Privacy Policy

Seoul Dragon City, operated by Seobu T&D Co., Ltd. (hereinafter referred to as “Seoul Dragon City”), places the utmost importance on protecting users’ personal information. In accordance with the Personal Information Protection Act, this Privacy Policy has been established to protect users’ rights and personal data, and to ensure the prompt and appropriate handling of any related concerns or complaints. Through this Privacy Policy, Seoul Dragon City provides details on how users’ personal information is collected, used, and managed, as well as the security measures implemented to safeguard such data. Should any changes be made to this policy, notice will be provided via the website (or individual notifications, where applicable).

1. Purpose of Collection, Categories of Information Collected, and Retention Period

Seoul Dragon City collects and processes personal information for the following general purposes.
Personal information will not be used for purposes other than those specified below. Should the purpose of use change, prior consent will be obtained from the user.

A. Purpose of Collection

Category, Purpose

Category	Purpose
Provision of Goods and Services	Hotel stays, restaurant usage, membership management, product delivery, service provision, invoice issuance, content delivery, provision of personalized services, identity verification, age verification, payment processing, and settlement
Marketing and Promotional Use	Development of new services (or products), provision of personalized services, delivery of event and promotional information and opportunities for participation, service performance evaluation, analysis of access frequency, and statistical analysis of service usage
Video Surveillance Data	Crime prevention, facility security, and fire prevention

B. Categories of Personal Information, Purpose of Use, Retention Period, and Collection Method

Category, Purpose of Collection, Retention Period, Collection Method

Category	Purpose of Collection	Retention Period	Collection Method
Restaurant Reservations	Contact and guidance for service provision, delivery of notifications, and communication channels for handling complaints	Until the end of service use	Phone reservation, email, website, SDC Membership app
Wedding Contract	Identity verification; contact and guidance for service provision; delivery of notifications; and communication channels for handling complaints	3 years after the event	Contract document
CITIZENSHIP Membership	Tax office notifications regarding membership sales pursuant to Article 19 of the Local Tax Act; submission of payment statements pursuant to Article 82 of the Inheritance and Gift Tax Act; simplified identity verification; receipt of membership fee invoices; free parking confirmation; and SMS service provision	Until membership withdrawal	Consent form for collection and use of personal information
SDC Web	Confirmation of reservations and guidance regarding hotel stays, credit card information for room guarantee, contact and guidance for service provision, delivery of notifications, and communication channels for handling complaints	Until membership withdrawal	Consent form for collection and use of personal information (website)
SDC Membership	Provision of various membership services, including point accumulation, usage, and discounts; identity verification and personal identification; delivery of various notifications; payment processing; member management; maintenance, execution, management, and improvement of products and services; telephone consultation services; complaint handling; resolution of legal disputes; service satisfaction surveys; membership guidance and promotional offers; market research and service development; marketing and sales promotions; securing communication channels and contact methods in case of emergencies; and delivery of prizes or complimentary gifts	1 year after membership expiration (renewable annually)	Consent form for collection and use of personal information (SDC Membership app)
Natural 8 Membership	Provision of various membership services, including point accumulation, usage, and discounts; identity verification and personal identification; delivery of various notifications; payment processing; member management; maintenance, execution, management, and improvement of products and services; telephone consultation services; complaint handling; resolution of legal disputes; service satisfaction surveys; membership guidance and promotional offers; market research and service development; marketing and sales promotions; securing communication channels and contact methods in case of emergencies; and delivery of prizes or complimentary gifts	1 year after membership expiration (renewable annually)	Consent form for collection and use of personal information (Natural 8 Membership App)
Fitness Membership	Member management; membership fee billing and invoice issuance; delivery of club usage guidance; complaint handling; tax office notifications regarding membership sales pursuant to Article 19 of the Local Tax Act; submission of payment statements pursuant to Article 82 of the Inheritance and Gift Tax Act; health status verification for enrollment; simplified identity verification upon entry; receipt of membership fee invoices; free parking confirmation; SMS service provision; and distribution of promotional materials and direct mailings	Until membership withdrawal	Membership application form (SDC Fitness Club), application form for vehicle registration and updates, and signature form for in-house guests
Guest Registration	Identity verification at check-in; provision of various services related to the hotel stay; securing emergency contact information in case of urgent situations; parking management; guest satisfaction surveys; and distribution of promotional materials and direct mailings	3 years from check-out date	Guest registration card
Minor Accommodation Consent Form	Verification of parental/guardian consent for unaccompanied or same-sex minor stays	3 years from check-out date	Minor Accommodation Consent Form
Guest Feedback	Service quality management; and marketing and promotions related to events	2 years from date of visit	Your Opinion Card
Guest Survey	Service quality management; and satisfaction surveys	6 years from check-out date	Trust You form
Wedding Contract	Identity verification; contact and guidance for service provision; delivery of notifications; and communication channels for handling complaints	3 years after the event	Contract document
Banquet Event Contract	Identity verification; contact and guidance for service provision; delivery of notifications; and communication channels for handling complaints	3 years after the event	Contract document
Annual Corporate Travel Contract	Identity verification of the person in charge for coordination and dispute resolution	3 years after contract termination	Contract document
Long-term Stay Contract	Identity verification of the person in charge for coordination and dispute resolution	3 years after contract termination	Contract document
Group Contract	Identity verification of the person in charge for coordination and dispute resolution	3 years after the event	Contract document
Event Registration & Participation	Contact and guidance for service provision; statistical analysis of service usage; and marketing and promotions related to events	2 years from date of collection	Website, official SNS, online event forms, event entry slips
Room Reservation	Guest and reservation confirmation; hotel stay guidance; credit card information for room guarantee	2 years from date of reservation	Fax (from travel agencies), phone reservations (recorded and entered into PMS), reservation forms (e.g., for conferences or staff rates), website, SDC Membership app
Guest Service Center	Identity verification; and contact and guidance for service provision	2 years from date of recording	Voice recordings
Guarantee Card Authorization Form	Settlement using third-party or corporate cards	3 years from date of settlement	Consent form for collection and use of personal information
Tax Exemption Verification	Tax exemption applications for diplomats, ambassadors, military personnel	3 years from date of collection	Tax Exemption Verification Form
Payment History Verification	Issuance of a copy of payment receipt	1 year from date of collection	Receipt request form

C. Types of Personal Information Collected

In accordance with Article 32 of the Personal Information Protection Act, the following outlines the purposes and items of personal information files registered and disclosed by Seoul Dragon City. During the use of online services or in the course of service provision, the following information may be automatically generated and collected: service usage records, access logs, cookies, and IP address information.

info

Category		Collected Items
Restaurant Reservation	Required	Name, phone number
	Optional	Address, email, credit card number
Wedding Contract	Required	Name, mobile phone number, email, payment information
	Optional	Consent for marketing purposes (name, email, phone number)
CITIZENSHIP Membership	Required	Resident registration number, alien registration number, name (Korean/English), date of birth, gender, mobile phone number, address, email
	Optional	Address, credit card number
SDC Fitness Club Membership	Required	Name (Korean/English), date of birth, gender, mobile phone number, address, email, resident registration number, alien registration number, health condition, medical history, health-related details (as indicated in medical certificates)
	Optional	ID photo, resident registration certificate, company name, work address, department, vehicle number
SDC Fitness Club Vehicle Registration	Required	Name, vehicle model, vehicle number, contact information
SDC Fitness In-house Guest Signature Form	Required	Room number, name
Natural 8 Membership	Required	Name (Korean/English), gender, mobile phone number, date of birth, address, payment information (cardholder name, expiration date, card number)
SDC Web	Required	Name (Korean/English), gender, mobile phone number, date of birth
	Optional	address, payment information (cardholder name, expiration date, card number)
SDC Membership	Required	Name (Korean/English), gender, mobile phone number, date of birth, payment information (cardholder name, expiration date, card number)
	Optional	address
Guest Registration	Required	Name, address, phone number, nationality, payment method, passport number (for foreign nationals)
	Optional	Date of birth, company, company name, job title, vehicle number, email
Minor Accommodation Consent Form	Required	Minor’s name, phone number, gender, date of birth; guardian’s name, phone number, copy of guardian’s ID (excluding resident registration number), copy of a certificate of family relationship (resident registration number redacted)
Guest Feedback	Optional	Name, phone number, email
Guest Survey	Required	Name, email
	Optional	Address, IP address, year of birth, gender, length of stay, language, room number, room rate, membership tier, phone number
Banquet Event Contract	Required	Company name, job title, name, mobile phone number, email, payment information
	Optional	Consent for marketing purposes (name, email, phone number)
Event Registration & Participation	Required	Name, mobile phone number
	Optional	Participant information (email, gender, region, date of birth)
Room Reservations	Required	Guest name, reservation holder’s name, mobile phone number, credit card number
	Optional	Email
Guest Service Center	Required	Guest name, reservation holder’s name, mobile phone number
	Optional	Reservation number
Guarantee Card Authorization Form	Required	Event name, event date, payment amount, card type, card number, expiration date, cardholder name
Tax Exemption Verification	Required	Duration of stay, name, organization, diplomatic exemption number, passport/resident registration number
Payment History Verification	Required	Name, phone number, payment details, resident registration number
	Optional	Date of birth, company, email

2. Provision of Personal Information to Third Parties

Seoul Dragon City does not provide the personal information it collects and retains to third parties without the user’s consent. However, personal information may be provided to third parties under the following circumstances:

A. Unless otherwise authorized by applicable laws and regulations or with the Guest’s consent, the company will not use or disclose personal information beyond the scope specified in the “Purpose of Collection and Use of Personal Information.”

B. Personal information may be provided to third parties without the user’s consent if permitted under applicable laws and regulations in the following cases:

a. When necessary for calculating service fees (including points) or for product delivery
b. When required for statistical compilation, academic research, or market analysis, and the data is provided in a form that does not allow the identification of any individual
c. When required by law or when requested by investigative authorities in accordance with legally prescribed procedures and methods

C. When obtaining consent to provide personal information to a third party, the following information will be clearly disclosed:

a. The name (or in the case of a corporation or organization, the entity’s name) and contact details of the recipient
b. The purpose of use by the recipient and the specific personal information to be provided
c. The retention and usage period of the personal information by the recipient
d. A statement informing the individual of their right to refuse consent, along with any disadvantages that may result from refusal

3. Protection of Personal Information for Children Under the Age of 14

In compliance with the Youth Protection Act, Seoul Dragon City does not collect personal information from children under the age of 14 in relation to membership services that include accommodation. In cases where it becomes necessary to collect such information for other hotel-related services, the company will obtain the consent of the child’s legal guardian. For this purpose, the child may be asked to provide the guardian’s name and contact information. Guardian information will be used solely to obtain consent. If consent is not provided within five (5) days, it will be automatically deleted.

4. Destruction of Personal Information

Seoul Dragon City promptly destroys personal information once the retention period has expired or the purpose of processing has been fulfilled, in accordance with applicable laws. However, if the information must be retained under other legal requirements, it will be preserved accordingly. The procedures, timing, and methods of destruction are as follows:

A. Procedure and Timing of Destruction

Personal information entered by users is destroyed without delay once the retention period has lapsed or the processing purpose has been achieved, in accordance with internal policies and relevant laws. Furthermore, any personal information transferred to a database will not be used for any purpose other than as permitted by law.

B. Method of Destruction

When personal information is destroyed, the following methods are used:
For electronic files: Permanently deleted using irreversible methods.
For non-electronic records (e.g., printed materials, documents, and other physical media): Destroyed by shredding or incineration.

5. Outsourcing of Personal Information Processing

When entering into outsourcing agreements, Seoul Dragon City stipulates the following in accordance with Article 25 of the Personal Information Protection Act:
 ● a prohibition on processing personal information beyond the scope of the entrusted tasks;
 ● implementation of technical and administrative safeguards;
 ● restrictions on re-entrustment;
 ● oversight and supervision of entrusted parties; and
 ● liability for damages.
These provisions are included in contracts and related documents, such as “Attachment 3: Personal Information Processing Security Agreement,” part of the internal management plan. Seoul Dragon City also regularly monitors, supervises, and audits entrusted service providers to ensure the secure handling of personal information. Any changes to the scope of entrusted tasks or the entrusted parties will be promptly disclosed through this Privacy Policy.

A. Domestic Outsourced Processing Tasks

To deliver its services, Seoul Dragon City entrusts certain personal information processing tasks to domestic service providers. These tasks are conducted under the company’s strict supervision and fully comply with its privacy protection policies to safeguard users’ personal information.

Domestic Outsourcing Arrangements Seoul Dragon City collaborates with specialized external providers for certain services essential to our operations

Service Provider	Outsourced Tasks	Retention Period
Infinity Consulting Co., Ltd.	Management of member information; membership registration processing; document management (e.g., application forms); postal mail delivery; operation and maintenance of voice recording servers; quality management of Guest service; annual membership fee processing; identity verification for membership card usage; provision of affiliated discount and related services; promotion and sales of affiliated company products and services; sending member service notifications via SMS or email; sending promotional and event-related marketing messages; Website system development and maintenance	Until membership withdrawal or termination of the outsourcing contract
NICE Information Service Co., Ltd.	Mobile phone-based identity verification
Kakao Corp.	Sending KakaoTalk business messages
BASIC9 Corporation	Development, operation, and maintenance of the hotel membership management system; sending promotional and event-related marketing messages
APLAN MOMENTS	House wedding consultations, reservations, and contracts; Guest management for house weddings; event directing and operation for house weddings
Oracle Korea	Operation and maintenance of the hotel guest management system
LG Uplus Corp.	SMS delivery and opt-out information management
AONE EVENT	Wedding performance and event operations
Choyeon Company	Event operations for first birthday parties, milestone birthdays, and family gatherings
KFTA Total Training Academy Co., Ltd.	Management of member information; Guest service quality control; annual membership fee processing; visitor and lesson attendee information management; updates to registered information; responding to Guest inquiries via email; locker management
Proscom Co., Ltd.	Hotel guest security operations; parking management, CCTV monitoring
Dongbu Membership Exchange Co., Ltd.	Management of member information; membership registration processing; application forms; annual membership fee processing; responses to Guest inquiries via email; tax reporting of membership sales under Article 19 of the Local Tax Act; submission of payment statements under Article 82 of the Inheritance and Gift Tax Act; health condition verification for membership; free parking registration verification

B. Overseas Outsourced Processing Tasks

To conduct guest satisfaction surveys and manage reservation-related services, Seoul Dragon City entrusts certain personal information processing tasks to an overseas service provider. These tasks are carried out under strict supervision and fully comply with the company’s privacy policy to ensure the secure handling of users’ personal information.

International Outsourcing Arrangements Seoul Dragon City collaborates with select external providers to conduct surveys and manage reservation operations for our guests.

Service Provider	TrustYou GmbH
Location	Unicredit Bank AG, Kardinal-Faulhaber-Str. 1, 80333 Munich, Germany
Date and Method of Transfer	Transferred via secure network on the day after check-out
Contact Information of Data Protection Officer	dataprotection@trustyou.com
Items of Personal Information Processed	Name, email, phone number, address, computer IP address, year of birth, gender, length of stay, language, room number, room rate, membership tier, phone number
Purpose of Processing	Guest satisfaction survey
Retention and Use Period	Automatically deleted six (6) years after the check-out date

6. Overseas Transfer of Personal Information

To provide global membership services, Seoul Dragon City transfers personal information overseas as follows. All such transfers are carried out under strict control in accordance with the company’s privacy protection policies to ensure the safety of users’ personal information.

Overseas Data Transfers

Recipient	Accor
Location	82 rue Henri Farman CS 20077 92130 Issy-les-Moulineaux France
Date and Method of Transfer	Transferred via a secure network on the day following the accrual or redemption of membership points
Contact Information of Data Protection Officer	Data.privacy@accor.com
Personal Information Transferred	Name, membership number
Purpose of Transfer	To manage records of membership point accrual and redemption
Retention and Use Period	From the date of consent until membership withdrawal

7. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, Seoul Dragon City implements the following technical, administrative, and physical measures to safeguard personal information:

• A. Establishment and Implementation of Internal Management Plans
  Internal management plans are established and implemented in accordance with the "Standards for Ensuring the Security of Personal Information."
• B. Minimization and Training of Personnel Handling Personal Information
  The number of personnel authorized to handle personal information is minimized, and regular training is provided.
• C. Access Restrictions to Personal Information
  Access to databases processing personal information is controlled through the assignment, modification, and termination of access rights. Unauthorized access is blocked using firewall and intrusion prevention systems.
• D. Retention and Protection of Access Logs
  Access logs to personal information systems are retained and managed for at least six months and protected to prevent forgery, alteration, theft, or loss.
• E. Encryption of Personal Information
  User passwords are stored using one-way encryption so that only the individual user can access them. Important data is protected through encryption or file-locking features during both storage and transmission.
• F. Technical Measures Against Hacking and Malware
  To prevent personal information leakage or damage caused by hacking or viruses, security programs are installed and regularly updated and inspected. Systems are installed in access-restricted areas and are monitored and blocked both technically and physically.
• G. Access Control for Unauthorized Personnel
  Physical storage locations of personal information systems are segregated and access control procedures are established and enforced.
• H. Regular Internal Audits
  Internal audits are conducted regularly to ensure the secure handling of personal information.
• I. Use of Locking Devices for Document Security
  Documents and auxiliary storage media containing personal information are stored in secure areas equipped with locking devices.

8. Rights and Obligations of Users and How to Exercise Them

As a data subject (or the data subject’s legal representative), users may exercise the following rights:

A) Request access to personal information
B) Request correction or deletion of personal information
C) Request suspension of personal information processing

To exercise the above rights, users may submit a request in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act, via written document, email, or fax. Seoul Dragon City will respond without delay. If a user requests correction or deletion due to an error in their personal information, such information will not be used or provided until the correction or deletion is completed. However, requests for access or suspension of processing may be restricted under Articles 35(5) and 37(2) of the Personal Information Protection Act. Requests for correction or deletion may also be denied if the personal information is specified as a mandatory collection item under other laws. When a request is made to access, correct, delete, or suspend the processing of personal information, the company will verify whether the requester is the data subject or a duly authorized representative.

These rights may also be exercised by the user’s legal representative or an authorized agent. In such cases, a power of attorney must be submitted using Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.

9. Personal Information Protection Officer

Users may contact the personal information protection officer or the responsible departments regarding any questions, concerns, or requests for assistance related to the handling of personal information while using Seoul Dragon City’s services. The company will respond promptly and appropriately.

Personal Information Protection Officers

Category	Personal Information Protection Officer	Personal Information Protection Managers
Name	Yongwoo Song	Taeyoon Hwang	Youngsook Choi
Department / Position	Executive Office/ General Manager	Marketing Communications / Director	IT / Director
Email	yongwoo.song@seouldragoncity.com	ryan.hwang@seouldragoncity.com	yschoi@seouldragoncity.com
Phone Number	02-2223-7210	02-2223-7057	02-2223-7551

10. Remedies for Infringement of Users’ Rights

If a user suffers harm as a result of personal information infringement, they may seek dispute resolution or counseling by contacting the Personal Information Dispute Mediation Committee or the KISA Personal Information Infringement Report Center. For other inquiries or reports related to personal information infringement, users may contact the institutions listed below:

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Cyber Crime Investigation Division, Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
3. Cyber Bureau, National Police Agency: 182 (cyberbureau.police.go.kr)
4. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

Pursuant to Articles 35 (Access to Personal Information), 36 (Correction or Erasure of Personal Information), and 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, if a user’s rights or interests are infringed due to a disposition or omission by the head of a public institution, the user may file an administrative appeal in accordance with the Administrative Appeals Act.

※ For more information on administrative appeals, please visit the website of the Ministry of Government Legislation (www.moleg.go.kr).

11. Changes to the Privacy Policy

This Privacy Policy shall take effect on the stated effective date. In the event of any additions, deletions, or amendments due to changes in applicable laws or internal policies, Seoul Dragon City will notify users of the reason and details of such changes at least seven (7) days prior to the effective date via announcements on its website.

□ Effective Date: February 07, 2026
□ Last Revised Date: February 01, 2026

Privacy Policy Version: 26.1 / Announcement Date: February 01, 2026 / Effective Date: February 07, 2026
Privacy Policy Version: 25.1 / Announcement Date: June 16, 2025 / Effective Date: June 23, 2025
Privacy Policy Version: 10.1 / Announcement Date: June 13, 2022 / Effective Date: June 20, 2022
Privacy Policy Version: 7.1 / Announcement Date: April 25, 2019 / Effective Date: May 1, 2019