Korean Air Lines Co., Ltd, whose head office is located 260, Haneul-gil, Gangseo-gu, Seoul Gonghang-dong), Korea, (hereinafter referred to as Korean Air) is the data controller of the processing activities relating to the data subjects referred to in this Cargo Policy (the Policy), and as such determines the means and purposes of Korean Air data processing activities as set out under this Policy.

For the purpose of this Policy:

• Personal data means any information that can be linked to a Data Subject (the Personal Data);
• Data subject means natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the Data Subjects).

This Policy defines the processing and protection of Personal Data relating mainly to:

• Korean Air cargo transportation services’ customers; and
• Representatives of companies using Korean Air cargo transportation services.

Korean Air pledges to do its best to protect the Personal Data of Data Subjects, and to prevent any illegal disclosure of Personal Data, complying with all relevant laws and regulations such as Information Network Act and Protection of Privacy.

Korean Air describes to the Data Subjects the method in which Personal Data is used, making sure that all measures are taken to the best of Korean Air's ability to protect the Data Subjects’ Personal Data and to prevent damage or Personal Data leakage.

This Policy is subject to change at any time in accordance with laws or company regulations, so it is recommended that individuals refer back to this Policy periodically.

1. Collecting Personal Data
2. Purpose and legal basis for Collecting Personal Data
3. Disclosure of Personal Data
4. Entrusting Personal Data
5. Terms & Duration of Personal Data
6. Disposal of Personal Data
7. Right of Data Subjects & Legal Guardians
8. Operation of Information Collecting Application
9. Technical & Administrative Measures
10. Department in Charge of Personal Data
11. Feedback & Customer Service

COLLECTING PERSONAL DATA

• Korean Air processes the following types of Personal Data:
  1. When signing up for membership of cargo.koreanair.com (Web only)
     1. Main ID
        • User ID, password, IATA code or Account code, representative or personal email address, company telephone number
     2. Additional ID
        • Regional staff's email address, whether or not the member will receive email notice, agent's name, company address (location), name
     3. After logging in with main ID, additional ID may be issued.
  2. When signing up for membership of cargosvc.koreanair.com (Web only)
     • ID, PW, first name, last name, email address, phone number (optional), business license, 4 LETTER CODE
  3. When using “Voice Of Customer” or “Online Claim” menu for non-members
     Data Subjects will be required to provide the following Personal Data to receive customer service from the “Contact us” menu.
     • Name, phone number, email, location
       Data Subjects will be required to provide the following Personal Data for “Online Claim” registration service.
     • Company name, name, phone number, email, country (optional), address (optional), fax (optional)
  4. Automatically Generated Information
     In addition, the following Personal Data may be collected during the use of various services and as part of Personal Data processing.
     • Service records, access log, cookie, IP Address
  5. When using Korean Air’s call center, airport stations, or branch offices
     • The following Personal Data may be collected to verify user and to proceed with service payment and agreement
       • Basic information: Name, contact information (telephone, e-mail), company information
     • Korean Air collects Personal Data by using the following means.
       • Membership or bulletin board on the website, telephone, fax
       • Our sales representatives and cargo staffs in all branches

PURPOSE AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

• When processing Data Subject’s Personal Data, Korean Air mainly relies on the following legal basis:
  • processing is necessary for the performance of a contract to which the Data Subject is a party;
    • Relevant Purposes : Cargo acceptance, notification and delivery
    • Categories of personal data : shipper/consignee name, address, phone number, e-mail address
  • processing is necessary for compliance with a legal obligation to which Korean Air is subject;
    • Relevant Purposes : customs declaration
    • Categories of personal data : shipper/consignee name, address, phone number
  • The Data Subject has given consent to the processing of his Personal Data for one or more specific purposes.
    • Relevant Purposes : feedback for inquiry/suggestion/complaint
    • Categories of personal data : name, e-mail address, phone number
  • Korean Air processes Personal Data for the purposes listed below:

    When using Korean Air’s call centre, airport stations, or branch offices

    • Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
      • Services rendered: Providing contents, booking, tracing the shipment, displaying invoices
      • Data Subject management: Data Subject identification, prevention of membership abuse and unlicensed use of service, confirmation of membership registration, regulating membership registration, customer service, and announcements
    • Legitimate interest of Korean Air
      • Pre-litigation and litigation: maintaining records for disputes resolution purposes
    • Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
      • Services rendered and payment: cargo receipt, import cargo information search, receipt and transportation of live animals and special shipments
      • Data Subject management: user identification, customer service, and announcements
  • Legitimate interest of Korean Air
    • Pre-litigation and litigation: maintaining records for disputes resolution purposes
• Korean Air has established links to other websites in order to enhance service to its members. However, Korean Air would like to recommend Data Subjects to check and confirm the privacy policies of the linked sites since Korean Air has no direct control over others' websites.

ENTRUSTING PERSONAL DATA

• Korean Air entrusts a part of the handling of Personal Data to the following companies to provide Data Subjects with stable web services and for the managing of Korean Air's cargo website.

  Category	Outsourced work	Outsourced company
  Internet website	Maintaining and operating of online website, including web server and database management	IBS SOFTWARE, LG CNS Hanjin Information Systems & Telecommunication Co., Ltd., Needcreo Co., Ltd. AWS
  	-
  	Announcement/notification via SMS and KakaoTalk message regarding service for air cargo transportation and so forth
  Airport Stations	Booking, transportation, documentation, customs declaration of cargo	Incheon - Korea Airport Servise CO., LTD. K-tec manpower, Zeniel,  Gimpo - Unies security Pusan - Zeniel, K-tec manpower Jeju - ATS Overseas - Overseas outsourced companies
  	Providing customer services to shippers and agencies

  Ground handling agents may directly or indirectly collect Personal Data for and on behalf of Korean Air.
   

  Region	Ground Handling Company
  Americas	Pegasus
  	Alliance Ground International
  	Worldwide Flight Service
  	Global Operations & Infrastructure Group
  	Hanjin Global Logistics
  	Total Airport Services
  	Mega International
  	GTA dnata World Cargo
  	CTA Cargo Travel
  	Aloha Air Cargo
  	Pacific Feeder Service
  Europe	Swissport
  	CELEBI
  	Worldwide Flight Service
  	LUG Luftfracht-Umschlag GmbH
  	Aerospace Cargo Logistics
  	ALHA
  	Spirit
  	Cargo Center
  	Sheremetyevo Cargo JSC
  	Tashkent International Airport
  	Vienna Airport
  	Cargologic
  China	China Southern Airlines
  	Henan Province Airport Group Co., Ltd
  	Dalian Zhoushuizi International Airport Inc.
  	Hong Kong Air Cargo Terminal
  	Air China
  	Eastern Air Logistics
  	Shenyang Airport Logistic Company
  	Shenzhen Airport International Cargo Terminal
  	Qingdao International Airport Group
  	China Airlines
  	Hubei Airport Ground Service
  	Aviation Ground Handling Service Xi'an
  	Airport Air Cargo Terminal Xiamen
  Japan	Japan Airlines
  	Hanjin International Japan
  	JAL Kansai Aircargo System
  	Skyport
  South East Asia	Thai Airways
  	PT Gapura Angkasa
  	ALS Cargo Terminal
  	Aerodarat
  	Philippine Airport Ground Support Solutions Inc
  	Societe Concessionnaire de L'aeroport
  	Tan Son Nhat Cargo Services Limited
  	Singapore Airport Terminal Services Ltd
  Oceania	Menzies
  	Aircraft Service International
  	Qantas

• To fulfill the contract and to offer improved convenience to our customers, we outsource the processing of personal information overseas as follows.

TERMS & DURATION OF PERSONAL DATA

• Korean Air will destroy and erase Personal Data as follows:
  • Membership information: Upon termination of membership
  • Information collected temporarily for surveys or events: When the applicable survey or event expires
    1. However, Korean Air may retain all or any applicable part of Personal Data after its purpose has been served for the following period when required by law or related regulations regarding consumer protection.
    2. In this case, Korean Air will retain Personal Data solely for the purpose of preservation and maintenance.

       a. By Korean law on the consumer protection in the online business transactions
           - Record of advertising and so on: six months
           - Record of contract, agreement, and withdraw: five years
           - Record of payments and supplies: five years
          - Record of consumer complaints and disputes: three years
       b. By Korean communication secret protection law
          - Records regarding the website visits : three months

DISPOSAL OF PERSONAL DATA

1. Procedure
   • Personal Data submitted by members for the purpose of membership registration is stored for a certain period of time in accordance with the internal policy of the company and the applicable laws for the protection of privacy before it is destroyed.
2. Method
   • Hardcopy that contains Personal Data is shredded by a shredder whereas softcopy is deleted without the possibility of recovery.

RIGHT OF DATA SUBJECTS & LEGAL GUARDIANS

• A Data Subject benefits from the following rights (subject to specific local law provisions):
  • He may request the access, modification, rectification or erasure his Personal Data, or the restriction (in certain circumstances) of the processing of such Personal Data, and/or the withdrawal of the consent he gave regarding the processing of his Personal Data;
  • He may object to a processing on grounds relating to his particular situation;
  • He has the right to request the portability of his Personal Data to another controller;
  • He may lodge a complaint with a data protection authority;
  • He may also establish guidelines for the preservation, the deletion and the transmission of Personal Data after his death (when the French data protection legislation is applicable).
• Data Subjects can exercise their rights through the website (http://cargo.koreanair.com); Data Subjects also can write or call Korean Air's cargo department directly, or send an email to   Cargo IT Planning Team. Korean Air responds to Data Subjects’ request accordingly after conducting their identification process.
• Data Subjects can access and modify their Personal Data by clicking My account menu after logging on to the Korean Air cargo website.
• In order to erase their Personal Data, Data Subjects need to contact our department in charge of Personal Data by writing, calling, or sending an email; Korean Air will destroy all or any applicable part of Personal Data immediately as well as terminate the Data Subjects’ memberships and notify them of settlement outcome.
• Korean Air will take necessary measures to ensure that Personal Data withdrawn and deleted by Data Subjects’ request will not be permitted for view and use except for the cases noted on 5.Terms & Duration of Personal Data.

OPERATION OF INFORMATION COLLECTING APPLICATION

• Please refer to Korean Air’s Cookie Policy

TECHNICAL & ADMINISTRATIVE MEASURES

• Korean Air has implemented several technical security measures for the purpose of protecting Personal Data.
• All information submitted by Data Subjects is managed by SSL 128 bit method encrypting and a security system equipped with a highly secure dual firewall.
• In terms of organisational measures, various effective procedures are implemented to assure the highest level of security.
• In addition, the number of personnel who has access to Personal Data is reduced to the minimum while security training programs are provided on a regular basis. Also, a password is applied to those who operate Personal Data processing system, and it is renewed regularly.

DEPARTMENT IN CHARGE OF PERSONAL DATA

• Korean Air operates a dedicated department to protect Data Subjects’ Personal Data and to handle complaints regarding privacy.
• If you have questions regarding Personal Data, please contact us using information provided below.
  • Department in Charge of Personal Data
    • Department: Cargo IT Planning Team
    •   Tel: 82-2-2656-3614
    •   Email
  • GDPR Data Protection Officer can be contacted using the following details:
    •   Email: privacy@koreanair.com.
    • Postal address:
      Korean Air Regional Headquarters for Europe.
      3 Place de l'Opéra 75002, Paris, France
  • Person in charge of protecting (managing) Personal Data
    Chief Privacy Officer
    Jiyoung Lim, 
    Managing Vice President
    Imformation Protection & Security Dept. Head

FEEDBACK & CUSTOMER SERVICE

• If you have any inquiries or feedback regarding your Personal Data, please register by using the following contact information.
• We will respond to any concern as quickly as possible.
  • Online: Register on "Voice of Customer" under the Help Center menu.
  •   Tel: 82-2-2656-3614/   Email
• Please direct your inquiries to the following centers if you have anything to report or need a consultation regarding the infringement of Personal Data.
  • Call Center for the Infringement of Personal Data: KISA (Korea Internet & Security Agency) (http://privacy.kisa.or.kr)
  • High-tech and Financial Crimes Investigation Devision at the Supreme Prosecutor’s office: SPO, Republic of Korea (www.spo.go.kr)/ 1301
  • Electronic Cybercrime Report & Management system : (http://ecrm.cyber.go.kr)
• Korean Air's Privacy Policy is effective as of 26 May 2008. The Privacy Policy of Korean Air may be altered due to revisions in relevant Korean laws and governmental directives. If Korean Air makes any revisions, it will publish the applicable information on the Internet website seven days prior to enforcing the changes.
  • Privacy Policy Version: v1.9
  • Privacy Policy Date of Enforcement: 26 May 2008. (v1.0)
  • Privacy Policy Amendments
    • 26 Jun 2009: Amended as follows: Collecting “PII”, Entrusting “PII” Addendum: Collecting “PII” (v1.1)
    • 27 August 2009: Amended as follows: Collecting “PII”, Entrusting “PII”(v1.2)
    • 4 March 2013: Amended as follows: Entrusting “PII”, Department in charge of “PII”, Feedback & Customer Service (v1.3)
    • 15 July 2015: Amended as follows: Modification of Collecting “PII” (v1.4)
    • 9 Jun 2016: Amended as follows: Collecting “PII”, Entrusting “PII” (v1.5)
    • 24 May 2018: Revised to abide by EU General Data Protection Regulation (GDPR) which enters into force on 25 May 2018 (v1.6)
    • 11 Mar 2019: Revised due to the change of service provider company : Collecting “PII”, Entrusting “PII” (v1.7)
    • 22 Oct 2021 : Revised due to the change of Purpose for collection personal data (v1.8)
    • 06 Sep 2024 : Revised due to the change of Purpose for collection personal data (v1.9).