Personal Information Processing Policy
Enjoy telecommunication services with a rental phone without worrying about incoming call rate.
1. "Personal information" refers to the information pertaining to a living individual such as name, resident registration number and other image-related personal identification information (as long as it can serve as personal identifier when associated with other information, even though the information alone is not good enough to identify a specific individual).
2. T roaming I/B rental and the relevant services (hereinafter, the “Service”) deem customers’ personal information very important and therefore comply with personal information protection rules pursuant to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act. In addition, the “Service” notifies the customers of how and for what purposes their personal information will be used while making continuous efforts to protect customers’ personal information in an effective and active manner.
3. The personal information processing policy is disclosed on the main page of inbound services at the following website (www.skroaming.com), making it easier for customers to read the content.
4. For the continuous improvement of personal information policy, the “Service” has necessary procedures in place to revise personal information processing policy.
5. If the personal information processing policy is revised, the revision will be disclosed on the main page of inbound services at its website (www.skroaming.com) from 7 days before the implementation together with reasons for revision and details.
1. The following information are being collected and used as “required consent” items to provide essential services and “optional consent” to provide selective services according to customers’ individual needs and interests. The services can be used without optional consent.
2. Sensitive personal information that may infringe on basic human rights (race/ethnicity, ideology/faith, place of birth/legal domicile, political orientation, criminal records, health status, sexual life etc.) is not subject to collection.
| Offline compulsory agreement item | Purpose of Collection/Use |
|---|---|
| Name | - To provide and respond to short-term mobile phone rental and the relevant services |
| Credit Card Information | |
| Nationality | |
| Domestic or overseas contact information | |
| Passport, ID or Overseas License Number (1) |
| Online compulsory agreement item | Purpose of Collection/Use |
|---|---|
| Name (English) | - For customers making a reservation at T Roaming IB Website (www.skroaming.com) - For customer authentication when a mobile phone or router is picked up at SKT roaming center following rental reservation |
| Email address | - For customers making a reservation at T Roaming IB Website (www.sktraoming.com) - For sending reservation confirmation, inquiring reservation details and sending urgent notifications regarding roaming pricing |
| Domestic or overseas contact information | |
| Nationality | - Available for customers purchasing eSIM from the T Roaming IB website (www.skroaming.com) - This is required for verifying identification when purchasing eSIM |
| Passport No. |
3. The “Service” can collect and use auto-created information that can be collected without user consent pursuant to the relevant laws (i.e., the information that are automatically created upon service contract implementation such as logs, billing and payment records) and payment information (payment details, paid/overdue status, back payment etc.) for the purposes specified in the required consent items. With customers’ consent to the optional items, they can also be used for the specified purposes.
4. The personal information collected for the services can be processed into unidentifiable statistical data for use and provisioning.
The “Service” has a separate process for customer consent to personal information collection and use and let customers sign on the consent form. Once signing on the consent form, the customers will be deemed to have expressed their consent to personal information collection and use.
Customers have the right not to consent to personal information collection and use and there will be no disadvantages even though they choose not to consent. However if they do not consent to the required items, the services may not be available or service provisioning will be restricted according to the purpose of use.
“Service” collects personal information by “Online booking” through website and the process of receiving the relevant information as a “Use application form” from each customer.
1. The “Service” will use customers’ personal information within the scope specified in the service application form, terms of use, and the personal information items and purpose of collection/use in this personal information processing policy and will not use or supply it to a third party (individual or institution) beyond the specified scope. But, in case of the following circumstances, personal information may be used or supplied cautiously:
A. Affiliation
To provide better services, customers’ personal information can be supplied to or shared with affiliated parties. Prior to supplying or sharing personal information, however, customers will be notified in advance via individual mails or emails to go through consenting process of who will be the affiliated parties, what kind of personal information will be supplied or shared, why such personal information need to be supplied or shared and by when and how the information will be protected or managed. Without customer consent, the information will not be supplied to or shared with affiliated parties. The same procedures will be repeated for notification and obtaining customer consent when affiliated relationship is modified or terminated.
B. Sale or M&A
If service provider’s rights and obligations need to be transferred to another party due to full or partial sale of the services, merger or inheritance etc., the developments will be notified to assure customers’ rights to personal information protection.
2. The “Service” will not use customers’ personal information or supply it to a third party beyond the scope notified to customers at the time of personal information collection or specified in the terms of use. However, exceptions may apply with customer consent or in case of the followings:
A. Personal information necessary for contractual implementation to provide services and yet substantially difficult to obtain consent for economic or technical reasons
B. If necessary for payment and settlement arising from the service provisioning
C. If regulated by other laws such as the Protection of Communications Secrets Act, the Framework Act on National Taxes, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act, the Act on Real Name Financial Transactions and Guarantee of Secrecy, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act etc.
Note: Even if there are regulations in other laws and accordingly administrative or investigative authorities request the submission of customers’ personal information for administrative or investigative purposes, customers’ personal information will not be provided without conditions. Personal information will be provided in due process according to the legal provisions only with the issue of warrant or official letter of the authorities concerned.
| Commissioned Party | Commissioned Services |
|---|---|
| Service Ace | - Processing service applications after collecting customer information when applications are made via roaming center - Providing 50% rental price discount promotion to re-users after checking service reuse based on passport number/name/nationality |
| CreamHouse | - Building up the website and operation |
| SK inc. | - Operation of customer management system |
Customers can view or modify their personal information according to the procedures established by the “Service.”
If a customer requests view, proof or modification of his/her customer information, the “Service” will sincerely respond to the customer’s request. If any personal information is found incorrect or retained longer than specified and therefore needs to be modified or deleted, the “Service” will do so without any delay.
Also, customers can withdraw their consent to personal information collection, use and provisioning according to the procedures established by the “Service.”
The Company can retain and use customers’ personal information for 182` days from service termination. The personal information will be discarded immediately in case of the followings: if a customer withdraws his/her consent to personal information collection and use; if the purpose of collection/use has been achieved or the retention/use period is elapsed; or if there are any justifiable reasons such as business closure.
Note: The personal information can be retained for a certain period of time if it is deemed necessary for payment and settlement, litigation or dispute purposes.
Also if it is necessary to retain customers’ personal information pursuant to the relevant laws such as the Commercial Law, the Framework Act on National Taxes, the Protection of Communications Secrets Act, the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., and the Use and Protection of Credit Information Act, the Company will retain the information for the period of time specified by the relevant laws. In this case, the Company will retain the information only for the specified purposes and the retention period will be as follows:
1. Records relating to credit information collection/processing and use: 3 years (Use and Protection of Credit Information Act)
2. Subscriber’s telecommunication date/time, start/end time, communication number, counterparty’s subscriber number, location tracking data for the information communication devices connected to the communication network that need to be presented as communication confirmation data: 12 months (Protection of Communications Secrets Act)
3. Logs and IP address etc. that need to be presented as communication confirmation data: 3 months (Protection of Communications Secrets Act)
Once the purpose of use is fulfilled, the personal information will be discarded irrevocably according to the retention and use period. The discarding procedures, methods and timing are as follows:
A. Discarding Procedures and Timing
Customers’ personal information registered upon service application will be deleted or discarded according to the Company’s internal policies and other relevant laws once the purpose of use is fulfilled, e.g., service termination. Generally, unless there are debtor and creditor relationships, customers’ personal information collected at the time of service application and managed in electronic forms will be deleted immediately after customer withdrawal from membership. However, the information can be retained for a specific period of time before being deleted if further retention is notified in advance and agreed by individual customers or if it is necessary under the relevant laws.
B. How to Discard
The personal information written down in application forms or printed out in papers will be shredded by a shredder, incinerated or dissolved via chemical treatment; the personal information stored in electronic forms will be deleted using technologies to make it irreproducible.
If personal information collection/use/provisioning is subject to a minor aged 14 or younger, the Company needs to obtain consent from his/her legal representative according to the relevant laws. In this case, the Company may request the child to submit minimal information on his/her legal representative such as name etc. to obtain consent.
The legal representative of a minor aged 14 or younger can request view, modification and deletion of the child’s personal information and upon such a request, the Company will take necessary actions immediately.
Customers must enter up-to-date and correct personal information to prevent any inadvertent incidents. Customers will be held liable for any incidents arising from incorrect information entry and they can disqualify for membership if they enter false information including an illegal use of other’s name.
Customers have the rights to personal information protection while at the same time having the obligations to protect their own information and not to violate others’. Customers need to be very careful not to make their own personal information (e.g., password) leaked out or violate others’ personal information such as postings. If they fail to fulfill these obligations or infringe on others’ information, they can be penalized pursuant to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Personal information auto collection devices are not in use.
1. If the “Service” intends to use customers’ personal information or supply it to a third party beyond the scope notified at the time of personal information collection, or specified in the terms of use or this personal information processing policy, customers will be notified in advance via individual mail, email or telephone for them to provide their consent. If a third party is commissioned for customers’ personal information collection, retention, processing, use, provisioning, managing or discarding, the facts will be notified to customers via application form, terms of use and personal information processing policy disclosed on the website.
2. If full or partial services are transferred to another party or the rights and obligations need to be transferred due to merger or inheritance, the developments will be notified to customers individually via mail or email and the same will also be announced concurrently on the main page of inbound website (www.skroaming.com) for not less than 30 days. However, If notification in writing or by e-mail is not possible without negligence of the company due to having no domestic or overseas contact information of customers or due to natural disasters or other justifiable reasons, it may be shown on the homepage of the Inbound website (www.skroaming.com).
3. To obtain consent from the legal representative of a minor aged 14 or younger with regard to personal information collection, use or provisioning to a third party, the personal information processing policy can be notified to the legal representative in various ways: by phone, fax or mail; let the child deliver the details to his/her legal representative; sending an email to the legal representative with a hyperlink connected to the personal information processing policy of the website (www.skitroaming.com); or by way of other reasonable methods to inform the policy to the legal representative (e.g., mobile phone authentication etc.).
The “Service” is applying technological and administrative measures to protect customer’s personal information.
A. Technological Measures
The “Service” is applying the following technologies to secure safety in processing customer’s personal information to make sure that they are not lost, stolen, divulged, forged, falsified or damaged:
- Personal information is encrypted for file or data transmission and critical data is protected with additional security features using file lock functions.
- The “Service” is using vaccine programs to avoid damages from computer viruses. The vaccine programs are updated periodically and if a new virus emerges, the vaccine will be provided immediately after its release to preclude any violation of personal information.
-Intrusion prevention system and vulnerability analysis system are in place for each server to prevent against external attacks like hacking and ensure system security.
B. Administrative Measures
The major systems and equipment operated by the “Service” have acquired certifications from external professional organizations such as certification for information protection management system, ensuring safe protection of personal information.
The “Service” has customer information access and management procedures in place, making sure that its employees are well informed of and comply with them.
Only a minimum number of human resources are authorized to access customer information. The authorized personnel include the followings:
- Marketing personnel directly dealing with users
- Personal Information Protection Supervisor and Officer in charge of personal information protection duties
- Other personnel who need to handle personal information for business purposes
- In case of computer-based customer information processing, the “Service” designates the personnel authorized to access customer information and assigns them ID and password for data access with regular password update.
- Regular in-house trainings and third-party commissioned trainings are provided to the employees dealing with personal information with regard to new security technologies and personal information protection duties.
-New employees need to sign on information security pledge or personal information protection pledge to prevent against information leakage. Internal procedures are also in place to audit the implementation of personal information processing policy and employee compliance.
- Upon resignation, employees need to sign on confidentiality pledge to make sure that any personal information attained at work not be damaged, violated or divulged.
- Functional takeover of personal information processing personnel is conducted under the strictly secure environment and they are held liable for any incidents associated with personal information after recruitment and resignation.
- IT room and data storage room are designated as special protection areas with access control implemented.
- When payment information such as customer credit card number and bank account number are collected for service agreement or service provisioning, necessary measures are taken for customer authentication.
- The Company is not liable for any incidents arising from individual users’ mistakes or underlying risks pertaining to the Internet. Each customer is responsible for the protection of their own personal information with appropriate management of their ID and password.
- In addition, easy-to-guess passwords should be avoided and passwords should be changed periodically.
- Especially if our website is accessed from a public PC, customers need to log out and close our website before moving on to another website. Otherwise, customer information such as ID and password can be vulnerable to exposure via another browser.
- If there are any incidents relating to personal information loss, leakage, falsification, manipulation or damage due to the mistakes of internal administrator or technological/administrative errors, the “Service” will immediately inform customers of such developments and take appropriate actions including compensations.
The Company deems customer feedbacks very important. For any inquiries, please contact our customer center. We will promptly get back to you. Refer to the following contact details of customer center:
ㅇ Phone : 02-6343-9000 (T roaming customer center)
ㅇ Cyber : Inquiries can be made at www.tworld.co.kr via customer center.
The Company is makings its best efforts to protect personal information, making sure that customers can use the services safely. If any personal information incident occurs in violation of what’s been notified to customers, Personal Information Protection Supervisor will take all the responsibilities. Personal Information Processing Supervisor and Officer are as follows and they will address any personal information related inquiries in a prompt and sincere manner:
Personal Information Protection Supervisor: Hyung-keun, Park
Personal Information Protection Officer: Yong Jun, Won
Responsible Department: Roaming Business Team
Phone number : 02-6100-5798
With regard to personal information collection, use and provisioning for a minor aged 14 or younger (hereinafter, the “child”), the Company is taking protective measures to ensure that the child and his/her legal representative are not disadvantaged from the child’s personal information.
In case of the following activities with regard to the child’s personal information, the Company will obtain consent from the child’s legal representative:
1. For the collection of child’s personal information upon service subscription or if the child’s personal information is used or supplied to a third party beyond the scope notified at the time of service subscription or specified in the terms of use
2. If a party having received the child’s personal information uses it for any purposes not originally intended or supplies it to a third party
In this case, to obtain the consent of the legal representative, the company may request the minimum necessary information, such as the legal representative's name and domestic or overseas contact information. With regard to personal information collection, use or provisioning and consent from legal representative, the Company will notify the child in easily understandable expressions.
The Company will not use the legal representative’s personal information collected to obtain his/her consent for any purposes other than confirming the legal representative’s consent nor supply it to a third party.
The “Service” will not send any for-profit advertising information without customers’ prior consent.
In order to send advertising information via electronic media to conduct customer-oriented marketing activities such as new products or event promotions, the “Service” will obtain customers’ prior consent to receive such advertising information and the title and main text of electronic media will indicate explicitly what it is for, making sure that customers understand it is advertising information.
Title: The title must start with the phrase (Advertising) or (Advertising for Adults) without any space in Korean, followed by the main message in the body. If for-profit advertising information is delivered via an electronic media where it is difficult to indicate that it is for advertising in the title section, necessary actions will be taken, e.g., indicating sender’s name.
Customers’ consent to receive advertising information, consent not to receive it, or withdrawal from the consent to receive it will be notified to the customers within 14 days from the event occurrence. Not only that, customers’ consent to receive advertising information will be confirmed every two years from the initial consent.
The personal information of customers who haven’t used the services for one year will be stored separately or discarded.
The criterion for the services not being used for one year is as follows:
- Customers having not used T roaming I/B rental services for one year
The Service will notify the separate storage or destruction of personal information to domestic or overseas contact information collected by the Service at least 30 days prior to the above-mentioned storage or destruction date. However, if the Service does not collect domestic or overseas contact information, the contents of this Privacy Policy shall prevail.
The current privacy treatment policy will be applied from June of 2024.
| Execution date | Download | Revised contents |
|---|---|---|
| Personal Information Processing Policy 2015. 08 | Download | |
| Personal Information Processing Policy 2016. 10 | Download | View details |
| Personal Information Processing Policy 2018. 07 | Download | View details |
| Personal Information Processing Policy 2020. 02 | Download | View details |
| Personal Information Processing Policy 2023. 10 | Download | View details |
| Personal Information Processing Policy 2024. 06 | Download | View details |
Please be advised that the following modifications will be made to our Privacy Policy.
The amended Privacy Policy will enter into force in February 2020.
Outsourced personal information processing
Outsourced personal information processing
Please visit the website (www.skroaming.com/custome/policy) to view the Privacy Policy in its entirety.
Please be advised that the following modifications will be made to our Privacy Policy.
The amended Privacy Policy will enter into force in July 2018.
Personal information collection method
The "Service" collects personal information through the process of receiving pertinent information from customers via the "service application form."
Outsourced personal information processing
Personal information collection method
The "Service" collects personal information through the process of receiving pertinent information from consumers via the "service application form" or "online reservation" on the website.
Outsourced personal information processing
Please visit the website (www.skroaming.com/custome/policy) to view the Privacy Policy in its entirety.
Please be advised that the following modifications will be made to our Privacy Policy. The amended Privacy Policy will enter into force in October 2016.
Items of personal information collected and their intended use
When collecting personal information, the SKT Roaming I/B website will disclose the scope and purpose of collection in the application form or terms of service in accordance with applicable laws and regulations.
Personal information collection method
Personal information is collected through the method of generated information collection tool.
Outsourced personal information processing
Period of retaining and using personal information
The SKT Roaming I/B website retains and uses customers' personal information only for five (5) days after the end of the period during which it provided services to customers in order to address customer complaints. However, if the relevant laws and regulations require the information to be preserved, it will be preserved in accordance with those laws and regulations.
Items of personal information collected and their intended use
The "Service" collects and uses the following information with "mandatory consent" to provide essential services and "optional consent" to provide services tailored to each customer's preferences and requirements. Customers who do not opt-in will not be prevented from using the services.
Personal information collection method
The "Service" collects personal information through the process of receiving pertinent information from customers via the "service application form."
Outsourced personal information processing
Period of retaining and using personal information
The Company will retain and use the customer's personal information for a period of 183 days after the customer's use of the "Service" is terminated. If the customer withdraws his or her consent to the collection and use of personal information, the purpose of collection or use has been met, the retention or use period has expired, or reasons such as the dissolution of the business occur, the personal information will be destroyed promptly.
Please visit the website (www.skroaming.com/custome/policy) to view the Privacy Policy in its entirety.
Please be advised that the following modifications will be made to our Privacy Policy. The amended Privacy Policy will enter into force in October 2023.
Personal Information Retention and Use Period
The Company can retain and use customers’ personal information for 180 days from service termination. The personal information will be discarded immediately in case of the followings: if a customer withdraws his/her consent to personal information collection and use; if the purpose of collection/use has been achieved or the retention/use period is elapsed; or if there are any justifiable reasons such as business closure.
Personal Information Retention and Use Period
The Company can retain and use customers’ personal information for 182 days from service termination. The personal information will be discarded immediately in case of the followings: if a customer withdraws his/her consent to personal information collection and use; if the purpose of collection/use has been achieved or the retention/use period is elapsed; or if there are any justifiable reasons such as business closure.
Please visit the website (www.skroaming.com/custome/policy) to view the Privacy Policy in its entirety.
Please be advised that the following modifications will be made to our Privacy Policy. The amended Privacy Policy will enter into force in June 2024.
Items of personal information collected and their intended use
Items of personal information collected and their intended use
Please visit the website (www.skroaming.com/custome/policy) to view the Privacy Policy in its entirety.
