Privacy Policy
Privacy Policy
Lotte Real Estate (hereinafter "Company") establishes and discloses this Privacy Policy to protect users' personal information in accordance with the Personal Information Protection Act (PIPA) of Korea and to handle related grievances promptly and smoothly.
Article 1 (Personal Information Collected and Collection Methods)
1. Personal Information Collected
| Purpose | Required Items | Optional Items | Retention Period |
|---|---|---|---|
| Property consultation and inquiry response | Name, Phone number | 1 year after consultation | |
| Property listing service | Name, Phone number, Property info (address, price) | Email, Description | 3 years after listing or upon deletion request |
| Membership registration and management | Email, Password | Name, Phone number | Until membership withdrawal |
| Marketing information (optional consent) | - | Email, Phone number | Until consent withdrawal |
2. Automatically Collected Information
| Collected Items | Purpose | Retention Period |
|---|---|---|
| IP address, Access time, Browser information | Service usage statistics, Fraud prevention | 3 months |
| Cookies | Login maintenance, User settings | Until browser closure or 1 year |
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Preferences → Privacy → Manage Website Data
3. Collection Methods
- Consultation request forms and property listing forms on the website
- Membership registration process
- Direct inquiries via phone and email
- Automatic generation/collection during service use
Article 2 (Legal Basis for Processing Personal Information)
The Company processes personal information based on the following legal grounds.
| Legal Basis | Applicable Activities | Relevant Law |
|---|---|---|
| Consent of the data subject | Membership registration, Marketing information | PIPA Article 15(1)1 |
| Contract performance | Property consultation, Brokerage services | PIPA Article 15(1)4 |
| Legal obligation compliance | Transaction record retention, Tax-related information | PIPA Article 15(1)2 |
| Legitimate interests | Service improvement, Fraud prevention | PIPA Article 15(1)6 |
Article 3 (Purpose of Collection and Use of Personal Information)
The Company uses collected personal information for the following purposes.
- Service Provision: Real estate consultation, Property information provision, Contract support
- Member Management: Identity verification for membership services, Prevention of unauthorized use
- Complaint Handling: Identity verification, Complaint confirmation, Contact for investigation, Notification of results
- Marketing and Advertising: New property announcements, Event information (only with separate consent)
- Service Improvement: Service usage statistics analysis, New service development
Article 4 (Retention and Use Period of Personal Information)
The Company processes and retains personal information within the retention period stipulated by law or agreed upon when collecting personal information from the data subject.
1. Retention Period per Company Policy
- Consultation records: 1 year after consultation completion
- Property listing information: 3 years after listing or upon user deletion request
- Member information: Until membership withdrawal
- Marketing consent information: Until consent withdrawal
2. Retention Period per Applicable Laws
| Retention Items | Period | Legal Basis |
|---|---|---|
| Records of contracts or subscription withdrawal | 5 years | E-Commerce Act |
| Records of payment and supply of goods | 5 years | E-Commerce Act |
| Records of consumer complaints or dispute resolution | 3 years | E-Commerce Act |
| Website access logs | 3 months | Protection of Communications Secrets Act |
| Real estate brokerage records | 5 years | Licensed Real Estate Agent Act |
Article 5 (Provision of Personal Information to Third Parties)
The Company does not provide users' personal information to third parties in principle. However, exceptions are made in the following cases.
- When the user has given prior consent
- When required by law or requested by investigative agencies in accordance with legal procedures
- When contact information needs to be provided to the counterparty during brokerage contract conclusion (with separate consent)
Article 6 (Entrustment of Personal Information Processing)
The Company entrusts personal information processing as follows for smooth service provision.
| Trustee | Entrusted Tasks | Retention Period |
|---|---|---|
| Supabase Inc. | Database hosting and member authentication services | Until termination of entrustment contract |
| Google LLC | Map services, Web analytics (Google Analytics) | Until termination of entrustment contract |
When concluding entrustment contracts, the Company specifies matters regarding prohibition of processing personal information beyond the purpose, technical and administrative protection measures, restrictions on re-entrustment, supervision of trustees, and liability for damages in accordance with Article 26 of PIPA, and supervises whether trustees process personal information safely.
Article 7 (Overseas Transfer of Personal Information)
The Company transfers personal information overseas as follows for service provision.
| Recipient | Country | Transferred Items | Purpose | Retention Period |
|---|---|---|---|---|
| Supabase Inc. | USA | Email, Password (encrypted), Member information | Member authentication and data storage | Until membership withdrawal |
| Google LLC | USA | IP address, Browser information, Access logs | Map services, Web analytics | 26 months after collection |
Users have the right to refuse consent to overseas transfer. However, refusal may restrict membership registration and use of certain services. To refuse, please contact customer service at 0507-1402-5055.
Article 8 (Procedures and Methods for Destruction of Personal Information)
The Company destroys personal information without delay when it becomes unnecessary due to expiration of the retention period or achievement of processing purposes.
- Destruction Procedure: Unnecessary personal information is destroyed after approval by the Privacy Officer.
- Destruction Method: Electronic files are permanently deleted using irreversible methods; paper documents are shredded or incinerated.
- Destruction Deadline: Within 5 days from the end of the retention period
Article 9 (Rights and Obligations of Data Subjects and Exercise Methods)
Users can exercise the following rights as data subjects.
1. Exercisable Rights
- Request to access personal information
- Request for correction in case of errors
- Request for deletion
- Request to suspend processing
- Withdrawal of consent
2. How to Exercise Rights
- Phone: 0507-1402-5055
- Visit: 1F, 27 Baekjegobun-ro 27-gil, Songpa-gu, Seoul
- Mail: Send personal information access/correction/deletion request to the above address
3. Processing Timeline and Procedure
- Requests are processed after identity verification.
- Results are notified within 10 days of receiving the request.
- Personal information subject to correction/deletion requests will not be used until completion.
4. Restrictions on Exercise of Rights
Exercise of rights may be restricted in the following cases pursuant to PIPA Articles 35(4), 36(1), and 37(2).
- When there are special provisions in law or when unavoidable for compliance with legal obligations
- When there is concern of harm to another person's life or body, or unfair infringement of property and interests
- When contract performance becomes difficult without processing personal information
Article 10 (Measures to Ensure Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.
- Administrative Measures: Establishment and implementation of internal management plans, Regular employee training
- Technical Measures: Access authority management for personal information processing systems, Installation of access control systems, Encryption of personal information (passwords, etc.), SSL/TLS encrypted communication
- Physical Measures: Access control to computer rooms and data storage facilities
Article 11 (Privacy Officer)
The Company designates a Privacy Officer as follows to take overall responsibility for personal information processing and to handle data subject complaints and damage relief related to personal information processing.
| Title | Privacy Officer |
|---|---|
| Name | SUH BONG HYUN |
| Contact | 0507-1402-5055 |
| Address | 1F, 27 Baekjegobun-ro 27-gil, Songpa-gu, Seoul, Korea |
Article 12 (Changes to Privacy Policy)
This Privacy Policy is effective from the effective date, and if there are additions, deletions, or corrections to changes in accordance with laws and policies, we will notify through announcements 7 days before the implementation of changes.
For significant changes, we will provide notice 30 days in advance.
Article 13 (Remedies for Rights Infringement)
If you need to report or consult about personal information infringement, please contact the following organizations.
| Organization | Contact | Website |
|---|---|---|
| Personal Information Infringement Report Center | 118 (Korea) | privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee | 1833-6972 | kopico.go.kr |
| Supreme Prosecutors' Office Cyber Investigation | 1301 (Korea) | spo.go.kr |
| National Police Agency Cyber Bureau | 182 (Korea) | cyberbureau.police.go.kr |
Announcement Date: December 15, 2025
Effective Date: December 15, 2025
Version: v1.0