Cargo IT
 Planning Team
Home | Customer Center | Privacy


Korean Air Lines Co., Ltd, whose head office is located 260, Haneul-gil, Gangseo-gu, Seoul Gonghang-dong), Korea, (hereinafter referred to as Korean Air) is the data controller of the processing activities relating to the data subjects referred to in this Cargo Policy (the Policy), and as such determines the means and purposes of Korean Air data processing activities as set out under this Policy.

For the purpose of this Policy:

Personal data means any information that can be linked to a Data Subject (the Personal Data);

Data subject means natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the Data Subjects).

This Policy defines the processing and protection of Personal Data relating mainly to:

Korean Air cargo transportation services’ customers; and

Representatives of companies using Korean Air cargo transportation services.

Korean Air pledges to do its best to protect the Personal Data of Data Subjects, and to prevent any illegal disclosure of Personal Data, complying with all relevant laws and regulations such as Information Network Act and Protection of Privacy.

Korean Air describes to the Data Subjects the method in which Personal Data is used, making sure that all measures are taken to the best of Korean Air's ability to protect the Data Subjects’ Personal Data and to prevent damage or Personal Data leakage.
This Policy is subject to change at any time in accordance with laws or company regulations, so it is recommended that individuals refer back to this Policy periodically.

1. Collecting Personal Data
2. Purpose and legal basis for Collecting Personal Data
3. Disclosure of Personal Data
4. Entrusting Personal Data
5. Terms & Duration of Personal Data
6. Disposal of Personal Data
7. Right of Data Subjects & Legal Guardians
8. Operation of Information Collecting Application
9. Technical & Administrative Measures
10. Department in Charge of Personal Data
11. Feedback & Customer Service


Korean Air processes the following types of Personal Data:

1.1 When signing up for membership
   (a) Main ID
       User ID, password, IATA code or Account code, representative or personal email address, company telephone number
   (b) Additional ID
       Regional staff's email address, whether or not the member will receive email notice, agent's name, company address (location), name
   ※ After logging in with main ID, additional ID may be issued.

1.2 When using “Contact us” or “Online Claim” menu for non-members
   Data Subjects will be required to provide the following Personal Data to receive customer service from the “Contact us” menu.
    Name, phone number, email
   Data Subjects will be required to provide the following Personal Data for “Online Claim” registration service.
    Company name, company location (country, city), name, phone number, email

1.3 Automatically Generated Information
   In addition, the following Personal Data may be collected during the use of various services and as part of Personal Data processing.
    Service records, access log, cookie, IP Address, etc.

1.4 When using Korean Air’s call center, airport stations, or branch offices
    The following Personal Data may be collected to verify user and to proceed with service payment and agreement
       Basic information: Name, contact information (telephone, e-mail), company information, etc.
       The following additional information may be collected when receiving special shipments and live animals:
   ※ Application for import cargo information usage ID, live animal shipper report, live animal form, perishable goods shipper report, medical supply agreement,
   damage exemption agreement, cargo application, cargo receipt, request for confirmation of receiver, ledger for managing cargo terminal entry/exit, AWB receipt stamp confirmation, etc.

    Korean Air collects Personal Data by using the following means.
       Membership or bulletin board on the website, telephone, fax, etc.
       Our sales representatives and cargo staffs in all branches


When processing Data Subject’s Personal Data, Korean Air mainly relies on the following legal basis:

processing is necessary for the performance of a contract to which the Data Subject is a party;
   o  elevant Purposes : Cargo acceptance, notification and delivery
   o  ategories of personal data : shipper/consignee name, address, phone number, e-mail address
processing is necessary for compliance with a legal obligation to which Korean Air is subject;
   o  elevant Purposes : customs declaration
   o  ategories of personal data : shipper/consignee name, address, phone number
the Data Subject has given consent to the processing of his Personal Data for one or more specific purposes.
   o  elevant Purposes : feedback for inquiry/suggestion/complaint
   o  ategories of personal data : name, e-mail address, phone number

Korean Air processes Personal Data for the purposes listed below:
    Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
       Services rendered: Providing contents, booking, tracing the shipment, displaying invoices, etc.
       Data Subject management: Data Subject identification, prevention of membership abuse and unlicensed use of service, confirmation of membership registration, regulating membership registration, customer service, and announcements
    Legitimate interest of Korean Air
       Pre-litigation and litigation: maintaining records for disputes resolution purposes
       Marketing and advertising: Notices about new services, promotional events and information
< When using Korean Air’s call centre, airport stations, or branch offices>
    Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
       Services rendered and payment: cargo receipt, import cargo information search, receipt and transportation of live animals and special shipments
       Data Subject management: user identification, customer service, and announcements
Legitimate interest of Korean Air
       Pre-litigation and litigation: maintaining records for disputes resolution purposes

Korean Air has established links to other websites in order to enhance service to its members. However, Korean Air would like to recommend Data Subjects to check and confirm the privacy policies of the linked sites since Korean Air has no direct control over others' websites.


Korean Air only provides Personal Data to third parties when there is a legal basis (such as the performance of a contract entered into with the Data Subject or consent from the Data Subject).
In any event, Korean Air shall notify such disclosure to the Data Subject via a written document, email, or notice board of website specifying the purpose and contents of such Personal Data provision as well as the retention periods, and obtain the consent (for instance an opt-in) from the Data Subject before proceeding.


Korean Air entrusts a part of the handling of Personal Data to the following companies to provide Data Subjects with stable web services and for the managing of Korean Air's cargo website.

Category Outsourced work Outsourced company
- Maintaining and operating of online website, including web server and database management, etc.
- Announcement/notification via SMS and KakaoTalk message regarding service for air cargo transportation and so forth
Korea IBM
Hanjin Information Systems & Telecommunication Co., Ltd.,
Needcreo Co., Ltd.
- Booking, transportation, documentation, customs declaration of cargo
- Providing customer services to shippers and agencies
- Providing customer services to ground handling agents*
ㆍIncheon - K-tec manpower, Zeniel, Samkoo Inc., Unies
ㆍGimpo - Uniair service, Unies
ㆍPusan - Zeniel
ㆍCheju - K-tec manpower
ㆍOther regional airports - Air Korea
ㆍOverseas - Overseas outsourced companies
Status of outsourced companies
*Ground handling agents may directly or indirectly collect Personal Data for and on behalf of Korean Air.


   Korean Air will destroy and erase Personal Data as follows:

    Membership information: Upon termination of membership
    Information collected temporarily for surveys or events: When the applicable survey or event expires

    Transportation record and Personal Data obtained for receiving and transporting cargo shall be retained for a fixed period after the transportation is completed.
      (a) However, Korean Air may retain all or any applicable part of Personal Data after its purpose has been served for the following period when required by
      law or related regulations regarding consumer protection.
      (b) In this case, Korean Air will retain Personal Data solely for the purpose of preservation and maintenance.
          Record of advertising and so on: six months
          Record of contract, agreement, and withdraw: five years
          Record of payments and supplies: five years
          Record of consumer complaints and disputes: three years


(a) Procedure
    Personal Data submitted by members for the purpose of membership registration is stored for a certain period of time in accordance with the internal policy of the company and the applicable laws for the protection of privacy before it is destroyed.
(b) Method
    Hardcopy that contains Personal Data is shredded by a shredder whereas softcopy is deleted without the possibility of recovery.


   A Data Subject benefits from the following rights (subject to specific local law provisions):

    he may request the access, modification, rectification or erasure his Personal Data, or the restriction (in certain circumstances) of the processing of such Personal Data,
   and/or the withdrawal of the consent he gave regarding the processing of his Personal Data;
    he may object to a processing on grounds relating to his particular situation;
    he has the right to request the portability of his Personal Data to another controller;
    he may lodge a complaint with a data protection authority;
    he may also establish guidelines for the preservation, the deletion and the transmission of Personal Data after his death (when the French data protection legislation is applicable).

Data Subjects can exercise their rights through the website (; Data Subjects also can write or call Korean Air's cargo department directly, or send an email to Korean Air responds to Data Subjects’ request accordingly after conducting their identification process.

Data Subjects can access and modify their Personal Data by clicking My account menu after logging on to the Korean Air cargo website.

In order to erase their Personal Data, Data Subjects need to contact our department in charge of Personal Data by writing, calling, or sending an email; Korean Air will destroy all or any applicable part of Personal Data immediately as well as terminate the Data Subjects’ memberships and notify them of settlement outcome.

Korean Air will take necessary measures to ensure that Personal Data withdrawn and deleted by Data Subjects’ request will not be permitted for view and use except for the cases noted on 5.Terms & Duration of Personal Data.


Please refer to Korean Air’s Cookie Policy


Korean Air has implemented several technical security measures for the purpose of protecting Personal Data.
All information submitted by Data Subjects is managed by SSL 128 bit method encrypting and a security system equipped with a highly secure dual firewall.
In terms of organisational measures, various effective procedures are implemented to assure the highest level of security.
In addition, the number of personnel who has access to Personal Data is reduced to the minimum while security training programs are provided on a regular basis. Also, a password is applied to those who operate Personal Data processing system, and it is renewed regularly.


Korean Air operates a dedicated department to protect Data Subjects’ Personal Data and to handle complaints regarding privacy.
If you have questions regarding Personal Data, please contact us using information provided below.
Department in Charge of Personal Data
Department: Cargo IT Planning Team/Cargo Planning Dept.
Tel: 82-2-2656-5403
Korean Air Data Protection Officer (DPO) can be contacted using the following details:
Postal address:
Korean Air Regional Headquarters for Europe.
9, Bd de la Madeleine 75001, Paris, France
Person in charge of protecting (managing) Personal Data
Noh, Sam Sug
Director of Cargo Business Division and Senior Vice President, Korean Air


If you have any inquiries or feedback regarding your Personal Data, please register by using the following contact information.
We will respond to any concern as quickly as possible.
Online: Register on "Voice of Customer" under the Help Center menu.
Tel/email: 82-2-2656-5403/
Please direct your inquiries to the following centers if you have anything to report or need a consultation regarding the infringement of Personal Data.
A. Call Center for the Infringement of Personal Data: KISA (Korea Internet & Security Agency) Link
B. High-Tech Crime Investigation Department at the Supreme Prosecutor’s office: SPO, Republic of Korea Link / 02-3480-2000
C. Korean National Policy Agency Cyber Terror Response Center: Link / 02-392-0330)

Korean Air's Privacy Policy is effective as of 26 May 2008. The Privacy Policy of Korean Air may be altered due to revisions in relevant Korean laws and governmental directives. If Korean Air makes any revisions, it will publish the applicable information on the Internet website seven days prior to enforcing the changes.

Privacy Policy Version: V 1.5
Privacy Policy Date of Enforcement: 26 May 2008.
Privacy Policy Amendments
   - 26 Jun 2009: Amended as follows: Collecting “PII”, Entrusting “PII” Addendum: Collecting “PII” (v1.1)
   - 27 August 2009: Amended as follows: Collecting “PII”, Entrusting “PII”(v1.2)
   - 4 March 2013: Amended as follows: Entrusting “PII”, Department in charge of “PII”, Feedback & Customer Service (v1.3)
   - 15 July 2015: Amended as follows: Modification of Collecting “PII” (v1.4)
   - 9 Jun 2016: Amended as follows: Collecting “PII”, Entrusting “PII” (v1.5)
   - 24 May 2018: Revised to abide by EU General Data Protection Regulation (GDPR) which enters into force on 25 May 2018 (v.1.6)