Privacy Policy

[Optibide] (hereinafter referred to as the "Company”) complies with the relevant privacy protection provisions under the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other applicable laws. We are committed to protecting the personal information of “Users.”

This Privacy Policy explains how the “Company” collects, uses, stores, and manages users’ personal information safely and for what purposes it is utilized.

Article 1 (Items and Purposes of Personal Information Collection)

The “Company” collects and uses personal information for the following purposes. The information collected is limited to the minimum necessary to provide services and will not be collected without the “user’s” consent.

1. When signing up as a member and using the service

- Required items: Name, email address, password, mobile phone number, (for children under 14: legal guardian information)

- Purpose: Member identification, confirmation of service use, identity verification, service provision, handling complaints, delivering notices.

2. When booking/purchasing accommodation and travel services

- Required items: Reservation information (name, contact, email), payment information (credit card, bank account, etc.), travel details (departure date, return date, number of people, accommodation/service type, etc.)

- Purpose: Reservation and payment processing for partner services, transmitting reservation information to partners, reservation confirmation and change notifications, refund processing, issuing receipts

3. When registering as a partner and providing services (accommodation and travel service partners only)

- Required items: Business registration number, company name (or trade name), representative’s name, business address, contact information (main phone, email), bank account information (for settlement), detailed service information (accommodation details, service type, prices, photos, etc.), business license/permit information, liability insurance details

- Optional items: Business website address, logo image, manager’s information (name, contact details)

- Purpose: Partner registration and qualification review, signing and fulfilling service provision contracts, service management, settlement processing, delivering notices, dispute resolution

4. Automatically collected items during service use

- Items: IP address, service usage records (visit date/time, content used), device information (OS type, browser type), cookies, access logs, mobile device information (device model, OS version)

- Purpose: Service quality improvement, personalized service provision, prevention of fraudulent use, statistical analysis

5. When making inquiries and receiving consultations

- Items: Name, email address, contact details (additional information may be requested depending on inquiry)

- Purpose: Handling complaints, responding to grievances, providing accurate information

Article 2 (Retention and Use Period of Personal Information)

As a general principle, the "Company" promptly deletes or anonymizes "Users" personal data once the purposes of collection and use have been fulfilled, or when the User withdraws consent or terminates their account. However, where the retention of personal data is required under applicable laws and regulations, the Company shall retain such personal data for the period specified by the relevant laws.

- Records on contracts or withdrawal of offers: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records on payment and supply of goods/services: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records on consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records on website visits: 3 months (Communications Secrets Protection Act)

- Records on labeling/advertisement: 6 months (Act on the Consumer Protection in Electronic Commerce, etc.)

- Records on personal location information: 1 year (Act on the Protection and Use of Location Information, etc.)

- Other cases with individual consent: Retained for the agreed period

Article 3 (Procedures and Methods of Personal Information Destruction)

Once the purposes for the collection and use of personal data have been fulfilled, the "Company" shall promptly destroy such personal data without undue delay.

  1. Destruction procedures: Information entered by “users” for membership registration, etc. is transferred to a separate database (or a separate filing cabinet in the case of paper documents) after the purpose has been achieved. It is then stored for a certain period in accordance with relevant laws before being destroyed. Such personal information will not be used for purposes other than retention unless required by law.
  2. Destruction methods:

- Electronic files: Deleted using technical methods that prevent record recovery.

- Paper documents: Shredded with a shredder or incinerated.

Article 4 (Provision and Entrustment of Personal Information)

1. Provision of Personal Data to Third Parties: As a general rule, the Company does not provide Users’ personal data to third parties. However, exceptions may apply in the following cases:

- Where the User has given prior consent.

- Where disclosure is required by applicable laws or regulations, or where disclosure is requested by investigative authorities in accordance with legally prescribed procedures and methods for investigative purposes.

- Where Users’ booking information is provided to relevant partners for the purpose of reservation and service fulfillment: In such cases, only the minimum personal data necessary for service provision is shared, including the booker’s name, contact information, reservation dates, number of travelers, and other information strictly required to perform the service.

2. Outsourcing of Personal Data Processing: For the purpose of providing services efficiently and smoothly, the Company entrusts certain personal data processing activities to third-party service providers. When entering into outsourcing agreements, the Company ensures that appropriate safeguards are in place, including compliance with applicable data protection laws, confidentiality obligations regarding personal data, prohibition of unauthorized disclosure to third parties, and clear allocation of responsibility in the event of any data security incidents.

a. Entrusted Service Providers:

i. Payment service providers

ii. System operation and maintenance service providers

iii. Identity verification service providers

iv. Accommodation and travel service partners

b. Scope of Entrusted Processing Activities:

i. Payment processing and prevention of payment fraud

ii. Development, operation, and maintenance of service systems, including data storage

iii. Identity verification and user authentication

iv. Sharing of reservation information necessary for service provision and fulfillment (This constitutes third-party disclosure)

Article 5 (Rights of Users and Legal Guardians and How to Exercise Them)

  1. “Users” and their legal guardians (in the case of children under 14) may, at any time, view or modify their registered personal information, or request membership cancellation (withdrawal of consent).
  2. To view or modify personal information, “users” may use the “My Page” or “Edit Information” functions of the “Company.” To withdraw membership, the “Membership Withdrawal” function may be used.
  3. If a “user” requests correction of errors in their personal information, the relevant information will not be used or provided until the correction is completed. If incorrect personal information has already been provided to a third party, the correction results will be promptly communicated to the third party so that corrections can be made.
  4. Personal information deleted or canceled at the request of “users” or their legal guardians is handled in accordance with Article 2 (Retention and Use Period of Personal Information) and will not be viewed or used for any other purposes.

Article 6 (Installation/Operation of Automatic Personal Information Collection Devices and Refusal)

  1. Cookies: The “Company” uses cookies to store and frequently retrieve “user” information in order to provide personalized services. Cookies are small text files sent by the server operating the website to the “user’s” web browser, and are stored on the “user’s” hard disk.
  2. Purpose of using cookies: Cookies are used to analyze “users’” access frequency or visiting times, identify “users’” preferences and areas of interest, use them as indicators for service improvements, and provide targeted marketing and personalized services.
  3. Cookie installation choices: “Users” may choose whether to allow cookies. Accordingly, users can set options in their web browsers to allow all cookies, confirm each time a cookie is stored, or refuse all cookies.

- Example (Internet Explorer): Tools > Internet Options > Privacy > Advanced

- However, refusing to store cookies may cause difficulties in using certain services.

Article 7 (Technical and Administrative Measures for the Protection of Personal Information)

To ensure the secure protection of "Users" personal data, the "Company" has implemented the following technical and organizational measures.

  1. Encryption of personal information: Passwords are stored and managed in encrypted form. Important data is protected through file encryption or locking functions.
  2. Countermeasures against hacking and viruses: To prevent leakage or damage of personal information caused by hacking or computer viruses, the Company installs security programs, regularly updates and inspects them, and installs systems in areas with restricted external access while monitoring and blocking intrusions both technically and physically.
  3. Access restriction to personal information processing systems: Access to the database system that processes personal information is controlled by granting, changing, and revoking access rights. In addition, intrusion prevention systems are used to block unauthorized external access.
  4. Minimization and training of personnel handling personal information: The number of employees handling personal information is minimized, and regular training is provided to strengthen awareness of personal information protection.
  5. Establishment and compliance with internal management plan: An internal management plan is established and implemented to ensure the safe handling of personal information.

Article 8 (Personal Information Protection Officer and Responsible Department)

The “Company” designates a Personal Information Protection Officer and a responsible department as follows, to oversee tasks related to personal information processing, handle user complaints, and provide remedies for damages:

- Personal Information Protection Officer: [Lee Hyun-seung] / [Representative] / [Contact information or email address]

- Responsible Department: [Customer Management Department] / [Contact information or email address]

Users may contact the Personal Information Protection Officer or the responsible department for any inquiries, complaints, or remedies related to the protection of their personal information while using the Company’s services. The “Company” will respond to and handle such inquiries without delay.

Article 9 (Remedies for Infringement of Rights)

Users may contact the following organizations for consultation or remedies in the event of personal information infringement:

1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)

- Dial 118 (without area code)

< https://privacy.kisa.or.kr >

2. Personal Information Dispute Mediation Committee

- Dial 1833-6972 (without area code)

< https://www.kopico.go.kr >

3. Supreme Prosecutors’ Office Cyber Crime Investigation Department

- Dial 1301 (without area code)

< https://www.spo.go.kr >

4. National Police Agency Cyber Bureau

- Dial 182 (without area code)

< https://cyberbureau.police.go.kr >

Article 10 (Duty of Notification)

This Privacy Policy may be supplemented, amended, or revised due to changes in laws, policies, or security technologies. In such cases, the Company will notify Users at least seven (7) days in advance via notices posted within the Service. However, in the event of significant changes affecting Users’ rights—such as the collection and use of personal data or provision to third parties—Users will be notified at least thirty (30) days in advance.

Supplementary Provision

This Privacy Policy will take effect from September 3, 2025.

App Mockup

Begin a journey unlike any you’ve experienced before. Exclusive offers from accommodations around the world are waiting—just for you.

App StoreGoogle Play
notification