버스타고 로고

HOME > User agreement and policies > Privacy Policy

User agreement and policies

개인정보처리방침

EB Card (“The Company” hereinafter) complies with related laws and regulations including the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Personal Information Protection Act. Toward this end, it established privacy policy (“The Privacy Policy” hereinafter) and complies with it.
The company discloses Privacy Policy on the first screen of Bus Tago Homepage (www.bustago.or.kr) (“Homepage” hereinafter) enabling users to inquire about the pertinent information at any time.
Privacy Policy may change according to revision of related laws and regulations, guidelines and internal policy and for other reasonable reasons, and the reasons and contents of the change will be disclosed in accordance with procedures as designated by related laws and regulations at a time of revision.

Article 1 Items of Collected Personal Information and a Method of Collection

The company deals with the following items of personal information.

  1. Homepage Membership and Management

    Necessary items : ID, password, name, date of birth, email & mobile phone number
    Selected items : Gender & address

  2. The following items of personal information can be automatically generated and collected in the course of use of the Internet service.

    IP address

  3. Contractual matters

    Credit card number, date of birth & mobile phone number

The company collects personal information in following ways.

  1. Collected from users
  2. Collected through personal authentication system (Date of birth, name & redundant membership confirmation information [DI])
  3. Collected from information automatically generated at a time of use of the Internet
  4. Collected from credit card information earned at a time of a reservation and cancellation
Article 2 Purpose of Collection and Use of Personal Information

The company collects personal information for following purposes and uses collected personal information only for pertinent purposes.

  1. Implementation of the contract on provision of services and calculation of service fees

    Provision of contents and specific customized services, delivery of goods, transmission of bills, personal authentication, purchase and calculation and collection of service fees

  2. Membership management

    Identification according to usage of membership service and limited identification system, individual identification, prevention of fraudulent use by illegitimate members, prohibition of unauthorized use, confirmation on membership intention, preservation of records for adjustment of disputes, handling of civil applications including complaints, the latest information including announcement, information on change in services, channels of communications with customers including results of consultations and inactivation of customer accounts that have not been used for a long time and etc.

Article 3 Entrustment of Collected Personal Information

The company uses outside services in charge of customers’ personal information in order to provide services and designates provisions on safe management of personal information at a time of entrustment contract in accordance with related laws and regulations.
The present personal information processing entrustment institution and its obligations are as follows.

* Entrustment of collected personal information
Entrustment of collected personal information
Entrustment institution Entrusted obligations
Lotte Data Communication Company Homepage management & comprehensive management of information system
Booil Information Link Corp Operation of Customer Service Center for improved efficiency in consulting

If it is entrusted with sending gifts to customers after an event, it is handled based on prior approval from pertinent customers.

Article 4 The Period of Ownership and Use of Personal Information

Personal information on customers shall be immediately destroyed once it fulfills the purpose of collection and use of personal information in principle, provided that the following information shall be preserved for a specified period of time for reasons specified as below.

  1. Preservation of information in accordance with related laws and regulations
    1. Records on contracts and revocation: Five (5) years (Act on the Consumer Protection in the Electronic Transactions, etc.)
    2. Records on payment and supply of goods: Five (5) years (Act on the Consumer Protection in the Electronic Transactions, etc.)
    3. Records on handling of consumer complaints and resolution to disputes: Three (3) years Act on the Consumer Protection in the Electronic Transactions, etc.)
    4. Records on identification: Six (6) months (Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.)
    5. Records on visits to websites: Three (3) months (Protection of Communications Secrets Act)
    6. Until members are withdrawn
Article 5 Deletion of Unused Customer Accounts

The company divides membership accounts into active accounts and inactive ones in order to protect personal information on customers. If there is no record on login or usage of homepage for one year, it shall be classified into an inactive account in order to protect personal information on customers, and customers’ personal information shall not be used and offered to partner companies (third party-agreed partner companies). (The effective date: August 18, 2015)

Article 6 Procedures for Destruction of Personal Information and Pertinent Methods

Personal information on customers shall be immediately destroyed once it fulfills the purpose of collection and use of personal information in principle. Procedures for destruction of personal information by the company and its method shall be as follows.

  1. Procedures for destruction

    Information that users entered to subscribe to membership shall be immediately destroyed in accordance with reasons (refer to the period of ownership and usage) for information protection specified in internal principles and other related laws and regulations once it fulfills intended purposes.

  2. Methods of destruction
    1. Printed personal information shall be shredded or incinerated.
    2. Personal information saved in electronic files shall be deleted through the use of irrevocable technical methods.
Article 7 Rights of Users and Their Legal Representatives and a Method of Exercise

Customers may exercise the following rights related to protection of personal information at any time.

  1. 1) Request for view on personal information
  2. 2) Request for correction at a time of errors
  3. 3) Request for deletion
  4. 4) Request for suspension of handling

As for methods of exercise of rights, make sure to view personal information offered in Correct My Information Menu in the homepage and revise contact information, address and email information. In addition, one can proceed with withdrawal through ‘Withdraw from Membership.’

If it is impossible to exercise rights on the homepage, make sure to contact personnel in charge of protecting personal information in writing or via phone or email. Then, the company will take necessary measures immediately. If users made a request to correct errors in personal information, the pertinent personal information shall not be used or provided until correction is completed. In addition, if incorrect personal information was already provided to a third party, the result of correction shall be immediately notified to rectify situation.

The company shall deal with personal information cancelled or deleted as per requests made by a user or a legal representative in accordance with "5. Period of Ownership and Usage of Personal Information" and ensure that it shall not be viewed or used for other purposes.

Article 8 Matters on Installation/Operation and Rejection of Automatic Collection Equipment for Personal Information

The company shall not use cookie that frequently saves and detects information on customers.

Article 9 Technological/Administrative Measures for Protection of Personal Information and Notification on Leakage

The company shall take the following technological/administrative measures in order to secure stability so that personal information on customers cannot be lost, stolen, leaked, altered or damaged.

  1. Technological measures
    1. Encryption of personal information
      Personal information on customers shall be encrypted at a time of storage and transmission, and important data shall be protected through separate security functions.
    2. Technological measures against hacking
      The company takes measures to prevent damage caused by computer viruses through the use of vaccine programs. The vaccine programs are regularly updated, and if viruses suddenly appear, the company provides vaccine programs as soon as they are released to prevent personal information from being violated. In the meantime, the company adopts security system that enables users to transmit personal information on the network through the use of encryption algorithm. In addition, it installs a firewall against such outside invasion as hacking and does whatever it can to enhance security through the use of intrusion prevention system and vulnerability detection system installed in each server.
    3. Restriction in access to personal information processing system
      The company does not combine personal information with general information for the purpose of storage. It also designates a computer room and a data storage room as a special protection area to control access.
      The company has only the pertinent personnel deal with personal information on customers and grant a separate password to update it on a regular basis. It provides education to personnel in charge on a frequent basis in order to emphasis the importance of compliance with Privacy Policy all the time.
      It is making efforts to check out implementation of policy on protection of personal information and compliance with a person in charge through an in-house administrative organization so that detected problems can be instantly corrected. Personal information on customers shall be thoroughly protected through the use of a password. Only the customers know their ID password, and they shall confirm and change their personal information because they are the only ones who know their password. Accordingly, customers are advised not to disclose their password. Toward this end, customers are advised to log out online and finish a web browser after using a PC in principle. In particular, if they share a PC with others or use a PC in a public place (a company, a school, a library, an Internet game room and etc.), the above-mentioned procedures are more required to prevent personal information from being disclosed to others.
  2. Administrative measures
    1. Control and education for personal information handlers
      The company shall minimize the number of persons authorized to access personal information on customers as follows.

      i. Those who conduct direct marketing activities toward users
      ii. Those who manage personal information including Privacy Supervisor and Privacy Personnel
      iii. Those who are obligated to handle personal information due to business

      The company also provides regular in-house education and external entrusted training to employees in charge of handling personal information with regard to acquisition of new security technologies and obligation to protect personal information. It also prevents information from being leaked through security pledge written by all employee at a time of employment and establishes internal procedures for inspection on implementation of policy on protection of personal information and compliance with employees. Transfer of business by personal information handlers shall be thoroughly conducted under tight security, and the company clearly defines responsibilities for accidents caused by personal information after employment and retirement.
      The company shall not take responsibility for losses caused by accidents occurring due to users’ carelessness or in areas uncontrolled by the company despite the fact that the company fulfilled its responsibility as a personal information handler.
      If personal information was lost, leaked, altered and damaged due to internal administrator’s mistakes or administrative and technological accidents, the company shall make a notification to customers and take appropriate measures to come up with compensation plans.

    2. The company acquired Information Security Management System (ISMS) from KISA for the purpose of protection of information on users before operating it.
  3. Notification on leakage of personal information

    The company is doing its utmost to protect personal information on its members by taking technological and administrative measures to protect personal information, but if it finds out that personal information was leaked for such unexpected reasons as hacking, it would immediately notify the situation to its members in writing or via email, FAX, phone, mobile phone or text messages or in other similar ways.

    1. Items of leaked personal information
    2. The time of leakage and details
    3. Information on what members can do to minimize damage caused by leakage
    4. Responses and remedial procedures followed by the company
    5. The company will disclose a department in charge of accepting complaints and related contact information in case of occurrence of losses caused to its members, and if personal information was leaked, related matters will be disclosed in detail on the first screen of the homepage along with notification to its members.
Article 10 Contact Information on Privacy Supervisor and Related Personnel

Customers may report all complaints related to protection of personal information by using corporate service to Privacy Supervisor. The company shall provide prompt and detailed responses to complaints lodged by users.

Contact information on Privacy Supervisor and Privacy Personnel
  National Bus Transportation Association EB CARD
Privacy Supervisor Privacy Manager Privacy Supervisor Privacy Manager
Name of Department Computer Business Team Computer Business Team IT Division IT Division
Name Hae-gwon Jeong Beom-yong Kim Yeon-woo Lee Cheon-ju Yun
Position Section Chief Employee Division Head Team Leader
Telephone 02)585-0966 02)585-0966 1644-0006 1644-0006
Email jhkdoublez@naver.com kimbeomyong@gmail.com c-privacy@lotte.net c-privacy@lotte.net
  1. Remedial measures taken at a time of violation of rights and interests

    The main agent of information may file an application for resolution to disputes or consultations with KOPICO and KISA Personal Information Invasion Report Center. If you have any inquiries about complaints about invasion of personal information and counseling, make sure to contact the following institutions.

The Police Headquarters
Cyber Security Bureau
Homepage http://www.netan.go.kr
Telephone (Without a telephone exchange number)182
The Supreme Public Prosecutors Office
Cyber Criminal Investigation Division
Homepage http://www.spo.go.kr
Telephone (Local number)+1301
Personal Information Invasion Report Center
(Operated by Korea Internet & Security Agency)
Homepage http://privacy.kisa.or.kr
Telephone (Without a telephone exchange number)118
Personal Information Dispute Mediation Committee
(Operated by Korea Internet & Security Agency)
Homepage http://kopico.go.kr
Telephone (Without a telephone exchange number)118
Article 11 Other Matters
  1. Operation of Customer Service Center
    The company operates Customer Service Center in order to facilitate communications with customers.
    [Customer Service Center] 1644-2992
    The company can provide customers with links to websites and data operated by other companies. In that case, the company does not have any control over external websites and data, so it will not be responsible for usefulness of offered services or data. If you move to another website by clicking a link introduced by the company, Privacy Policy of the pertinent website has nothing to do with the company, so it is advised to review policy of the new website.
  2. Transmission of advertising information
    The company shall not transmit advertising information for profit against customers’ will. If customers agree to send electronic mails including newsletters or transmit advertising information on products for online marketing via emails, the company shall take appropriate measures to help customers easily find out what they are about by using titles and the texts of emails. If the company sends advertising information for profit via other text messages including fax and mobile text messages than emails, the company shall indicate “(Advertising)” in the beginning of the transmission in addition to sender’s contact information.
Article 12 Revision of Privacy Policy and Notification

If the present Privacy Policy is added, deleted or revised, it shall be notified on the homepage or via email 7 days earlier, and if it is difficult to make a prior notification, it shall be immediately notified. The policy shall take effect for the date of notification.

- Date of public notification : May 29, 2017
- Date of implementation : May 30, 2017


맨위로
맨위로