Reservations
Home

Privacy Policy

Effective Date2026-05-01
The authoritative version of this Policy is in Korean. Translations are provided for reference only. In case of any discrepancy, the Korean version shall prevail.
Article 1(Purpose of Processing Personal Information)

The Manager Co., Ltd. (hereinafter “Company”) processes personal information for the following purposes and will provide prior notice if the purposes change.

  1. 1.Issuance of e-tickets and delivery of QR vouchers via email
  2. 2.Email OTP authentication for non-member reservation lookup
  3. 3.Payment processing and refund handling (outsourced to Eximbay PG)
  4. 4.Customer inquiry support (FAQ and inquiry board)
  5. 5.Retention of transaction records pursuant to Article 6 of the Act on the Consumer Protection in Electronic Commerce (E-Commerce Act)
  6. 6.Detection of anomalous access and prevention of fraudulent transactions
Article 2(Categories of Personal Information Processed)

Required Personal Information (collected during reservation)

ItemCollection MethodCollection Stage
Email addressDirect inputReservation start
Visitor nameDirect inputReservation details entry
Planned visit dateCalendar selectionDate selection
Number of visitors (Adult / Child / Senior)Quantity selectionGroup composition entry

Automatically Collected Information

ItemCollection MethodLegal Basis
IP addressWeb server logService provision and security
Cookies (session, language preference)Browser storageEssential cookies
User-AgentHTTP headerAccess log
Access logWeb server logArticle 15-2 of the Protection of Communications Secrets Act

Payment-related Information

Masked card number, payment approval number, payment amount, and payment date/time are stored in the Company's database. Full credit card numbers, expiry dates, and CVC codes are collected and stored directly by Eximbay and are not transmitted to the Company.

Optional Information (when using the inquiry board)

Inquiry subject and inquiry content are collected when a user submits a post to the inquiry board.

Article 3(Retention Period for Personal Information)

As a general rule, personal information is destroyed immediately upon achievement of its processing purpose. However, the following information is retained for a specified period pursuant to applicable laws or Company policy.

ItemRetention PeriodLegal Basis
Records of contracts and withdrawal of offers5 yearsArticle 6 of the E-Commerce Act
Records of payment and supply of goods5 yearsArticle 6 of the E-Commerce Act
Records of consumer complaint handling3 yearsArticle 6 of the E-Commerce Act
Access logs (IP / cookies)3 monthsArticle 15-2 of the Protection of Communications Secrets Act
Email OTP authentication records24 hoursMinimum operational necessity
Inquiry board records1 yearCompany policy

Destruction method: Electronic files are deleted in an irrecoverable manner; paper documents are shredded or incinerated.

Article 4(Provision of Personal Information to Third Parties)

As a general rule, the Company does not provide users' personal information to third parties. Exceptions apply where required by law (e.g., presentation of a formal warrant or inquiry document by investigative authorities). When information is provided pursuant to a legal requirement, the requesting authority and the reason for the request are recorded and retained.

Article 5(Entrustment of Personal Information Processing)
Entrusted PartyEntrusted WorkRetention PeriodLocation
Eximbay Co., Ltd.Payment processing, card information collection and storage5 yearsRepublic of Korea
Amazon Web ServicesCloud infrastructure, data storageDuration of service provisionRepublic of Korea (ap-northeast-2)
Email delivery serviceVoucher and OTP email dispatchDeleted after dispatchTo be confirmed

Entrusted parties protect personal information in accordance with the outsourcing agreements concluded with the Company and do not use it for any purpose beyond the scope of entrustment. Any addition or change of entrusted parties will be announced through an amendment to this Policy.

Article 6(Rights and Obligations of Data Subjects and How to Exercise Them)
  1. 1.Users may request access to, rectification of, erasure of, or restriction of processing of their personal information.
  2. 2.Requests may be submitted by email (privacy@themanager.co.kr) or by phone (1544-8262).
  3. 3.The Company will process requests within 10 days of receipt; where justifiable grounds exist, this period may be extended by up to 20 additional days.
  4. 4.Information subject to a statutory retention period may be excluded from erasure requests.
Article 7(Cross-border Transfer of Personal Information)

The Company's cloud infrastructure (AWS) is hosted in the Republic of Korea region (ap-northeast-2), and no cross-border transfer of personal information currently takes place.

Should overseas SaaS services be adopted in the future, the Company will comply with Article 28-8 of the Personal Information Protection Act (PIPA) by assessing the level of personal information protection in the destination country, including contractual safety measures clauses, providing advance notice, and obtaining consent where required.

Article 8(Safety Measures for Personal Information)

Technical Measures

TLS 1.2 or higher is applied during network transmission and AES-256 encryption is applied at rest. The Company operates role-based access control (RBAC), regular security vulnerability assessments, daily automated backups, and a disaster recovery plan.

Administrative Measures

The number of employees handling personal information is minimized, differentiated access privileges are assigned by job function, and regular training is conducted at least once per year along with access log monitoring.

Physical Measures

Data center access controls, CCTV surveillance, firewalls, and malware detection programs are in operation.

Article 9(Use of Cookies)

Essential Cookies

Cookie NamePurposeRetention Period
Session IDUser session trackingDeleted when browser is closed
Language PreferenceStores language setting1 year

Essential cookies are required for service operation. Refusing them will prevent completion of the reservation process.

Analytics Cookies

Analytics cookies are not currently in use. A separate notice will be provided if they are introduced in the future.

How to Refuse Cookies

Most web browsers offer a cookie refusal option in their settings menu. Cookies can be blocked through the privacy settings of each browser, including Chrome, Safari, Firefox, and Edge. Refusing essential cookies may restrict access to certain features of the service.

Article 10(Privacy Officer and Reporting of Infringements)

Privacy Officer: Personal Information Protection Manager

Email: privacy@themanager.co.kr / Phone: 1544-8262 / Address: 6F, 53 Nonhyeon-ro 153-gil, Gangnam-gu, Seoul, Republic of Korea

You may also report personal information infringements to the following authorities.

  1. 1.KISA Personal Information Infringement Report Center: 118 (no area code) / privacy.kisa.or.kr
  2. 2.National Police Agency Cyber Investigation Bureau: 1579-0112 / cyber.go.kr
Article 11(Amendment of this Policy)

This Policy may be amended due to changes in laws and regulations, service improvements, or security enhancements. In the event of material changes, notice will be provided through the website announcements at least one month in advance.

RevisionHistory
VersionEffective DateSummary of Changes
1.02026-05-01Initial establishment

Related document: Terms of Use