Privacy Policy
Roovook Inc. (hereinafter referred to as the "Company") establishes and publishes this Privacy Policy in accordance with the Personal Information Protection Act (개인정보보호법) and related laws, to protect the personal information of users and to promptly and smoothly handle related grievances.
This Policy applies to the personal information of general users that is collected and processed on the Sales-Engine (the lead-capture pages embedded in the EMS), Venue Network, and Group Bookings pages directly operated by the Company. Personal information that service providers subscribing to the Company's SaaS product (EMS) independently collect and process within the EMS is managed by each such service provider as a separate Controller, and is not within the scope of this Policy.
Article 1 (Purposes of Processing Personal Information)
The Company processes personal information for the following purposes. Processed personal information shall not be used for purposes other than those below, and if the purpose of use is changed, the Company will implement separate measures such as obtaining prior consent in accordance with Article 18 of the Personal Information Protection Act.
- User identification and management: identity verification, management of service eligibility, prevention of service abuse, and record retention for receiving complaints and resolving disputes
- Provision of inquiry and reservation intermediary services: receipt of inquiry/reservation information left by users concerning event/banquet venues, group rooms, group catering, and group tickets/events; identity verification; third-party provision to the relevant service provider; and response intermediation
- Consultation quality management and dispute response: recording and storage of phone and chat consultation records; provision of evidence for fact-finding when complaints or disputes arise
- Service improvement and statistical analysis: analysis of service usage, development of new features, and compilation of statistics in a form that does not identify individuals
- Transmission of advertising information (only with separate consent): announcements of events, promotions, and new features related to Venue Network and Group Bookings services
Article 2 (Items of Personal Information Collected)
The Company collects the following personal information.
(1) Items Directly Entered by the User
| Type | Items |
|---|---|
| Required | Name, phone number, company name, email address, inquiry/reservation-related information |
| Optional | Event/reservation date and time, number of attendees, budget, desired service options, other inquiry content |
(2) Items Automatically Collected During Service Use
- IP address, access date and time, access history, and page usage records
- Device information (model name, OS version), browser information
- Information collected through cookies and similar tracking technologies
(3) Items Collected During Consultation
- Phone consultation call recording files
- Chat consultation records
(4) Items Collected During Payment
- Only where applicable (see Articles 7 and 8 for details)
The Company does not collect unique identification information such as resident registration numbers, passport numbers, or driver's license numbers.
Article 3 (Call Recording)
The Company records the contents of phone consultations with users in accordance with the Personal Information Protection Act and related laws.
- Notice of recording: Immediately after the call is connected, the Company notifies the user of the recording fact through an automated voice announcement.
- Purpose of recording: (i) consultation quality management, (ii) accurate verification of order/reservation details, and (iii) securing evidence to respond when a dispute arises between the user and the service provider.
- Retention period: Recording files are destroyed without delay once the purpose of use (consultation quality management, verification of order/reservation details, dispute response, etc.) has been achieved. However, where preservation is required under applicable laws (e.g., records of consumer complaints and dispute handling for 3 years), the files are retained for the statutory period.
- Third-party provision: Recording files may be provided to the service provider to whom the user made the inquiry or reservation, for dispute prevention purposes. For details, please refer to the Consent to Third-Party Provision of Personal Information.
- Refusal of recording: Users may refuse to consent to phone call recording. In such case, users may use non-voice channels such as email (support@roovook.com), the inquiry form, or chat.
Article 4 (Retention and Use Period of Personal Information)
The Company processes and retains personal information within the retention/use period prescribed by law or the period consented to by the user at the time of collection.
- Principle: Personal information is destroyed without delay when the purpose of collection and use has been achieved.
- Statutory retention:
- Records on contracts or withdrawal of subscription: 5 years (Act on the Consumer Protection in Electronic Commerce, etc.)
- Records on payment and supply of goods, etc.: 5 years (same Act)
- Records on consumer complaints or dispute handling: 3 years (same Act)
- Records on display and advertising: 6 months (same Act)
- Website/app visit records: 3 months (Protection of Communications Secrets Act)
- User information: Retained until the user requests deletion. However, where preservation is required by law, it is separately stored until the end of the relevant statutory period.
- Marketing consent: 2 years from the date of consent (Article 62-3 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection).
Article 5 (Procedures and Methods for Destruction of Personal Information)
The Company destroys personal information without delay when the retention period has elapsed or when the personal information becomes unnecessary due to the achievement of the processing purpose.
- Destruction procedure: Information entered by the user is transferred to a separate database (in the case of paper, to a separate document file) after the purpose has been achieved, and is either stored for a certain period in accordance with internal policy and other relevant laws, or destroyed immediately. Personal information transferred to the separate database is not used for any other purpose except as required by law.
- Destruction method:
- Electronic files: permanently deleted using technical methods that make records unrecoverable (low-level format, non-rewritable method)
- Paper documents: destroyed by shredding or incineration
Article 6 (Third-Party Provision of Personal Information)
The Company processes user personal information only within the scope of the purposes specified in Article 1, and in principle does not provide personal information externally without the user's prior consent.
As a core function of the service, the Company provides the relevant service provider — to whom the user has left inquiry/reservation information — with such information. Details and the consent procedure are set forth in the separate Consent to Third-Party Provision of Personal Information, and a summary is as follows.
| Item | Content |
|---|---|
| Recipient | The service provider to whom the user has left the inquiry/reservation |
| Items Provided | Name, phone number, company name, email, inquiry content, and where applicable, the call recording file |
| Purpose of Provision | The service provider's response, reservation processing, quote provision, and dispute response |
| Retention and Use Period | Managed by the recipient service provider until the purpose is achieved or the statutory retention period ends |
Article 7 (Entrustment of Personal Information Processing)
To facilitate smooth service provision, the Company entrusts the following tasks to external specialized companies. Upon entrustment, the Company specifies in the agreement, in accordance with Article 26 of the Personal Information Protection Act, prohibitions on processing personal information beyond the purpose of the entrusted work, technical and administrative protective measures, restrictions on re-entrustment, and supervision of the processor, and supervises the processor to ensure safe handling of personal information.
| Processor | Scope of Entrusted Work |
|---|---|
| Payple Inc. ((주)페이플) | Payment technology processing (authentication, encrypted transmission, etc.) for deposits and security payments paid by users on the Sales-Engine, Venue Network, and Group Bookings pages (receipt and settlement of funds are performed directly by the relevant service provider; the Company is not involved) |
| Daou Tech Inc. ((주)다우기술) | Message dispatching including SMS, LMS, email, and KakaoTalk AlimTalk |
| Korea Cable Telecom ((주)한국케이블텔레콤) | Phone consultation call recording and Safe Number Service (Virtual Number) |
| Return Zero Inc. ((주)리턴제로) | Speech-to-Text conversion of call recording files (using VITO API). The converted text is used only for verifying and summarizing consultation content. |
| Google LLC (USA) | Google Cloud Platform infrastructure operation (service hosting, data storage, network processing) |
| Anthropic, PBC (USA) | Internal workflow automation such as automatic summarization and classification of user inquiries (using Claude API). User data is not provided for AI training purposes. |
| OpenAI, L.L.C. (USA) | Internal workflow automation such as automatic summarization and classification of user inquiries (using GPT API). User data is not provided for AI training purposes. |
| Google LLC (USA) | Internal workflow automation such as automatic summarization and classification of user inquiries (using Gemini API). User data is not provided for AI training purposes. |
In the event of addition or change of any processor, the Company will amend this Policy and provide notice.
Article 8 (Cross-Border Transfer of Personal Information)
The Company uses overseas cloud and AI services for the smooth operation of its services, and accordingly, users' personal information is transferred to, stored in, and processed outside of Korea.
| Transferee | Country | Transferred Items | Purpose of Transfer | Method of Transfer | Retention and Use Period |
|---|---|---|---|---|---|
| Google LLC | USA | All collected items (user-input information, automatically collected information, consultation records, etc.) | Google Cloud Platform infrastructure operation (service hosting, data storage) | Encrypted network transmission | Until the user requests deletion or until the entrustment agreement ends |
| Anthropic, PBC | USA | User inquiry content and the minimum items necessary for processing | Internal workflow automation such as inquiry summarization/classification (Claude API) | Encrypted API call | Immediately upon completion of API processing (not used for training) |
| OpenAI, L.L.C. | USA | User inquiry content and the minimum items necessary for processing | Internal workflow automation such as inquiry summarization/classification (GPT API) | Encrypted API call | Immediately upon completion of API processing (not used for training) |
| Google LLC | USA | User inquiry content and the minimum items necessary for processing | Internal workflow automation such as inquiry summarization/classification (Gemini API) | Encrypted API call | Immediately upon completion of API processing (not used for training) |
The Company implements necessary protective measures (execution of standard contracts, encrypted transmission, access controls, etc.) upon cross-border transfer, in accordance with Article 28-8 of the Personal Information Protection Act. Users have the right to refuse cross-border transfer, but some services may be restricted if refused.
Article 9 (Operation of Cookies and Automatically Collected Information)
(1) What Is a Cookie
The Company uses cookies to provide individualized services to users. A cookie is a small piece of information that a website transmits to a user's browser, which may also be stored on the user's device.
(2) Purposes of Using Cookies and Third-Party Tools
The Company uses cookies and similar tracking technologies for the following purposes, and uses third-party tools for certain features.
- Essential cookies: cookies strictly necessary for basic service operation such as maintaining login and security
- Functional cookies: cookies for user convenience features such as language settings and preservation of input content from previous visits
- Analytical cookies: cookies for compiling service usage statistics and service improvement
| Third-Party Tool | Provider | Purpose of Use | Country of Transfer |
|---|---|---|---|
| Google Analytics | Google LLC | Analysis of usage statistics such as page visits, dwell time, and acquisition paths | USA |
| Hotjar | Hotjar Ltd. | Analysis of user behavior (scroll, click) and UX improvement | Malta (EU) / USA |
| Microsoft Clarity | Microsoft Corporation | Analysis of user behavior (click, scroll, heatmap) and UX improvement | USA |
| Kakao SDK | Kakao Corp. (주식회사 카카오) | KakaoTalk account social login authentication | Korea |
| Facebook SDK | Meta Platforms, Inc. | Facebook account social login authentication | USA |
| Firebase Authentication | Google LLC | Phone/email/social account identity verification | USA |
The information collected by the above third-party tools includes cookie identifiers, IP addresses, device/browser information, and page usage records. Social login SDKs process only the minimum information needed for authentication (account identifier, authentication token); identifying information of individual users (name, phone number, etc.) is not passed to analytics tools.
(3) How to Refuse Cookies
Users may refuse the installation of cookies. Through browser settings, users may allow, block, or delete all cookies, or allow them selectively. Blocking essential cookies may limit service usage.
Article 10 (Measures to Ensure Security of Personal Information)
Pursuant to Article 29 of the Personal Information Protection Act and the Personal Information Protection Commission Notification "Standards for Security Measures for Personal Information," the Company implements the following security measures.
- Administrative measures: establishment and implementation of an internal management plan, regular personal information protection training for employees and processors, operation of access authority management procedures
- Technical measures: access control to the personal information processing system, encrypted storage and transmission of passwords and important personal information, installation and operation of security systems against hacking, storage and regular review of access logs, anti-malware measures
- Physical measures: access control to server rooms and data storage rooms
Article 11 (Rights and Duties of Data Subjects and Methods of Exercise)
Users may, at any time, exercise the following rights concerning their personal information against the Company.
- Request for access to personal information
- Request for correction or deletion of personal information
- Request for suspension of processing of personal information
- Request for withdrawal of consent and deletion of personal information
The exercise of the above rights may be made in writing, by email (support@roovook.com), or by phone in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will act on such requests within 10 days (Article 38 of the Personal Information Protection Act).
Where a user requests correction or deletion of personal information due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
Rights may be exercised through a legal representative or an authorized agent of the user, in which case a power of attorney must be submitted.
Article 12 (Data Protection Officer and Contact)
The Company has overall responsibility for tasks related to the processing of personal information and designates the following Data Protection Officer to handle user complaints and remedy damages related to personal information processing.
- Data Protection Officer: Sungmo Kim (김성모)
- Email: support@roovook.com
- Company: Roovook Inc. (주식회사 루북)
Users may direct all questions, complaints, and damage remedy requests related to personal information protection arising from use of the Company's services to the Data Protection Officer, and the Company will respond and address such inquiries without delay.
In addition, for reports or consultation regarding personal information infringement, users may contact the following agencies.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cybercrime Investigation Division (spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (ecrm.police.go.kr / 182 without area code)
Article 13 (Revision History and Notification Duties)
This Privacy Policy applies from the effective date. Any additions, deletions, or corrections of changes required by law or policy will be announced through notices at least 7 days before the effective date. For material changes unfavorable to users, a prior notice period of at least 30 days will be provided, and re-consent will be obtained where necessary.
| Version | Effective Date | Key Changes |
|---|---|---|
| 1.0 | 2019.03.11 | Initial establishment |
| 2.0 | 2025.09.18 | Korean/English/Japanese multilingual expansion, redefinition of service scope |
| 3.0 | 2026.04.17 | Full restructure. Enhanced sections on scope, call recording, destruction procedures, security measures, cookies, minors under 14, automated decision-making, and cross-border transfer. Termination of Joy Corporation entrustment reflected |
| 3.5 | 2026.04.17 | Added email integration (Gmail, Outlook, IMAP/POP3) clauses. New sections on processing purpose, collected items, entrustment, cross-border transfer, disconnection, data deletion requests, access restriction, and Google API policy |
Last amended: April 17, 2026