1. Collection of Personal Information
Seoul City Tour ("Company") collects personal information necessary to process tour reservations, customer support requests, and service operations. Information collected may include:
- Customer name, email address, and phone number
- Tour reservation date and number of participants
- Hotel or pickup location provided by the customer
- Review information including name, rating, and content
- Automatically collected data such as IP address and cookies
- Marketing consent status and communication preferences
2. Purpose of Use of Personal Information
We use collected personal information for the following purposes:
- Processing, managing, and confirming tour reservations
- Customer communication regarding booking details and changes
- Sending reservation confirmations and post-tour review requests
- Processing payments and refunds
- Sending marketing emails and promotional content (only with prior consent)
- Improving service quality and resolving customer inquiries
3. Provision of Personal Information to Third Parties
The Company does not sell personal information to any third party. Information is shared only in the following circumstances:
- When necessary for tour operations (e.g., tour guide coordination)
- When required by legal authorities under applicable law
- When the customer has provided explicit prior consent
4. Entrustment of Personal Information Processing
The Company entrusts the processing of personal information to the following third-party service providers to operate our services. These providers are contractually obligated to handle data only for specified purposes and to implement appropriate security measures:
| Provider | Entrusted Task | Retention Period |
|---|
| Payro Co., Ltd. | Payment processing and foreign card settlement | Per applicable law / until withdrawal of consent |
| Cafe24 Corporation | Bulk email delivery for reservations and notifications | Until task completion or withdrawal of consent |
| Google Analytics | Website usage analytics and traffic measurement | Up to 26 months (per Google's data policy) |
5. Retention and Destruction of Personal Information
The Company retains personal information only for the period necessary to fulfill the purpose of collection, and promptly destroys it thereafter. The following retention periods apply:
| Category | Retention Period | Legal Basis |
|---|
| Tour reservation data | 1 year after tour completion | Company policy |
| Payment records | 5 years | Act on Consumer Protection in Electronic Commerce |
| Contract / subscription records | 5 years | Act on Consumer Protection in Electronic Commerce |
| Customer complaint / dispute records | 3 years | Act on Consumer Protection in Electronic Commerce |
| Marketing consent records | Until consent is withdrawn | Personal Information Protection Act (PIPA) |
Upon expiration of the retention period, personal information is destroyed without delay using methods that make recovery impossible (e.g., secure deletion for electronic files, shredding for physical documents).
6. Rights of Data Subjects and How to Exercise Them
Users and their legal representatives have the right to exercise the following rights at any time:
- Right to access — Request to view personal information held by the Company
- Right to rectification — Request correction of inaccurate or incomplete information
- Right to erasure — Request deletion of personal information
- Right to restriction — Request that processing be restricted under certain conditions
- Right to withdraw consent — Withdraw consent for marketing or data processing at any time
To exercise any of the above rights, please contact our Privacy Officer at mail@seoulcitytour.net. We will respond within 10 business days of receiving your request. Please note that certain legal obligations may limit our ability to delete some information.
7. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance user experience and analyze site traffic. We use the following types of cookies:
- Essential Cookies — Required for the website to function properly. Cannot be disabled.
- Analytics Cookies — Used via Google Analytics to understand how visitors interact with our site (e.g., pages visited, time on site). Data is aggregated and anonymized.
- Marketing Cookies — Used to deliver relevant advertisements and track the effectiveness of campaigns (only with your consent).
You may disable cookies at any time through your browser settings. Please note that disabling essential cookies may affect site functionality. For Google Analytics opt-out, you may install the Google Analytics Opt-out Browser Add-on.
8. Marketing Communications
The Company may send marketing emails, newsletters, or promotional content only to users who have provided explicit prior consent. Marketing emails are delivered via Cafe24 bulk web mail service.
- You may withdraw your marketing consent at any time by clicking the "Unsubscribe" link in any marketing email.
- Withdrawal of marketing consent does not affect the processing of reservation-related communications.
- Consent records are retained as required by applicable law.
9. Security Measures
We implement the following technical and administrative safeguards to protect your personal information:
- Encrypted communication via HTTPS/TLS for all data in transit
- Row-level access control and strict administrator authentication
- Industry-standard firewalls and intrusion detection systems
- Periodic security monitoring and vulnerability assessments
- Payment data processed exclusively through a certified foreign payment specialist (Payro Co., Ltd.)
10. Data Breach Notification
In the event of a personal data breach, the Company will promptly investigate the incident. Where required by applicable law (including Korea's Personal Information Protection Act and GDPR), affected users will be notified without undue delay, and the relevant supervisory authority will be informed within 72 hours of becoming aware of the breach.
11. Log Files and Analytics
We collect server log file information for system administration and service improvement. This includes:
- IP address and browser type
- Internet Service Provider (ISP)
- Date and time of visit
- Navigation paths and pages visited
This data is used solely for operational and statistical purposes and is not linked to personally identifiable information.
12. Data Storage and Technical Infrastructure
Your data is stored in a managed cloud database environment located in the Republic of Korea. We implement encrypted communication (HTTPS/TLS), row-level access control, and strict administrator authentication to ensure data integrity and confidentiality.
13. Review System and Public Information
Submitted reviews (author name, rating, and content) may be displayed publicly on our website. Personal contact details such as email addresses or phone numbers are never displayed to the public. By submitting a review, you consent to its public display. You may request removal of your review at any time by contacting our Privacy Officer.
14. International Users and Cross-Border Data Transfers
Our services are accessible to users worldwide, including those located in the European Economic Area (EEA). By using our website, international users consent to the processing and storage of their personal information in the Republic of Korea.
For users in the EEA, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
- Contract performance — Processing necessary to fulfill your tour reservation
- Legitimate interest — Improving service quality and security
- Consent — Marketing communications and non-essential cookies
- Legal obligation — Compliance with applicable laws
EEA users also have the right to lodge a complaint with their local data protection supervisory authority.
15. Children's Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If we become aware that personal information has been collected from a child without verified parental consent, we will take steps to delete that information promptly.
16. Limitation of Liability
While the Company takes all reasonable precautions to protect personal information, we are not liable for damages resulting from circumstances beyond our reasonable control, including force majeure events or sophisticated cyberattacks that occur despite our security measures.
17. Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Korea, including the Personal Information Protection Act (PIPA). Any disputes arising from this policy shall be subject to the jurisdiction of the competent courts of the Republic of Korea.
18. Policy Updates
This Privacy Policy may be updated periodically to reflect changes in our practices or applicable law. Any significant changes will be announced on our website with at least 7 days' advance notice prior to the effective date, to ensure full transparency.
19. Privacy Officer & Contact
For any requests regarding your personal data — including access, correction, deletion, or withdrawal of consent — please contact our designated Privacy Officer:
Company: Seoul City Tour Co., Ltd.
Representative: Do-Young Park
Business Registration No.: 101-86-38083
Address: Room 507, Hanaro Building, 194-4 Insadong, Jongno-gu, Seoul, Republic of Korea (03162)
TEL: +82-2-774-3345 | FAX: +82-2-774-8223
Customer Support (English / Korean): +82-10-8736-2140
Customer Support (Japanese): +82-10-4082-7451
Customer Support (Chinese): +82-10-5617-9039
Privacy Officer: Kang, Manager
We will acknowledge your request within 3 business days and provide a full response within 10 business days.
© 2004–2026 Seoul City Tour Co., Ltd. All rights reserved.
Business Registration No. 101-86-38083 | Room 507, Hanaro Building, 194-4 Insadong, Jongno-gu, Seoul, Republic of Korea