Privacy Policy


Korean Air Lines Co., Ltd, whose head office is located 260, Haneul-gil, Gangseo-gu, Seoul Gonghang-dong), Korea, (hereinafter referred to as Korean Air) is the data controller of the processing activities relating to the data subjects referred to in this Cargo Policy (the Policy), and as such determines the means and purposes of Korean Air data processing activities as set out under this Policy.

For the purpose of this Policy:

  • Personal data means any information that can be linked to a Data Subject (the Personal Data);
  • Data subject means natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the Data Subjects).

This Policy defines the processing and protection of Personal Data relating mainly to:

  • Korean Air cargo transportation services’ customers; and
  • Representatives of companies using Korean Air cargo transportation services.

Korean Air pledges to do its best to protect the Personal Data of Data Subjects, and to prevent any illegal disclosure of Personal Data, complying with all relevant laws and regulations such as Information Network Act and Protection of Privacy.

Korean Air describes to the Data Subjects the method in which Personal Data is used, making sure that all measures are taken to the best of Korean Air's ability to protect the Data Subjects’ Personal Data and to prevent damage or Personal Data leakage.

This Policy is subject to change at any time in accordance with laws or company regulations, so it is recommended that individuals refer back to this Policy periodically.

  1. Collecting Personal Data
  2. Purpose and legal basis for Collecting Personal Data
  3. Disclosure of Personal Data
  4. Entrusting Personal Data
  5. Terms & Duration of Personal Data
  6. Disposal of Personal Data
  7. Right of Data Subjects & Legal Guardians
  8. Operation of Information Collecting Application
  9. Technical & Administrative Measures
  10. Department in Charge of Personal Data
  11. Feedback & Customer Service

COLLECTING PERSONAL DATA

  • Korean Air processes the following types of Personal Data:
    1. When signing up for membership of cargo.koreanair.com
      1. Main ID
        • User ID, password, IATA code or Account code, representative or personal email address, company telephone number
      2. Additional ID
        • Regional staff's email address, whether or not the member will receive email notice, agent's name, company address (location), name
      3. After logging in with main ID, additional ID may be issued.
    2. When signing up for membership of cargosvc.koreanair.com
      • Agent code, IATA code(BUP handling agents), first name, last name, email address, business license
    3. When using “Voice Of Customer” or “Online Claim” menu for non-members
      Data Subjects will be required to provide the following Personal Data to receive customer service from the “Contact us” menu.
      • Name, phone number, email, location
        Data Subjects will be required to provide the following Personal Data for “Online Claim” registration service.
      • Company name, company location (country, city), name, phone number, email
    4. Automatically Generated Information
      In addition, the following Personal Data may be collected during the use of various services and as part of Personal Data processing.
      • Service records, access log, cookie, IP Address, etc.
    5. When using Korean Air’s call center, airport stations, or branch offices
      • The following Personal Data may be collected to verify user and to proceed with service payment and agreement
        • Basic information: Name, contact information (telephone, e-mail), company information, etc.
      • Korean Air collects Personal Data by using the following means.
        • Membership or bulletin board on the website, telephone, fax, etc.
        • Our sales representatives and cargo staffs in all branches

PURPOSE AND LEGAL BASIS FOR COLLECTING PERSONAL DATA

  • When processing Data Subject’s Personal Data, Korean Air mainly relies on the following legal basis:
    • processing is necessary for the performance of a contract to which the Data Subject is a party;
      • Relevant Purposes : Cargo acceptance, notification and delivery
      • Categories of personal data : shipper/consignee name, address, phone number, e-mail address
    • processing is necessary for compliance with a legal obligation to which Korean Air is subject;
      • Relevant Purposes : customs declaration
      • Categories of personal data : shipper/consignee name, address, phone number
    • The Data Subject has given consent to the processing of his Personal Data for one or more specific purposes.
      • Relevant Purposes : feedback for inquiry/suggestion/complaint
      • Categories of personal data : name, e-mail address, phone number
    • Korean Air processes Personal Data for the purposes listed below:

      When using Korean Air’s call centre, airport stations, or branch offices

      • Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
        • Services rendered: Providing contents, booking, tracing the shipment, displaying invoices, etc.
        • Data Subject management: Data Subject identification, prevention of membership abuse and unlicensed use of service, confirmation of membership registration, regulating membership registration, customer service, and announcements
      • Legitimate interest of Korean Air
        • Pre-litigation and litigation: maintaining records for disputes resolution purposes
      • Performance of a contract: as part of the contractual relationship between Korean Air and the Data Subject, Personal Data processing may be carried out for the following purposes:
        • Services rendered and payment: cargo receipt, import cargo information search, receipt and transportation of live animals and special shipments
        • Data Subject management: user identification, customer service, and announcements
    • Legitimate interest of Korean Air
      • Pre-litigation and litigation: maintaining records for disputes resolution purposes
  • Korean Air has established links to other websites in order to enhance service to its members. However, Korean Air would like to recommend Data Subjects to check and confirm the privacy policies of the linked sites since Korean Air has no direct control over others' websites.

ENTRUSTING PERSONAL DATA

  • Korean Air entrusts a part of the handling of Personal Data to the following companies to provide Data Subjects with stable web services and for the managing of Korean Air's cargo website.
    Category Outsourced work Outsourced company
    Internet website Maintaining and operating of online website, including web server and database management, etc.

    IBS SOFTWARE, LG CNS
    Hanjin Information Systems & Telecommunication Co., Ltd.,
    Needcreo Co., Ltd.
    AWS

    -
    Announcement/notification via SMS and KakaoTalk message regarding service for air cargo transportation and so forth
    Airport Stations Booking, transportation, documentation, customs declaration of cargo Incheon - Korea Airport Servise CO., LTD. K-tec manpower, Zeniel, 
    Gimpo - Unies security
    Pusan - Zeniel, K-tec manpower
    Jeju - ATS
    Overseas - Overseas outsourced companies
    Providing customer services to shippers and agencies
    Ground handling agents may directly or indirectly collect Personal Data for and on behalf of Korean Air.
     
    Region Ground Handling Company
    Americas Pegasus
    Alliance Ground International
    Worldwide Flight Service
    Global Operations & Infrastructure Group
    Hanjin Global Logistics
    Total Airport Services
    Mega International
    GTA dnata World Cargo
    CTA Cargo Travel
    Aloha Air Cargo
    Pacific Feeder Service
    Europe Swissport
    CELEBI
    Worldwide Flight Service
    LUG Luftfracht-Umschlag GmbH
    Aerospace Cargo Logistics
    ALHA
    Spirit
    Cargo Center
    Sheremetyevo Cargo JSC
    Tashkent International Airport
    Vienna Airport
    Cargologic
    China China Southern Airlines
    Henan Province Airport Group Co., Ltd
    Dalian Zhoushuizi International Airport Inc.
    Hong Kong Air Cargo Terminal
    Air China
    Eastern Air Logistics
    Shenyang Airport Logistic Company
    Shenzhen Airport International Cargo Terminal
    Qingdao International Airport Group
    China Airlines
    Hubei Airport Ground Service
    Aviation Ground Handling Service Xi'an
    Airport Air Cargo Terminal Xiamen
    Japan Japan Airlines
    Hanjin International Japan
    JAL Kansai Aircargo System
    Skyport
    South East Asia Thai Airways
    PT Gapura Angkasa
    ALS Cargo Terminal
    Aerodarat
    Philippine Airport Ground Support Solutions Inc
    Societe Concessionnaire de L'aeroport
    Tan Son Nhat Cargo Services Limited
    Singapore Airport Terminal Services Ltd
    Oceania Menzies
    Aircraft Service International
    Qantas
  • To fulfill the contract and to offer improved convenience to our customers, we outsource the processing of personal information overseas as follows.

Company

Personal Information

Overseas
Country

Date and Method of Outsourcing

Purpose of using Personal Information

Period of Retention and Use

AWS 

(aws-korea-privacy@amazon.com)

 

Shipper, Consignee information : Name, Address, Telephone number

The United States

Shipper, Consignee information : Completion of AWB execution

 Disaster Recovery System Launches in the Eastern Region Data Center in case of AWB Seoul region data center shutdown

Same as our policy on processing personal information

IBS  Software

Homepage Membership information : e-mail

Shipper, Consignee information : Name, Address, Telephone number

Japan

Membership Information : Completion of registration

Shipper, Consignee information : Completion of AWB execution

Cargo transportation and  Customs declaration

Same as our policy on processing personal information

TERMS & DURATION OF PERSONAL DATA

  • Korean Air will destroy and erase Personal Data as follows:
    • Membership information: Upon termination of membership
    • Information collected temporarily for surveys or events: When the applicable survey or event expires
      1. However, Korean Air may retain all or any applicable part of Personal Data after its purpose has been served for the following period when required by law or related regulations regarding consumer protection.
      2. In this case, Korean Air will retain Personal Data solely for the purpose of preservation and maintenance.

        a. By Korean law on the consumer protection in the online business transactions
            - Record of advertising and so on: six months
            - Record of contract, agreement, and withdraw: five years
            - Record of payments and supplies: five years
           - Record of consumer complaints and disputes: three years
        b. By Korean communication secret protection law
           - Records regarding the website visits : three months

DISPOSAL OF PERSONAL DATA

  1. Procedure
    • Personal Data submitted by members for the purpose of membership registration is stored for a certain period of time in accordance with the internal policy of the company and the applicable laws for the protection of privacy before it is destroyed.
  2. Method
    • Hardcopy that contains Personal Data is shredded by a shredder whereas softcopy is deleted without the possibility of recovery.

RIGHT OF DATA SUBJECTS & LEGAL GUARDIANS

  • A Data Subject benefits from the following rights (subject to specific local law provisions):
    • He may request the access, modification, rectification or erasure his Personal Data, or the restriction (in certain circumstances) of the processing of such Personal Data, and/or the withdrawal of the consent he gave regarding the processing of his Personal Data;
    • He may object to a processing on grounds relating to his particular situation;
    • He has the right to request the portability of his Personal Data to another controller;
    • He may lodge a complaint with a data protection authority;
    • He may also establish guidelines for the preservation, the deletion and the transmission of Personal Data after his death (when the French data protection legislation is applicable).
  • Data Subjects can exercise their rights through the website (http://cargo.koreanair.com); Data Subjects also can write or call Korean Air's cargo department directly, or send an email to   selfgi@koreanair.com. Korean Air responds to Data Subjects’ request accordingly after conducting their identification process.
  • Data Subjects can access and modify their Personal Data by clicking My account menu after logging on to the Korean Air cargo website.
  • In order to erase their Personal Data, Data Subjects need to contact our department in charge of Personal Data by writing, calling, or sending an email; Korean Air will destroy all or any applicable part of Personal Data immediately as well as terminate the Data Subjects’ memberships and notify them of settlement outcome.
  • Korean Air will take necessary measures to ensure that Personal Data withdrawn and deleted by Data Subjects’ request will not be permitted for view and use except for the cases noted on 5.Terms & Duration of Personal Data.

OPERATION OF INFORMATION COLLECTING APPLICATION

TECHNICAL & ADMINISTRATIVE MEASURES

  • Korean Air has implemented several technical security measures for the purpose of protecting Personal Data.
  • All information submitted by Data Subjects is managed by SSL 128 bit method encrypting and a security system equipped with a highly secure dual firewall.
  • In terms of organisational measures, various effective procedures are implemented to assure the highest level of security.
  • In addition, the number of personnel who has access to Personal Data is reduced to the minimum while security training programs are provided on a regular basis. Also, a password is applied to those who operate Personal Data processing system, and it is renewed regularly.

DEPARTMENT IN CHARGE OF PERSONAL DATA

  • Korean Air operates a dedicated department to protect Data Subjects’ Personal Data and to handle complaints regarding privacy.
  • If you have questions regarding Personal Data, please contact us using information provided below.
    • Department in Charge of Personal Data
    • GDPR Data Protection Officer can be contacted using the following details:
    • Person in charge of protecting (managing) Personal Data
      Kenneth Chang, 
      Executive Vice President and CMO, Korean Air

FEEDBACK & CUSTOMER SERVICE

  • If you have any inquiries or feedback regarding your Personal Data, please register by using the following contact information.
  • We will respond to any concern as quickly as possible.
  • Please direct your inquiries to the following centers if you have anything to report or need a consultation regarding the infringement of Personal Data.
    • Call Center for the Infringement of Personal Data: KISA (Korea Internet & Security Agency) (http://privacy.kisa.or.kr)
    • High-tech and Financial Crimes Investigation Devision at the Supreme Prosecutor’s office: SPO, Republic of Korea (www.spo.go.kr)/ 1301
    • Electronic Cybercrime Report & Management system : (http://ecrm.cyber.go.kr)
  • Korean Air's Privacy Policy is effective as of 26 May 2008. The Privacy Policy of Korean Air may be altered due to revisions in relevant Korean laws and governmental directives. If Korean Air makes any revisions, it will publish the applicable information on the Internet website seven days prior to enforcing the changes.
    • Privacy Policy Version: v1.8
    • Privacy Policy Date of Enforcement: 26 May 2008. (v1.0)
    • Privacy Policy Amendments
      • 26 Jun 2009: Amended as follows: Collecting “PII”, Entrusting “PII” Addendum: Collecting “PII(v1.1)
      • 27 August 2009: Amended as follows: Collecting “PII”, Entrusting “PII(v1.2)
      • 4 March 2013: Amended as follows: Entrusting “PII”, Department in charge of “PII”, Feedback & Customer Service (v1.3)
      • 15 July 2015: Amended as follows: Modification of Collecting “PII” (v1.4)
      • 9 Jun 2016: Amended as follows: Collecting “PII”, Entrusting “PII(v1.5)
      • 24 May 2018: Revised to abide by EU General Data Protection Regulation (GDPR) which enters into force on 25 May 2018 (v.1.6)
      • 11 Mar 2019: Revised due to the change of service provider company : Collecting “PII”, Entrusting “PII” (v.1.7)
      • 22 Oct 2021 : Revised due to the change of Purpose for collection personal data (v1.8)