (hereinafter, the “child”), the Company is taking protective measures to ensure that the child and his/her legal representative are not disadvantaged from the child’s personal information.
In case of the following activities with regard to the child’s personal information, the Company will obtain consent from the child’s legal representative:
2. If a party having received the child’s personal information uses it for any purposes not originally intended or supplies it to a third party
The Company may request minimal information to obtain the legal representative’s consent such as name and contact information. With regard to personal information collection, use or provisioning and consent from legal representative, the Company will notify the child in easily understandable expressions.
The Company will not use the legal representative’s personal information collected to obtain his/her consent for any purposes other than confirming the legal representative’s consent nor supply it to a third party.
The “Service” will not send any for-profit advertising information without customers’ prior consent.
In order to send advertising information via electronic media to conduct customer-oriented marketing activities such as new products or event promotions, the “Service” will obtain customers’ prior consent to receive such advertising information and the title and main text of electronic media will indicate explicitly what it is for, making sure that customers understand it is advertising information.
Title: The title must start with the phrase (Advertising) or (Advertising for Adults) without any space in Korean, followed by the main message in the body. If for-profit advertising information is delivered via an electronic media where it is difficult to indicate that it is for advertising in the title section, necessary actions will be taken, e.g., indicating sender’s name.
Customers’ consent to receive advertising information, consent not to receive it, or withdrawal from the consent to receive it will be notified to the customers within 14 days from the event occurrence. Not only that, customers’ consent to receive advertising information will be confirmed every two years from the initial consent.
The personal information of customers who haven’t used the services for one year will be stored separately or discarded.
The criterion for the services not being used for one year is as follows:
- Customers having not used T roaming I/B rental services for one year
Customers will be notified of the aforementioned separate storage or discarding of their personal information 30 days before the implementation date. Note that the individual notification will be replaced by this personal information processing policy if customer contact details were not collected.
The revised version of personal information processing policy will take effect from October 2016.